Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

christopherluiz

A Pagina Do YouTube Apareçeu Monte De Popaganda

12 posts neste tópico

Oi Pessoal Do Fórum Do Baboo!

 

Tenho Um Problema Que a Pagina Do YouTube Apareceu Monte De Propaganda Será Que é Vírus Ou Spyware?

 

Vou Mostrar a Imagem Pra Vocês:

 

post-555943-0-98360300-1359136015_thumb.

 

é Tenho um Log Aqui:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:32:44, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
 
Running processes:
C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
--
End of file - 11571 bytes
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .

Eu Já Tenho o Malware-Bytes Instalado Mas.. Agora Estou Verificando com ele... ;) 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui Está Mr.Million o Log Do Malware-Bytes:

 

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.01.25.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Christopher :: CHRISTOPHER-PC [administrador]
 
25/01/2013 16:08:16
mbam-log-2013-01-25 (16-08-16).txt
 
Tipo de Verificação:  Verificação Completa  (C:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  363712
Tempo decorrido: 1 hora(s), 29 minuto(s), 14 segundo(s)
 
Processos de Memória Detectados: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1848 -> Será deletado na próxima inicialização. 
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.
 
Valores de Registro Detectadas: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Enviado para a Quarentena e deletado com sucesso.
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Será deletado na próxima inicialização. 
 
Arquivos Detectados: 2
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Será deletado na próxima inicialização. 
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.
 
(fim)
 
 
é o Log Do HijackThis:
 
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:49:31, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
 
Running processes:
C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\HijackThis.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\SearchFilterHost.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
--
End of file - 11549 bytes
 
 
Tudo Atualizado Meu Chapa... Um Abração Especial!
 
e #Fui!

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui Está o Log Do ComboFix:

 

 

 

ComboFix 13-01-24.02 - Christopher 25/01/2013  18:04:42.2.2 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1909.788 [GMT -2:00]

Executando de: c:\users\Christopher\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2012-12-25 to 2013-01-25  ))))))))))))))))))))))))))))

.

.

2013-01-25 20:14 . 2013-01-25 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-25 17:30 . 2013-01-25 17:30 388608 ----a-w- C:\HijackThis.exe

2013-01-25 14:58 . 2013-01-25 15:00 -------- d-----w- c:\users\Christopher\AppData\Local\Facebook

2013-01-25 03:25 . 2013-01-25 03:25 -------- d-----w- c:\program files\File Scout

2013-01-25 03:25 . 2013-01-25 03:28 -------- d-----w- c:\users\Christopher\AppData\Roaming\PerformerSoft

2013-01-25 03:25 . 2012-12-19 17:53 18096 ----a-w- c:\windows\system32\roboot.exe

2013-01-25 03:24 . 2013-01-25 03:24 -------- d-----w- c:\users\Christopher\AppData\Roaming\StatusWinks

2013-01-24 03:04 . 2013-01-25 20:14 -------- d-----w- c:\users\Christopher\AppData\Local\temp

2013-01-23 20:25 . 2013-01-23 20:25 -------- d-----w- c:\program files\Defraggler

2013-01-20 04:08 . 2013-01-20 04:08 -------- d-----w- c:\program files\VirtualDJ

2013-01-18 17:44 . 2013-01-18 17:44 -------- d-----w- c:\users\Christopher\AppData\Local\Stardock

2013-01-18 00:30 . 2012-12-19 17:36 188328 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2013-01-18 00:29 . 2012-12-19 17:35 94632 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2013-01-17 17:35 . 2013-01-17 17:55 -------- d-----w- c:\program files\Yuna Software

2013-01-15 02:34 . 2013-01-15 16:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-01-15 01:47 . 2013-01-15 01:47 -------- d-----w- c:\users\Christopher\SecurityScans

2013-01-15 00:20 . 2013-01-15 00:20 -------- d-----w- c:\windows\system32\Hotspot Shield

2013-01-15 00:10 . 2013-01-12 05:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-01-12 00:01 . 2013-01-12 00:01 -------- d-----w- c:\program files\Common Files\Skype

2013-01-10 19:41 . 2013-01-10 19:41 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys

2013-01-10 19:27 . 2013-01-10 19:27 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2013-01-10 18:54 . 2013-01-10 18:54 -------- d-----w- C:\found.000

2013-01-09 13:37 . 2012-11-30 04:47 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-12-31 22:48 . 2012-09-07 02:05 36512 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-12-31 21:50 . 2012-12-31 22:32 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-12-31 21:50 . 2012-12-31 21:50 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-12-31 21:50 . 2012-12-31 21:50 -------- d-----w- c:\program files\Symantec

2012-12-31 21:49 . 2013-01-23 20:54 -------- d-----w- c:\windows\system32\drivers\NIS

2012-12-31 21:49 . 2012-12-31 21:49 -------- d-----w- c:\program files\Norton Internet Security

2012-12-31 21:49 . 2013-01-23 20:53 -------- d-----w- c:\program files\NortonInstaller

2012-12-30 00:58 . 2012-12-30 00:58 -------- d-----w- c:\program files\uTorrent

2012-12-30 00:55 . 2013-01-25 03:57 -------- d-----w- c:\users\Christopher\AppData\Roaming\uTorrent

2012-12-29 16:16 . 2012-12-29 16:16 -------- d-----w- c:\program files\iPod

2012-12-29 16:16 . 2012-12-29 16:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-29 16:16 . 2012-12-29 16:17 -------- d-----w- c:\program files\iTunes

2012-12-28 21:41 . 2012-12-28 21:41 -------- d-----w- c:\users\Christopher\AppData\Local\Programs

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-10 19:01 . 2012-05-06 03:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-10 19:01 . 2012-05-06 03:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-25 21:43 . 2012-11-02 20:02 249856 ------w- c:\windows\Setup1.exe

2012-12-25 21:43 . 2012-11-02 20:02 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-12-19 17:36 . 2012-12-19 17:36 104872 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-12-16 14:13 . 2012-12-20 21:15 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-20 21:14 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-14 18:49 . 2012-12-21 18:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-28 12:35 . 2012-07-11 19:15 859072 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-28 12:35 . 2012-07-11 19:15 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-14 02:09 . 2012-12-11 20:16 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2012-12-11 20:16 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2012-12-11 20:16 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2012-12-11 20:16 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2012-12-11 20:16 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2012-12-11 20:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-13 21:08 . 2012-11-13 21:08 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 906240 ----a-w- c:\windows\system32\FntCache.dll

2012-11-13 21:08 . 2012-11-13 21:08 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2012-11-13 21:08 . 2012-11-13 21:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2012-11-13 21:08 . 2012-11-13 21:08 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-11-13 21:08 . 2012-11-13 21:08 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 3419136 ----a-w- c:\windows\system32\d2d1.dll

2012-11-13 21:08 . 2012-11-13 21:08 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 293376 ----a-w- c:\windows\system32\dxgi.dll

2012-11-13 21:08 . 2012-11-13 21:08 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2012-11-13 21:08 . 2012-11-13 21:08 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-11-13 21:08 . 2012-11-13 21:08 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2012-11-13 21:08 . 2012-11-13 21:08 220160 ----a-w- c:\windows\system32\d3d10core.dll

2012-11-13 21:08 . 2012-11-13 21:08 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-11-13 21:08 . 2012-11-13 21:08 1885696 ----a-w- c:\windows\system32\d3d10warp.dll

2012-11-13 21:08 . 2012-11-13 21:08 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2012-11-13 21:08 . 2012-11-13 21:08 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2012-11-13 21:08 . 2012-11-13 21:08 1504768 ----a-w- c:\windows\system32\d3d11.dll

2012-11-13 21:08 . 2012-11-13 21:08 1247744 ----a-w- c:\windows\system32\DWrite.dll

2012-11-13 21:08 . 2012-11-13 21:08 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-11-13 21:08 . 2012-11-13 21:08 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2012-11-13 21:08 . 2012-11-13 21:08 1080832 ----a-w- c:\windows\system32\d3d10.dll

2012-11-13 21:08 . 2012-11-13 21:08 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2012-11-09 04:42 . 2012-12-11 19:53 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11 . 2012-12-11 19:52 376832 ----a-w- c:\windows\system32\dpnet.dll

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]

"Facebook Update"="c:\users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-25 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl10"="c:\program files\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-06-15 609440]

"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-06-15 519328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 142616]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 177432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 177944]

"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-04-25 2193744]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 10996368]

"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2012-11-23 86016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Users^Christopher^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SysRad Professional MX.lnk]

path=c:\users\Christopher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SysRad Professional MX.lnk

backup=c:\windows\pss\SysRad Professional MX.lnk.Startup

backupExtension=.Startup

.

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1402010.016\SYMDS.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1402010.016\SYMEFA.SYS [x]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1402010.016\ccSetx86.sys [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130124.001\IDSvix86.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1402010.016\Ironx86.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1402010.016\SYMNETS.SYS [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 dwlkbf;dwlkbf; [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

BullGuard_Backup REG_MULTI_SZ   BsBackup

GPSvcGroup REG_MULTI_SZ   GPSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-23 02:18 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 19:01]

.

2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3235325423-1923595338-1846087081-1000Core.job

- c:\users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-25 14:58]

.

2013-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3235325423-1923595338-1846087081-1000UA.job

- c:\users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-25 14:58]

.

2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 22:44]

.

2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-01 22:44]

.

2013-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235325423-1923595338-1846087081-1000Core.job

- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 00:29]

.

2013-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235325423-1923595338-1846087081-1000UA.job

- c:\users\Christopher\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23 00:29]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-3235325423-1923595338-1846087081-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-3235325423-1923595338-1846087081-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-3235325423-1923595338-1846087081-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (S-1-5-21-3235325423-1923595338-1846087081-1000)

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.SVG"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-3235325423-1923595338-1846087081-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-3235325423-1923595338-1846087081-1000)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4064A517-D4C6-7169-15A0-665E9FC78F62}*]

"iapnhplajhmpepkcof"=hex:6a,61,6f,65,62,62,61,61,69,6f,68,63,68,6c,68,6d,70,64,

   70,66,00,00

"hafojobldmmlpmmb"=hex:6a,61,6f,65,62,62,61,61,69,6f,68,63,68,6c,68,6d,70,64,

   70,66,00,00

"ialopmpfeinmmoipjm"=hex:63,61,6e,65,68,62,00,00

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9B6153C3-6BF2-4DCC-C96C-084A45ED121F}*]

"haomohpjlndjmlib"=hex:6a,61,61,6f,64,69,6a,6d,64,66,63,70,67,6e,66,66,6b,62,

   68,61,00,00

"iaamikncmdfjicmmap"=hex:63,61,66,6f,63,6e,00,00

"iaenfoeecejpblpagn"=hex:6a,61,61,6f,64,69,6a,6d,64,66,63,70,67,6e,66,66,6b,62,

   68,61,00,00

"dbdojmihcoglkffojkmbdfmcjfkngfodnappafjg"=hex:68,61,6a,6b,67,62,70,68,6e,6f,

   65,6f,65,64,6d,6a,00,00

"jbdojmihcoglkffojkmboeiekhmbphloidkfingfclpcolopdnng"=hex:68,61,6a,6b,67,62,

   70,68,6e,6f,65,6f,65,64,6d,6a,00,00

"dbdojmihcoglkffojkmbeebdhebddbogmfkbbnlf"=hex:62,61,6f,6f,00,00

.

[HKEY_USERS\S-1-5-21-3235325423-1923595338-1846087081-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FB394757-1C41-1B71-3F32-403D2F1A3DCE}*]

"iaaiabfhbomcbmefcc"=hex:6a,61,6a,69,65,69,6b,69,69,63,67,64,64,63,70,70,65,64,

   68,70,00,00

"hagigbdmjobpifbj"=hex:6a,61,6a,69,65,69,6b,69,69,63,67,64,64,63,70,70,65,64,

   68,70,00,00

"iamgipjcckkkpaocnk"=hex:63,61,6f,69,64,6a,00,00

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-01-25  18:16:37

ComboFix-quarantined-files.txt  2013-01-25 20:16

ComboFix2.txt  2013-01-24 03:11

.

Pré-execução: 69.134.909.440 bytes disponíveis

Pós execução: 69.058.445.312 bytes disponíveis

.

- - End Of File - - B9E3AE31499247626CD1ED5B0DCF3010

 

 

é Aqui novo Log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:24:30, on 25/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

 

Running processes:

C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe

C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Bluetooth Suite\BtvStack.exe

C:\Program Files\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe"

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"

O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SISTEMA')

O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

--

End of file - 11150 bytes

 

 

 

 

Infelizmente Tá Mesma Coisa :(

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Download JRT Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:
Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de
JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Download JRT Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.

Aqui Está o Log Novamente:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:36:25, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Christopher\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Christopher\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
--
End of file - 10748 bytes
 
 
 
 
 
 
 
 
 
# AdwCleaner v2.108 - Logfile created 01/25/2013 at 18:56:07
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Christopher - CHRISTOPHER-PC
# Boot Mode : Normal
# Running from : C:\Users\Christopher\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files\file scout
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Christopher\AppData\Roaming\PerformerSoft
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\PIP
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
*************************
 
AdwCleaner[s1].txt - [1450 octets] - [25/01/2013 18:56:07]
 
########## EOF - C:\AdwCleaner[s1].txt - [1510 octets] ##########
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.0 (01.23.2013:2)
OS: Windows 7 Ultimate x86
Ran by Christopher on 25/01/2013 at 19:25:22,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/01/2013 at 19:27:32,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Mas Finalmente Sumiu a propaganda no YouTube... Adorei as Ferramentas Vou Usar Para Meus Clientes Como o Técnico De Informática Muito Obrigado Mestre.. Abraços.
 
Fique Com Deus! 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)
Finalizando.......
Clique em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall > dê Ok.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

De Nada Amigo.. Ah! Uma Duvida..

 

Você Tem o Skype?

 

Se Você Estiver o Skype... a Gente Tecla Se For Emergência no PC

 

Mas Só Tem Que Fazer o Chat Pelo Fórum Do Baboo...

 

Valeu!

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por favor, poste sempre suas dúvidas no Fórum, para que todos possam compartilhar a solução.

 

Boa sorte. (Y)



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então Tá Ok Meu Chapa... Mas Meu PC Está Tudo Bem... Se For Precisar.. Eu Mando o Post Aqui.. OK... Abraços! ;)

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 2 Mensagens
    • 55 Visualizações
    • 1 Mensagens
    • 96 Visualizações
    • 1 Mensagens
    • 317 Visualizações
    • 2 Mensagens
    • 181 Visualizações
    • 6 Mensagens
    • 363 Visualizações

  • Postagens Recentes

    • Análise de logs - encaminhamento para sites duvidosos
      #13; [2016/07/13 17:47:38 | 000,269,048 | ---- | C] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | C] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:51:47 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Tracing
      [2016/06/27 19:50:57 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\AppData\Roaming\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [2016/06/27 19:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
      [2016/06/27 19:50:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
      [2016/06/27 19:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
      [2016/06/22 23:00:07 | 000,077,824 | ---- | C] (Fox Magic Software) -- C:\WINDOWS\SysWow64\fmcodec.DLL
      [2016/06/21 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\aTubeCatcher
      [2016/06/08 19:10:34 | 000,000,000 | ---D | C] -- C:\Users\FreeFall\Desktop\Pesquisa
       
      ========== Files - Modified Within 90 Days ==========
       
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 21:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FreeFall\Desktop\OTL.exe
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 18:59:44 | 000,891,918 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0416.dat
      [2016/07/29 18:59:44 | 000,832,568 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
      [2016/07/29 18:59:44 | 000,197,030 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0416.dat
      [2016/07/29 18:59:44 | 000,176,804 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
      [2016/07/29 18:59:44 | 000,006,792 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 18:58:27 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
      [2016/07/29 18:03:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
      [2016/07/29 18:01:59 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:46 | 001,309,184 | ---- | M] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:12:40 | 001,610,560 | ---- | M] (Malwarebytes) -- C:\Users\FreeFall\Desktop\JRT.exe
      [2016/07/29 17:06:08 | 003,712,064 | ---- | M] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 10:36:06 | 000,010,451 | ---- | M] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 10:36:06 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/29 10:34:10 | 000,022,956 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:26:29 | 000,329,184 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
      [2016/07/29 10:13:18 | 002,021,072 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 09:59:29 | 000,015,703 | ---- | M] () -- C:\WINDOWS\SysNative\OEMDefaultAssociations.xml
      [2016/07/29 09:57:24 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | M] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | M] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | M] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:43:24 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysWow64\msmqtrc.mof
      [2016/07/29 09:43:02 | 000,009,096 | ---- | M] () -- C:\WINDOWS\SysNative\msmqtrc.mof
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 09:27:44 | 000,021,072 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2016/07/29 08:50:48 | 000,001,950 | ---- | M] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet Pro 8100 (Rede).lnk
      [2016/07/28 19:00:00 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:41:32 | 000,748,434 | ---- | M] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | M] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/07/13 17:47:38 | 000,610,336 | ---- | M] (Qualcomm Atheros) -- C:\WINDOWS\SysNative\drivers\btfilter.sys
      [2016/07/13 17:47:38 | 000,271,600 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll
      [2016/07/13 17:47:38 | 000,269,048 | ---- | M] (Qualcomm Atheros Communications Inc.) -- C:\WINDOWS\SysNative\btcoinst.dll
      [2016/07/13 17:47:38 | 000,098,552 | ---- | M] (Qualcomm®Atheros®) -- C:\WINDOWS\SysNative\BtContextMenu.dll.muien-US
      [2016/06/27 19:56:57 | 000,007,429 | ---- | M] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/06/21 08:25:59 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | M] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | M] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
       
      ========== Files Created - No Company Name ==========
       
      [2016/07/29 18:18:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
      [2016/07/29 17:58:43 | 001,309,184 | ---- | C] () -- C:\Users\FreeFall\Desktop\zoek.exe
      [2016/07/29 17:06:00 | 003,712,064 | ---- | C] () -- C:\Users\FreeFall\Desktop\AdwCleaner.exe
      [2016/07/29 11:21:23 | 000,002,384 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      [2016/07/29 11:20:07 | 000,001,053 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk
      [2016/07/29 10:34:10 | 000,022,956 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
      [2016/07/29 10:22:02 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      [2016/07/29 10:13:18 | 002,021,072 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
      [2016/07/29 10:10:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
      [2016/07/29 10:10:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
      [2016/07/29 10:06:11 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
      [2016/07/29 10:04:58 | 000,043,409 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
      [2016/07/29 09:57:24 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysWow64\AppxProvisioning.xml
      [2016/07/29 09:57:04 | 000,002,186 | ---- | C] () -- C:\WINDOWS\SysNative\AppxProvisioning.xml
      [2016/07/29 09:56:56 | 000,235,008 | ---- | C] () -- C:\WINDOWS\SysNative\MTF.dll
      [2016/07/29 09:56:54 | 002,656,408 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
      [2016/07/29 09:56:54 | 001,862,008 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
      [2016/07/29 09:56:44 | 000,162,816 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
      [2016/07/29 09:23:32 | 000,010,451 | ---- | C] () -- C:\WINDOWS\diagerr.xml
      [2016/07/29 09:23:32 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
      [2016/07/28 19:00:00 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\McAfee® Total Protection.lnk
      [2016/07/27 20:37:52 | 000,748,434 | ---- | C] () -- C:\Users\FreeFall\Desktop\divisórias.jpg
      [2016/07/26 06:17:36 | 000,002,028 | ---- | C] () -- C:\Users\FreeFall\Desktop\Fantasy Grounds.lnk
      [2016/06/27 19:56:56 | 000,007,429 | ---- | C] () -- C:\Users\FreeFall\Desktop\perfil roxo.jpg
      [2016/06/27 19:50:49 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf0.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x21.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x11.dfu
      [2016/05/19 09:33:44 | 000,001,926 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40.dfu
      [2016/05/19 09:33:44 | 000,001,922 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40_nf01.dfu
      [2016/05/19 09:33:44 | 000,001,802 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020100_40.dfu
      [2016/05/19 09:33:44 | 000,001,796 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x11020000_40.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_SS01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_LV01.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0xf1.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x22.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x12.dfu
      [2016/05/19 09:33:44 | 000,001,516 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010000_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,512 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x31010100_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,242 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,001,228 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,001,214 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,001,204 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_40.dfu
      [2016/05/19 09:33:44 | 000,001,198 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26.dfu
      [2016/05/19 09:33:44 | 000,001,192 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020200_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,296 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,278 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x04.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x03.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40_0x02.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_40.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26_0x01.dfu
      [2016/05/19 09:33:44 | 000,000,264 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\ramps_0x01020201_26.dfu
      [2016/05/19 09:33:42 | 000,246,804 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AtherosBT.bin
      [2016/05/19 09:33:42 | 000,046,972 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020000.dfu
      [2016/05/19 09:33:42 | 000,046,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000.dfu
      [2016/05/19 09:33:42 | 000,046,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x11020100.dfu
      [2016/05/19 09:33:42 | 000,045,868 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020201.dfu
      [2016/05/19 09:33:42 | 000,044,028 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x01020200.dfu
      [2016/05/19 09:33:42 | 000,042,908 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010100.dfu
      [2016/05/19 09:33:42 | 000,040,684 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\AthrBT_0x31010000_ss01.dfu
      [2016/05/10 23:26:43 | 008,375,799 | ---- | C] () -- C:\Users\FreeFall\Desktop\RacesofAnsalon.pdf
      [2016/05/10 21:28:17 | 030,905,645 | ---- | C] () -- C:\Users\FreeFall\Desktop\AD&D -2E -Complete Set of 26 Books.PDF
      [2016/04/27 04:04:42 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
      [2015/10/30 04:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
      [2015/10/30 04:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
      [2015/10/30 04:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
      [2015/10/30 04:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
      [2015/10/30 04:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
      [2015/10/30 04:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
      [2015/10/30 04:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
      [2015/10/30 04:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
      [2015/10/30 04:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
      [2015/10/30 04:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
      [2015/10/30 04:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
      [2015/10/30 04:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
      [2015/10/30 04:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
      [2015/10/30 04:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
      [2015/06/01 21:00:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
      [2015/06/01 19:46:58 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
      [2015/06/01 19:45:24 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
      [2015/05/10 16:46:10 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
      [2015/05/05 20:19:36 | 000,811,218 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.exe
      [2015/05/05 20:19:36 | 000,017,292 | ---- | C] () -- C:\Users\FreeFall\AppData\Roaming\unins000.dat
       
      ========== ZeroAccess Check ==========
       
      [2016/07/29 16:52:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
       
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
       
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\windows.storage.dll -- [2016/07/29 09:56:51 | 006,605,544 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\windows.storage.dll -- [2016/07/29 09:56:52 | 005,240,960 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 04:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 04:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 04:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== LOP Check ==========
       
      [2016/07/26 06:30:01 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2015/04/30 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fingertapps
      [2016/07/29 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\PCDr
      [2016/07/29 19:12:15 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Spotify
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %systemroot%\system32\drivers\*.* /90 >
       
      < %systemdrive%\drivers\*.exe >
       
      < %SYSTEMDRIVE%\*.* >
      [2015/10/30 04:18:34 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
      [2012/04/05 20:59:57 | 000,033,797 | RH-- | M] () -- C:\dell.sdr
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:46:02 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
       
      < %LOCALAPPDATA%\*.exe >
       
      < %LOCALAPPDATA%\*.txt >
       
      < %LOCALAPPDATA%\*.ini >
       
      < %LOCALAPPDATA%\*.dll >
       
      < %LOCALAPPDATA%\*.dat >
      [2015/07/29 21:01:02 | 000,105,576 | ---- | M] () -- C:\Users\FreeFall\AppData\Local\GDIPFONTCACHEV1.DAT
       
      < %USERPROFILE%\*.exe >
       
      < %USERPROFILE%\*.txt >
       
      < %USERPROFILE%\*.ini >
      [2016/07/29 11:09:05 | 000,000,020 | -HS- | M] () -- C:\Users\FreeFall\ntuser.ini
       
      < %USERPROFILE%\*.dll >
       
      < %USERPROFILE%\*.dat /30 >
      [2016/07/29 18:18:55 | 002,883,584 | -HS- | M] () -- C:\Users\FreeFall\NTUSER.DAT
       
      < C:\windows\system32\Tasks\*.* /s >
      [2015/05/22 21:24:12 | 000,001,066 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      [2015/05/22 21:24:12 | 000,001,070 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      [2016/04/27 04:10:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
       
      < C:\windows\system32\Tasks\*.* /s /64 >
      [2016/07/29 10:34:35 | 000,003,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Adobe Acrobat Update Task
      [2016/07/29 10:34:37 | 000,003,924 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineCore
      [2016/07/29 10:34:45 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineUA
      [2016/07/29 10:34:49 | 000,003,738 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\HPCustParticipation HP Officejet Pro 8100
      [2016/07/29 19:40:56 | 000,004,020 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      [2016/07/29 15:56:10 | 000,004,208 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
      [2016/07/29 10:34:36 | 000,003,194 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfeeLogon
      [2016/07/29 17:43:29 | 000,004,182 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\User_Feed_Synchronization-{F913369A-30D6-49AF-A679-1FFF203BAE96}
      [2016/07/29 10:34:47 | 000,003,040 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfee\McAfee Idle Detection Task
      [2016/07/29 10:34:42 | 000,004,196 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat
      [2016/07/29 10:34:37 | 000,003,658 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
      [2016/07/29 10:34:36 | 000,003,596 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
      [2016/07/29 10:34:38 | 000,004,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
      [2016/07/29 10:34:47 | 000,002,660 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
      [2016/07/29 10:34:43 | 000,002,666 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
      [2016/07/29 10:34:47 | 000,002,822 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
      [2016/07/29 10:34:43 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
      [2016/07/29 10:34:49 | 000,003,978 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
      [2016/07/29 10:34:48 | 000,003,436 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
      [2016/07/29 10:34:50 | 000,002,722 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
      [2016/07/29 10:34:37 | 000,003,320 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
      [2016/07/29 10:34:35 | 000,003,346 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
      [2016/07/29 11:10:19 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
      [2016/07/29 10:34:50 | 000,003,014 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      [2016/07/29 10:34:49 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
      [2016/07/29 10:34:39 | 000,003,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
      [2016/07/29 10:34:45 | 000,002,716 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
      [2016/07/29 10:34:38 | 000,003,026 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
      [2016/07/29 10:34:35 | 000,002,870 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
      [2016/07/29 10:34:42 | 000,002,936 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
      [2016/07/29 10:34:40 | 000,002,830 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
      [2016/07/29 10:34:40 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
      [2016/07/29 10:34:50 | 000,003,694 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
      [2016/07/29 10:34:38 | 000,003,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
      [2016/07/29 10:34:50 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
      [2016/07/29 10:34:46 | 000,002,780 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
      [2016/07/29 10:34:35 | 000,003,428 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Clip\License Validation
      [2016/07/29 10:34:44 | 000,002,242 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
      [2016/07/29 10:34:48 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
      [2016/07/29 10:34:50 | 000,003,410 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
      [2016/07/29 10:34:44 | 000,003,260 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
      [2016/07/29 10:34:35 | 000,003,714 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
      [2016/07/29 10:34:46 | 000,003,354 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
      [2016/07/29 10:34:45 | 000,002,930 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
      [2016/07/29 10:34:43 | 000,002,984 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
      [2016/07/29 11:44:23 | 000,003,198 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
      [2016/07/29 10:34:45 | 000,003,192 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
      [2016/07/29 11:44:23 | 000,003,112 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
      [2016/07/29 11:44:23 | 000,003,204 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
      [2016/07/29 11:08:38 | 000,003,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
      [2016/07/29 11:44:23 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
      [2016/07/29 11:44:23 | 000,003,212 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
      [2016/07/29 10:34:43 | 000,003,202 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
      [2016/07/29 10:34:36 | 000,003,308 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
      [2016/07/29 10:34:50 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
      [2016/07/29 10:34:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
      [2016/07/29 10:34:50 | 000,003,034 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
      [2016/07/29 10:34:37 | 000,002,766 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
      [2016/07/29 10:34:41 | 000,002,398 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
      [2016/07/29 10:34:45 | 000,002,562 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
      [2016/07/29 10:34:45 | 000,002,384 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DUSM\dusmtask
      [2016/07/29 10:34:40 | 000,002,782 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
      [2016/07/29 10:34:44 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
      [2016/07/29 10:34:41 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
      [2016/07/29 10:34:43 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
      [2016/07/29 10:34:38 | 000,003,550 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
      [2016/07/29 10:34:39 | 000,003,168 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
      [2016/07/29 10:34:48 | 000,003,340 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
      [2016/07/29 10:34:47 | 000,002,638 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\Notifications
      [2016/07/29 10:34:42 | 000,002,572 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\WindowsActionDialog
      [2016/07/29 10:34:50 | 000,003,002 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
      [2016/07/29 10:34:36 | 000,002,998 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Management\Provisioning\Logon
      [2016/07/29 10:34:42 | 000,002,946 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsToastTask
      [2016/07/29 10:34:39 | 000,003,474 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
      [2016/07/29 10:34:46 | 000,005,684 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
      [2016/07/29 10:34:39 | 000,003,446 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
      [2016/07/29 10:34:41 | 000,003,582 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
      [2016/07/29 10:34:38 | 000,003,578 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart
      [2016/07/29 10:34:40 | 000,002,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove
      [2016/07/29 10:34:37 | 000,002,574 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
      [2016/07/29 10:34:46 | 000,002,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
      [2016/07/29 10:34:48 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
      [2016/07/29 10:34:45 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
      [2016/07/29 10:34:44 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
      [2016/07/29 10:34:43 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks
      [2016/07/29 10:34:47 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
      [2016/07/29 10:34:38 | 000,002,992 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
      [2016/07/29 10:34:41 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
      [2016/07/29 10:34:45 | 000,002,338 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
      [2016/07/29 10:34:50 | 000,003,128 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
      [2016/07/29 10:34:50 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager
      [2016/07/29 10:34:39 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
      [2016/07/29 10:34:49 | 000,003,218 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup
      [2016/07/29 10:34:50 | 000,003,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
      [2016/07/29 10:37:28 | 000,004,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
      [2016/07/29 10:34:49 | 000,002,502 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
      [2016/07/29 10:34:42 | 000,002,544 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
      [2016/07/29 10:34:42 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
      [2016/07/29 10:34:40 | 000,002,838 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
      [2016/07/29 10:34:46 | 000,002,636 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask
      [2016/07/29 10:34:51 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
      [2016/07/29 10:34:51 | 000,004,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
      [2016/07/29 10:34:45 | 000,002,756 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
      [2016/07/29 10:34:37 | 000,003,802 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
      [2016/07/29 10:34:36 | 000,003,912 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
      [2016/07/29 21:05:27 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
      [2016/07/29 11:09:08 | 000,003,372 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
      [2016/07/29 10:34:41 | 000,004,048 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
      [2016/07/29 10:34:35 | 000,003,006 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
      [2016/07/29 10:34:35 | 000,003,070 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
      [2016/07/29 10:34:40 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
      [2016/07/29 10:34:40 | 000,003,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
      [2016/07/29 10:34:49 | 000,003,056 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
      [2016/07/29 10:34:40 | 000,003,126 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
      [2016/07/29 10:34:48 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
      [2016/07/29 10:34:42 | 000,002,968 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
      [2016/07/29 10:34:49 | 000,002,976 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR
      [2016/07/29 10:34:44 | 000,002,762 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive
      [2016/07/29 10:34:39 | 000,004,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
      [2016/07/29 10:34:39 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
      [2016/07/29 10:34:37 | 000,002,566 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
      [2016/07/29 10:34:39 | 000,002,932 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
      [2016/07/29 10:34:42 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
      [2016/07/29 10:34:44 | 000,002,600 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
      [2016/07/29 10:34:45 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
      [2016/07/29 10:34:46 | 000,003,592 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
      [2016/07/29 10:34:42 | 000,002,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
      [2016/07/29 10:34:40 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
      [2016/07/29 10:34:49 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
      [2016/07/29 16:33:28 | 000,002,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
      [2016/07/29 16:25:49 | 000,005,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
      [2016/07/29 10:34:43 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
      [2016/07/29 10:34:40 | 000,002,396 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
      [2016/07/29 10:34:47 | 000,003,650 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
      [2016/07/29 10:34:44 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WCM\WiFiTask
      [2016/07/29 10:34:49 | 000,002,892 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost
      [2016/07/29 10:34:50 | 000,003,990 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
      [2016/07/29 10:34:50 | 000,003,288 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
      [2016/07/29 10:34:44 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
      [2016/07/29 11:09:08 | 000,003,224 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
      [2016/07/29 21:26:41 | 000,005,246 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
      [2016/07/29 10:34:46 | 000,003,300 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sih
      [2016/07/29 10:34:34 | 000,003,186 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
      [2016/07/29 10:34:51 | 000,002,564 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask
      [2016/07/29 10:34:48 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
      [2016/07/29 10:34:41 | 000,002,794 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
      [2016/07/29 10:34:36 | 000,002,790 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
      [2016/07/29 10:34:36 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
      [2016/07/29 10:34:38 | 000,002,744 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
      [2016/07/29 10:34:44 | 000,004,116 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\License Validation
      [2016/07/29 10:34:47 | 000,002,784 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\WSTask
      [2016/07/29 10:34:42 | 000,004,490 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-2517854909-2660416918-4196023361-1000
       
      < %windir%\tasks\*.* /s >
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 18:46:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
       
      < %systemroot%\*.scr >
      [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
      "SavedLegacySettings" = 46 00 00 00 22 04 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
      "DefaultConnectionSettings" = 46 00 00 00 FF 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
       
      < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
       
      < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
       
      < \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
       
      < HKCU\Software\Microsoft\Internet Explorer\Downloads >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
      "AllowRemoteRPC" = 0
      "DelayConMgrTimeout" = 0
      "DeleteTempDirsOnExit" = 1
      "fDenyTSConnections" = 1
      "fSingleSessionPerUser" = 1
      "NotificationTimeOut" = 0
      "PerSessionTempDir" = 0
      "ProductVersion" = 5.1
      "RCDependentServices" = CertPropSvcSessionEnv [binary data]
      "SnapshotMonitors" = 1
      "StartRCM" = 0
      "TSUserEnabled" = 0
      "InstanceID" = 0988b076-e88a-4260-a571-7e151ad
      "GlassSessionId" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
      "auditbasedirectories" = 0
      "auditbaseobjects" = 0
      "Bounds" = 0  [binary data]
      "crashonauditfail" = 0
      "LimitBlankPasswordUse" = 1
      "NoLmHash" = 1
      "Notification Packages" = scecli [binary data] -- [2015/10/30 04:18:26 | 000,227,840 | ---- | M] (Microsoft Corporation)
      "Authentication Packages" = msv1_0 [binary data] -- [2016/07/29 09:56:54 | 000,294,752 | ---- | M] (Microsoft Corporation)
      "SecureBoot" = 1
      "disabledomaincreds" = 0
      "everyoneincludesanonymous" = 0
      "forceguest" = 0
      "restrictanonymous" = 0
      "restrictanonymoussam" = 1
      "fullprivilegeauditing" =  [binary data]
      "LsaPid" = 812
      "ProductType" = 3
      "Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
      "SamConnectedAccountsExist" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
       
      < \UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < \SpecialAccounts\UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
      "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2015/10/30 04:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation)
      "DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
      "ErrorControl" = 1
      "Start" = 3
      "Type" = 32
      "Description" = @%SystemRoot%\System32\termsrv.dll,-267
      "DependOnService" = RPCSS [binary data]
      "ObjectName" = NT Authority\NetworkService
      "ServiceSidType" = 1
      "RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
      "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
       
      < net user /c >
      Contas de usu rio para \\FREEFALL-PC
      -------------------------------------------------------------------------------
      Administrador            Convidado                DefaultAccount          
      FreeFall                
      Comando conclu¡do com ˆxito.
       
      < MD5 for: TERMSRV.DLL  >
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\System32\termsrv.dll
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\WINDOWS\SysNative\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.10586.0_none_1b24da20fe9b4a93\termsrv.dll
      [2010/11/21 00:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
      [2014/07/16 23:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
      [2014/10/13 23:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
      [2014/07/16 00:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
       
      < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt   < End of report > -->