Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

virginiagonzaga

Analise de log

9 posts neste tópico

Meu log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:23:38, on 07/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e7cb019e-bf3b-4c48-9673-48c323b18e31} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')
O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 User Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7722 bytes
 

..............................................................................................

Boa tarde,

meu PC esta começando a reinicializar sozinho novamente,

qdo ele volta dá o seguinte erro:

Nome do Evento de Problema:           BlueScreen

  Versão do sistema operacional:        6.1.7601.2.1.0.256.1

  Identificação da Localidade:             1046

 

Informações adicionais sobre o problema:

  BCCode:                                               116

  BCP1:                                                    85C66510

  BCP2:                                                    90BD495E

  BCP3:                                                    C000000D

  BCP4:                                                    00000003

  OS Version:                                          6_1_7601

  Service Pack:                                       1_0

  Product:                                               256_1

 

Arquivos que ajudam a descrever o problema:

  C:\Windows\Minidump\020713-14710-01.dmp

  C:\Users\Virginia\AppData\Local\Temp\WER-42775-0.sysdata.xml

 

Leia nossa declaração de privacidade online:

  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0416

 

Se a declaração de privacidade online não estiver disponível, leia nossa declaração de privacidade offline:

  C:\Windows\system32\pt-BR\erofflps.txt

 

 

O que será desta vez?! :-

 

Obrigada

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não acredito em Vírus e sim em problema de hardware, mas faça uma verificação..

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-02-07.01 - Virginia 07/02/2013  16:00:33.1.4 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1975.1188 [GMT -2:00]

Executando de: c:\users\Virginia\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 208 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\isRS-000.tmp

c:\windows\UA000091.DLL

C:\wins

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2013-01-07 to 2013-02-07  ))))))))))))))))))))))))))))

.

.

2013-02-07 17:39 . 2013-02-07 17:39    --------    d-----w-    c:\users\Virginia\AppData\Local\Programs

2013-02-07 17:11 . 2013-02-07 17:10    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll

2013-02-07 16:20 . 2013-02-07 16:20    --------    d-----w-    c:\program files\DsNET Corp

2013-02-05 11:40 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C671AB81-FAB8-49CF-95A6-959BA92B932E}\mpengine.dll

2013-02-04 19:22 . 2013-02-04 19:22    --------    d-----w-    c:\users\Virginia\AppData\Local\DigitalVolcano

2013-02-04 00:34 . 2013-02-04 00:34    --------    d-----w-    c:\users\Virginia\AppData\Roaming\PlataGames

2013-01-31 17:29 . 2013-01-31 17:29    --------    d-----w-    c:\programdata\rionix

2013-01-30 20:17 . 2013-01-30 21:57    --------    d-----w-    c:\users\Virginia\AppData\Roaming\PeaceCraft3

2013-01-30 14:26 . 2013-01-30 14:26    --------    d-----w-    c:\programdata\PopCap Games

2013-01-29 23:53 . 2013-01-29 23:54    --------    d-----w-    c:\users\Virginia\AppData\Local\Farmington Tales

2013-01-26 22:07 . 2013-01-26 22:07    --------    d-----w-    c:\users\Virginia\AppData\Local\JollyBear

2013-01-26 22:07 . 2013-01-26 22:07    --------    d-----w-    c:\programdata\JollyBear

2013-01-26 19:52 . 2013-01-26 19:52    --------    d-----w-    c:\users\Virginia\AppData\Roaming\2monkeys

2013-01-24 19:58 . 2013-01-24 19:58    --------    d-----w-    c:\users\Virginia\AppData\Roaming\GrandMA Studios

2013-01-17 23:46 . 2013-01-19 15:17    --------    d-----w-    c:\windows\softwaredistribution.bak1

2013-01-17 23:45 . 2013-01-17 23:50    --------    d-----w-    c:\program files\Coopoint

2013-01-17 16:37 . 2013-01-17 16:37    --------    d-----w-    c:\users\Virginia\AppData\Roaming\iWin

2013-01-17 16:37 . 2013-01-17 16:37    --------    d-----w-    c:\programdata\iWin

2013-01-17 16:05 . 2013-01-17 16:05    388608    ----a-w-    C:\HijackThis.exe

2013-01-17 01:12 . 2013-01-17 01:12    --------    d-----w-    c:\windows\system32\Wat

2013-01-17 00:46 . 2013-01-17 00:46    --------    d-----w-    c:\users\Virginia\AppData\Roaming\Lonely Troops

2013-01-16 21:01 . 2013-01-16 21:01    --------    d-----w-    C:\e49ece6abe0c9a3bf3254846c4

2013-01-16 21:00 . 2013-01-16 21:00    --------    d-----w-    c:\windows\CheckSur

2013-01-16 20:22 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\system32\msxml6.dll

2013-01-16 20:22 . 2012-11-23 02:48    49152    ----a-w-    c:\windows\system32\taskhost.exe

2013-01-16 20:22 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\system32\usp10.dll

2013-01-16 20:22 . 2012-11-23 02:56    2345984    ----a-w-    c:\windows\system32\win32k.sys

2013-01-16 20:22 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\system32\win32spl.dll

2013-01-16 20:20 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\system32\ncrypt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-07 17:10 . 2012-08-12 19:13    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll

2013-02-07 17:10 . 2012-08-12 19:13    782240    ----a-w-    c:\windows\system32\deployJava1.dll

2013-01-17 03:28 . 2012-06-06 19:14    232336    ------w-    c:\windows\system32\MpSigStub.exe

2013-01-16 20:47 . 2012-06-07 18:15    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-16 20:47 . 2012-06-07 18:15    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe

2012-12-16 14:13 . 2013-01-02 11:37    295424    ----a-w-    c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2013-01-02 11:37    34304    ----a-w-    c:\windows\system32\atmlib.dll

2012-12-14 18:49 . 2012-06-09 22:01    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys

2012-12-03 15:39 . 2013-01-02 11:05    9373032    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys

2012-12-03 15:39 . 2013-01-02 11:05    6149904    ----a-w-    c:\windows\system32\nvopencl.dll

2012-12-03 15:39 . 2013-01-02 11:05    2606440    ----a-w-    c:\windows\system32\nvcuvid.dll

2012-12-03 15:39 . 2013-01-02 11:05    20335976    ----a-w-    c:\windows\system32\nvoglv32.dll

2012-12-03 15:39 . 2013-01-02 11:05    12603960    ----a-w-    c:\windows\system32\nvwgf2um.dll

2012-12-03 15:39 . 2013-01-02 11:05    7819016    ----a-w-    c:\windows\system32\nvcuda.dll

2012-12-03 15:39 . 2013-01-02 11:05    1874280    ----a-w-    c:\windows\system32\nvcuvenc.dll

2012-12-03 15:39 . 2013-01-02 11:05    17559912    ----a-w-    c:\windows\system32\nvcompiler.dll

2012-12-03 15:39 . 2012-09-14 21:25    889192    ----a-w-    c:\windows\system32\nvdispgenco32.dll

2012-12-03 15:39 . 2012-06-06 18:40    15122280    ----a-w-    c:\windows\system32\nvd3dum.dll

2012-12-03 15:39 . 2012-06-06 18:40    1011048    ----a-w-    c:\windows\system32\nvdispco32.dll

2012-12-03 15:39 . 2012-06-06 18:40    2496976    ----a-w-    c:\windows\system32\nvapi.dll

2012-12-01 04:38 . 2012-06-06 18:41    2869608    ----a-w-    c:\windows\system32\nvsvc.dll

2012-12-01 04:38 . 2012-06-06 18:41    3984744    ----a-w-    c:\windows\system32\nvcpl.dll

2012-12-01 04:37 . 2012-06-06 18:41    645480    ----a-w-    c:\windows\system32\nvvsvc.exe

2012-12-01 04:37 . 2012-06-06 18:41    62312    ----a-w-    c:\windows\system32\nvshext.dll

2012-12-01 04:37 . 2012-06-06 18:41    2557288    ----a-w-    c:\windows\system32\nvsvcr.dll

2012-12-01 04:37 . 2012-06-06 18:41    108392    ----a-w-    c:\windows\system32\nvmctray.dll

2012-12-01 00:43 . 2012-12-01 00:43    438632    ----a-w-    c:\windows\system32\nvStreaming.exe

2012-11-14 02:09 . 2013-01-02 11:36    1800704    ----a-w-    c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2013-01-02 11:36    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2013-01-02 11:36    1129472    ----a-w-    c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2013-01-02 11:36    142848    ----a-w-    c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2013-01-02 11:36    420864    ----a-w-    c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2013-01-02 11:36    2382848    ----a-w-    c:\windows\system32\mshtml.tlb

2012-06-07 19:13 . 2012-06-07 19:13    11035168    ----a-w-    c:\program files\Common Files\lpuninstall.exe

2013-02-06 12:40 . 2013-02-06 12:40    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-6-7 11035168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 18:05    1585768    ----a-w-    c:\program files\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 20:47]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: Preenchimento de formulários LastPass - file://c:\program files\LastPass\context.html?cmd=fillforms

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 201.6.2.177 201.6.2.87

FF - ProfilePath - c:\users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d27b4f35000000000000d027884ed223&q=

FF - user.js: extensions.BabylonToolbar.id - d27b4f35000000000000d027884ed223

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15600

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1220:54

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=44444&tt=120912_pcp_3812_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{e7cb019e-bf3b-4c48-9673-48c323b18e31} - (no file)

WebBrowser-{E7CB019E-BF3B-4C48-9673-48C323B18E31} - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-02-07  16:07:28

ComboFix-quarantined-files.txt  2013-02-07 18:07

ComboFix2.txt  2012-06-06 02:27

ComboFix3.txt  2012-06-06 01:25

ComboFix4.txt  2012-06-05 23:50

.

Pré-execução: 453.304.614.912 bytes disponíveis

Pós execução: 452.833.783.808 bytes disponíveis

.

- - End Of File - - BAF139B5FCC336320F66A99AAF324343

Novo log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:16:46, on 07/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6322 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do AdWCleaner:

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 17:30:10

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Virginia - VIRGINIA-PC

# Boot Mode : Normal

# Running from : C:\Users\Virginia\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\BrowserMngr_extensions.sqlite

File Deleted : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\browsermngr_prefs.js

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\iWin

Folder Deleted : C:\Users\Virginia\AppData\Local\Conduit

Folder Deleted : C:\Users\Virginia\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Virginia\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Virginia\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Virginia\AppData\Roaming\iWin

Folder Deleted : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\Smartbar

Folder Deleted : C:\Users\Virginia\AppData\Roaming\OpenCandy

Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481031

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\Software\PIP

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_3812_1&babsrc=NT_ss&mntrId=d27b4f35000000000000d027884ed223 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (pt-BR)

File : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\prefs.js

C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\user.js ... Deleted !

Deleted : user_pref("CT2481031.1000082.isPlayDisplay", "true");

Deleted : user_pref("CT2481031.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT2481031.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT2481031.FirstTime", "true");

Deleted : user_pref("CT2481031.FirstTimeFF3", "true");

Deleted : user_pref("CT2481031.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]

Deleted : user_pref("CT2481031.UserID", "UN67984388292163998");

Deleted : user_pref("CT2481031.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT2481031.autoDisableScopes", -1);

Deleted : user_pref("CT2481031.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT2481031.defaultSearch", "true");

Deleted : user_pref("CT2481031.embeddedsData", "[{\"appId\":\"129058857959969508\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT2481031.enableAlerts", "false");

Deleted : user_pref("CT2481031.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT2481031.firstTimeDialogOpened", "true");

Deleted : user_pref("CT2481031.fixPageNotFoundError", "true");

Deleted : user_pref("CT2481031.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT2481031.installId", "ConduitNSISIntegration");

Deleted : user_pref("CT2481031.installType", "ConduitNSISIntegration");

Deleted : user_pref("CT2481031.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.isNewTabEnabled", true);

Deleted : user_pref("CT2481031.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT2481031.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT2481031.keyword", true);

Deleted : user_pref("CT2481031.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp://conexaoblog10.bl[...]

Deleted : user_pref("CT2481031.openThankYouPage", "false");

Deleted : user_pref("CT2481031.openUninstallPage", "false");

Deleted : user_pref("CT2481031.search.searchAppId", "129058857959969508");

Deleted : user_pref("CT2481031.search.searchCount", "0");

Deleted : user_pref("CT2481031.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT2481031.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT2481031.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT2481031.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT2481031.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1340931558475");

Deleted : user_pref("CT2481031.serviceLayer_services_appTracking_lastUpdate", "1340931560853");

Deleted : user_pref("CT2481031.serviceLayer_services_appsMetadata_lastUpdate", "1340931558033");

Deleted : user_pref("CT2481031.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1340931558779");

Deleted : user_pref("CT2481031.serviceLayer_services_login_10.10.6.6_lastUpdate", "1340983591169");

Deleted : user_pref("CT2481031.serviceLayer_services_optimizer_lastUpdate", "1340931559809");

Deleted : user_pref("CT2481031.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1340931558645");

Deleted : user_pref("CT2481031.serviceLayer_services_searchAPI_lastUpdate", "1340931557178");

Deleted : user_pref("CT2481031.serviceLayer_services_serviceMap_lastUpdate", "1340931524614");

Deleted : user_pref("CT2481031.serviceLayer_services_toolbarContextMenu_lastUpdate", "1340931558588");

Deleted : user_pref("CT2481031.serviceLayer_services_toolbarSettings_lastUpdate", "1340983591357");

Deleted : user_pref("CT2481031.serviceLayer_services_translation_lastUpdate", "1340931558466");

Deleted : user_pref("CT2481031.settingsINI", true);

Deleted : user_pref("CT2481031.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT2481031.smartbar.CTID", "CT2481031");

Deleted : user_pref("CT2481031.smartbar.Uninstall", "0");

Deleted : user_pref("CT2481031.smartbar.homepage", true);

Deleted : user_pref("CT2481031.smartbar.isHidden", true);

Deleted : user_pref("CT2481031.smartbar.toolbarName", "Ashampoo BR ");

Deleted : user_pref("CT2481031.startPage", "userChanged");

Deleted : user_pref("CT2481031.toolbarBornServerTime", "29-6-2012");

Deleted : user_pref("CT2481031.toolbarCurrentServerTime", "29-6-2012");

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2481031&Se[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo BR Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ct[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2481031");

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_3812_1[...]

Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=44444&tt=120912_pcp_3812_1");

Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");

Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "17");

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");

Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");

Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "9481E7215C85AE85523A35C33727A008");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.hrdid", "d27b4f35000000000000d027884ed223");

Deleted : user_pref("extensions.BabylonToolbar.id", "d27b4f35000000000000d027884ed223");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15600");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.instlday", "15600");

Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");

Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1220:54:56");

Deleted : user_pref("extensions.BabylonToolbar.lastdp", 17);

Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");

Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");

Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srch", "");

Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1220:54:56");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1220:54:56");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=44444&tt=120912_pcp_3812_1");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1220:54:56");

Deleted : user_pref("quickstores.toolbar.affid", "2017");

Deleted : user_pref("quickstores.toolbar.guid", "{0DAA3B18-9688-98B5-B55C-6D9719657738}");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_381[...]

*************************

AdwCleaner[s1].txt - [14704 octets] - [07/02/2013 17:30:10]

########## EOF - C:\AdwCleaner[s1].txt - [14765 octets] ##########

Log do outro:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:38:40, on 07/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')

O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 User Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6720 bytes

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faltou o Log JRT.txt.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
Faltou o Log JRT.txt.

Me perdoe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.2 (02.02.2013:2)

OS: Windows 7 Ultimate x86

Ran by Virginia on 07/02/2013 at 17:35:17,62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"

Successfully deleted: [Folder] "C:\Users\Virginia\AppData\Roaming\fighters"

Successfully deleted: [Folder] "C:\Users\Virginia\start menu\programs\browser manager"

~~~ FireFox

Successfully deleted the following from C:\Users\Virginia\AppData\Roaming\mozilla\firefox\profiles\lhcod942.default\prefs.js

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor

user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ

user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\\\:\\\\/\\\\/msxml\\\\.excite\\\\.com\\\\/search\\\\/.*");

Emptied folder: C:\Users\Virginia\AppData\Roaming\mozilla\firefox\profiles\lhcod942.default\minidumps [295 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/02/2013 at 17:37:27,94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo, por aqui nada mais a fazer.
Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigada, fico até sem graça de só aparecer aqui para pedir socorro, mas não nasci com o seu dom.

Tenha um ótimo feriado e de novo super obrigada:-)

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 20 Mensagens
    • 381 Visualizações
    • 6 Mensagens
    • 58 Visualizações
    • 12 Mensagens
    • 73 Visualizações
    • 16 Mensagens
    • 244 Visualizações
    • 13 Mensagens
    • 220 Visualizações

  • Postagens Recentes

    • Análise de logs - encaminhamento para sites duvidosos
      4
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015/10/30 04:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2015/10/30 04:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
       
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015/10/30 04:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
       
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
       
      ========== LOP Check ==========
       
      [2016/07/26 06:30:01 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fantasy Grounds
      [2015/04/30 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Fingertapps
      [2016/07/29 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\PCDr
      [2016/07/29 19:12:15 | 000,000,000 | ---D | M] -- C:\Users\FreeFall\AppData\Roaming\Spotify
       
      ========== Purity Check ==========
       
       
       
      ========== Custom Scans ==========
       
      < %systemroot%\system32\drivers\*.* /90 >
       
      < %systemdrive%\drivers\*.exe >
       
      < %SYSTEMDRIVE%\*.* >
      [2015/10/30 04:18:34 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
      [2012/04/05 20:59:57 | 000,033,797 | RH-- | M] () -- C:\dell.sdr
      [2016/07/29 18:58:28 | 3149,082,624 | -HS- | M] () -- C:\hiberfil.sys
      [2016/07/29 19:18:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
      [2016/07/29 18:46:02 | 4294,967,295 | -HS- | M] () -- C:\pagefile.sys
      [2016/07/29 18:46:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
       
      < %LOCALAPPDATA%\*.exe >
       
      < %LOCALAPPDATA%\*.txt >
       
      < %LOCALAPPDATA%\*.ini >
       
      < %LOCALAPPDATA%\*.dll >
       
      < %LOCALAPPDATA%\*.dat >
      [2015/07/29 21:01:02 | 000,105,576 | ---- | M] () -- C:\Users\FreeFall\AppData\Local\GDIPFONTCACHEV1.DAT
       
      < %USERPROFILE%\*.exe >
       
      < %USERPROFILE%\*.txt >
       
      < %USERPROFILE%\*.ini >
      [2016/07/29 11:09:05 | 000,000,020 | -HS- | M] () -- C:\Users\FreeFall\ntuser.ini
       
      < %USERPROFILE%\*.dll >
       
      < %USERPROFILE%\*.dat /30 >
      [2016/07/29 18:18:55 | 002,883,584 | -HS- | M] () -- C:\Users\FreeFall\NTUSER.DAT
       
      < C:\windows\system32\Tasks\*.* /s >
      [2015/05/22 21:24:12 | 000,001,066 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
      [2015/05/22 21:24:12 | 000,001,070 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
      [2016/04/27 04:10:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
       
      < C:\windows\system32\Tasks\*.* /s /64 >
      [2016/07/29 10:34:35 | 000,003,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Adobe Acrobat Update Task
      [2016/07/29 10:34:37 | 000,003,924 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineCore
      [2016/07/29 10:34:45 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\GoogleUpdateTaskMachineUA
      [2016/07/29 10:34:49 | 000,003,738 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\HPCustParticipation HP Officejet Pro 8100
      [2016/07/29 19:40:56 | 000,004,020 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      [2016/07/29 15:56:10 | 000,004,208 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
      [2016/07/29 10:34:36 | 000,003,194 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfeeLogon
      [2016/07/29 17:43:29 | 000,004,182 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\User_Feed_Synchronization-{F913369A-30D6-49AF-A679-1FFF203BAE96}
      [2016/07/29 10:34:47 | 000,003,040 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\McAfee\McAfee Idle Detection Task
      [2016/07/29 10:34:42 | 000,004,196 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat
      [2016/07/29 10:34:37 | 000,003,658 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
      [2016/07/29 10:34:36 | 000,003,596 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
      [2016/07/29 10:34:38 | 000,004,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
      [2016/07/29 10:34:47 | 000,002,660 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
      [2016/07/29 10:34:43 | 000,002,666 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
      [2016/07/29 10:34:47 | 000,002,822 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
      [2016/07/29 10:34:43 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
      [2016/07/29 10:34:49 | 000,003,978 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
      [2016/07/29 10:34:48 | 000,003,436 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
      [2016/07/29 10:34:50 | 000,002,722 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
      [2016/07/29 10:34:37 | 000,003,320 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
      [2016/07/29 10:34:35 | 000,003,346 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
      [2016/07/29 11:10:19 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
      [2016/07/29 10:34:50 | 000,003,014 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
      [2016/07/29 10:34:49 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
      [2016/07/29 10:34:39 | 000,003,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
      [2016/07/29 10:34:45 | 000,002,716 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup
      [2016/07/29 10:34:38 | 000,003,026 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
      [2016/07/29 10:34:35 | 000,002,870 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
      [2016/07/29 10:34:42 | 000,002,936 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
      [2016/07/29 10:34:40 | 000,002,830 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
      [2016/07/29 10:34:40 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
      [2016/07/29 10:34:50 | 000,003,694 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
      [2016/07/29 10:34:38 | 000,003,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
      [2016/07/29 10:34:50 | 000,003,554 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
      [2016/07/29 10:34:46 | 000,002,780 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
      [2016/07/29 10:34:35 | 000,003,428 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Clip\License Validation
      [2016/07/29 10:34:44 | 000,002,242 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\CloudExperienceHost\CreateObjectTask
      [2016/07/29 10:34:48 | 000,003,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
      [2016/07/29 10:34:50 | 000,003,410 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
      [2016/07/29 10:34:44 | 000,003,260 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
      [2016/07/29 10:34:35 | 000,003,714 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
      [2016/07/29 10:34:46 | 000,003,354 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
      [2016/07/29 10:34:45 | 000,002,930 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
      [2016/07/29 10:34:43 | 000,002,984 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
      [2016/07/29 11:44:23 | 000,003,198 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
      [2016/07/29 10:34:45 | 000,003,192 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
      [2016/07/29 11:44:23 | 000,003,112 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
      [2016/07/29 11:44:23 | 000,003,204 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
      [2016/07/29 11:08:38 | 000,003,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
      [2016/07/29 11:44:23 | 000,003,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
      [2016/07/29 11:44:23 | 000,003,212 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
      [2016/07/29 10:34:43 | 000,003,202 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
      [2016/07/29 10:34:36 | 000,003,308 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
      [2016/07/29 10:34:50 | 000,003,092 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
      [2016/07/29 10:34:46 | 000,003,072 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
      [2016/07/29 10:34:50 | 000,003,034 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
      [2016/07/29 10:34:37 | 000,002,766 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
      [2016/07/29 10:34:41 | 000,002,398 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
      [2016/07/29 10:34:45 | 000,002,562 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
      [2016/07/29 10:34:45 | 000,002,384 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\DUSM\dusmtask
      [2016/07/29 10:34:40 | 000,002,782 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
      [2016/07/29 10:34:44 | 000,002,948 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
      [2016/07/29 10:34:41 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient
      [2016/07/29 10:34:43 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
      [2016/07/29 10:34:38 | 000,003,550 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
      [2016/07/29 10:34:39 | 000,003,168 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
      [2016/07/29 10:34:48 | 000,003,340 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
      [2016/07/29 10:34:47 | 000,002,638 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\Notifications
      [2016/07/29 10:34:42 | 000,002,572 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Location\WindowsActionDialog
      [2016/07/29 10:34:50 | 000,003,002 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
      [2016/07/29 10:34:36 | 000,002,998 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Management\Provisioning\Logon
      [2016/07/29 10:34:42 | 000,002,946 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsToastTask
      [2016/07/29 10:34:39 | 000,003,474 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
      [2016/07/29 10:34:46 | 000,005,684 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
      [2016/07/29 10:34:39 | 000,003,446 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
      [2016/07/29 10:34:41 | 000,003,582 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
      [2016/07/29 10:34:38 | 000,003,578 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MobilePC\HotStart
      [2016/07/29 10:34:40 | 000,002,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove
      [2016/07/29 10:34:37 | 000,002,574 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
      [2016/07/29 10:34:46 | 000,002,444 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
      [2016/07/29 10:34:48 | 000,002,996 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\NlaSvc\WiFiTask
      [2016/07/29 10:34:45 | 000,002,944 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
      [2016/07/29 10:34:44 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
      [2016/07/29 10:34:43 | 000,002,880 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks
      [2016/07/29 10:34:47 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
      [2016/07/29 10:34:38 | 000,002,992 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
      [2016/07/29 10:34:41 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
      [2016/07/29 10:34:45 | 000,002,338 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
      [2016/07/29 10:34:50 | 000,003,128 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
      [2016/07/29 10:34:50 | 000,003,462 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager
      [2016/07/29 10:34:39 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
      [2016/07/29 10:34:49 | 000,003,218 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup
      [2016/07/29 10:34:50 | 000,003,796 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
      [2016/07/29 10:37:28 | 000,004,030 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
      [2016/07/29 10:34:49 | 000,002,502 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
      [2016/07/29 10:34:42 | 000,002,544 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
      [2016/07/29 10:34:42 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
      [2016/07/29 10:34:40 | 000,002,838 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
      [2016/07/29 10:34:46 | 000,002,636 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask
      [2016/07/29 10:34:51 | 000,003,512 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
      [2016/07/29 10:34:51 | 000,004,052 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
      [2016/07/29 10:34:45 | 000,002,756 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
      [2016/07/29 10:34:37 | 000,003,802 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
      [2016/07/29 10:34:36 | 000,003,912 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
      [2016/07/29 21:05:27 | 000,004,680 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
      [2016/07/29 11:09:08 | 000,003,372 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
      [2016/07/29 10:34:41 | 000,004,048 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
      [2016/07/29 10:34:35 | 000,003,006 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
      [2016/07/29 10:34:35 | 000,003,070 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask
      [2016/07/29 10:34:40 | 000,003,200 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
      [2016/07/29 10:34:40 | 000,003,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
      [2016/07/29 10:34:49 | 000,003,056 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
      [2016/07/29 10:34:40 | 000,003,126 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
      [2016/07/29 10:34:48 | 000,002,972 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
      [2016/07/29 10:34:42 | 000,002,968 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
      [2016/07/29 10:34:49 | 000,002,976 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR
      [2016/07/29 10:34:44 | 000,002,762 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive
      [2016/07/29 10:34:39 | 000,004,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
      [2016/07/29 10:34:39 | 000,004,176 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
      [2016/07/29 10:34:37 | 000,002,566 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
      [2016/07/29 10:34:39 | 000,002,932 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
      [2016/07/29 10:34:42 | 000,002,902 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
      [2016/07/29 10:34:44 | 000,002,600 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
      [2016/07/29 10:34:45 | 000,002,816 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
      [2016/07/29 10:34:46 | 000,003,592 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
      [2016/07/29 10:34:42 | 000,002,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install
      [2016/07/29 10:34:40 | 000,002,342 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install
      [2016/07/29 10:34:49 | 000,002,904 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot
      [2016/07/29 16:33:28 | 000,002,268 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot
      [2016/07/29 16:25:49 | 000,005,286 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan
      [2016/07/29 10:34:43 | 000,002,330 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display
      [2016/07/29 10:34:40 | 000,002,396 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot
      [2016/07/29 10:34:50 | 000,002,328 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
      [2016/07/29 10:34:47 | 000,003,650 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
      [2016/07/29 10:34:44 | 000,002,920 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WCM\WiFiTask
      [2016/07/29 10:34:49 | 000,002,892 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost
      [2016/07/29 10:34:50 | 000,003,990 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
      [2016/07/29 10:34:50 | 000,003,288 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
      [2016/07/29 10:34:44 | 000,003,420 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
      [2016/07/29 11:09:08 | 000,003,224 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
      [2016/07/29 10:34:37 | 000,003,426 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
      [2016/07/29 21:26:41 | 000,005,246 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
      [2016/07/29 10:34:46 | 000,003,300 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sih
      [2016/07/29 10:34:34 | 000,003,186 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
      [2016/07/29 10:34:51 | 000,002,564 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask
      [2016/07/29 10:34:48 | 000,003,060 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
      [2016/07/29 10:34:41 | 000,002,794 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
      [2016/07/29 10:34:36 | 000,002,790 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
      [2016/07/29 10:34:36 | 000,003,090 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
      [2016/07/29 10:34:38 | 000,002,744 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join
      [2016/07/29 10:34:44 | 000,004,116 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\License Validation
      [2016/07/29 10:34:47 | 000,002,784 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\Microsoft\Windows\WS\WSTask
      [2016/07/29 10:34:42 | 000,004,490 | ---- | M] () -- C:\WINDOWS\SysNative\Tasks\WPD\SqmUpload_S-1-5-21-2517854909-2660416918-4196023361-1000
       
      < %windir%\tasks\*.* /s >
      [2016/07/29 18:59:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
      [2016/07/29 21:49:08 | 000,001,070 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
      [2016/07/29 18:46:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
       
      < %systemroot%\*.scr >
      [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
      "SavedLegacySettings" = 46 00 00 00 22 04 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
      "DefaultConnectionSettings" = 46 00 00 00 FF 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 12 B3 26 50 6C 84 D0 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 01 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
       
      < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
       
      < HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
       
      < HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
       
      < \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
       
      < HKCU\Software\Microsoft\Internet Explorer\Downloads >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
      "ActiveXCache" = C:\Windows\Downloaded Program Files -- [2015/10/30 04:24:29 | 000,000,000 | --SD | M]
      "CodeBaseSearchPath" = CODEBASE
      "EnablePunycode" = 1
      "MinorVersion" = 0
      "WarnOnIntranet" = 1
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\LUI]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
      "AllowRemoteRPC" = 0
      "DelayConMgrTimeout" = 0
      "DeleteTempDirsOnExit" = 1
      "fDenyTSConnections" = 1
      "fSingleSessionPerUser" = 1
      "NotificationTimeOut" = 0
      "PerSessionTempDir" = 0
      "ProductVersion" = 5.1
      "RCDependentServices" = CertPropSvcSessionEnv [binary data]
      "SnapshotMonitors" = 1
      "StartRCM" = 0
      "TSUserEnabled" = 0
      "InstanceID" = 0988b076-e88a-4260-a571-7e151ad
      "GlassSessionId" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ClusterSettings]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
      "auditbasedirectories" = 0
      "auditbaseobjects" = 0
      "Bounds" = 0  [binary data]
      "crashonauditfail" = 0
      "LimitBlankPasswordUse" = 1
      "NoLmHash" = 1
      "Notification Packages" = scecli [binary data] -- [2015/10/30 04:18:26 | 000,227,840 | ---- | M] (Microsoft Corporation)
      "Authentication Packages" = msv1_0 [binary data] -- [2016/07/29 09:56:54 | 000,294,752 | ---- | M] (Microsoft Corporation)
      "SecureBoot" = 1
      "disabledomaincreds" = 0
      "everyoneincludesanonymous" = 0
      "forceguest" = 0
      "restrictanonymous" = 0
      "restrictanonymoussam" = 1
      "fullprivilegeauditing" =  [binary data]
      "LsaPid" = 812
      "ProductType" = 3
      "Security Packages" = kerberosmsv1_0schannelwdigestt [Binary data over 200 bytes]
      "SamConnectedAccountsExist" = 1
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
       
      < \UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
      "DefaultDomainName" =
      "DefaultUserName" =
      "EnableSIHostIntegration" = 1
      "PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
      "Shell" = explorer.exe -- [2016/07/29 09:57:37 | 004,074,160 | ---- | M] (Microsoft Corporation)
      "ShellCritical" = 0
      "SiHostCritical" = 0
      "SiHostReadyTimeOut" = 0
      "SiHostRestartCountLimit" = 0
      "SiHostRestartTimeGap" = 0
      "Userinit" = C:\WINDOWS\system32\userinit.exe,
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
       
      < \SpecialAccounts\UserList >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
      "Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
      "ApplicationTileImmersiveActivation" = 1
      "AssociationActivationMode" = 0
      "AutoHide" = yes
      "Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
      "Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL" =  [binary data]
      "Delete_Temp_Files_On_Exit" = yes
      "Enable_Disk_Cache" = yes
      "Extensions Off Page" = about:NoAdd-ons
      "Local Page" = C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height" = 1A 00 00 00  [binary data]
      "Placeholder_Width" = 1A 00 00 00  [binary data]
      "Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page" = about:SecurityRisk
      "Start Page" = http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS" = yes
      "x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2016/07/29 09:57:46 | 000,820,416 | ---- | M] (Microsoft Corporation)
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
       
      < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
      "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2015/10/30 04:18:25 | 000,037,256 | ---- | M] (Microsoft Corporation)
      "DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
      "ErrorControl" = 1
      "Start" = 3
      "Type" = 32
      "Description" = @%SystemRoot%\System32\termsrv.dll,-267
      "DependOnService" = RPCSS [binary data]
      "ObjectName" = NT Authority\NetworkService
      "ServiceSidType" = 1
      "RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
      "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
       
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
       
      < net user /c >
      Contas de usu rio para \\FREEFALL-PC
      -------------------------------------------------------------------------------
      Administrador            Convidado                DefaultAccount          
      FreeFall                
      Comando conclu¡do com ˆxito.
       
      < MD5 for: TERMSRV.DLL  >
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\System32\termsrv.dll
      [2014/10/13 23:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\WINDOWS\SysNative\termsrv.dll
      [2015/10/30 04:18:18 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=14307D4801C8CEF0A615907C09E886B3 -- C:\Windows\WinSxS\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_10.0.10586.0_none_1b24da20fe9b4a93\termsrv.dll
      [2010/11/21 00:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
      [2014/07/16 23:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
      [2014/10/13 23:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
      [2014/07/16 00:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
       
      < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
       
      ========== Alternate Data Streams ==========
       
      @Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt   < End of report > -->