Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Moah

HomeTab erro

14 posts neste tópico

Fiz uma limpeza na máquina como ensinam aqui utilizando diversos programas, um deles(não me recordo qual) detectou o HomeTab como adware e o excluiu, depois disso todas as vezes que inicio o windows aparece uma janela com a seguinte informação;

"Houve um problema na inicialização do c:\program\file\HomeTab\TBUpdater.dll

 

Não foi possível encontrar o módulo especificado."

 

Como resolver?

Desde já agradeço

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

MR. Million o Adware não está na lista de programas instalados nem como extensão ou complemento dos navegadores(Chrome, Firefox, IE, Dragon).

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Foi um Programa instalado por você, como mostra o link que te passei, a pasta se encontra em c:\program\file\HomeTab, delete esta pasta e veja se o problema permanece..Não é problema de Malwares..



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pois é, mas o estranho é que nenhuma das pastas que aparece neste caminho existe. :S

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Veja se você fez estes Procedimentos para a Pasta aparecer... ...

 

Iniciar » Painel de Controle » Opções de pasta.

Clique na aba Modo de exibição.

Selecione o botão Mostrar pastas e arquivos ocultos.

Desmarque a caixa Ocultar arquivos protegidos do sistema operacional (recomendado).

Clique em OK.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fiz este procedimento e não apareceu.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos fazer uma última tentativa...

Baixe OTL by OldTimer, e salve na sua Área de Trabalho.

Feche todas as janelas e execute a Ferramenta.

** Usuários do Windows Vista e Windows 7:
Clique com o direito sobre o arquivo, depois clique em


execadmin.png.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

    Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%systemroot%\system32\drivers\*.* /90
%systemdrive%\drivers\*.exe
%SYSTEMDRIVE%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.* /s
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
net user /c
/md5start
termsrv.dll
termsrv.dll.bak
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp


Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames

Personalizados/Correções
e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois Blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua próxima resposta e um Log do HijackThis......



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Primeiro gostaria de pedir desculpa pela demora, tive uns contratempos e acabei largando de mão, segue abaixo os logs.

 

OTL.txt

 

OTL logfile created on: 13/09/2013 21:57:57 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniela\Downloads
 Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
1015,24 Mb Total Physical Memory | 99,16 Mb Available Physical Memory | 9,77% Memory free
1,99 Gb Paging File | 0,63 Gb Available in Paging File | 31,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 10,46 Gb Free Space | 26,79% Space Free | Partition Type: NTFS
Drive D: | 35,47 Gb Total Space | 34,61 Gb Free Space | 97,58% Space Free | Partition Type: NTFS
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 180 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/13 20:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Downloads\OTL.exe
PRC - [2013/08/01 08:20:22 | 002,095,808 | ---- | M] () -- C:\Arquivos de Programas\Comodo\Dragon\dragon_updater.exe
PRC - [2013/08/01 08:18:26 | 001,292,992 | ---- | M] (Comodo) -- C:\Arquivos de Programas\Comodo\Dragon\dragon.exe
PRC - [2013/05/09 05:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/18 16:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/11/20 09:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/10 17:22:50 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/01 08:19:20 | 000,746,176 | ---- | M] () -- C:\Arquivos de Programas\Comodo\Dragon\libGLESv2.dll
MOD - [2013/08/01 08:19:12 | 000,135,360 | ---- | M] () -- C:\Arquivos de Programas\Comodo\Dragon\libEGL.dll
MOD - [2013/08/01 08:14:52 | 000,976,576 | ---- | M] () -- C:\Arquivos de Programas\Comodo\Dragon\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/09/10 17:22:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/01 08:20:22 | 002,095,808 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 05:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! antivírus)
SRV - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/18 16:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/01 20:30:04 | 000,150,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2012/10/01 20:30:02 | 004,846,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2011/03/28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/11/20 09:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Daniela\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/06/26 11:35:51 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/26 11:35:51 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/26 11:35:51 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 05:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/08/17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 19:02:47 | 000,029,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l260x86.sys -- (Atc002)
DRV - [2004/08/13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 EC 14 77 C5 0F CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Daniela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Daniela\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/04/04 12:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Daniela\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/04/04 12:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FindLyrics\FF\
 
[2013/04/04 12:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\mozilla\Extensions
[2013/04/04 12:59:26 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Daniela\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/04/04 12:56:33 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Daniela\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/06/13 20:45:26 | 000,034,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: suggest_url = 
CHR - homepage: about:newtab?source=home
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
 
O1 HOSTS File: ([2013/08/11 18:07:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Arquivos de Programas\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Arquivos de Programas\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF15240-B00B-4A8A-9D69-DCE4B046CA51}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF15240-B00B-4A8A-9D69-DCE4B046CA51}: NameServer = 201.10.1.2,201.10.120.3
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Arquivos de Programas\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 180 Days ==========
 
[2013/09/13 21:44:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/10 12:35:56 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\3º Aniversário Victor Davi
[2013/08/16 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Media Player Classic
[2013/08/12 14:17:53 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\Nova pasta
[2013/08/11 18:12:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/11 17:45:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/11 17:45:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/11 17:45:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/11 17:44:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/11 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.6
[2013/08/11 14:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\XP Codec Pack
[2013/08/07 14:21:31 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/08/05 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\Modelos Personalizados do Office
[2013/07/24 19:05:48 | 001,327,424 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\VSFilter.dll
[2013/07/24 19:05:42 | 000,392,000 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\cdxareader.ax
[2013/07/22 22:09:14 | 000,000,000 | ---D | C] -- C:\SoloApp
[2013/07/13 15:06:22 | 000,000,000 | R--D | C] -- C:\Office Activation Technologies
[2013/07/13 15:06:08 | 000,000,000 | ---D | C] -- C:\Windows\Office15
[2013/07/13 14:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/07/13 14:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/13 14:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/07/13 14:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/07/13 14:43:43 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013/07/13 14:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/07/13 14:43:31 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Microsoft Help
[2013/07/13 14:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/07/13 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/07/13 14:40:55 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013/07/13 12:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/13 03:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/07/13 00:27:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/06/26 16:40:52 | 000,196,608 | ---- | C] (Matthew T. Ashland (adopted from RadLight plugin)) -- C:\Windows\System32\RLAPEDec.ax
[2013/06/14 20:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/04 09:15:02 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/06/04 09:15:02 | 000,084,248 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/06/03 19:03:36 | 000,670,560 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\RealMediaSplitter.ax
[2013/05/15 19:03:48 | 000,495,968 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\oggsplitter.ax
[2013/05/15 19:03:44 | 000,555,872 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\MatroskaSplitter.ax
[2013/05/15 19:03:34 | 000,480,096 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\AviSplitter.ax
[2013/05/13 18:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/05/13 18:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/05/06 21:19:21 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\TeamViewer
[2013/05/06 19:18:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/06 19:17:59 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/05 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\temp
[2013/05/05 20:10:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/05 17:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/05/05 13:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/05 13:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/05 11:22:24 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Malwarebytes
[2013/05/05 11:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/05 11:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/05 11:22:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/05 11:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/05 11:19:31 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Baidu Security
[2013/04/19 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/04/14 03:24:51 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Facebook
[2013/04/05 18:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 14:36:28 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\tabelas NR
[2013/04/04 12:54:23 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Macromedia
[2013/04/04 12:49:04 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Mozilla
[2013/04/04 12:49:01 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Comodo
[2013/04/03 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\MultiSkypeLauncher
[2013/04/03 14:02:41 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiSkypeLauncher
[2013/04/03 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\MultiSkypeLauncher
[2013/03/25 18:08:43 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Diagnostics
 
========== Files - Modified Within 180 Days ==========
 
[2013/09/13 22:03:12 | 002,097,152 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat
[2013/09/13 21:59:43 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 21:59:43 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 21:47:49 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/13 21:47:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/09/13 21:47:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/13 21:47:00 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/13 21:44:51 | 003,741,166 | -H-- | M] () -- C:\Users\Daniela\AppData\Local\IconCache.db
[2013/09/13 21:30:07 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000UA.job
[2013/09/13 21:27:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/13 21:14:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 16:42:52 | 000,436,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/10 21:25:20 | 000,789,002 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/09/10 21:25:20 | 000,741,206 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/10 21:25:20 | 000,247,532 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/09/10 21:25:20 | 000,225,826 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/10 21:25:20 | 000,005,196 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2013/09/10 03:30:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000Core.job
[2013/08/31 20:39:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{05f9d2f3-11c9-11e3-be7a-001d60a0b76d}.TMContainer00000000000000000002.regtrans-ms
[2013/08/31 20:39:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{05f9d2f3-11c9-11e3-be7a-001d60a0b76d}.TMContainer00000000000000000001.regtrans-ms
[2013/08/31 20:39:14 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{05f9d2f3-11c9-11e3-be7a-001d60a0b76d}.TM.blf
[2013/08/30 20:10:37 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free antivírus.lnk
[2013/08/30 20:10:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/14 10:40:30 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2013/08/11 18:07:16 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2013/08/11 18:07:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/11 14:36:45 | 000,001,067 | ---- | M] () -- C:\Users\Daniela\Desktop\Media Player Classic - HC.lnk
[2013/08/07 14:21:31 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/08/01 03:08:30 | 000,032,328 | ---- | M] () -- C:\Windows\Launcher.exe
[2013/07/31 03:23:08 | 000,049,222 | ---- | M] () -- C:\Windows\System32\logo7.png
[2013/07/24 19:05:48 | 001,327,424 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\VSFilter.dll
[2013/07/24 19:05:42 | 000,392,000 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\cdxareader.ax
[2013/07/13 15:05:20 | 000,115,952 | ---- | M] () -- C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/07/13 03:06:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/06/26 16:40:52 | 000,196,608 | ---- | M] (Matthew T. Ashland (adopted from RadLight plugin)) -- C:\Windows\System32\RLAPEDec.ax
[2013/06/26 11:35:51 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/06/26 11:35:51 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/06/26 11:35:51 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/06/26 11:35:51 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 11:35:51 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 11:35:51 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 01:00:08 | 000,003,330 | ---- | M] () -- C:\Users\Daniela\Documents\Curriculo - Daniela.rtf
[2013/06/12 20:09:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/06/04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/06/03 19:03:36 | 000,670,560 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\RealMediaSplitter.ax
[2013/05/15 19:03:48 | 000,495,968 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\oggsplitter.ax
[2013/05/15 19:03:44 | 000,555,872 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\MatroskaSplitter.ax
[2013/05/15 19:03:34 | 000,480,096 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\AviSplitter.ax
[2013/05/09 05:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/05/09 05:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/09 05:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/09 05:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/09 05:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/09 05:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 05:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/05/08 22:50:43 | 000,002,309 | ---- | M] () -- C:\Users\Daniela\Documents\Curriculo - Danilo.rtf
[2013/04/19 19:14:57 | 000,001,098 | ---- | M] () -- C:\Users\Daniela\Desktop\Comodo Dragon.lnk
[2013/04/05 15:26:24 | 001,679,360 | ---- | M] () -- C:\Windows\System32\ac3filter.acm
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2013/08/30 20:10:37 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free antivírus.lnk
[2013/08/30 20:08:25 | 000,524,288 | -HS- | C] () -- C:\Users\Daniela\ntuser.dat{05f9d2f3-11c9-11e3-be7a-001d60a0b76d}.TMContainer00000000000000000002.regtrans-ms
[2013/08/30 20:08:24 | 000,524,288 | -HS- | C] () -- C:\Users\Daniela\ntuser.dat{05f9d2f3-11c9-11e3-be7a-001d60a0b76d}.TMContainer00000000000000000001.regtrans-ms
[2013/08/30 20:08:24 | 000,065,536 | -HS- | C] () -- C:\Users\Daniela\ntuser.dat{05f9d2f3-11c9-11e3-be7a-001d60a0b76d}.TM.blf
[2013/08/11 17:45:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/11 17:45:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/11 17:45:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/11 17:45:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/11 17:45:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/11 14:36:45 | 000,001,067 | ---- | C] () -- C:\Users\Daniela\Desktop\Media Player Classic - HC.lnk
[2013/07/31 03:23:08 | 000,049,222 | ---- | C] () -- C:\Windows\System32\logo7.png
[2013/07/13 03:06:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/06/26 20:44:18 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 20:44:17 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 11:35:52 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/12 20:09:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2013/05/28 21:29:38 | 000,032,328 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/05/08 22:50:42 | 000,002,309 | ---- | C] () -- C:\Users\Daniela\Documents\Curriculo - Danilo.rtf
[2013/05/05 17:41:04 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/04/19 19:14:57 | 000,001,098 | ---- | C] () -- C:\Users\Daniela\Desktop\Comodo Dragon.lnk
[2013/04/05 15:26:24 | 001,679,360 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2013/03/30 18:12:57 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/30 18:12:57 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/02/26 21:02:55 | 000,000,029 | ---- | C] () -- C:\Windows\System32\config.ini
[2013/02/14 14:13:57 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2013/02/14 14:13:51 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2013/01/13 14:25:56 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2013/01/13 11:14:58 | 000,115,952 | ---- | C] () -- C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/01/13 02:42:10 | 003,741,166 | -H-- | C] () -- C:\Users\Daniela\AppData\Local\IconCache.db
[2013/01/12 22:05:09 | 000,005,196 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2013/01/12 21:56:29 | 002,097,152 | -HS- | C] () -- C:\Users\Daniela\ntuser.dat
[2013/01/12 21:56:29 | 000,524,288 | -HS- | C] () -- C:\Users\Daniela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013/01/12 21:56:29 | 000,524,288 | -HS- | C] () -- C:\Users\Daniela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013/01/12 21:56:29 | 000,065,536 | -HS- | C] () -- C:\Users\Daniela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013/01/12 21:56:29 | 000,000,020 | -HS- | C] () -- C:\Users\Daniela\ntuser.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 22:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/05/05 11:19:31 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Baidu Security
[2013/02/27 02:31:41 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BaiduPcFaster
[2013/04/03 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\MultiSkypeLauncher
[2013/02/26 21:03:17 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PCF
[2013/03/01 05:14:44 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PhotoScape
[2013/03/02 22:18:47 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PSafe
[2013/05/06 21:19:21 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TeamViewer
[2013/03/11 02:31:58 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/06/26 11:35:51 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSnx.sys
[2013/06/26 11:35:51 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswSnx.sys.sum
[2013/06/26 11:35:51 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2013/06/26 11:35:51 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswSP.sys.sum
[2013/06/26 11:35:51 | 000,175,176 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2013/06/26 11:35:51 | 000,000,175 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys.sum
[2013/08/04 22:56:47 | 000,133,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ataport.sys
[2013/07/13 03:06:10 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/07/06 02:05:35 | 001,293,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
 
< %systemdrive%\drivers\*.exe >
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 09:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2013/01/12 22:49:03 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/09/13 21:47:00 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/13 21:47:00 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2013/03/16 13:26:42 | 000,399,059 | RHS- | M] () -- C:\WUGBJ
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/07/13 15:05:20 | 000,115,952 | ---- | M] () -- C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2013/01/12 21:56:29 | 000,000,020 | -HS- | M] () -- C:\Users\Daniela\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/09/13 22:03:12 | 002,097,152 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat
 
< C:\windows\system32\Tasks\*.* /s >
[2013/09/10 17:22:56 | 000,003,840 | ---- | M] () -- C:\windows\system32\Tasks\Adobe Flash Player Updater
[2013/09/13 19:32:43 | 000,004,182 | ---- | M] () -- C:\windows\system32\Tasks\avast! Emergency Update
[2013/05/05 13:21:49 | 000,002,776 | ---- | M] () -- C:\windows\system32\Tasks\CCleanerSkipUAC
[2013/01/26 22:19:32 | 000,003,522 | ---- | M] () -- C:\windows\system32\Tasks\DealPly
[2013/01/26 22:19:45 | 000,003,302 | ---- | M] () -- C:\windows\system32\Tasks\DealPlyUpdate
[2013/04/14 03:25:31 | 000,003,548 | ---- | M] () -- C:\windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000Core
[2013/04/14 03:25:32 | 000,003,916 | ---- | M] () -- C:\windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000UA
[2013/07/12 20:22:42 | 000,003,802 | ---- | M] () -- C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
[2013/07/12 20:22:44 | 000,004,054 | ---- | M] () -- C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
[2013/01/13 15:38:36 | 000,003,154 | ---- | M] () -- C:\windows\system32\Tasks\{6CB73F0F-37A4-4800-BF00-7521BD264C5B}
[2013/05/28 21:29:43 | 000,004,020 | ---- | M] () -- C:\windows\system32\Tasks\Browser Updater\Browser Updater
[2013/07/13 14:44:53 | 000,003,548 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
[2013/07/13 14:44:51 | 000,003,486 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
[2013/09/13 22:00:10 | 000,003,856 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
[2013/01/13 11:35:20 | 000,004,158 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2009/07/14 01:41:45 | 000,003,614 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2009/07/14 01:42:29 | 000,002,934 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009/07/14 01:46:36 | 000,003,886 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2013/03/03 01:00:38 | 000,003,760 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2013/01/12 21:54:36 | 000,002,538 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Location\Notifications
[2013/01/13 16:59:54 | 000,004,036 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2013/01/12 21:54:37 | 000,003,576 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2013/01/12 21:54:39 | 000,004,340 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2013/03/16 18:44:27 | 000,003,540 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Wininet\CacheTask
[2013/09/11 23:35:31 | 000,004,730 | ---- | M] () -- C:\windows\system32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
[2013/07/11 15:35:18 | 000,003,138 | ---- | M] () -- C:\windows\system32\Tasks\ProtectedSearch\Protected Search
[2013/02/14 14:17:32 | 000,004,484 | ---- | M] () -- C:\windows\system32\Tasks\WPD\SqmUpload_S-1-5-21-3394924555-645460116-4219588346-1000
[2009/07/14 01:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 01:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/01/13 10:48:59 | 000,001,054 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/01/13 10:49:01 | 000,001,058 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 11:10:25 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/02/14 15:52:21 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000Core.job
[2013/02/14 15:52:28 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000UA.job
 
< C:\windows\system32\Tasks\*.* /s /64 >
[2013/09/10 17:22:56 | 000,003,840 | ---- | M] () -- C:\windows\system32\Tasks\Adobe Flash Player Updater
[2013/09/13 19:32:43 | 000,004,182 | ---- | M] () -- C:\windows\system32\Tasks\avast! Emergency Update
[2013/05/05 13:21:49 | 000,002,776 | ---- | M] () -- C:\windows\system32\Tasks\CCleanerSkipUAC
[2013/01/26 22:19:32 | 000,003,522 | ---- | M] () -- C:\windows\system32\Tasks\DealPly
[2013/01/26 22:19:45 | 000,003,302 | ---- | M] () -- C:\windows\system32\Tasks\DealPlyUpdate
[2013/04/14 03:25:31 | 000,003,548 | ---- | M] () -- C:\windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000Core
[2013/04/14 03:25:32 | 000,003,916 | ---- | M] () -- C:\windows\system32\Tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000UA
[2013/07/12 20:22:42 | 000,003,802 | ---- | M] () -- C:\windows\system32\Tasks\GoogleUpdateTaskMachineCore
[2013/07/12 20:22:44 | 000,004,054 | ---- | M] () -- C:\windows\system32\Tasks\GoogleUpdateTaskMachineUA
[2013/01/13 15:38:36 | 000,003,154 | ---- | M] () -- C:\windows\system32\Tasks\{6CB73F0F-37A4-4800-BF00-7521BD264C5B}
[2013/05/28 21:29:43 | 000,004,020 | ---- | M] () -- C:\windows\system32\Tasks\Browser Updater\Browser Updater
[2013/07/13 14:44:53 | 000,003,548 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
[2013/07/13 14:44:51 | 000,003,486 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
[2013/09/13 22:00:10 | 000,003,856 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan
[2013/01/13 11:35:20 | 000,004,158 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2009/07/14 01:41:45 | 000,003,614 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2009/07/14 01:42:29 | 000,002,934 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009/07/14 01:46:36 | 000,003,886 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2013/03/03 01:00:38 | 000,003,760 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2013/01/12 21:54:36 | 000,002,538 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Location\Notifications
[2013/01/13 16:59:54 | 000,004,036 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2013/01/12 21:54:37 | 000,003,576 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2013/01/12 21:54:39 | 000,004,340 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2013/03/16 18:44:27 | 000,003,540 | ---- | M] () -- C:\windows\system32\Tasks\Microsoft\Windows\Wininet\CacheTask
[2013/09/11 23:35:31 | 000,004,730 | ---- | M] () -- C:\windows\system32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
[2013/07/11 15:35:18 | 000,003,138 | ---- | M] () -- C:\windows\system32\Tasks\ProtectedSearch\Protected Search
[2013/02/14 14:17:32 | 000,004,484 | ---- | M] () -- C:\windows\system32\Tasks\WPD\SqmUpload_S-1-5-21-3394924555-645460116-4219588346-1000
 
< %windir%\tasks\*.* /s >
[2013/09/13 22:14:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/10 03:30:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000Core.job
[2013/09/13 21:30:07 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3394924555-645460116-4219588346-1000UA.job
[2013/09/13 21:47:49 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/13 21:27:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/13 21:47:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/07/16 19:43:51 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2013/05/09 05:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/08 17:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 97 0E 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 D8 63 CC 58 89 22 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 04 C9 11 80 3F 57 FE FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 01 0B 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 D8 63 CC 58 89 22 CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 95 3C 04 C9 11 80 3F 57 FE FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
 
< \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
"EnablePunycode" = 1
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2013/01/24 02:04:44 | 000,000,000 | ---D | M]
"WarnOnPost" = 01 00 00 00  [binary data]
"WarnonBadCertRecving" = 1
"WarnOnPostRedirect" = 0
"WarnOnZoneCrossing" = 1
"WarnOnHTTPSToHTTPRedirect" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
"RCDependentServices" = CertPropSvcSessionEnv [binary data]
"NotificationTimeOut" = 0
"SnapshotMonitors" = 1
"ProductVersion" = 5.1
"AllowRemoteRPC" = 0
"DelayConMgrTimeout" = 0
"fDenyTSConnections" = 1
"StartRCM" = 0
"TSAdvertise" = 0
"DeleteTempDirsOnExit" = 1
"fSingleSessionPerUser" = 1
"PerSessionTempDir" = 0
"TSUserEnabled" = 0
"InstanceID" = 77bc811d-58c1-4b91-80eb-2e5a828
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = Explorer.exe -- [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" = 
"LegalNoticeText" = 
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 39
"LegalNotice Text" = 
"SFCDisable" = 0
"System" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
"auditbaseobjects" = 0
"auditbasedirectories" = 0
"crashonauditfail" = 0
"fullprivilegeauditing" =  [binary data]
"Bounds" = 0  [binary data]
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2010/11/20 09:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation)
"Security Packages" = kerberosmsv1_0schannelwdigestt [binary data over 200 bytes]
"Authentication Packages" = msv1_0 [binary data] -- [2010/11/20 09:19:54 | 000,257,024 | ---- | M] (Microsoft Corporation)
"LsaPid" = 564
"SecureBoot" = 1
"ProductType" = 2
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
"enabledcom" = y
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
 
< \UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
 
< \SpecialAccounts\UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\termsrv.dll,-267
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSSTermDD [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
 
< net user /c >
Contas de usu rio para \\DANIELA-PC
-------------------------------------------------------------------------------
Administrador            Convidado                Daniela                  
Comando conclu¡do com ˆxito.
 
< MD5 for: TERMSRV.DLL  >
[2010/11/20 09:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\erdnt\cache\termsrv.dll
[2010/11/20 09:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll
[2010/11/20 09:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2009/07/13 22:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< End of report >
 
HijackThis
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:27:47, on 13/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Users\Daniela\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: (no name) - {0d651aad-19a5-4376-9b66-303a5603e19d} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BF15240-B00B-4A8A-9D69-DCE4B046CA51}: NameServer = 201.10.1.2,201.10.120.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BF15240-B00B-4A8A-9D69-DCE4B046CA51}: NameServer = 201.10.1.2,201.10.120.3
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
 
--
End of file - 6942 bytes
 
Grato

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar: run_as_adm1.png

AdwCleanerMobile_zps74904f3e.jpg

Clique [scan e depois em Clean]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mouse sobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Após eu ter feito o processo com o OTL começou a dar problema nas permissões do sistema, não consigo acessar o ADWCleaner que já tenho em uma pasta nem baixá-lo novamente, aparece que não tenho permissões para esta ação.

OBS: Não existe outro usuário no PC, logo, estou acessando pelo principal que sempre teve todas permissões


Reiniciei o PC e o problema parou, segue abaixo os logs

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:25:43, on 14/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Users\Daniela\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: (no name) - {0d651aad-19a5-4376-9b66-303a5603e19d} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BF15240-B00B-4A8A-9D69-DCE4B046CA51}: NameServer = 201.10.1.2,201.10.120.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BF15240-B00B-4A8A-9D69-DCE4B046CA51}: NameServer = 201.10.1.2,201.10.120.3
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
 
--
End of file - 6932 bytes
 
 
ADWCleaner
 
# AdwCleaner v3.003 - Relatório criado 14/09/2013 no 12:15:46
# Atualizado 07/09/2013 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : Daniela - DANIELA-PC
# Executando de : C:\Users\Daniela\Downloads\adwcleaner.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Deletado : C:\Users\Daniela\AppData\Roaming\speedanalysis.ico
Arquivo Deletado : C:\Windows\System32\Tasks\Browser Updater
Arquivo Deletado : C:\Windows\System32\Tasks\Dealply
Arquivo Deletado : C:\Windows\System32\Tasks\DealPlyUpdate
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Valor Deleteda : HKCU\Software\Mozilla\Firefox\Extensions [[email protected]]
Valor Deleteda : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dealply
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D472A449-2397-4178-BFB1-140CBE8491D4}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D472A449-2397-4178-BFB1-140CBE8491D4}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3703396C-39B3-4B08-A54D-1E5E9AEE514F}
[#] Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3703396C-39B3-4B08-A54D-1E5E9AEE514F}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\HomeTab.DLL
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deleteda : HKCU\Software\simplytech
Chave Deleteda : HKCU\Software\AppDataLow\Software\simplytech
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v29.0.1547.66
 
[ Arquivo : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleteda : search_url
Deleteda : keyword
 
*************************
 
AdwCleaner[R0].txt - [2370 octets] - [14/09/2013 12:09:53]
AdwCleaner[s0].txt - [2382 octets] - [14/09/2013 12:15:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2442 octets] ##########
 
 
Depois do escaneamento pelo ADWCleaner o PC foi reiniciado como manda o mesmo e o problema inicial não aconteceu, acredito que foi resolvido.
Falta algo mais?

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

O Log do Programa JRT......



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 3 Mensagens
    • 70 Visualizações
    • 8 Mensagens
    • 135 Visualizações
    • 1 Mensagens
    • 128 Visualizações
    • 2 Mensagens
    • 206 Visualizações
    • 2 Mensagens
    • 232 Visualizações