Ir para conteúdo
Entre para seguir isso  
FRAN SANTOS

Analise de logs

Mensagem Recomendada


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by User on 14/08/2017 at 18:03:18,00.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\User\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 

# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 

# For example: 

#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Empty Folders Check ======================

C:\Program Files\McAfee deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\Users\User\AppData\Roaming\Ahead deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1937134304-1278925522-2172033210-1000\Software\Microsoft\Internet Explorer\SearchScopes\{99EBAE1A-6355-46CD-AD9B-F46BCB2730F6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\McAfee not found
C:\Program Files\Arquivos Comuns deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\Local\AVAST Software deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
fabhkdeopjkcpkmofliimbjckmocfiom - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mbckjcfnjmoiinpgddefodcighgikkgn - No path found[]

Avast SafePrice - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Button for Docs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjlmhhgnbpaahhehgnhgdpmmideookkp
Skype - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AVG SafePrice - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn
nSave - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mehfdnnfonimcbmdlomfcfhmppcgihik
Chrome Media Router - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\User\Desktop\JRT - Atalho.lnk - C:\Users\User\Downloads\JRT.exe 
C:\Users\User\Desktop\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe 
C:\Users\User\Desktop\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 
C:\Users\Public\Desktop\CrazyTalk Cam Suite PRO.lnk - C:\Program Files\Reallusion\CrazyTalk Cam Suite\CTCamSuite.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe 
C:\Users\Public\Desktop\TP-LINK Wireless Configuration Utility.lnk - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe 
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG antivírus FREE.lnk - C:\Program Files\AVG\antivírus\AVGUI.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files\VideoLAN\VLC\Documentation.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files\VideoLAN\VLC\NEWS.txt 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files\VideoLAN\VLC\VideoLAN Website.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=14 folders=22 14927927 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 14/08/2017 at 18:22:02,11 ======================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:52, on 14/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Users\User\AppData\Local\Temp\E687.tmp\bump.exe
C:\Windows\system32\find.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7603 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

O note está um pouco mais leve - Não consigo acessar a conta bancária.  Continua aparecendo a msg "seu acesso a esse sistema foi bloqueado - Erro X5"   o Chrome está abrindo uma janela td hora de "Developer Tools" .  Pode ser vírus?

Compartilhar este post


Link para o post
Compartilhar em outros sites

1. Faça download do OTL (OldTimer) e salve-o na sua Área de Trabalho (desktop)

2. Feche todas as janelas e execute-o

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do OTL.exe e selecione  executar-como-administrador.png

3. Habilite estas opções do OTL:

 1  Padrão
 2  90 dias
 3  Usar WhiteList para Nomes de Companhias
 4  Ignorar Arquivos Microsoft
 5  Verificar Lop
 6  Verificar Purity

otl.png

4. Agora selecione as linhas abaixo em vermelho e copie-as (CTRL C)

CREATERESTOREPOINT
netsvcs
%systemroot%\system32\drivers\*.* /90
%systemdrive%\drivers\*.exe
%SYSTEMDRIVE%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.* /s
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
net user /c
/md5start
termsrv.dll
termsrv.dll.bak
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp[/color]

5. Volte ao programa, clique com o botão direito do mouse dentro da área Exames Personalizados/Correções e escolha Colar

otl-exames-personalizados.png

6. Agora clique em Verificar para o OTL iniciar a varredura do seu computador:

otl-verificar.PNG

Não modifique nenhuma outra configuração a menos que você tenha sido orientado a fazer isso.

A análise do OTL demora um pouco, então tenha paciência. Quando a análise finalizar, serão criados dois arquivos: OTL.txt e Extras.txt. Eles estarão na mesma pasta aonde o arquivo OTL.exe foi salvona sua Área de Trabalho (Desktop).

7. Por fim, copie todo o conteúdo do arquivo OTL.txt (selecione todo o texto e tecle CTRL C) e poste na sua próxima resposta.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa,  consegui!

Segue o conteúdo.

OTL logfile created on: 15/08/2017 10:46:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
1,87 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 32,36% Memory free
3,73 Gb Paging File | 2,33 Gb Available in Paging File | 62,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 264,06 Gb Free Space | 88,61% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2017/08/15 10:40:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL--.exe
PRC - [2017/08/10 15:24:29 | 009,138,504 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\avastui.exe
PRC - [2017/08/10 15:22:50 | 000,263,312 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe
PRC - [2017/08/10 15:22:34 | 005,815,840 | ---- | M] (AVAST Software s.r.o.) -- C:\Arquivos de Programas\AVAST Software\Avast\aswidsagent.exe
PRC - [2017/08/02 03:24:13 | 001,131,864 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe
PRC - [2017/07/20 03:50:40 | 000,083,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2017/07/12 16:54:53 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2017/05/09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) -- C:\Arquivos de Programas\Malwarebytes\Anti-Malware\MBAMService.exe
PRC - [2017/04/17 11:51:40 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2016/08/10 14:58:12 | 000,631,520 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\GbpSv.exe
PRC - [2016/02/18 16:23:30 | 002,169,856 | -HS- | M] () -- C:\Windows\System32\hale.exe
PRC - [2013/10/31 09:46:28 | 014,393,840 | ---- | M] (Lenovo(beijing) Limited) -- C:\Arquivos de Programas\Lenovo\Energy Manager\Energy Manager.exe
PRC - [2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 03:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/03/27 07:38:44 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2017/08/15 10:35:13 | 000,019,968 | ---- | M] () -- C:\Users\User\AppData\Local\Temp\8D9E.tmp\bump.exe
MOD - [2017/08/10 15:23:03 | 067,109,376 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\libcef.dll
MOD - [2017/08/10 15:23:01 | 001,065,936 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\AvChrome.dll
MOD - [2017/08/10 15:22:55 | 000,224,256 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\tasks_core.dll
MOD - [2017/08/10 15:22:54 | 000,192,664 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\event_routing_rpc.dll
MOD - [2017/08/10 15:22:51 | 000,170,224 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2017/08/10 15:22:32 | 000,292,920 | ---- | M] () -- C:\Arquivos de Programas\AVAST Software\Avast\gaming_mode_ui.dll
MOD - [2017/08/02 03:24:18 | 002,881,368 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
MOD - [2017/08/02 03:24:18 | 000,086,360 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\60.0.3112.90\libegl.dll
MOD - [2016/02/18 16:23:30 | 002,169,856 | -HS- | M] () -- C:\Windows\System32\hale.exe
MOD - [2013/02/19 12:43:38 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2013/02/18 13:10:14 | 000,608,536 | ---- | M] () -- C:\Arquivos de Programas\Lenovo\Energy Manager\sqlite3.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Unknown (-1) | Running] --  -- (Warsaw Technology)
SRV - [2017/08/10 15:22:50 | 000,263,312 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! antivírus)
SRV - [2017/08/10 15:22:34 | 005,815,840 | ---- | M] (AVAST Software s.r.o.) [On_Demand | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\aswidsagent.exe -- (aswbIDSAgent)
SRV - [2017/07/20 03:50:40 | 000,083,032 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017/07/12 17:00:23 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2017/06/01 11:57:04 | 000,317,400 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2017/05/09 17:40:20 | 003,398,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV - [2016/08/21 10:05:24 | 000,935,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016/08/10 14:58:12 | 000,631,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 03:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Arquivos de Programas\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Unknown (-1) | Unknown (-1) | Unknown] --  -- (Warsaw Technology)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\gbpddreg32.sys -- (gbpddreg)
DRV - [2017/08/15 10:36:03 | 000,022,744 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\System32\drivers\wsddfac.sys -- (wsddfac)
DRV - [2017/08/15 10:35:48 | 000,085,400 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\farflt.sys -- (MBAMFarflt)
DRV - [2017/08/15 10:35:48 | 000,065,824 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebProtection)
DRV - [2017/08/15 10:35:44 | 000,040,352 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtection)
DRV - [2017/08/15 10:35:42 | 000,221,600 | ---- | M] (Malwarebytes) [File_System | Boot | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2017/08/12 09:45:42 | 000,162,240 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\System32\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV - [2017/08/10 15:24:30 | 000,774,320 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx)
DRV - [2017/08/10 15:24:29 | 000,123,928 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2017/08/10 15:23:12 | 000,147,688 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2017/08/10 15:23:11 | 000,496,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2017/08/10 15:23:11 | 000,296,312 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2017/08/10 15:23:11 | 000,099,536 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2017/08/10 15:23:11 | 000,070,840 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2017/08/10 15:23:11 | 000,042,824 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2017/08/10 15:22:32 | 000,276,736 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\aswblogx.sys -- (aswblog)
DRV - [2017/08/10 15:22:32 | 000,050,384 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\aswbunivx.sys -- (aswbuniv)
DRV - [2017/08/10 15:22:31 | 000,267,008 | ---- | M] (AVAST Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswbidsdriverx.sys -- (aswbidsdriver)
DRV - [2017/08/10 15:22:31 | 000,157,416 | ---- | M] (AVAST Software s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\aswbidshx.sys -- (aswbidsh)
DRV - [2017/06/27 12:06:28 | 000,059,936 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mbae.sys -- (ESProtectionDriver)
DRV - [2016/12/08 15:30:07 | 000,029,400 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\gbpndisrdn.sys -- (ndisrd)
DRV - [2016/11/07 14:54:54 | 000,022,624 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wsddprm.sys -- (wsddprm)
DRV - [2016/08/10 14:58:12 | 000,049,496 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2016/06/16 18:43:32 | 000,031,864 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\wsddntf.sys -- (wsddntf)
DRV - [2016/06/08 18:43:00 | 000,022,624 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\wsddpp.sys -- (wsddpp)
DRV - [2015/06/11 14:15:04 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013/03/12 20:49:38 | 000,801,896 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2013/02/17 09:48:48 | 000,028,432 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2011/08/23 04:11:50 | 000,270,336 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/11/20 03:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 03:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 03:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 01:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 01:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 01:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 00:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 00:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 00:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 00:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/02/26 14:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2008/09/19 23:41:50 | 000,037,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CamSuiteVAC.sys -- (CamSuiteVAC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.144.2: C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.144.2: C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\12.0.263_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabhkdeopjkcpkmofliimbjckmocfiom\1.1.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\12.0.222_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\10.2.0.9900_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn\12.0.263_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6017.605.1.4_1\
 
O1 HOSTS File: ([2017/08/14 18:04:38 | 000,000,841 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre1.8.0_144\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre1.8.0_144\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Chew7Hale] C:\Windows\System32\hale.exe ()
O4 - HKLM..\Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA)
O4 - HKLM..\Run: [Energy Manager] C:\Arquivos de Programas\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [Malwarebytes TrayApp] C:\Arquivos de Programas\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de Programas\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B88534D8-ACB4-4525-8794-47EF332767A2}: DhcpNameServer = 10.7.0.1 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE152A3A-1CA6-4703-9B27-1A97B4651BEA}: DhcpNameServer = 192.168.100.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2017/08/15 10:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SWCUTemp
[2017/08/14 19:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2017/08/14 18:22:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2017/08/14 18:17:50 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2017/08/14 18:17:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp
[2017/08/14 14:47:43 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2017/08/12 09:45:41 | 000,162,240 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017/08/12 09:45:32 | 000,085,400 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/08/12 09:45:31 | 000,065,824 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/08/12 09:45:21 | 000,040,352 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/08/12 09:44:53 | 000,221,600 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017/08/12 09:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/08/12 09:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/08/12 09:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/08/10 22:00:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/08/10 16:15:51 | 000,031,864 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddntf.sys
[2017/08/10 16:15:51 | 000,022,744 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddfac.sys
[2017/08/10 16:15:51 | 000,022,624 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddprm.sys
[2017/08/10 16:15:51 | 000,022,624 | ---- | C] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddpp.sys
[2017/08/10 16:15:47 | 000,000,000 | -H-D | C] -- C:\Program Files\GAS Tecnologia
[2017/08/10 15:26:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVAST Software
[2017/08/10 15:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2017/08/10 15:23:44 | 000,296,312 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2017/08/10 15:23:44 | 000,147,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2017/08/10 15:23:43 | 000,496,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2017/08/10 15:23:43 | 000,070,840 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2017/08/10 15:23:42 | 000,774,320 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2017/08/10 15:23:42 | 000,123,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswmonflt.sys
[2017/08/10 15:23:42 | 000,099,536 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2017/08/10 15:23:42 | 000,042,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2017/08/10 15:23:41 | 000,276,736 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswblogx.sys
[2017/08/10 15:23:41 | 000,157,416 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidshx.sys
[2017/08/10 15:23:41 | 000,050,384 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbunivx.sys
[2017/08/10 15:23:40 | 000,267,008 | ---- | C] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidsdriverx.sys
[2017/08/10 15:23:19 | 000,303,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2017/08/10 15:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2017/07/28 12:27:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Copaíba da Amazônia_files
[2017/07/22 12:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/07/22 12:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/07/13 18:28:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2017/06/30 16:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2017/06/05 11:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2017/06/02 09:52:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Débitos e 2º via de conta_files
[2017/06/01 09:52:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Consulta de débitos do veículo_files
[2017/05/17 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\TL-WN821N_V4.0_TL-WN822N_V3.0_TL-WN823N_V1.0
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2017/08/15 10:43:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017/08/15 10:43:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017/08/15 10:43:14 | 000,001,062 | ---- | M] () -- C:\Users\User\Desktop\OTL-- - Atalho.lnk
[2017/08/15 10:36:03 | 000,022,744 | ---- | M] (GAS Tecnologia) -- C:\Windows\System32\drivers\wsddfac.sys
[2017/08/15 10:35:48 | 000,085,400 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\farflt.sys
[2017/08/15 10:35:48 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mwac.sys
[2017/08/15 10:35:44 | 000,040,352 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys
[2017/08/15 10:35:42 | 000,221,600 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2017/08/15 10:35:02 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2017/08/15 10:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/08/15 10:34:46 | 1502,752,768 | -HS- | M] () -- C:\hiberfil.sys
[2017/08/14 18:28:52 | 000,007,604 | ---- | M] () -- C:\Users\User\Desktop\hijackthis----
[2017/08/14 18:27:23 | 000,705,268 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2017/08/14 18:27:23 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2017/08/14 18:27:23 | 000,147,108 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2017/08/14 18:27:23 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2017/08/14 18:04:38 | 000,000,841 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2017/08/14 18:03:16 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2017/08/14 15:53:45 | 000,007,752 | ---- | M] () -- C:\Users\User\Desktop\hijackthis-
[2017/08/13 15:37:07 | 000,001,042 | ---- | M] () -- C:\Users\User\Desktop\JRT - Atalho.lnk
[2017/08/12 09:45:42 | 000,162,240 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMChameleon.sys
[2017/08/12 09:44:31 | 000,002,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/08/11 09:03:50 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/08/11 08:32:10 | 000,408,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2017/08/10 15:25:03 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free antivírus.lnk
[2017/08/10 15:24:30 | 000,774,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2017/08/10 15:24:29 | 000,123,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswmonflt.sys
[2017/08/10 15:23:12 | 000,147,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2017/08/10 15:23:11 | 000,496,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2017/08/10 15:23:11 | 000,296,312 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2017/08/10 15:23:11 | 000,099,536 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2017/08/10 15:23:11 | 000,070,840 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2017/08/10 15:23:11 | 000,042,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2017/08/10 15:22:56 | 000,303,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2017/08/10 15:22:32 | 000,276,736 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswblogx.sys
[2017/08/10 15:22:32 | 000,050,384 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbunivx.sys
[2017/08/10 15:22:31 | 000,267,008 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidsdriverx.sys
[2017/08/10 15:22:31 | 000,157,416 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\System32\drivers\aswbidshx.sys
[2017/08/07 17:54:18 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017/07/28 12:27:57 | 000,056,530 | ---- | M] () -- C:\Users\User\Desktop\Copaíba da Amazônia.html
[2017/07/28 10:05:45 | 000,011,511 | ---- | M] () -- C:\Users\User\Desktop\11825877_455161741328418_8999896961299532895_n...jpg
[2017/07/28 10:05:27 | 000,014,858 | ---- | M] () -- C:\Users\User\Desktop\11737939_449275488583710_3895447184956226306_n.jpg
[2017/07/28 10:05:03 | 000,072,096 | ---- | M] () -- C:\Users\User\Desktop\11026811_461373040707288_8322649520699761471_n.jpg
[2017/07/27 09:47:00 | 000,086,907 | ---- | M] () -- C:\Users\User\Desktop\fatura60544015082017.pdf
[2017/07/27 08:37:41 | 000,058,873 | ---- | M] () -- C:\Users\User\Desktop\Contrato....pdf
[2017/07/25 06:43:00 | 000,052,604 | ---- | M] () -- C:\Users\User\Desktop\Contrato..pdf
[2017/07/13 11:54:42 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2017/07/12 17:00:23 | 000,016,303 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2017/07/08 13:51:00 | 000,052,917 | ---- | M] () -- C:\Users\User\Desktop\Chave Ricardo Francisco.pdf
[2017/07/07 12:43:34 | 002,658,071 | ---- | M] () -- C:\Users\User\Desktop\576201723523320170705124601 (1).pdf
[2017/06/28 17:56:00 | 000,087,000 | ---- | M] () -- C:\Users\User\Desktop\fatura49269815072017.pdf
[2017/06/28 12:12:18 | 000,043,930 | ---- | M] () -- C:\Users\User\Desktop\2819729053.pdf
[2017/06/27 12:06:28 | 000,059,936 | ---- | M] () -- C:\Windows\System32\drivers\mbae.sys
[2017/06/02 09:52:16 | 000,093,126 | ---- | M] () -- C:\Users\User\Desktop\Débitos e 2º via de conta.html
[2017/06/02 09:51:03 | 000,020,416 | ---- | M] () -- C:\Users\User\Desktop\GerarPDF.htm
[2017/06/01 09:52:08 | 000,103,447 | ---- | M] () -- C:\Users\User\Desktop\Consulta de débitos do veículo.html
[2017/05/30 12:30:00 | 000,087,243 | ---- | M] () -- C:\Users\User\Desktop\fatura38206015062017.pdf
[2017/05/26 17:21:28 | 002,957,384 | ---- | M] () -- C:\Users\User\Documents\TemasdeOcultismoTradicionalSCA.pdf
[2017/05/26 16:11:18 | 000,451,616 | ---- | M] () -- C:\Users\User\Documents\Seu_Signo_e_Suas_Vidas_Passadas.pdf
[2017/05/26 12:53:18 | 000,100,782 | ---- | M] () -- C:\Users\User\Documents\A vida mística de Jesus Cristo.pdf
[2017/05/18 22:53:57 | 000,037,376 | ---- | M] () -- C:\Users\User\Documents\Delivery Status Notification (Delay).msg
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017/08/15 10:43:14 | 000,001,062 | ---- | C] () -- C:\Users\User\Desktop\OTL-- - Atalho.lnk
[2017/08/14 18:28:52 | 000,007,604 | ---- | C] () -- C:\Users\User\Desktop\hijackthis----
[2017/08/14 18:17:51 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2017/08/14 15:53:45 | 000,007,752 | ---- | C] () -- C:\Users\User\Desktop\hijackthis-
[2017/08/13 15:37:07 | 000,001,042 | ---- | C] () -- C:\Users\User\Desktop\JRT - Atalho.lnk
[2017/08/12 09:44:31 | 000,002,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/08/12 09:44:22 | 000,059,936 | ---- | C] () -- C:\Windows\System32\drivers\mbae.sys
[2017/08/10 16:15:51 | 000,008,811 | ---- | C] () -- C:\Windows\System32\drivers\wsddntf.cat
[2017/08/10 16:15:51 | 000,002,708 | ---- | C] () -- C:\Windows\System32\drivers\wsddntf.inf
[2017/08/10 15:25:03 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free antivírus.lnk
[2017/07/28 12:27:56 | 000,056,530 | ---- | C] () -- C:\Users\User\Desktop\Copaíba da Amazônia.html
[2017/07/28 10:05:45 | 000,011,511 | ---- | C] () -- C:\Users\User\Desktop\11825877_455161741328418_8999896961299532895_n...jpg
[2017/07/28 10:05:27 | 000,014,858 | ---- | C] () -- C:\Users\User\Desktop\11737939_449275488583710_3895447184956226306_n.jpg
[2017/07/28 10:04:59 | 000,072,096 | ---- | C] () -- C:\Users\User\Desktop\11026811_461373040707288_8322649520699761471_n.jpg
[2017/07/27 09:47:00 | 000,086,907 | ---- | C] () -- C:\Users\User\Desktop\fatura60544015082017.pdf
[2017/07/27 08:37:40 | 000,058,873 | ---- | C] () -- C:\Users\User\Desktop\Contrato....pdf
[2017/07/25 06:43:00 | 000,052,604 | ---- | C] () -- C:\Users\User\Desktop\Contrato..pdf
[2017/07/22 12:08:13 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2017/07/12 17:00:23 | 000,016,303 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2017/07/12 14:04:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017/07/12 13:49:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2017/07/08 13:51:00 | 000,052,917 | ---- | C] () -- C:\Users\User\Desktop\Chave Ricardo Francisco.pdf
[2017/07/07 12:43:33 | 002,658,071 | ---- | C] () -- C:\Users\User\Desktop\576201723523320170705124601 (1).pdf
[2017/06/28 17:56:00 | 000,087,000 | ---- | C] () -- C:\Users\User\Desktop\fatura49269815072017.pdf
[2017/06/28 12:12:17 | 000,043,930 | ---- | C] () -- C:\Users\User\Desktop\2819729053.pdf
[2017/06/02 09:52:12 | 000,093,126 | ---- | C] () -- C:\Users\User\Desktop\Débitos e 2º via de conta.html
[2017/06/02 09:51:00 | 000,020,416 | ---- | C] () -- C:\Users\User\Desktop\GerarPDF.htm
[2017/06/01 09:52:06 | 000,103,447 | ---- | C] () -- C:\Users\User\Desktop\Consulta de débitos do veículo.html
[2017/05/31 15:49:59 | 002,957,384 | ---- | C] () -- C:\Users\User\Documents\TemasdeOcultismoTradicionalSCA.pdf
[2017/05/31 15:49:33 | 001,170,458 | ---- | C] () -- C:\Users\User\Documents\Sociedades Secretas - Sergio Pereira Couto.pdf
[2017/05/31 15:49:29 | 000,451,616 | ---- | C] () -- C:\Users\User\Documents\Seu_Signo_e_Suas_Vidas_Passadas.pdf
[2017/05/31 15:49:25 | 000,152,932 | ---- | C] () -- C:\Users\User\Documents\sun_tzu-a_arte_da_guerra.zip
[2017/05/31 15:44:26 | 000,100,782 | ---- | C] () -- C:\Users\User\Documents\A vida mística de Jesus Cristo.pdf
[2017/05/30 12:30:00 | 000,087,243 | ---- | C] () -- C:\Users\User\Desktop\fatura38206015062017.pdf
[2017/05/18 22:53:46 | 000,037,376 | ---- | C] () -- C:\Users\User\Documents\Delivery Status Notification (Delay).msg
[2017/05/17 13:09:10 | 000,328,973 | ---- | C] () -- C:\Users\User\Documents\Acordo Elektro - pagto.pdf
[2017/05/17 13:09:10 | 000,266,170 | ---- | C] () -- C:\Users\User\Documents\Acordo Elektro.pdf
[2017/05/17 13:09:09 | 000,127,147 | ---- | C] () -- C:\Users\User\Documents\AL6060_SP_ RICARDO - PÇ.pdf
[2016/02/19 10:11:20 | 000,037,560 | ---- | C] () -- C:\Windows\System32\drivers\CamSuiteVAC.sys
[2016/02/18 17:04:07 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2016/02/18 16:23:30 | 002,169,856 | -HS- | C] () -- C:\Windows\System32\hale.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/05/10 12:12:47 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2017/08/10 15:26:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software
[2017/07/14 11:43:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG
[2016/02/19 07:54:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Easeware
[2017/02/19 15:55:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP-LINK
[2016/02/19 10:05:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2017/05/17 10:08:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\system32\drivers\*.* /90 >
[2017/07/07 11:52:21 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys
[2017/08/10 15:22:31 | 000,267,008 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\system32\drivers\aswbidsdriverx.sys
[2017/08/10 15:22:31 | 000,157,416 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\system32\drivers\aswbidshx.sys
[2017/08/10 15:22:32 | 000,276,736 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\system32\drivers\aswblogx.sys
[2017/08/10 15:22:32 | 000,050,384 | ---- | M] (AVAST Software s.r.o.) -- C:\Windows\system32\drivers\aswbunivx.sys
[2017/08/10 15:23:11 | 000,042,824 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswHwid.sys
[2017/08/10 15:24:29 | 000,123,928 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswmonflt.sys
[2017/08/10 15:23:11 | 000,099,536 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRdr2.sys
[2017/08/10 15:23:11 | 000,070,840 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswRvrt.sys
[2017/08/10 15:24:30 | 000,774,320 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswsnx.sys
[2017/08/10 15:23:11 | 000,496,976 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswSP.sys
[2017/08/10 15:23:12 | 000,147,688 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswStm.sys
[2017/08/10 15:23:11 | 000,296,312 | ---- | M] (AVAST Software) -- C:\Windows\system32\drivers\aswVmm.sys
[2017/07/06 01:44:53 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthpan.sys
[2017/08/15 10:35:48 | 000,085,400 | ---- | M] (Malwarebytes) -- C:\Windows\system32\drivers\farflt.sys
[2017/05/30 01:39:04 | 000,187,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\FWPKCLNT.SYS
[2017/06/15 17:18:02 | 000,514,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\http.sys
[2017/07/07 12:15:22 | 000,067,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2017/07/07 12:15:22 | 000,137,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2017/06/27 12:06:28 | 000,059,936 | ---- | M] () -- C:\Windows\system32\drivers\mbae.sys
[2017/08/15 10:35:44 | 000,040,352 | ---- | M] (Malwarebytes) -- C:\Windows\system32\drivers\mbam.sys
[2017/08/12 09:45:42 | 000,162,240 | ---- | M] (Malwarebytes) -- C:\Windows\system32\drivers\MBAMChameleon.sys
[2017/08/15 10:35:42 | 000,221,600 | ---- | M] (Malwarebytes) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys
[2017/07/07 11:48:10 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys
[2017/07/07 11:48:16 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys
[2017/07/07 11:48:13 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys
[2017/08/15 10:35:48 | 000,065,824 | ---- | M] (Malwarebytes) -- C:\Windows\system32\drivers\mwac.sys
[2017/05/30 01:39:04 | 000,240,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netio.sys
[2017/06/09 12:17:18 | 001,213,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2017/05/30 01:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2017/07/29 11:50:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdx.sys
[2017/07/07 12:15:23 | 000,296,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgrx.sys
[2017/08/15 10:36:03 | 000,022,744 | ---- | M] (GAS Tecnologia) -- C:\Windows\system32\drivers\wsddfac.sys
 
< %systemdrive%\drivers\*.exe >
 
< %SYSTEMDRIVE%\*.* >
[2016/12/08 15:31:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2017/08/15 10:34:46 | 1502,752,768 | -HS- | M] () -- C:\hiberfil.sys
[2017/08/15 10:34:47 | 2003,673,088 | -HS- | M] () -- C:\pagefile.sys
[2017/08/14 18:22:02 | 000,012,761 | ---- | M] () -- C:\zoek-results.log
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2017/08/10 17:30:57 | 000,109,616 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2016/02/18 15:43:16 | 000,000,020 | -HS- | M] () -- C:\Users\User\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2017/08/15 11:00:08 | 002,883,584 | -HS- | M] () -- C:\Users\User\ntuser.dat
 
< C:\Windows\system32\Tasks\*.* /s >
[2017/08/08 21:27:09 | 000,004,464 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Acrobat Update Task
[2017/08/15 08:25:03 | 000,004,542 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
[2016/02/18 17:04:07 | 000,002,430 | ---- | M] () -- C:\Windows\system32\Tasks\AutoKMS
[2017/08/10 15:23:54 | 000,003,914 | ---- | M] () -- C:\Windows\system32\Tasks\Avast Emergency Update
[2017/07/22 12:08:17 | 000,002,786 | ---- | M] () -- C:\Windows\system32\Tasks\CCleanerSkipUAC
[2017/04/28 21:22:28 | 000,003,360 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
[2017/04/28 21:22:29 | 000,003,488 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
[2017/08/15 07:50:35 | 000,003,934 | ---- | M] () -- C:\Windows\system32\Tasks\User_Feed_Synchronization-{415BB917-E66F-4285-A991-5FA9EE01DC12}
[2017/08/14 19:25:14 | 000,003,226 | ---- | M] () -- C:\Windows\system32\Tasks\{01C66FB6-7C45-4D73-A3CB-C50EF4AC9A84}
[2016/12/08 15:35:02 | 000,003,146 | ---- | M] () -- C:\Windows\system32\Tasks\{0F2499E2-DE73-4B3F-8170-B628D8C0579C}
[2017/03/04 15:58:03 | 000,003,158 | ---- | M] () -- C:\Windows\system32\Tasks\{5841566C-A174-406D-B1DD-709A5FCB83EB}
[2017/08/12 10:30:37 | 000,003,120 | ---- | M] () -- C:\Windows\system32\Tasks\{CE2C4D73-24AD-4B7D-B4E3-18E35390F274}
[2017/03/04 15:44:43 | 000,003,158 | ---- | M] () -- C:\Windows\system32\Tasks\{F3D7753B-7DF0-4D6C-819D-C9F2CCEC90FE}
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2009/07/14 01:41:45 | 000,003,614 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2009/07/14 01:42:29 | 000,002,934 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009/07/14 01:46:36 | 000,003,886 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2016/07/30 16:19:40 | 000,003,760 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2016/02/18 15:34:49 | 000,002,538 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Location\Notifications
[2017/04/03 11:39:14 | 000,003,178 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2016/02/18 15:35:00 | 000,002,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
[2016/02/18 15:34:58 | 000,002,448 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
[2016/02/25 20:06:20 | 000,003,650 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
[2016/02/18 15:34:57 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
[2016/02/18 15:34:59 | 000,002,546 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
[2016/02/18 15:35:01 | 000,002,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate
[2016/02/18 15:35:04 | 000,002,954 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[2016/02/18 15:35:02 | 000,002,958 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[2016/02/18 15:34:57 | 000,002,380 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURActivate
[2016/02/18 15:34:56 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2016/02/18 15:34:57 | 000,002,384 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
[2016/02/18 15:34:53 | 000,003,226 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
[2016/02/18 15:34:54 | 000,003,228 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
[2016/02/18 15:34:52 | 000,003,822 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
[2016/02/18 15:35:02 | 000,002,926 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
[2016/02/18 15:35:03 | 000,002,918 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
[2016/02/18 15:35:01 | 000,003,078 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
[2016/02/18 15:34:59 | 000,002,408 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
[2016/02/18 15:34:59 | 000,002,432 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
[2016/02/18 15:35:03 | 000,002,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
[2016/02/25 20:06:21 | 000,003,418 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\StartRecording
[2016/02/18 15:34:58 | 000,002,736 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2016/02/18 15:34:54 | 000,003,576 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2016/02/18 15:41:16 | 000,004,082 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
[2016/02/18 15:34:48 | 000,003,058 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2016/02/18 15:34:50 | 000,003,784 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\AutoWake
[2016/02/18 15:34:50 | 000,003,612 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\GadgetManager
[2016/02/18 15:43:33 | 000,003,698 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SessionAgent
[2016/02/18 15:43:48 | 000,003,792 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2011/02/04 14:25:42 | 000,004,340 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2017/07/12 18:20:41 | 000,003,540 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Wininet\CacheTask
[2016/02/18 16:36:10 | 000,004,392 | ---- | M] () -- C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:53:46 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 01:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2016/02/18 17:04:07 | 000,000,198 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
 
< C:\Windows\system32\Tasks\*.* /s /64 >
[2017/08/08 21:27:09 | 000,004,464 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Acrobat Update Task
[2017/08/15 08:25:03 | 000,004,542 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
[2016/02/18 17:04:07 | 000,002,430 | ---- | M] () -- C:\Windows\system32\Tasks\AutoKMS
[2017/08/10 15:23:54 | 000,003,914 | ---- | M] () -- C:\Windows\system32\Tasks\Avast Emergency Update
[2017/07/22 12:08:17 | 000,002,786 | ---- | M] () -- C:\Windows\system32\Tasks\CCleanerSkipUAC
[2017/04/28 21:22:28 | 000,003,360 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
[2017/04/28 21:22:29 | 000,003,488 | ---- | M] () -- C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
[2017/08/15 07:50:35 | 000,003,934 | ---- | M] () -- C:\Windows\system32\Tasks\User_Feed_Synchronization-{415BB917-E66F-4285-A991-5FA9EE01DC12}
[2017/08/14 19:25:14 | 000,003,226 | ---- | M] () -- C:\Windows\system32\Tasks\{01C66FB6-7C45-4D73-A3CB-C50EF4AC9A84}
[2016/12/08 15:35:02 | 000,003,146 | ---- | M] () -- C:\Windows\system32\Tasks\{0F2499E2-DE73-4B3F-8170-B628D8C0579C}
[2017/03/04 15:58:03 | 000,003,158 | ---- | M] () -- C:\Windows\system32\Tasks\{5841566C-A174-406D-B1DD-709A5FCB83EB}
[2017/08/12 10:30:37 | 000,003,120 | ---- | M] () -- C:\Windows\system32\Tasks\{CE2C4D73-24AD-4B7D-B4E3-18E35390F274}
[2017/03/04 15:44:43 | 000,003,158 | ---- | M] () -- C:\Windows\system32\Tasks\{F3D7753B-7DF0-4D6C-819D-C9F2CCEC90FE}
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2009/07/14 01:41:45 | 000,003,614 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2009/07/14 01:42:29 | 000,002,934 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2009/07/14 01:46:36 | 000,003,886 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2016/07/30 16:19:40 | 000,003,760 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2016/02/18 15:34:49 | 000,002,538 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Location\Notifications
[2017/04/03 11:39:14 | 000,003,178 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2016/02/18 15:35:00 | 000,002,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
[2016/02/18 15:34:58 | 000,002,448 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
[2016/02/25 20:06:20 | 000,003,650 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
[2016/02/18 15:34:57 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
[2016/02/18 15:34:59 | 000,002,546 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
[2016/02/18 15:35:01 | 000,002,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate
[2016/02/18 15:35:04 | 000,002,954 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[2016/02/18 15:35:02 | 000,002,958 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[2016/02/18 15:34:57 | 000,002,380 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURActivate
[2016/02/18 15:34:56 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2016/02/18 15:34:57 | 000,002,384 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
[2016/02/18 15:34:53 | 000,003,226 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
[2016/02/18 15:34:54 | 000,003,228 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
[2016/02/18 15:34:52 | 000,003,822 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
[2016/02/18 15:35:02 | 000,002,926 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
[2016/02/18 15:35:03 | 000,002,918 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
[2016/02/18 15:35:01 | 000,003,078 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
[2016/02/18 15:34:59 | 000,002,408 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
[2016/02/18 15:34:59 | 000,002,432 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
[2016/02/18 15:35:03 | 000,002,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
[2016/02/25 20:06:21 | 000,003,418 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\StartRecording
[2016/02/18 15:34:58 | 000,002,736 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2016/02/18 15:34:54 | 000,003,576 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2016/02/18 15:41:16 | 000,004,082 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
[2016/02/18 15:34:48 | 000,003,058 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2016/02/18 15:34:50 | 000,003,784 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\AutoWake
[2016/02/18 15:34:50 | 000,003,612 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\GadgetManager
[2016/02/18 15:43:33 | 000,003,698 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SessionAgent
[2016/02/18 15:43:48 | 000,003,792 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2011/02/04 14:25:42 | 000,004,340 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2017/07/12 18:20:41 | 000,003,540 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Wininet\CacheTask
[2016/02/18 16:36:10 | 000,004,392 | ---- | M] () -- C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
 
< %windir%\tasks\*.* /s >
[2017/08/15 10:35:02 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2017/08/15 10:34:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2017/02/09 18:49:37 | 000,032,584 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\*.scr >
[2016/09/14 22:27:52 | 000,053,208 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 22 04 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 76 93 D8 E0 15 FB D2 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 28 04 04 90 82 CE E7 18 E4 21 B9 B8 6B A4 AF A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 28 04 04 90 82 CE E7 18 95 C8 36 95 64 EB 45 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 64 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 BD 0C 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 76 93 D8 E0 15 FB D2 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 28 04 04 90 82 CE E7 18 E4 21 B9 B8 6B A4 AF A5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 28 04 04 90 82 CE E7 18 95 C8 36 95 64 EB 45 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 64 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
 
< \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
"EnablePunycode" = 1
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2009/07/14 01:52:31 | 000,000,000 | ---D | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
"RCDependentServices" = CertPropSvcSessionEnv [binary data]
"NotificationTimeOut" = 0
"SnapshotMonitors" = 1
"ProductVersion" = 5.1
"AllowRemoteRPC" = 0
"DelayConMgrTimeout" = 0
"fDenyTSConnections" = 1
"StartRCM" = 0
"TSAdvertise" = 0
"DeleteTempDirsOnExit" = 1
"fSingleSessionPerUser" = 1
"PerSessionTempDir" = 0
"TSUserEnabled" = 0
"InstanceID" = 919475cb-18e7-44ea-9b5a-8d5b7f1
"RailShowallNotifyIcons" = 1
"RDPVGCInstalled" = 1
"fCredentialLessLogonSupported" = 1
"fCredentialLessLogonSupportedTSS" = 1
"fCredentialLessLogonSupportedKMRDP" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Utilities]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\system32\userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" = 
"LegalNoticeText" = 
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 39
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
"auditbaseobjects" = 0
"auditbasedirectories" = 0
"crashonauditfail" = 0
"fullprivilegeauditing" =  [binary data]
"Bounds" = 0  [binary data]
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2010/11/20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation)
"Security Packages" = kerberosmsv1_0schannelwdigesttspkgpku2u [binary data]
"Authentication Packages" = msv1_0 [binary data] -- [2017/07/07 12:11:00 | 000,261,120 | ---- | M] (Microsoft Corporation)
"LsaPid" = 524
"SecureBoot" = 1
"ProductType" = 1
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
 
< \UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
"Shell" = explorer.exe -- [2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation)
"Userinit" = C:\Windows\system32\userinit.exe,
 
< \SpecialAccounts\UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\termsrv.dll,-267
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSSTermDD [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
 
< net user /c >
Contas de usu rio para \\USER-PC
-------------------------------------------------------------------------------
Administrador            Convidado                User                     
Comando conclu¡do com ˆxito.
 
< MD5 for: TERMSRV.DLL  >
[2014/07/15 23:56:37 | 000,525,824 | ---- | M] (Microsoft Corporation) MD5=278F31DD3BFDE48F2E1FFF882FBD24B5 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll
[2010/11/20 03:21:30 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2014/10/13 22:50:04 | 000,526,848 | ---- | M] (Microsoft Corporation) MD5=DD01319264B6D19E379BDD079A27DA91 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll
[2014/07/16 22:39:49 | 000,523,264 | ---- | M] (Microsoft Corporation) MD5=E05E31F7BF577228E27CFFCA5B54ABBD -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll
[2014/10/13 22:50:50 | 000,523,776 | ---- | M] (Microsoft Corporation) MD5=FCFD4F50419B4BC72E80066DA10D2E54 -- C:\Windows\System32\termsrv.dll
[2014/10/13 22:50:50 | 000,523,776 | ---- | M] (Microsoft Corporation) MD5=FCFD4F50419B4BC72E80066DA10D2E54 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color]
Invalid Switch: color]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8 bytes -> C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
@Alternate Data Stream - 420 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 32 bytes -> C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:F63C5A76_Cef.gbp
@Alternate Data Stream - 1086 bytes -> C:\Windows\System32\drivers\wsddfac.sys:X5ZN8aGXs4
@Alternate Data Stream - 10 bytes -> C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt

< End of report >
 


 

Compartilhar este post


Link para o post
Compartilhar em outros sites
39 minutos atrás, FRAN SANTOS disse:

O4 - HKLM..\Run: [Chew7Hale] C:\Windows\System32\hale.exe ()

Seu "técnico" usou um Cracker chamado hale.exe () para habilitar o Windows/Office...

Isso é considerado pirataria e eu não posso ajudá-la desta forma, podendo até inutilizar seu PC com o uso de Ferramentas de desinfecção

. Sugiro que você entre em contato com a Microsoft ou com um revendedor autorizado.

Central de Atendimento Microsoft:
0800 761-7454

Atendimento ao Cliente

http://support.microsoft.com/contactus

Boa sorte.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  

×