Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

Mensagem Recomendada

O PC melhorou um pouco. As páginas não ficam na cor preta e nem branca como ficavam.

O mouse parou de tremer, mas ta pegajoso e lento. Parece sem direção.

Os logs hijackthis se multiplicaram para pastas como imagem, vídeos e etc... vou deletar pelo mecanismo de pesquisa, ok?

O note continua bipando  e lento.

Sou muito grata.

 


(bandido)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, pode deletar.

Quanto aos bips me parece que seja problema de Hardware.

Sugiro que você procure um técnico

O PC está limpo, nada mais a fazer por aqui.

BOA SORTE. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, boa tarde.

Na busca por solucionar problemas de bip, lentidão e mouse lerdo,

entrei em msconfig e encontrei avg em execução e avg firewall.

Peço ajuda para remover, por favor.

Peço permissão para enviar imagens do local, se erro, me perdoe.2086546350_informaodosistemaserviosavgfirewall.jpg.d6fa68acfd7392d7559d6d16fd47e118.jpg

Gratidão

 

informação do sistema serviços avg inicialização.jpg

informação do sistema 3 avg.jpg

Editado por eloisa

acho que está certo agora, imagens. desculpe

(bandido)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pode desabilitar os Serviços, mas isso não cessará os Bips pois com certeza são causados por hardware...Vírus e Softwares não provocam este tipo de manifestação, mas o fato de desabilitar da Iniciação estes Serviços pode com certeza a estabilizar o Sistema...


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, o PC está limpíssimo, fico grata.

Parece que os bips são problemas no teclado

Tentei desabilitar os programas AVG mas não foi possivel porque o acesso é negado, assim como qualquer pasta do AVG.

AVG esta executando causando conflitos com o Avira e eu, sem conhecimento necessario não tenho como remover.

Peço ajuda para remover esses programas, por favor porque nem em modo seguro, nem com a ferramenta de remoção do AVG eu consigo.

por favor,  Mr. Million me ajude a removr esses programas daqui incluindo o firewall AVG que esta executando também.

Grata.


(bandido)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olha!! O AVG não está ativo nem está atrapalhando em nada e as pastas encontradas estão desativadas, não entendo muito a sua aflição, enfim......

Baixe OTL by OldTimer, e salve na sua Área de Trabalho.

Feche todas as janelas e execute a Ferramenta.

** Usuários do Windows Vista, Windows 7, 8, 8.1 e 10: Clique com o direito sobre o arquivo, depois clique em 

executar-como-administrador.png

Onde diz Saída, marque Padrão. Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Usar WhiteList para Nomes de Companhias.
  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

    Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar


CREATERESTOREPOINT
netsvcs
%systemroot%\system32\drivers\*.* /90
%systemdrive%\drivers\*.exe
%SYSTEMDRIVE%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.* /s
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
net user /c
/md5start
termsrv.dll
termsrv.dll.bak
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar. Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois Blocos de notas serão exibidos: OTL.txt e Extras.txt. Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua próxima resposta.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigada.

Desativei o firewall por garantia .

Avira foi removido antes da sua ultima resposta.

OLT parou de funcionar por instantes, voltando depois.

Prompt de comando abriu com digitação e fechou.

segue o log.

OTL logfile created on: 24/02/2019 20:52:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Computador\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19266)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,34% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 422,70 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTADOR-PC | User Name: Computador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2019/02/24 20:40:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computador\Desktop\OTL.exe
PRC - [2019/02/21 12:41:20 | 000,458,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2018/09/12 03:16:14 | 013,797,712 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2017/05/25 12:46:23 | 000,631,520 | ---- | M] (GAS Tecnologia) -- C:\Program Files\GbPlugin\gbpsv.exe
PRC - [2017/05/24 23:13:25 | 000,328,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2016/08/29 11:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2017/09/26 01:52:42 | 000,407,632 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll
MOD - [2007/05/22 09:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\antivírus\aswidsagent.exe -- (avgbIDSAgent)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\antivírus\afwServ.exe -- (AVG Firewall)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\antivírus\AVGSvc.exe -- (AVG antivírus)
SRV - [2019/02/21 12:41:19 | 000,217,040 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2019/01/25 20:57:06 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2019/01/08 17:49:26 | 000,335,872 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2018/12/16 18:29:48 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2018/12/13 05:45:52 | 002,709,480 | ---- | M] (Adobe Systems, Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2018/12/13 05:45:50 | 002,917,864 | ---- | M] (Adobe Systems, Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe -- (AGMService)
SRV - [2018/08/13 18:48:52 | 000,940,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2018/04/09 15:22:23 | 000,297,240 | ---- | M] (Reason Software Company Inc.) [Disabled | Stopped] -- C:\Program Files\Unchecky\bin\unchecky_svc.exe -- (Unchecky)
SRV - [2017/12/31 23:00:09 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2017/09/20 01:42:50 | 000,817,760 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2017/05/25 12:46:23 | 000,631,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2017/05/24 23:13:25 | 000,328,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2014/07/16 11:25:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/27 01:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20171012.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20171012.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\gbpddreg32.sys -- (gbpddreg)
DRV - [2019/02/21 12:57:04 | 000,401,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgSP.sys -- (avgSP)
DRV - [2019/02/21 12:56:55 | 000,383,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgNetSec.sys -- (avgNetSec)
DRV - [2019/02/21 12:55:19 | 000,310,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgVmm.sys -- (avgVmm)
DRV - [2019/02/21 12:55:18 | 000,162,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avgStm.sys -- (avgStm)
DRV - [2019/02/21 12:55:18 | 000,139,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgMonFlt.sys -- (avgMonFlt)
DRV - [2019/02/21 12:55:18 | 000,101,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgRdr2.sys -- (avgRdr)
DRV - [2019/02/21 12:55:18 | 000,072,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgRvrt.sys -- (avgRvrt)
DRV - [2019/02/21 12:55:17 | 000,040,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgKbd.sys -- (avgKbd)
DRV - [2019/02/21 12:55:09 | 000,170,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgArPot.sys -- (avgArPot)
DRV - [2019/02/21 12:55:08 | 000,785,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgSnx.sys -- (avgSnx)
DRV - [2019/02/21 12:55:03 | 000,028,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgNetNd6.sys -- (avgNetNd6)
DRV - [2019/02/21 12:54:56 | 000,255,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgblog.sys -- (avgblog)
DRV - [2019/02/21 12:54:56 | 000,189,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgbidsdriver.sys -- (avgbidsdriver)
DRV - [2019/02/21 12:54:56 | 000,158,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgbidsh.sys -- (avgbidsh)
DRV - [2019/02/21 12:54:56 | 000,051,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgbuniv.sys -- (avgbuniv)
DRV - [2017/05/25 12:46:24 | 000,049,496 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2017/05/24 23:13:25 | 000,705,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2017/05/24 23:13:25 | 000,109,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2017/05/18 11:15:34 | 000,031,032 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phantomtap.sys -- (phantomtap)
DRV - [2016/08/16 02:18:34 | 000,128,704 | ---- | M] (MBB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb2ser.sys -- (wdm_usb)
DRV - [2014/09/06 16:25:42 | 000,029,400 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\gbpndisrdn.sys -- (ndisrd)
DRV - [2013/10/01 21:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013/05/02 04:52:40 | 001,334,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtwlane.sys -- (RTWlanE)
DRV - [2012/08/23 11:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2011/11/17 16:11:56 | 000,125,456 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2011/06/23 08:46:34 | 000,982,120 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV - [2010/11/20 18:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 18:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 18:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 18:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 18:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/26 17:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/12/04 16:44:36 | 000,010,616 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SoilMC.sys -- (SoilMC)
DRV - [2009/12/04 16:44:18 | 000,010,744 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Soilkbc.sys -- (soilkbc)
DRV - [2009/12/04 16:43:46 | 000,016,248 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SoilIO.sys -- (SoilIO)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 94 6F D9 2D 53 D2 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 74 BE C9 EA C0 0C D3 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "BR"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing,BuscaPé,DuckDuckGo,MercadoLivre,Twitter"
FF - prefs.js..browser.search.region: "BR"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1228198.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.191.2: C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.191.2: C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 65.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 65.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2016/11/24 21:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\Extensions
[2017/11/14 21:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\SystemExtensionsDev
[2019/02/23 09:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\Firefox\Profiles\89o3zlbn.default-1481419973935-1529436324926\extensions
[2019/02/23 09:08:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\Firefox\Profiles\89o3zlbn.default-1481419973935-1529436324926\extensions\trash
[2019/02/23 09:12:13 | 000,049,869 | ---- | M] () (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\firefox\profiles\89o3zlbn.default-1481419973935-1529436324926\features\{ac14521e-8907-4a92-94a7-0ba4a6327c7a}\fxmonitor@mozilla.org.xpi
[2018/04/21 20:25:19 | 000,006,212 | ---- | M] () (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\firefox\profiles\hfyrz88h.default-1481419973935-1520996196102\features\{99436f92-21ae-472b-9c7f-e61bff770767}\tls13-rollout-bug1442042@mozilla.org.xpi
[2018/05/06 19:28:14 | 000,006,210 | ---- | M] () (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\firefox\profiles\hfyrz88h.default-1481419973935-1520996196102\features\{c44c7c36-bda7-43a0-b501-6987e4cb7df3}\tls13-rollout-bug1442042@mozilla.org.xpi
[2018/06/19 11:42:05 | 000,006,249 | ---- | M] () (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\firefox\profiles\hfyrz88h.default-1481419973935-1520996196102\features\{dbb28504-63e4-44dc-8825-41f148cb24f0}\tls13-version-fallback-rollout-bug1462099@mozilla.org.xpi
[2018/05/16 09:16:47 | 000,006,210 | ---- | M] () (No name found) -- C:\Users\Computador\AppData\Roaming\mozilla\firefox\profiles\hfyrz88h.default-1481419973935-1520996196102\features\{f30ec68d-6d92-4063-872e-6105dbf69027}\tls13-rollout-bug1442042@mozilla.org.xpi
 
O1 HOSTS File: ([2019/02/22 07:09:01 | 000,004,723 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [CCleaner Smart Cleaning] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.248.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5B764AD-8F90-4F9D-9196-EA7DF0FE9C5E}: DhcpNameServer = 172.16.248.1 186.208.127.242
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBE3B846-1406-416C-A07A-B54709DF2AFA}: DhcpNameServer = 172.16.248.1 8.8.8.8
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2019/02/24 20:40:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Computador\Desktop\OTL.exe
[2019/02/24 12:56:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Computador\Desktop\HijackThis.exe
[2019/02/23 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Computador\AppData\Local\mbam
[2019/02/23 11:19:40 | 000,000,000 | ---D | C] -- C:\Users\Computador\AppData\Local\mbamtray
[2019/02/23 11:06:33 | 000,000,000 | ---D | C] -- C:\Users\Computador\backups
[2019/02/22 15:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2019/02/22 14:22:17 | 000,000,000 | ---D | C] -- C:\AVG_Remover
[2019/02/21 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2019/02/21 16:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2019/02/21 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Computador\AppData\Roaming\AVG
[2019/02/21 12:56:12 | 000,310,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgVmm.sys
[2019/02/21 12:56:11 | 000,162,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgStm.sys
[2019/02/21 12:56:10 | 000,401,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSP.sys
[2019/02/21 12:56:09 | 000,139,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgMonFlt.sys
[2019/02/21 12:56:09 | 000,072,848 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRvrt.sys
[2019/02/21 12:56:08 | 000,101,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRdr2.sys
[2019/02/21 12:56:08 | 000,040,744 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgKbd.sys
[2019/02/21 12:56:07 | 000,170,600 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgArPot.sys
[2019/02/21 12:56:06 | 000,785,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSnx.sys
[2019/02/21 12:56:05 | 000,051,176 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbuniv.sys
[2019/02/21 12:56:04 | 000,255,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgblog.sys
[2019/02/21 12:56:04 | 000,158,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsh.sys
[2019/02/21 12:56:03 | 000,383,816 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetSec.sys
[2019/02/21 12:56:03 | 000,189,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsdriver.sys
[2019/02/21 12:55:29 | 000,310,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgBoot.exe
[2019/02/21 12:55:03 | 000,028,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetNd6.sys
[2019/02/21 12:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2019/02/21 10:24:33 | 000,000,000 | ---D | C] -- C:\Users\Computador\AppData\Local\ESET
[2019/02/20 11:25:49 | 000,000,000 | ---D | C] -- C:\Users\Computador\Desktop\Nova pasta (2)
[2019/02/18 06:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG
[2019/01/04 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2019/01/01 02:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oracle
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2019/02/24 20:57:00 | 004,456,448 | -HS- | M] () -- C:\Users\Computador\ntuser.dat
[2019/02/24 20:40:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computador\Desktop\OTL.exe
[2019/02/24 20:06:23 | 000,026,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2019/02/24 20:06:23 | 000,026,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2019/02/24 19:58:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2019/02/24 19:57:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2019/02/24 19:57:41 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2019/02/24 19:55:37 | 001,963,655 | -H-- | M] () -- C:\Users\Computador\AppData\Local\IconCache.db
[2019/02/24 13:52:48 | 000,287,851 | ---- | M] () -- C:\Users\Computador\Desktop\avg.jpg
[2019/02/24 12:58:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Computador\Desktop\HijackThis.exe
[2019/02/24 12:37:59 | 000,264,034 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema serviços avg inicialização 2.jpg
[2019/02/24 12:10:57 | 000,240,857 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema serviços avg inicialização.jpg
[2019/02/24 12:07:48 | 000,433,162 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema serviços avg firewall.jpg
[2019/02/24 11:52:59 | 000,367,176 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema 4 driver.jpg
[2019/02/24 11:47:42 | 000,331,652 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema 3 avg.jpg
[2019/02/24 11:26:23 | 000,254,021 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema 2.jpg
[2019/02/24 11:25:08 | 000,256,915 | ---- | M] () -- C:\Users\Computador\Desktop\informação do sistema.jpg
[2019/02/22 07:09:01 | 000,004,723 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2019/02/21 12:57:04 | 000,401,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSP.sys
[2019/02/21 12:56:55 | 000,383,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetSec.sys
[2019/02/21 12:55:19 | 000,310,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgVmm.sys
[2019/02/21 12:55:18 | 000,162,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgStm.sys
[2019/02/21 12:55:18 | 000,139,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgMonFlt.sys
[2019/02/21 12:55:18 | 000,101,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRdr2.sys
[2019/02/21 12:55:18 | 000,072,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRvrt.sys
[2019/02/21 12:55:17 | 000,310,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgBoot.exe
[2019/02/21 12:55:17 | 000,040,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgKbd.sys
[2019/02/21 12:55:09 | 000,170,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgArPot.sys
[2019/02/21 12:55:08 | 000,785,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSnx.sys
[2019/02/21 12:55:03 | 000,028,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetNd6.sys
[2019/02/21 12:54:56 | 000,255,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgblog.sys
[2019/02/21 12:54:56 | 000,189,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsdriver.sys
[2019/02/21 12:54:56 | 000,158,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsh.sys
[2019/02/21 12:54:56 | 000,051,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbuniv.sys
[2019/02/20 10:54:23 | 000,344,453 | ---- | M] () -- C:\Users\Computador\Desktop\msg wind.jpg
[2019/02/18 12:57:00 | 001,634,498 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2019/02/18 12:57:00 | 000,705,684 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2019/02/18 12:57:00 | 000,654,140 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2019/02/18 12:57:00 | 000,147,524 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2019/02/18 12:57:00 | 000,122,012 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2019/02/14 19:20:29 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40bcd115-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000002.regtrans-ms
[2019/02/14 19:20:29 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40bcd115-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000001.regtrans-ms
[2019/02/14 19:20:29 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40bcd115-309f-11e9-a8be-001b38e38887}.TM.blf
[2019/02/14 19:20:23 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40bcd107-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000002.regtrans-ms
[2019/02/14 19:20:23 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40bcd107-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000001.regtrans-ms
[2019/02/14 19:20:23 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40bcd107-309f-11e9-a8be-001b38e38887}.TM.blf
[2019/02/14 19:13:42 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat
[2019/02/12 21:19:52 | 000,405,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2019/02/03 19:35:31 | 000,341,914 | ---- | M] () -- C:\Users\Computador\Desktop\Canto-de-Sabiá-laranjeira-Canto-38.mp3
[2019/02/01 18:37:15 | 002,577,536 | ---- | M] () -- C:\Users\Computador\Desktop\Canto-de-Sabiá-Laranjeira.mp3
[2019/01/15 22:45:09 | 000,262,779 | ---- | M] () -- C:\Users\Computador\Desktop\Hercólubus ou Planeta Vermelho.pdf
[2018/12/28 15:09:50 | 000,419,608 | ---- | M] () -- C:\Windows\System32\locale.nls
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2019/02/24 14:34:55 | 001,963,655 | -H-- | C] () -- C:\Users\Computador\AppData\Local\IconCache.db
[2019/02/24 13:52:47 | 000,287,851 | ---- | C] () -- C:\Users\Computador\Desktop\avg.jpg
[2019/02/24 12:37:58 | 000,264,034 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema serviços avg inicialização 2.jpg
[2019/02/24 12:10:56 | 000,240,857 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema serviços avg inicialização.jpg
[2019/02/24 12:07:48 | 000,433,162 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema serviços avg firewall.jpg
[2019/02/24 11:52:59 | 000,367,176 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema 4 driver.jpg
[2019/02/24 11:47:42 | 000,331,652 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema 3 avg.jpg
[2019/02/24 11:26:22 | 000,254,021 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema 2.jpg
[2019/02/24 11:25:08 | 000,256,915 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema.jpg
[2019/02/20 10:54:22 | 000,344,453 | ---- | C] () -- C:\Users\Computador\Desktop\msg wind.jpg
[2019/02/14 19:20:23 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40bcd115-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000002.regtrans-ms
[2019/02/14 19:20:23 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40bcd115-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000001.regtrans-ms
[2019/02/14 19:20:23 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40bcd115-309f-11e9-a8be-001b38e38887}.TM.blf
[2019/02/14 19:13:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40bcd107-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000002.regtrans-ms
[2019/02/14 19:13:42 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40bcd107-309f-11e9-a8be-001b38e38887}.TMContainer00000000000000000001.regtrans-ms
[2019/02/14 19:13:42 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2019/02/14 19:13:42 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40bcd107-309f-11e9-a8be-001b38e38887}.TM.blf
[2019/02/03 19:35:24 | 000,341,914 | ---- | C] () -- C:\Users\Computador\Desktop\Canto-de-Sabiá-laranjeira-Canto-38.mp3
[2019/02/01 18:37:11 | 002,577,536 | ---- | C] () -- C:\Users\Computador\Desktop\Canto-de-Sabiá-Laranjeira.mp3
[2019/01/15 22:45:07 | 000,262,779 | ---- | C] () -- C:\Users\Computador\Desktop\Hercólubus ou Planeta Vermelho.pdf
[2019/01/09 16:48:07 | 000,419,608 | ---- | C] () -- C:\Windows\System32\locale.nls
[2018/05/12 15:15:42 | 000,024,496 | ---- | C] () -- C:\Users\Computador\AppData\Local\ZHPCquarantine.jpg
[2018/03/27 10:58:33 | 000,524,288 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{da1decf0-31c6-11e8-bf10-80ee733f196c}.TMContainer00000000000000000002.regtrans-ms
[2018/03/27 10:58:33 | 000,524,288 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{da1decf0-31c6-11e8-bf10-80ee733f196c}.TMContainer00000000000000000001.regtrans-ms
[2018/03/27 10:58:32 | 000,065,536 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{da1decf0-31c6-11e8-bf10-80ee733f196c}.TM.blf
[2017/11/12 01:25:04 | 001,048,576 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.2.regtrans-ms
[2017/11/12 01:25:03 | 001,048,576 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.1.regtrans-ms
[2017/11/12 01:25:03 | 001,048,576 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.0.regtrans-ms
[2017/11/12 01:25:03 | 000,065,536 | -HS- | C] () -- C:\Users\Computador\ntuser.dat{6cced2f0-6e01-11de-8bed-001e0bcd1824}.TxR.blf
[2017/09/12 22:38:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017/08/09 09:45:17 | 000,518,144 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2016/12/09 08:43:01 | 000,007,601 | ---- | C] () -- C:\Users\Computador\AppData\Local\resmon.resmoncfg
[2014/07/16 23:29:04 | 000,000,043 | ---- | C] () -- C:\Users\Computador\AppData\Roaming\WB.CFG
[2014/07/15 22:18:24 | 000,107,664 | ---- | C] () -- C:\Users\Computador\AppData\Local\GDIPFONTCACHEV1.DAT
[2014/07/15 19:30:38 | 000,524,288 | -HS- | C] () -- C:\Users\Computador\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2014/07/15 19:30:38 | 000,524,288 | -HS- | C] () -- C:\Users\Computador\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2014/07/15 19:30:38 | 000,065,536 | -HS- | C] () -- C:\Users\Computador\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2014/07/15 19:30:38 | 000,000,020 | -HS- | C] () -- C:\Users\Computador\ntuser.ini
[2014/07/15 19:30:37 | 004,456,448 | -HS- | C] () -- C:\Users\Computador\ntuser.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2018/08/13 12:40:58 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2019/02/22 14:34:15 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\AVG
[2015/06/01 21:12:09 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\Baidu
[2016/11/28 15:43:55 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\MP3Rocket
[2017/04/17 09:47:47 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\Panda Security
[2017/10/02 21:04:42 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\PhotoFiltre Studio X
[2018/05/11 10:27:35 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\PhotoScape
[2014/10/19 15:47:25 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\PlayFirst
[2018/09/27 02:18:11 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\Stellarium
[2017/09/29 17:01:20 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\SYSTEMAX Software Development
[2014/09/04 12:35:33 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\Unity
[2016/12/29 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\uTorrent
[2014/07/22 23:05:40 | 000,000,000 | RHSD | M] -- C:\Users\Computador\AppData\Roaming\Windows
[2019/02/23 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\ZHP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\system32\drivers\*.* /90 >
[2019/01/08 23:33:28 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk8.sys
[2019/01/08 23:33:28 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdppm.sys
[2019/01/08 23:37:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys
[2019/02/21 12:55:09 | 000,170,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgArPot.sys
[2019/02/21 12:54:56 | 000,189,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgbidsdriver.sys
[2019/02/21 12:54:56 | 000,158,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgbidsh.sys
[2019/02/21 12:54:56 | 000,255,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgblog.sys
[2019/02/21 12:54:56 | 000,051,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgbuniv.sys
[2019/02/21 12:55:17 | 000,040,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgKbd.sys
[2019/02/21 12:55:18 | 000,139,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgMonFlt.sys
[2019/02/21 12:55:03 | 000,028,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgNetNd6.sys
[2019/02/21 12:56:55 | 000,383,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgNetSec.sys
[2019/02/21 12:55:18 | 000,101,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgRdr2.sys
[2019/02/21 12:55:18 | 000,072,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgRvrt.sys
[2019/02/21 12:55:08 | 000,785,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgSnx.sys
[2019/02/21 12:57:04 | 000,401,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgSP.sys
[2019/02/21 12:55:18 | 000,162,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgStm.sys
[2019/02/21 12:55:19 | 000,310,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgVmm.sys
[2019/01/08 23:40:31 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidclass.sys
[2019/01/08 23:40:31 | 000,026,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidparse.sys
[2019/01/08 23:40:33 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidusb.sys
[2019/01/08 23:33:29 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelppm.sys
[2019/01/15 03:55:12 | 000,067,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2019/01/15 03:54:51 | 000,137,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecpkg.sys
[2019/01/15 03:30:14 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys
[2019/01/15 03:30:24 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys
[2019/01/15 03:30:22 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys
[2018/12/07 23:41:20 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndistapi.sys
[2018/12/07 23:41:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndproxy.sys
[2018/12/28 16:51:03 | 001,214,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2019/01/08 23:33:28 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\processr.sys
[2019/01/08 23:34:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys
[2019/01/08 23:34:10 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys
[2019/01/08 23:34:05 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys
[2019/01/08 23:33:28 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\viac7.sys
[2019/01/08 23:36:01 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\videoprt.sys
[2018/12/07 23:41:28 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wanarp.sys
 
< %systemdrive%\drivers\*.exe >
 
< %SYSTEMDRIVE%\*.* >
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2017/05/27 23:21:51 | 000,002,042 | ---- | M] () -- C:\DelFix.txt
[2019/02/24 19:57:41 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2016/12/11 09:13:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2015/06/01 21:19:21 | 000,000,015 | ---- | M] () -- C:\mi.json
[2016/12/11 09:13:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2019/02/24 19:57:41 | 2136,989,696 | -HS- | M] () -- C:\pagefile.sys
[2019/02/15 22:06:26 | 000,000,651 | ---- | M] () -- C:\runcheck.txt
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2017/06/16 00:14:10 | 000,107,664 | ---- | M] () -- C:\Users\Computador\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
[2016/11/24 21:32:36 | 000,000,234 | ---- | M] () -- C:\Users\Computador\BullseyeCoverageError.txt
[2017/01/22 01:00:24 | 000,000,011 | ---- | M] () -- C:\Users\Computador\explt.txt
[2018/06/19 15:24:01 | 000,000,269 | ---- | M] () -- C:\Users\Computador\laboratorio da fazenda.txt
 
< %USERPROFILE%\*.ini >
[2014/07/15 19:30:38 | 000,000,020 | -HS- | M] () -- C:\Users\Computador\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2019/02/24 20:57:00 | 004,456,448 | -HS- | M] () -- C:\Users\Computador\ntuser.dat
 
< C:\Windows\system32\Tasks\*.* /s >
[2019/02/12 20:41:21 | 000,004,464 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Acrobat Update Task
[2019/01/08 17:49:28 | 000,004,566 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
[2019/01/08 17:49:33 | 000,004,384 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player Updater
[2018/09/12 02:00:05 | 000,003,510 | ---- | M] () -- C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Computador-PC-Computador
[2018/12/27 10:47:09 | 000,003,558 | ---- | M] () -- C:\Windows\system32\Tasks\AdobeGCInvoker-1.0-Computador-PC-Computador
[2019/02/21 15:38:34 | 000,004,162 | ---- | M] () -- C:\Windows\system32\Tasks\antivírus Emergency Update
[2017/09/02 10:54:22 | 000,002,748 | ---- | M] () -- C:\Windows\system32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
[2019/02/24 20:01:42 | 000,003,334 | ---- | M] () -- C:\Windows\system32\Tasks\AviraSystemSpeedupRemoval
[2019/02/16 18:01:37 | 000,004,128 | ---- | M] () -- C:\Windows\system32\Tasks\CCleaner Update
[2018/09/12 02:00:07 | 000,002,810 | ---- | M] () -- C:\Windows\system32\Tasks\CCleanerSkipUAC
[2019/02/21 11:56:02 | 000,003,446 | ---- | M] () -- C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
[2019/02/21 11:56:01 | 000,003,442 | ---- | M] () -- C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
[2018/09/12 02:00:09 | 000,003,680 | ---- | M] () -- C:\Windows\system32\Tasks\Java Platform SE Auto Updater
[2018/09/12 02:00:10 | 000,003,298 | ---- | M] () -- C:\Windows\system32\Tasks\Open Firefox
[2018/09/12 02:00:10 | 000,003,068 | ---- | M] () -- C:\Windows\system32\Tasks\PandaUSBVaccine
[2018/09/12 02:00:11 | 000,003,178 | ---- | M] () -- C:\Windows\system32\Tasks\{133FBB89-487B-43FC-9367-63AB242300F4}
[2018/09/12 02:00:12 | 000,003,216 | ---- | M] () -- C:\Windows\system32\Tasks\{134290EC-F390-4BBE-92D9-F5B4EF1D19DC}
[2018/09/12 02:00:12 | 000,002,946 | ---- | M] () -- C:\Windows\system32\Tasks\{30BD76AA-8370-41A9-A5B3-32109ED58349}
[2018/09/12 02:00:13 | 000,003,174 | ---- | M] () -- C:\Windows\system32\Tasks\{9E350845-54A8-463C-9F0E-7BB43DCB7B03}
[2018/09/12 02:00:14 | 000,003,316 | ---- | M] () -- C:\Windows\system32\Tasks\{B488D65D-9BA4-412B-A969-397E1347FB66}
[2018/12/27 10:34:16 | 000,004,004 | ---- | M] () -- C:\Windows\system32\Tasks\AVAST Software\Overseer
[2019/02/21 12:58:40 | 000,003,862 | ---- | M] () -- C:\Windows\system32\Tasks\AVG\Overseer
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2016/11/08 09:52:38 | 000,004,070 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[2016/03/19 16:22:32 | 000,003,574 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2016/12/10 20:56:56 | 000,004,192 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2017/10/12 18:08:41 | 000,003,998 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2014/08/31 10:53:00 | 000,003,760 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2014/07/15 19:26:10 | 000,002,538 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Location\Notifications
[2014/07/22 21:15:02 | 000,004,084 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2014/07/15 19:26:19 | 000,002,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
[2014/07/15 19:26:17 | 000,002,448 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
[2017/12/12 17:31:05 | 000,003,650 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
[2014/07/15 19:26:16 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
[2014/07/15 19:26:18 | 000,002,546 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
[2014/07/15 19:26:23 | 000,002,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate
[2017/12/12 17:31:30 | 000,003,544 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
[2014/07/15 19:26:25 | 000,002,954 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[2014/07/15 19:26:24 | 000,002,958 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[2014/07/15 19:26:15 | 000,002,380 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURActivate
[2014/07/15 19:26:15 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2014/07/15 19:26:15 | 000,002,384 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
[2014/07/15 19:26:27 | 000,003,226 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
[2014/07/15 19:26:28 | 000,003,228 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
[2014/07/15 19:26:13 | 000,003,822 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
[2014/07/15 19:26:24 | 000,002,926 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
[2014/07/15 19:26:25 | 000,002,918 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
[2014/07/15 19:26:21 | 000,003,078 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
[2014/07/15 19:26:17 | 000,002,408 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
[2014/07/15 19:26:18 | 000,002,432 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
[2014/07/15 19:26:25 | 000,002,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
[2017/12/12 17:30:58 | 000,003,418 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\StartRecording
[2014/07/15 19:26:16 | 000,002,736 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2014/07/15 19:26:20 | 000,003,576 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2014/07/15 19:29:52 | 000,004,082 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
[2014/07/15 19:26:09 | 000,003,058 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2014/07/15 19:26:11 | 000,003,784 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\AutoWake
[2014/07/15 19:26:12 | 000,003,612 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\GadgetManager
[2014/07/15 19:30:56 | 000,003,698 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SessionAgent
[2014/07/15 19:31:11 | 000,003,792 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2018/12/26 02:07:20 | 000,004,364 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
[2018/12/26 02:07:22 | 000,004,362 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2016/12/17 20:06:37 | 000,003,670 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup
[2016/12/18 09:00:00 | 000,004,332 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2016/12/17 20:06:37 | 000,003,704 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014/07/16 15:42:36 | 000,003,540 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Wininet\CacheTask
[2014/07/15 22:15:22 | 000,004,392 | ---- | M] () -- C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
[2016/11/26 15:54:34 | 000,004,496 | ---- | M] () -- C:\Windows\system32\Tasks\WPD\SqmUpload_S-1-5-21-1393690529-970696840-4212060167-1000
[2009/07/14 01:53:46 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 01:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< C:\Windows\system32\Tasks\*.* /s /64 >
[2019/02/12 20:41:21 | 000,004,464 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Acrobat Update Task
[2019/01/08 17:49:28 | 000,004,566 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
[2019/01/08 17:49:33 | 000,004,384 | ---- | M] () -- C:\Windows\system32\Tasks\Adobe Flash Player Updater
[2018/09/12 02:00:05 | 000,003,510 | ---- | M] () -- C:\Windows\system32\Tasks\AdobeAAMUpdater-1.0-Computador-PC-Computador
[2018/12/27 10:47:09 | 000,003,558 | ---- | M] () -- C:\Windows\system32\Tasks\AdobeGCInvoker-1.0-Computador-PC-Computador
[2019/02/21 15:38:34 | 000,004,162 | ---- | M] () -- C:\Windows\system32\Tasks\antivírus Emergency Update
[2017/09/02 10:54:22 | 000,002,748 | ---- | M] () -- C:\Windows\system32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
[2019/02/24 20:01:42 | 000,003,334 | ---- | M] () -- C:\Windows\system32\Tasks\AviraSystemSpeedupRemoval
[2019/02/16 18:01:37 | 000,004,128 | ---- | M] () -- C:\Windows\system32\Tasks\CCleaner Update
[2018/09/12 02:00:07 | 000,002,810 | ---- | M] () -- C:\Windows\system32\Tasks\CCleanerSkipUAC
[2019/02/21 11:56:02 | 000,003,446 | ---- | M] () -- C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
[2019/02/21 11:56:01 | 000,003,442 | ---- | M] () -- C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
[2018/09/12 02:00:09 | 000,003,680 | ---- | M] () -- C:\Windows\system32\Tasks\Java Platform SE Auto Updater
[2018/09/12 02:00:10 | 000,003,298 | ---- | M] () -- C:\Windows\system32\Tasks\Open Firefox
[2018/09/12 02:00:10 | 000,003,068 | ---- | M] () -- C:\Windows\system32\Tasks\PandaUSBVaccine
[2018/09/12 02:00:11 | 000,003,178 | ---- | M] () -- C:\Windows\system32\Tasks\{133FBB89-487B-43FC-9367-63AB242300F4}
[2018/09/12 02:00:12 | 000,003,216 | ---- | M] () -- C:\Windows\system32\Tasks\{134290EC-F390-4BBE-92D9-F5B4EF1D19DC}
[2018/09/12 02:00:12 | 000,002,946 | ---- | M] () -- C:\Windows\system32\Tasks\{30BD76AA-8370-41A9-A5B3-32109ED58349}
[2018/09/12 02:00:13 | 000,003,174 | ---- | M] () -- C:\Windows\system32\Tasks\{9E350845-54A8-463C-9F0E-7BB43DCB7B03}
[2018/09/12 02:00:14 | 000,003,316 | ---- | M] () -- C:\Windows\system32\Tasks\{B488D65D-9BA4-412B-A969-397E1347FB66}
[2018/12/27 10:34:16 | 000,004,004 | ---- | M] () -- C:\Windows\system32\Tasks\AVAST Software\Overseer
[2019/02/21 12:58:40 | 000,003,862 | ---- | M] () -- C:\Windows\system32\Tasks\AVG\Overseer
[2009/07/14 01:41:15 | 000,004,472 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2009/07/14 01:41:15 | 000,003,854 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2009/07/14 01:42:10 | 000,002,900 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2009/07/14 01:42:10 | 000,003,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2009/07/14 01:41:45 | 000,003,458 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2016/11/08 09:52:38 | 000,004,070 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[2016/03/19 16:22:32 | 000,003,574 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2009/07/14 01:37:26 | 000,003,026 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Autochk\Proxy
[2009/07/14 01:42:29 | 000,001,862 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2009/07/14 01:41:10 | 000,004,130 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2009/07/14 01:41:10 | 000,003,868 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2009/07/14 01:53:58 | 000,003,134 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2016/12/10 20:56:56 | 000,004,192 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2009/07/14 01:41:20 | 000,003,946 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2009/07/14 01:41:47 | 000,003,598 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2017/10/12 18:08:41 | 000,003,998 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2009/07/14 01:42:30 | 000,004,018 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2014/08/31 10:53:00 | 000,003,760 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2014/07/15 19:26:10 | 000,002,538 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2009/07/14 01:42:31 | 000,003,554 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Location\Notifications
[2014/07/22 21:15:02 | 000,004,084 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2014/07/15 19:26:19 | 000,002,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
[2014/07/15 19:26:17 | 000,002,448 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
[2017/12/12 17:31:05 | 000,003,650 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
[2014/07/15 19:26:16 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
[2014/07/15 19:26:18 | 000,002,546 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
[2014/07/15 19:26:23 | 000,002,790 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate
[2017/12/12 17:31:30 | 000,003,544 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
[2014/07/15 19:26:25 | 000,002,954 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[2014/07/15 19:26:24 | 000,002,958 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[2014/07/15 19:26:15 | 000,002,380 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURActivate
[2014/07/15 19:26:15 | 000,002,400 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
[2014/07/15 19:26:15 | 000,002,384 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
[2014/07/15 19:26:27 | 000,003,226 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
[2014/07/15 19:26:28 | 000,003,228 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
[2014/07/15 19:26:13 | 000,003,822 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
[2014/07/15 19:26:24 | 000,002,926 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
[2014/07/15 19:26:25 | 000,002,918 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
[2014/07/15 19:26:21 | 000,003,078 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
[2014/07/15 19:26:17 | 000,002,408 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
[2014/07/15 19:26:18 | 000,002,432 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
[2014/07/15 19:26:25 | 000,002,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
[2017/12/12 17:30:58 | 000,003,418 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\StartRecording
[2014/07/15 19:26:16 | 000,002,736 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
[2009/07/14 01:41:20 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
[2009/07/14 01:41:20 | 000,003,510 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
[2014/07/15 19:26:20 | 000,003,576 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MobilePC\HotStart
[2009/07/14 01:41:56 | 000,003,168 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\MUI\LPRemove
[2009/07/14 01:42:30 | 000,002,602 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2009/07/14 01:42:09 | 000,002,044 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2014/07/15 19:29:52 | 000,004,082 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
[2014/07/15 19:26:09 | 000,003,058 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
[2009/07/14 01:42:28 | 000,002,832 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2009/07/14 01:41:30 | 000,003,752 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2009/07/14 01:42:30 | 000,004,370 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RAC\RacTask
[2009/07/14 01:37:40 | 000,003,052 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Ras\MobilityManager
[2009/07/14 01:42:07 | 000,003,956 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2009/07/14 01:42:29 | 000,004,596 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2009/07/14 01:42:30 | 000,003,616 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
[2009/07/14 01:54:03 | 000,003,912 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
[2014/07/15 19:26:11 | 000,003,784 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\AutoWake
[2014/07/15 19:26:12 | 000,003,612 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\GadgetManager
[2014/07/15 19:30:56 | 000,003,698 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SessionAgent
[2014/07/15 19:31:11 | 000,003,792 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
[2009/07/14 01:37:20 | 000,003,942 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2009/07/14 01:46:35 | 000,003,506 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\SystemRestore\SR
[2009/07/14 01:41:33 | 000,002,614 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Task Manager\Interactive
[2009/07/14 01:41:09 | 000,003,950 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
[2009/07/14 01:41:09 | 000,004,066 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
[2009/07/14 01:41:29 | 000,002,978 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2009/07/14 01:37:51 | 000,003,388 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2009/07/14 01:37:30 | 000,001,730 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2009/07/14 01:41:23 | 000,003,420 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2009/07/14 01:37:28 | 000,002,682 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2018/12/26 02:07:20 | 000,004,364 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
[2018/12/26 02:07:22 | 000,004,362 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
[2009/07/14 01:37:20 | 000,003,048 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2009/07/14 01:37:44 | 000,003,290 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2009/07/14 01:46:36 | 000,003,304 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2016/12/17 20:06:37 | 000,003,670 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup
[2016/12/18 09:00:00 | 000,004,332 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
[2016/12/17 20:06:37 | 000,003,704 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor
[2009/07/14 01:54:01 | 000,003,532 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2014/07/16 15:42:36 | 000,003,540 | ---- | M] () -- C:\Windows\system32\Tasks\Microsoft\Windows\Wininet\CacheTask
[2014/07/15 22:15:22 | 000,004,392 | ---- | M] () -- C:\Windows\system32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
[2016/11/26 15:54:34 | 000,004,496 | ---- | M] () -- C:\Windows\system32\Tasks\WPD\SqmUpload_S-1-5-21-1393690529-970696840-4212060167-1000
 
< %windir%\tasks\*.* /s >
[2019/02/24 19:58:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2019/02/12 21:20:28 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\*.scr >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 4A 02 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 34 B9 A4 0B A1 CF 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 26 20 00 9B 00 00 00 00 00 00 00 00 19 BC 1E 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 19 BC 1E 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 A4 1E 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 34 B9 A4 0B A1 CF 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 26 20 00 9B 00 00 00 00 00 00 00 00 19 BC 1E 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 19 BC 1E 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
 
< \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
"EnablePunycode" = 1
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2009/07/14 01:52:31 | 000,000,000 | ---D | M]
"ProxyEnable" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ApprovedActiveXInstallSites]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
"RCDependentServices" = CertPropSvcSessionEnv [binary data]
"NotificationTimeOut" = 0
"SnapshotMonitors" = 1
"ProductVersion" = 5.1
"AllowRemoteRPC" = 0
"DelayConMgrTimeout" = 0
"fDenyTSConnections" = 1
"StartRCM" = 0
"TSAdvertise" = 0
"DeleteTempDirsOnExit" = 1
"fSingleSessionPerUser" = 1
"PerSessionTempDir" = 0
"TSUserEnabled" = 0
"InstanceID" = 74fd146d-74a0-493c-846b-a97b318
"RailShowallNotifyIcons" = 1
"RDPVGCInstalled" = 1
"fCredentialLessLogonSupported" = 1
"fCredentialLessLogonSupportedTSS" = 1
"fCredentialLessLogonSupportedKMRDP" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Utilities]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
"ReportBootOk" = 1
"Shell" = explorer.exe -- [2016/08/29 11:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation)
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Userinit" = C:\Windows\System32\Userinit.exe,
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2009/07/13 22:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
"AutoRestartShell" = 1
"Background" = 0 0 0
"CachedLogonsCount" = 10
"DebugServerCommand" = no
"ForceUnlockLogon" = 0
"LegalNoticeCaption" =
"LegalNoticeText" =
"PasswordExpiryWarning" = 5
"PowerdownAfterShutdown" = 0
"ShutdownWithoutLogon" = 0
"WinStationsDisabled" = 0
"DisableCAD" = 1
"scremoveoption" = 0
"ShutdownFlags" = 39
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
"auditbaseobjects" = 0
"auditbasedirectories" = 0
"crashonauditfail" = 0
"fullprivilegeauditing" =  [binary data]
"Bounds" = 0  [binary data]
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2010/11/20 18:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation)
"Security Packages" = kerberosmsv1_0schannelwdigesttspkgpku2u [binary data]
"Authentication Packages" = msv1_0 [binary data] -- [2019/01/15 03:52:26 | 000,261,120 | ---- | M] (Microsoft Corporation)
"LsaPid" = 564
"SecureBoot" = 1
"ProductType" = 1
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
 
< \UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
"Shell" = explorer.exe -- [2016/08/29 11:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation)
"Userinit" = C:\Windows\system32\userinit.exe,
 
< \SpecialAccounts\UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\termsrv.dll,-267
"ObjectName" = NT Authority\NetworkService
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"DependOnService" = RPCSSTermDD [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
 
< net user /c >
Contas de usu rio para \\COMPUTADOR-PC
-------------------------------------------------------------------------------
Administrador            Computador               Convidado                
Comando conclu¡do com ˆxito.
 
< MD5 for: TERMSRV.DLL  >
[2018/08/13 12:41:02 | 000,527,872 | ---- | M] (Microsoft Corporation) MD5=266877DCD1AC49500AA0CFAC1641CC24 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.24234_none_911a5cb6cbb46060\termsrv.dll
[2014/07/15 23:56:37 | 000,525,824 | ---- | M] (Microsoft Corporation) MD5=278F31DD3BFDE48F2E1FFF882FBD24B5 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll
[2010/11/20 18:29:19 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2018/12/02 12:55:55 | 000,527,872 | ---- | M] (Microsoft Corporation) MD5=7B16A8166DA48B580FCC951F02391CE0 -- C:\Windows\System32\termsrv.dll
[2018/12/02 12:55:55 | 000,527,872 | ---- | M] (Microsoft Corporation) MD5=7B16A8166DA48B580FCC951F02391CE0 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.24326_none_91272f1ccbaa7444\termsrv.dll
[2014/10/13 22:50:04 | 000,526,848 | ---- | M] (Microsoft Corporation) MD5=DD01319264B6D19E379BDD079A27DA91 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll
[2014/07/16 22:39:49 | 000,523,264 | ---- | M] (Microsoft Corporation) MD5=E05E31F7BF577228E27CFFCA5B54ABBD -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll
[2014/10/13 22:50:50 | 000,523,776 | ---- | M] (Microsoft Corporation) MD5=FCFD4F50419B4BC72E80066DA10D2E54 -- C:\Windows\winsxs\x86_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 8 bytes -> C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
@Alternate Data Stream - 420 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 150 bytes -> C:\Users\Computador\Documents\Temp:DBC416F8
@Alternate Data Stream - 150 bytes -> C:\Users\Computador\Documents\Temp - Cópia:DBC416F8
@Alternate Data Stream - 10 bytes -> C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt

< End of report >

 

 


(bandido)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Selecione estas linhas abaixo, clique com o direito sobre a seleção e escolha a opção copiar:

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\antivírus\aswidsagent.exe -- (avgbIDSAgent)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\antivírus\afwServ.exe -- (AVG Firewall)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\antivírus\AVGSvc.exe -- (AVG antivírus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20171012.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security\NortonData\22.9.1.12\Definitions\SDSDefs\20171012.006\NAVENG.SYS -- (NAVENG)
DRV - [2019/02/21 12:57:04 | 000,401,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgSP.sys -- (avgSP)
DRV - [2019/02/21 12:56:55 | 000,383,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgNetSec.sys -- (avgNetSec)
DRV - [2019/02/21 12:55:19 | 000,310,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgVmm.sys -- (avgVmm)
DRV - [2019/02/21 12:55:18 | 000,162,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\avgStm.sys -- (avgStm)
DRV - [2019/02/21 12:55:18 | 000,139,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgMonFlt.sys -- (avgMonFlt)
DRV - [2019/02/21 12:55:18 | 000,101,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgRdr2.sys -- (avgRdr)
DRV - [2019/02/21 12:55:18 | 000,072,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgRvrt.sys -- (avgRvrt)
DRV - [2019/02/21 12:55:17 | 000,040,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgKbd.sys -- (avgKbd)
DRV - [2019/02/21 12:55:09 | 000,170,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgArPot.sys -- (avgArPot)
DRV - [2019/02/21 12:55:08 | 000,785,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgSnx.sys -- (avgSnx)
DRV - [2019/02/21 12:55:03 | 000,028,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgNetNd6.sys -- (avgNetNd6)
DRV - [2019/02/21 12:54:56 | 000,255,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgblog.sys -- (avgblog)
DRV - [2019/02/21 12:54:56 | 000,189,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgbidsdriver.sys -- (avgbidsdriver)
DRV - [2019/02/21 12:54:56 | 000,158,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgbidsh.sys -- (avgbidsh)
DRV - [2019/02/21 12:54:56 | 000,051,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgbuniv.sys -- (avgbuniv)
DRV - [2017/05/24 23:13:25 | 000,705,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2017/05/24 23:13:25 | 000,109,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui File not found
O4 - HKCU..\Run: []  File not found
[2019/02/21 13:51:18 | 000,000,000 | ---D | C] -- C:\Users\Computador\AppData\Roaming\AVG
[2019/02/21 12:56:12 | 000,310,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgVmm.sys
[2019/02/21 12:56:11 | 000,162,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgStm.sys
[2019/02/21 12:56:10 | 000,401,680 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSP.sys
[2019/02/21 12:56:09 | 000,139,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgMonFlt.sys
[2019/02/21 12:56:09 | 000,072,848 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRvrt.sys
[2019/02/21 12:56:08 | 000,101,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRdr2.sys
[2019/02/21 12:56:08 | 000,040,744 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgKbd.sys
[2019/02/21 12:56:07 | 000,170,600 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgArPot.sys
[2019/02/21 12:56:06 | 000,785,632 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSnx.sys
[2019/02/21 12:56:05 | 000,051,176 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbuniv.sys
[2019/02/21 12:56:04 | 000,255,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgblog.sys
[2019/02/21 12:56:04 | 000,158,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsh.sys
[2019/02/21 12:56:03 | 000,383,816 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetSec.sys
[2019/02/21 12:56:03 | 000,189,344 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsdriver.sys
[2019/02/21 12:55:29 | 000,310,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgBoot.exe
[2019/02/21 12:55:03 | 000,028,408 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetNd6.sys
[2019/02/18 06:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG
[2019/01/04 15:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
2019/02/21 12:57:04 | 000,401,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSP.sys
[2019/02/21 12:56:55 | 000,383,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetSec.sys
[2019/02/21 12:55:19 | 000,310,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgVmm.sys
[2019/02/21 12:55:18 | 000,162,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgStm.sys
[2019/02/21 12:55:18 | 000,139,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgMonFlt.sys
[2019/02/21 12:55:18 | 000,101,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRdr2.sys
[2019/02/21 12:55:18 | 000,072,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgRvrt.sys
[2019/02/21 12:55:17 | 000,310,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgBoot.exe
[2019/02/21 12:55:17 | 000,040,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgKbd.sys
[2019/02/21 12:55:09 | 000,170,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgArPot.sys
[2019/02/21 12:55:08 | 000,785,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgSnx.sys
[2019/02/21 12:55:03 | 000,028,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgNetNd6.sys
[2019/02/21 12:54:56 | 000,255,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgblog.sys
[2019/02/21 12:54:56 | 000,189,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsdriver.sys
[2019/02/21 12:54:56 | 000,158,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbidsh.sys
[2019/02/21 12:54:56 | 000,051,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgbuniv.sys
[2019/02/24 13:52:47 | 000,287,851 | ---- | C] () -- C:\Users\Computador\Desktop\avg.jpg
2019/02/24 11:47:42 | 000,331,652 | ---- | C] () -- C:\Users\Computador\Desktop\informação do sistema 3 avg.jpg
[2019/02/22 14:34:15 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\AVG
[2015/06/01 21:12:09 | 000,000,000 | ---D | M] -- C:\Users\Computador\AppData\Roaming\Baidu
2019/02/21 12:55:09 | 000,170,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgArPot.sys
[2019/02/21 12:54:56 | 000,189,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgbidsdriver.sys
[2019/02/21 12:54:56 | 000,158,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgbidsh.sys
[2019/02/21 12:54:56 | 000,255,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgblog.sys
[2019/02/21 12:54:56 | 000,051,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgbuniv.sys
[2019/02/21 12:55:17 | 000,040,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgKbd.sys
[2019/02/21 12:55:18 | 000,139,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgMonFlt.sys
[2019/02/21 12:55:03 | 000,028,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgNetNd6.sys
[2019/02/21 12:56:55 | 000,383,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgNetSec.sys
[2019/02/21 12:55:18 | 000,101,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgRdr2.sys
[2019/02/21 12:55:18 | 000,072,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgRvrt.sys
[2019/02/21 12:55:08 | 000,785,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgSnx.sys
[2019/02/21 12:57:04 | 000,401,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgSP.sys
[2019/02/21 12:55:18 | 000,162,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgStm.sys
[2019/02/21 12:55:19 | 000,310,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\system32\drivers\avgVmm.sys
[2017/09/02 10:54:22 | 000,002,748 | ---- | M] () -- C:\Windows\system32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
[2018/12/27 10:34:16 | 000,004,004 | ---- | M] () -- C:\Windows\system32\Tasks\AVAST Software\Overseer
[2019/02/21 12:58:40 | 000,003,862 | ---- | M] () -- C:\Windows\system32\Tasks\AVG\Overseer
2018/12/27 10:34:16 | 000,004,004 | ---- | M] () -- C:\Windows\system32\Tasks\AVAST Software\Overseer
[2019/02/21 12:58:40 | 000,003,862 | ---- | M] () -- C:\Windows\system32\Tasks\AVG\Overseer

:File
C:\Program Files\AVG\antivírus\aswidsagent.exe
C:\Program Files\AVG\antivírus\afwServ.exe
C:\Program Files\AVG\antivírus\AVGSvc.exe
C:\Program Files\AVG
C:\Program Files\Norton
C:\Program Files\Norton Security

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

** Usuários do Windows Vista, Windows 7, 8, 8.1 e 10:
Clique com o direito sobre o arquivo, depois clique em executar-como-administrador.png

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão CONSERTAR

O Programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações. Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log. Exemplo: 03142010_145545.log

Poste também um novo Log do Hijackthis, e informe a situação atual do PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Esse AVG ta pior que câncer.

OTL estava executando quando o Windows reiniciou, isso foi logo no inicio.

Mostrou a tela azul em ingles, muito rapido e só consegui ler (um problema".

Depois veio a tela preta dizendo que o Windows foi desligado repentinamente para proteger os dados. Deu varias opções cliquei em iniciar normalmente.

carregou o sistema com a mensagem " O Windows se recuperou de um desligamento inesperado"

segue o log OTL, hijackthis e a mensagem do Windows.

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\avgSP.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\avgNetSec.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\avgVmm.sys scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\avgStm.sys scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:31:36, on 24/02/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19267)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Computador\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: AVG antivírus - Unknown owner - C:\Program Files\AVG\antivírus\AVGSvc.exe (file missing)
O23 - Service: AVG Firewall Service (AVG Firewall) - Unknown owner - C:\Program Files\AVG\antivírus\afwServ.exe (file missing)
O23 - Service: avgbIDSAgent - Unknown owner - C:\Program Files\AVG\antivírus\aswidsagent.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

--
End of file - 3918 bytes

 

 

 

msg windows.jpg

Editado por eloisa

erro de imagem

(bandido)

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...