ComboFix 16-07-10.01 - Dani 14/07/2016 15:00:38.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.2039.741 [GMT -3:00] Executando de: c:\users\Dani\Downloads\Programs\ComboFix.exe AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Dani\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll . . (((((((((((((((( Arquivos/Ficheiros criados de 2016-06-14 to 2016-07-14 )))))))))))))))))))))))))))) . . 2016-07-14 18:10 . 2016-07-14 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-07-07 18:31 . 2016-07-07 18:31 -------- d-----w- c:\users\Dani\AppData\Local\DriverToolkit 2016-07-07 18:31 . 2016-07-07 18:49 -------- d-----w- c:\program files (x86)\DriverToolkit 2016-06-15 17:02 . 2016-05-20 21:56 615936 ----a-w- c:\windows\system32\ieui.dll 2016-06-15 16:11 . 2016-05-12 17:15 2048 ----a-w- c:\windows\system32\tzres.dll 2016-06-15 16:05 . 2016-05-13 22:15 382184 ----a-w- c:\windows\system32\atmfd.dll 2016-06-15 16:04 . 2016-05-18 16:10 312832 ----a-w- c:\windows\SysWow64\gdi32.dll 2016-06-15 16:04 . 2016-05-18 16:09 405504 ----a-w- c:\windows\system32\gdi32.dll . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-06-02 15:04 . 2016-05-24 14:27 79696 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2016-06-02 15:04 . 2016-05-24 14:27 141920 ----a-w- c:\windows\system32\drivers\avipbb.sys 2016-05-19 14:46 . 2016-05-23 22:04 11898512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA3673A5-AFF3-4D5A-9214-83511859138A}\mpengine.dll 2016-04-21 18:05 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-06-01 66328] "avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2016-06-02 814608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x] R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x] S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-07-13 00:03 1248072 ----a-w- c:\program files (x86)\Google\Chrome\Application\51.0.2704.106\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Conteúdo da pasta 'Tarefas Agendadas' . 2016-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02 15:07] . 2016-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02 15:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com.br/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Fazer o download de todos os links usando o IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Fazer o download usando o IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.16.1 192.168.1.1 TCP: Interfaces\{EAE4B0D1-1314-4DEA-8B59-E14392196C98}: NameServer = 8.8.8.8,8.8.4.4 . - - - - ORFÃOS REMOVIDOS - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-1522334810-1100914782-2317266573-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):e2,4f,c7,32,38,16,5c,eb,5a,3a,0b,7d,94,f8,af,a4,eb,33,8c,50,46, 3f,01,4a,bb,08,11,58,01,ac,9c,a5,3d,cf,a4,38,a7,76,62,6b,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-1522334810-1100914782-2317266573-1000_Classes\Wow6432Node\CLSID\{9e9c01db-0b7a-43c4-a2e0-548abc2d0e97}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000070 "Therad"=dword:0000001b . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.20" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,e8,e6,37,9d, ef,c4,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,e0,21,42,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,2d,35,04,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:17,d3,bd,88,4b,e1,ea,d4,b4,b3,2c,c4,6d,07,07,e4,68,68,8a,3f,cd,e1, 83,55,73,bf,3a,39,2d,0b,f6,5a . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,a1,40,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,8d,96,06,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:ce,f4,fd,5d,a0,44,59,b6,0c,16,3c,d7,1d,53,80,78,a6,01,ef,7e,e0,58, 32,ce,cd,2d,d7,9d,52,13,af,22 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,80,29,4e,12,96, 38,c6,01,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,38,a1,40,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,8d,96,06,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:4d,3c,72,ee,9b,73,1b,fc,fc,70,22,53,1b,28,70,de,f2,8f,f1,3f,f8,e0, f0,89,00,3e,02,aa,0f,40,c0,5d . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Task Manager\\Interactive" "Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,c0,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,ee,f7,08,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:89,de,49,d1,46,b9,da,8a,3f,68,6f,98,cc,96,57,67,af,cd,97,16,b0,8a, 2f,c6,51,05,dc,7b,0d,dd,c5,19 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2470470F-2634-478E-B181-571E98A789BB}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Multimedia\\SystemSoundsService" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,40,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,2b,2a,f1,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:fd,7b,51,b9,fb,6d,dd,39,37,4c,58,66,90,f9,e9,34,ee,65,eb,22,fd,61, 53,1b,54,08,b2,05,91,03,1c,e2 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28011108-68DF-4C73-B91B-57427D501BBA}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,f8,85,40,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,8b,8b,f3,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:62,05,0c,0d,7c,47,49,98,41,4f,a2,c4,7e,4d,34,6e,ce,62,8d,7d,97,4f, 37,7e,e3,b8,ae,2e,60,98,2e,e3 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification" "Triggers"=hex:15,00,00,00,00,00,00,00,01,ed,7e,01,00,00,00,00,00,50,d5,04,e3, 8e,cb,01,00,ed,7e,01,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,48,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,4e,59,0b,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:5c,2d,4d,fb,0f,1a,10,46,14,69,14,ae,e9,c3,f3,7c,27,0e,3c,a4,4a,a0, 3a,12,8c,e1,4c,71,07,d8,d9,e0 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,9c,9e,e0,73, a6,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,70,21,c2,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,ae,ba,0d,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:ae,18,62,ba,40,99,24,24,8d,c1,73,6d,23,e3,27,b7,15,40,18,fc,40,a4, da,69,5b,c7,77,d1,13,5a,52,44 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration" "Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,05,82,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,ac,af,fa,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:6d,5d,71,fc,d9,af,69,de,33,a5,e4,7e,6d,e8,94,ca,d1,5a,01,09,44,b2, ef,58,c0,72,c7,f6,1e,db,87,e8 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,c0,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,0c,11,fd,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:f7,cc,b3,90,21,e7,e2,45,ca,dc,d7,5e,42,61,02,52,20,87,dd,3a,c9,1a, f7,d4,38,7d,8d,70,ed,6d,da,b4 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A40E926-9E86-4B89-9CFD-B12311724371}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\UPnP\\UPnPHostConfig" "Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,10,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,6f,7d,12,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:6a,0c,38,92,08,12,da,be,f6,1f,ed,20,83,d1,4e,9e,08,5c,db,d0,f5,45, 9b,31,59,f0,f4,50,4c,c8,b4,b0 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Shell\\WindowsParentalControls" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,80,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,0c,11,fd,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:88,65,11,e7,de,e4,f4,47,b2,f7,04,a0,40,46,bb,94,2b,d9,bd,a7,61,52, a1,2b,b0,ae,3d,9b,56,c6,aa,f5 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Defrag\\ScheduledDefrag" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,e8,e6,37,9d, ef,c4,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,2f,40,17,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:83,6a,0f,9a,79,43,22,0e,6e,69,d4,60,79,28,f3,8f,05,27,87,b2,76,05, a9,c5,cd,19,df,80,80,48,90,ce . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5A18EB-DC73-4E45-A11C-B59043598412}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c0,05,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,c8,bd,db,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:5f,17,41,f0,e3,67,3a,ee,6b,7d,98,3c,db,71,8c,34,64,0a,8c,20,b8,d2, f6,27,b7,aa,49,1c,12,f1,63,58 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613612BA-897D-44CE-8DC1-8FC283F9FD51}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c8,85,00,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,6d,72,ff,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:5f,ea,8c,5d,59,0e,39,1f,05,dc,6b,f1,82,ee,76,fa,80,be,1e,c0,3c,9f, 02,43,9f,1a,61,9a,1d,37,1c,bb . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,40,6a,60,06, e9,c7,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c2,21,02,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,b9,72,83,2e,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:22,73,52,40,f6,34,af,52,eb,49,6c,ac,7f,58,e8,5d,9e,d7,af,87,6a,d3, 1d,5a,e4,c1,f5,7c,23,4e,57,28 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72DB7465-BC54-491B-A92A-4637A28C9BBF}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,11,02,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,29,1f,de,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:a8,55,9f,6c,cc,a2,df,09,f1,22,5f,5d,cf,f6,7d,8c,6f,f1,24,fc,5f,85, dc,df,7f,19,1d,c7,cf,13,ea,de . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,40,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,7a,35,88,2e,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:72,a5,68,3a,40,fa,a2,91,aa,33,cc,4d,d7,1a,02,e9,e6,91,d7,c5,a7,ba, 21,3b,81,7c,75,9f,7d,4e,24,be . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\CertificateServicesClient\\UserTask" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,c0,85,40,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,6d,72,ff,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:db,89,fe,61,b3,8c,f5,41,d5,84,c3,46,12,b8,56,a8,25,ef,9a,28,77,79, f0,cc,bf,aa,95,a0,18,3e,87,81 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo" "Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,40,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,1c,df,98,2e,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:9e,15,41,71,40,8f,80,e0,d5,ce,b4,d8,f7,75,75,8b,34,5b,3f,d7,05,ad, 0b,30,58,b1,73,28,70,be,80,7f . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\WDI\\ResolutionHost" "Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,85,c0,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,7c,40,9b,2e,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:76,78,f2,83,cd,52,82,77,95,1d,59,55,d0,03,19,dc,3e,40,4f,5d,6a,d8, e0,80,6b,80,dc,78,1e,71,81,ca . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{994C86AD-A929-4B2C-88A0-4E25A107A029}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\SystemRestore\\SR" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,52,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,e9,e1,e2,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:a2,28,1a,82,81,4b,04,bf,0a,e2,44,19,91,c4,82,c4,85,9e,a3,bf,f1,9e, 69,5d,72,cd,f0,b8,e2,5a,48,1c . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9979CB83-103A-4105-9E5D-C74B0AF6D198}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam" "Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,90,85,00,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,dc,a1,9d,2e,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:f2,ce,6a,b8,c2,2d,cf,17,80,14,18,67,45,5a,46,fa,6d,08,f0,8c,5b,5d, 48,20,02,37,2e,5f,de,05,9b,43 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader" "Triggers"=hex:15,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,91,00,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,cd,d3,01,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:1c,5e,72,cb,82,1b,89,10,81,91,ac,5b,7f,d3,15,7b,5c,ce,04,74,ed,d4, 4c,9d,1c,ec,81,97,87,f2,88,ab . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A48CABBF-24C8-4B87-B00F-9261807C3B43}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\AppID\\PolicyConverter" "Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,40,11,02,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,d6,01,7b,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:c6,45,bb,8f,8d,8c,5d,e3,ea,7a,89,3d,78,5b,d9,5f,c0,6f,a4,d7,81,07, 45,fe,4e,78,e3,92,00,9f,ff,b8 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Location\\Notifications" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,85,40,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,d6,01,7b,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:e2,ee,c5,dc,63,8b,16,a8,dc,f4,e8,3a,35,14,f2,8d,c7,ff,b5,ca,04,85, 41,76,d2,52,d9,09,5c,29,b3,43 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7C73732-9F11-4281-8D19-764D4EC9D94D}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,34,3c,5c,42, 09,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,f7,25,82,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:dc,33,8f,10,a3,cf,c7,96,a1,88,c9,f3,52,7f,69,73,1f,42,da,ff,d4,5d, c3,43,71,74,14,5a,40,8a,4a,05 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Application Experience\\AitAgent" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,04,c5,1f,53, 09,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,7e,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,57,87,84,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:9a,13,ff,7f,b5,4c,92,12,aa,c3,66,3a,ee,28,89,a6,af,b0,ba,68,98,ab, c3,f9,a8,11,e6,21,69,87,b8,33 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC668097-4D6B-4093-AC14-014C09DBF820}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Ras\\MobilityManager" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,05,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,98,cf,92,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:47,2f,2f,6e,40,d8,84,58,d9,2b,94,6c,81,ba,92,25,d6,3c,0b,d0,45,fb, ab,63,ca,ef,19,04,bc,35,ba,73 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,10,21,82,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,f9,30,95,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:8a,4b,c3,fb,22,e9,43,ed,e5,a9,84,56,cc,af,34,53,d4,dd,d6,13,d1,a3, 26,50,17,96,7a,bc,8c,77,9e,7d . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE669C13-8165-4536-96D0-6D6C39292AAE}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Diagnosis\\Scheduled" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,68,b6,94,02, d0,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,72,89,c0,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,41,9a,dc,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:82,eb,d6,01,08,50,0f,cd,35,7b,f2,8c,ce,59,52,ef,b6,ff,94,3b,38,e8, 25,0a,3a,f3,45,07,c6,16,2f,ae . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C016366B-7126-46CA-B36B-592A3D95A60B}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,c0,5b,5d,c3, d0,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,02,5d,e1,2f,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:55,5c,d3,77,ba,0a,05,32,a5,63,0e,be,96,ae,9d,b1,84,3e,64,2b,2a,15, ba,07,c4,0c,8b,67,be,00,e8,7f . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Registry\\RegIdleBackup" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,c0,76,40,09, 4c,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,4e,20,c2,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,a8,1c,18,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:ae,0d,b2,f3,1a,30,b2,08,e0,c5,0e,f6,4c,29,94,8a,82,86,12,ac,60,5c, a8,f6,b3,e4,2f,51,ea,6c,09,e1 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,28,11,c2,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,08,7e,1a,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:40,f4,a1,b4,cb,f3,46,72,0b,7a,18,6a,ae,91,2f,ce,a1,fb,e0,dd,82,f4, 8f,51,fc,b9,ad,1a,76,bf,25,25 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,a0,c0,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,68,df,1c,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:39,d0,b0,4f,35,6d,f6,65,0e,07,60,76,25,5c,e2,6c,e2,75,91,42,87,40, c7,59,24,1d,2b,1a,ee,37,f6,12 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0250F3F-6480-484F-B719-42F659AC64D5}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting" "Triggers"=hex:15,00,00,00,00,00,00,00,00,16,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,16,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,85,40,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,2d,35,04,2d,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:6e,b7,d5,0a,0f,0e,81,3e,f3,90,52,14,6b,2a,b5,86,92,ed,68,d8,2e,0e, 8e,73,30,43,ec,c9,33,4d,16,d1 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Autochk\\Proxy" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,42,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,4a,43,e5,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:02,e6,03,f0,f0,b9,82,21,f0,70,dd,81,a8,8b,3d,b6,7c,e5,da,31,5b,c5, 68,42,37,32,f9,ee,d1,5f,3f,79 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Maintenance\\WinSAT" "Triggers"=hex:15,00,00,00,00,00,00,00,01,a2,96,01,00,00,00,00,00,28,3b,a2,11, 4c,c8,01,00,a2,96,01,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,3a,a1,40,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,c9,40,1f,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:9b,40,05,4f,df,c9,71,dd,00,55,1e,a1,f0,55,1c,c9,b9,9c,1e,38,23,ca, 4b,ac,18,0d,f0,aa,81,ad,3e,b1 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,00,f2,32,fa, cf,c3,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,82,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,29,a2,21,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:fd,59,aa,8f,a7,e6,d6,c6,81,94,51,35,c9,9b,ce,ac,82,f3,db,23,b0,37, 25,3c,8d,ad,16,17,f5,c5,e4,25 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,10,c2,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,29,a2,21,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:cd,35,89,98,7e,9b,5e,1e,6b,4e,ec,84,9a,5a,db,be,ec,ea,05,cb,35,bb, 86,b0,7a,c6,6c,40,29,eb,0d,6d . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3163C33-301D-4730-A266-5518C5ED3967}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask" "Triggers"=hex:15,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff, ff,ff,ff,00,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00,10,05,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,89,03,24,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:90,a6,90,3c,07,9d,e7,96,e0,b7,2c,7c,3b,74,0e,a1,ad,65,58,83,df,0a, c5,46,8e,3e,b7,03,11,b7,e7,f7 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\RAC\\RacTask" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,40,21,c2,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,89,03,24,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:e5,98,79,e1,ff,87,cb,7d,11,14,26,64,c9,19,e0,ad,f6,1f,5a,96,87,d6, 97,c3,f1,c2,04,fa,4c,56,e3,03 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\MUI\\LPRemove" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,12,21,42,03,48,48,\ "DynamicInfo"=hex:03,00,00,00,4a,43,e5,2c,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:47,d4,5b,03,1c,19,94,b3,9c,49,ef,36,d6,fe,80,fb,ec,11,1f,7d,6e,f3, e2,82,47,6e,f5,d7,7e,09,7d,ab . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector" "Triggers"=hex:15,00,00,00,00,00,00,00,00,1c,24,fb,fe,07,00,00,00,00,00,00,00, 00,00,00,00,1c,24,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,a0,c0,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,e9,64,26,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:cb,b1,2f,1e,d1,29,86,18,18,01,a3,65,a6,f7,50,01,d3,1d,2b,b3,cf,74, 41,ba,85,41,89,42,67,d4,cc,42 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB3C354D-297A-4EB2-9B58-090F6361906B}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,30,11,8b,3b, 4c,c8,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,42,21,42,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,aa,27,2b,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:94,23,b2,65,cb,ab,42,6f,81,67,2f,08,4e,7d,98,66,f6,85,d9,83,b6,22, 24,71,2f,f0,db,c4,ff,ef,e3,74 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}] @DACL=(02 0000) "Path"="\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask" "Triggers"=hex:15,00,00,00,00,00,00,00,01,12,72,fb,fe,07,00,00,00,2c,71,03,e3, 0b,c9,01,00,12,72,fb,fe,07,00,00,ff,ff,ff,ff,ff,ff,ff,ff,52,21,c2,02,48,48,\ "DynamicInfo"=hex:03,00,00,00,aa,27,2b,30,41,04,ca,01,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00 "Hash"=hex:ae,b0,3f,1b,c1,69,23,6f,2c,3b,f0,19,f9,d9,ed,3c,21,3d,1e,4a,56,8f, 8c,67,f1,fc,3f,2e,c0,86,49,a6 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Outros Processos em Execução ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\Antivirus\avguard.exe . ************************************************************************** . Tempo para conclusão: 2016-07-14 15:19:53 - Máquina reiniciou ComboFix-quarantined-files.txt 2016-07-14 18:19 . Pré-execução: 43.735.990.272 bytes disponíveis Pós execução: 43.484.323.840 bytes disponíveis . - - End Of File - - 868D71995070CF6B401AC9619B2F90C8 A36C5E4F47E84449FF07ED3517B43A31