[Resolvido] &nbspAnalisem meu log

maceno · Julho 21, 2012

boa tarde, gostaria de uma análise em meu log para saber se tenho algo infectado.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:15:22, on 21/07/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [EPSON TX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\Windows\TEMP\E_S49EA.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9016 bytes

DigRam · Julho 22, 2012

Bom Dia! maceno

|- Baixe: < AdwCleaner > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

|- Baixe: < > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

Abraços!

maceno · Julho 23, 2012

boa noite log adwcleaner:

# AdwCleaner v1.703 - Logfile created 07/22/2012 at 22:01:14

# Updated 20/07/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : Ricardo - RICARDO-PC

# Running from : C:\Users\Ricardo\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Deleted on reboot : C:\Program Files (x86)\DealPly

***** [Registry] *****

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\DealPly

Key Deleted : HKLM\SOFTWARE\DT Soft

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v19.0.1084.52

File : C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3389 octets] - [22/07/2012 22:01:14]

########## EOF - C:\AdwCleaner[s1].txt - [3517 octets] ##########

DigRam · Julho 23, 2012

Olá!

|- Restou colar aqui,o link que foi gerado ao executar ZHPDiag_silent.

Abraços!

maceno · Julho 23, 2012

link:

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120724_9m5g7h15z12

DigRam · Julho 24, 2012

Bom Dia! maceno

|- Baixe: < ZHPFix.zip >

|- Descompacte-o para o desktop.

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

>>

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em verde,para o "Bloco de Notas".

|- Ps: As que estão em vermelho,pertencem à um software keygen que validará seu Office 2010. ( KMService )

|- Caso utilize-o e sendo de sua concordância,peço-lhe que retire-o desta relação.

R3 - URLSearchHook: (no name) [64Bits] - {e0301295-ab3e-4af3-979f-3d453c5f9f48} . (...) (No version) -- (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{08E27C12-378B-4409-8918-AAF29437F1E6}] (...) -- C:\Users\Ricardo\Downloads\TX125_x64_6.71APS_C1.exe (.not file.)

O43 - CFD: 01/06/2012 - 15:08:14 - [0] ----D C:\Users\Ricardo\AppData\Local\Dados de aplicativos

O43 - CFD: 01/06/2012 - 15:08:14 - [0] ----D C:\Users\Ricardo\AppData\Local\Histórico

O43 - CFD: 05/06/2012 - 18:42:06 - [0] ----D C:\Users\Ricardo\AppData\Local\{04517175-ED81-4469-828F-58DE720B1F2A}

O43 - CFD: 10/07/2012 - 22:25:30 - [0] ----D C:\Users\Ricardo\AppData\Local\{04D533E7-F63E-4184-94D1-D86CDC88ADB1}

O43 - CFD: 13/07/2012 - 18:44:23 - [0] ----D C:\Users\Ricardo\AppData\Local\{0578A6F6-386C-4259-A3A2-9C1DBBEF64DE}

O43 - CFD: 07/07/2012 - 18:26:01 - [0] ----D C:\Users\Ricardo\AppData\Local\{06277DA3-EE5A-4129-9436-084D09EB5F19}

O43 - CFD: 16/06/2012 - 18:19:46 - [0] ----D C:\Users\Ricardo\AppData\Local\{0723A4F9-9998-40CA-9C33-1A68D97EEEB4}

O43 - CFD: 23/06/2012 - 08:04:03 - [0] ----D C:\Users\Ricardo\AppData\Local\{0A2BFA01-2425-4562-9E78-DC5D2503A30E}

O43 - CFD: 15/07/2012 - 03:43:26 - [0] ----D C:\Users\Ricardo\AppData\Local\{0DB5976A-38D8-4197-87A5-8E7EB32733DF}

O43 - CFD: 03/06/2012 - 19:25:04 - [0] ----D C:\Users\Ricardo\AppData\Local\{13493219-9D1D-4C5D-A71D-7E2CE41BDD00}

O43 - CFD: 09/06/2012 - 13:01:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{14123968-731E-4B55-9875-45BA64A09EB8}

O43 - CFD: 29/06/2012 - 18:38:09 - [0] ----D C:\Users\Ricardo\AppData\Local\{1481148A-AC23-4804-ACE8-67416B0BEB21}

O43 - CFD: 12/07/2012 - 18:43:15 - [0] ----D C:\Users\Ricardo\AppData\Local\{168DA86F-D949-4535-A1AA-BCDDDA02DCD7}

O43 - CFD: 24/06/2012 - 09:17:04 - [0] ----D C:\Users\Ricardo\AppData\Local\{16AE920E-89CC-4A68-B804-6B073F8EBFC6}

O43 - CFD: 29/06/2012 - 18:38:20 - [0] ----D C:\Users\Ricardo\AppData\Local\{17E67F65-666D-4299-9FA7-6346117ED944}

O43 - CFD: 08/07/2012 - 23:31:46 - [0] ----D C:\Users\Ricardo\AppData\Local\{1E26BCE0-9920-4B08-876C-B16DEACFFA7B}

O43 - CFD: 12/07/2012 - 18:43:04 - [0] ----D C:\Users\Ricardo\AppData\Local\{22E89F8B-7C09-4112-BEB8-CCE56CBFF364}

O43 - CFD: 10/06/2012 - 02:10:07 - [0] ----D C:\Users\Ricardo\AppData\Local\{2C81EB66-B0CA-4852-AE65-B6A9D894ABFD}

O43 - CFD: 03/06/2012 - 00:19:54 - [0] ----D C:\Users\Ricardo\AppData\Local\{2F186287-6CDE-4F17-A1A5-D8B746A7A14E}

O43 - CFD: 30/06/2012 - 18:50:07 - [0] ----D C:\Users\Ricardo\AppData\Local\{2F3AD57A-9BB8-4E7C-9AC1-BB4F3F684F83}

O43 - CFD: 21/06/2012 - 18:45:42 - [0] ----D C:\Users\Ricardo\AppData\Local\{2F7C58EF-E183-458F-A736-2FEB6593842B}

O43 - CFD: 01/07/2012 - 20:59:07 - [0] ----D C:\Users\Ricardo\AppData\Local\{2F9850C5-C2A3-4148-B698-0CAF43C49103}

O43 - CFD: 03/06/2012 - 00:20:45 - [0] ----D C:\Users\Ricardo\AppData\Local\{38D99AE5-2E43-4BF3-AE42-17280C878509}

O43 - CFD: 04/07/2012 - 23:21:09 - [0] ----D C:\Users\Ricardo\AppData\Local\{3C9FD475-4C7B-4378-9E16-B49F347908B8}

O43 - CFD: 22/06/2012 - 06:46:06 - [0] ----D C:\Users\Ricardo\AppData\Local\{3D0C9B6D-E4F4-4D12-95AF-007CFB309A99}

O43 - CFD: 09/07/2012 - 23:32:48 - [0] ----D C:\Users\Ricardo\AppData\Local\{3D801B2C-F7BE-467D-8CAC-53B235B09702}

O43 - CFD: 30/06/2012 - 18:49:45 - [0] ----D C:\Users\Ricardo\AppData\Local\{3F7535EC-63A2-4B5D-B1A2-7A3C2F450334}

O43 - CFD: 08/07/2012 - 11:03:29 - [0] ----D C:\Users\Ricardo\AppData\Local\{3F8522A4-F01D-470B-A97F-39BFA24FDBA0}

O43 - CFD: 04/06/2012 - 19:48:08 - [0] ----D C:\Users\Ricardo\AppData\Local\{4286DB97-CBA6-45CD-8D65-352BA09AFA8A}

O43 - CFD: 21/07/2012 - 07:10:26 - [0] ----D C:\Users\Ricardo\AppData\Local\{433FB90A-98E0-47A7-B551-5D208771431E}

O43 - CFD: 07/06/2012 - 13:09:14 - [0] ----D C:\Users\Ricardo\AppData\Local\{43434919-3903-4B96-9EAD-0BCE43836064}

O43 - CFD: 10/06/2012 - 02:10:19 - [0] ----D C:\Users\Ricardo\AppData\Local\{45FB6C41-F35B-4C2C-BF46-F737420AE7DF}

O43 - CFD: 21/06/2012 - 18:43:59 - [0] ----D C:\Users\Ricardo\AppData\Local\{4696AC15-3273-455C-8C8C-EC47526A7324}

O43 - CFD: 19/06/2012 - 22:25:09 - [0] ----D C:\Users\Ricardo\AppData\Local\{4BA0F7DF-6768-4A87-90A8-8912D363761C}

O43 - CFD: 11/07/2012 - 20:30:13 - [0] ----D C:\Users\Ricardo\AppData\Local\{4C413285-F5D2-4988-87DF-50A8F4ADE930}

O43 - CFD: 15/07/2012 - 20:42:17 - [0] ----D C:\Users\Ricardo\AppData\Local\{4D12F850-7DA9-46FB-8C43-F8DDDA062500}

O43 - CFD: 13/06/2012 - 18:42:16 - [0] ----D C:\Users\Ricardo\AppData\Local\{4EDCBE20-B70C-4C39-B075-2160C6FEBB43}

O43 - CFD: 23/07/2012 - 00:06:11 - [0] ----D C:\Users\Ricardo\AppData\Local\{5360CEF8-4333-4EA6-83D1-5B618F570BC7}

O43 - CFD: 27/06/2012 - 22:52:52 - [0] ----D C:\Users\Ricardo\AppData\Local\{54129E43-639D-4918-8276-C8635D9BB4A5}

O43 - CFD: 17/07/2012 - 20:40:22 - [0] ----D C:\Users\Ricardo\AppData\Local\{597AB8A8-36E6-47E6-B9D6-9AE46F7332D6}

O43 - CFD: 08/06/2012 - 18:37:11 - [0] ----D C:\Users\Ricardo\AppData\Local\{5EF66B5F-740F-4034-8676-7F31EE9328C9}

O43 - CFD: 28/06/2012 - 21:14:56 - [0] ----D C:\Users\Ricardo\AppData\Local\{62ABA3E7-6E53-4D2D-B2F0-B71C966EE925}

O43 - CFD: 23/07/2012 - 19:46:49 - [0] ----D C:\Users\Ricardo\AppData\Local\{6627F90F-B33C-4AA7-9C19-D795C133541F}

O43 - CFD: 23/07/2012 - 19:47:01 - [0] ----D C:\Users\Ricardo\AppData\Local\{6883765C-87F2-4E8A-84DB-8748EA302864}

O43 - CFD: 27/06/2012 - 22:52:41 - [0] ----D C:\Users\Ricardo\AppData\Local\{6A163689-B652-476B-9332-1E06BB64E093}

O43 - CFD: 28/06/2012 - 21:14:44 - [0] ----D C:\Users\Ricardo\AppData\Local\{6B6B8D5C-F758-4751-9509-35C1FD21B048}

O43 - CFD: 02/07/2012 - 19:44:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{6C67999F-C721-4906-91E2-3BD9891500E6}

O43 - CFD: 01/07/2012 - 08:11:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{7083DA16-6AD4-413E-BC30-B0356AEDBAFA}

O43 - CFD: 24/06/2012 - 09:16:53 - [0] ----D C:\Users\Ricardo\AppData\Local\{713A39AC-94D9-4177-8B54-C1B80BD3FB8E}

O43 - CFD: 26/06/2012 - 20:26:43 - [0] ----D C:\Users\Ricardo\AppData\Local\{72AA2BFC-78B7-42A3-AAAF-582F8D56975A}

O43 - CFD: 04/07/2012 - 23:20:58 - [0] ----D C:\Users\Ricardo\AppData\Local\{7348A43B-64BD-489A-9471-43FB05653A05}

O43 - CFD: 13/07/2012 - 18:44:34 - [0] ----D C:\Users\Ricardo\AppData\Local\{735B7922-81D3-4BB4-B1A4-2577D31FF51D}

O43 - CFD: 07/06/2012 - 01:08:35 - [0] ----D C:\Users\Ricardo\AppData\Local\{7388E6A1-9DAF-4752-A358-EB1BA29424AA}

O43 - CFD: 17/06/2012 - 09:04:23 - [0] ----D C:\Users\Ricardo\AppData\Local\{7843E51A-7065-43FD-A084-1F1F328744E5}

O43 - CFD: 25/06/2012 - 19:34:35 - [0] ----D C:\Users\Ricardo\AppData\Local\{787C868D-6029-4860-AD91-695E9EEE542B}

O43 - CFD: 22/06/2012 - 18:47:07 - [0] ----D C:\Users\Ricardo\AppData\Local\{7BB4AF10-3BCA-4C71-9218-282671DB0787}

O43 - CFD: 09/07/2012 - 23:32:59 - [0] ----D C:\Users\Ricardo\AppData\Local\{7CBFC66D-AE34-4C07-9751-E8EC71192E50}

O43 - CFD: 17/06/2012 - 21:04:47 - [0] ----D C:\Users\Ricardo\AppData\Local\{7D7C43F8-F0D1-4B91-8C6B-516B210A6495}

O43 - CFD: 07/06/2012 - 01:08:22 - [0] ----D C:\Users\Ricardo\AppData\Local\{7FF6DD07-DEAB-4E5D-A224-8A4CA1570408}

O43 - CFD: 13/06/2012 - 18:42:04 - [0] ----D C:\Users\Ricardo\AppData\Local\{80105B3B-A363-46F1-97CA-6FAE3E19BDE8}

O43 - CFD: 11/07/2012 - 20:30:24 - [0] ----D C:\Users\Ricardo\AppData\Local\{80CF6ED6-9290-4AC7-939B-CF550C94C78B}

O43 - CFD: 15/07/2012 - 03:43:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{85A619A7-CB7B-4F0D-B878-1C2612DD7587}

O43 - CFD: 03/06/2012 - 19:24:52 - [0] ----D C:\Users\Ricardo\AppData\Local\{86006336-0A51-4FD2-BF10-88EF2D6A045E}

O43 - CFD: 12/06/2012 - 19:53:06 - [0] ----D C:\Users\Ricardo\AppData\Local\{86342FA5-6E06-4933-9E75-0DB1B583AE28}

O43 - CFD: 18/07/2012 - 09:53:55 - [0] ----D C:\Users\Ricardo\AppData\Local\{869A72D5-6A26-4339-86D0-33ED60CAC4A7}

O43 - CFD: 02/07/2012 - 19:44:48 - [0] ----D C:\Users\Ricardo\AppData\Local\{8743A146-1073-4019-9EE9-CA51421F6D58}

O43 - CFD: 16/06/2012 - 04:53:03 - [0] ----D C:\Users\Ricardo\AppData\Local\{8EB137F1-3955-441A-8A44-389AC8902331}

O43 - CFD: 18/07/2012 - 09:54:06 - [0] ----D C:\Users\Ricardo\AppData\Local\{8F09236D-4D1D-48CF-8F33-75861D789B77}

O43 - CFD: 10/06/2012 - 21:45:39 - [0] ----D C:\Users\Ricardo\AppData\Local\{8F55C0BC-080E-4F25-8244-207638279933}

O43 - CFD: 08/07/2012 - 11:03:18 - [0] ----D C:\Users\Ricardo\AppData\Local\{92EFA9C2-5F89-42C2-95FE-99E6F1F71321}

O43 - CFD: 24/06/2012 - 21:17:30 - [0] ----D C:\Users\Ricardo\AppData\Local\{948DA12F-240C-4796-B88A-A02CBC59351A}

O43 - CFD: 23/07/2012 - 00:06:23 - [0] ----D C:\Users\Ricardo\AppData\Local\{959B59BA-6DEC-47D6-9A31-C0050ADD9116}

O43 - CFD: 10/07/2012 - 22:25:53 - [0] ----D C:\Users\Ricardo\AppData\Local\{95B66985-D25A-49C6-9415-C56E63A16EB0}

O43 - CFD: 20/06/2012 - 18:41:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{9BE2AB1F-FBB8-4D59-BA0D-C9AB6330ADEE}

O43 - CFD: 08/06/2012 - 01:10:19 - [0] ----D C:\Users\Ricardo\AppData\Local\{9C646646-B988-4537-8C82-540C55477653}

O43 - CFD: 23/06/2012 - 08:04:14 - [0] ----D C:\Users\Ricardo\AppData\Local\{9EE3B036-87C9-4F86-9324-AE11E5DD66F4}

O43 - CFD: 24/06/2012 - 21:17:41 - [0] ----D C:\Users\Ricardo\AppData\Local\{A088B025-68A3-408C-BA3F-BB3AFD4DBD53}

O43 - CFD: 08/06/2012 - 18:37:23 - [0] ----D C:\Users\Ricardo\AppData\Local\{A3D722AF-7399-4B5C-A17A-2E28109D2435}

O43 - CFD: 09/07/2012 - 11:32:12 - [0] ----D C:\Users\Ricardo\AppData\Local\{A5E2F94A-0820-4060-AA30-CAEF2E361C41}

O43 - CFD: 06/07/2012 - 22:02:45 - [0] ----D C:\Users\Ricardo\AppData\Local\{A693E325-6997-4857-A8F6-A115BC1C3BEA}

O43 - CFD: 04/06/2012 - 19:47:56 - [0] ----D C:\Users\Ricardo\AppData\Local\{A817BCFA-05F7-42C7-AC70-1BE4BA9654C2}

O43 - CFD: 19/07/2012 - 20:17:48 - [0] ----D C:\Users\Ricardo\AppData\Local\{A9FBB28D-D7C1-4B6C-B555-B137407FD084}

O43 - CFD: 20/06/2012 - 18:41:25 - [0] ----D C:\Users\Ricardo\AppData\Local\{AA7F1B6F-4098-44AD-B8E8-198207E8EC46}

O43 - CFD: 22/07/2012 - 12:05:45 - [0] ----D C:\Users\Ricardo\AppData\Local\{AE5ECFFC-7A66-45CD-AA43-05F5BE70D14B}

O43 - CFD: 03/07/2012 - 20:22:16 - [0] ----D C:\Users\Ricardo\AppData\Local\{B0330FAD-FE41-4E5F-8E19-7D478D08D7ED}

O43 - CFD: 03/07/2012 - 20:22:28 - [0] ----D C:\Users\Ricardo\AppData\Local\{B23423B1-B110-4BD0-9F99-8A14659F7044}

O43 - CFD: 22/07/2012 - 00:05:09 - [0] ----D C:\Users\Ricardo\AppData\Local\{B8164F17-894F-4D75-AE08-04DBE82EA3C4}

O43 - CFD: 11/06/2012 - 19:20:49 - [0] ----D C:\Users\Ricardo\AppData\Local\{B876EF80-030E-45DC-9330-7462C1C872D3}

O43 - CFD: 05/07/2012 - 20:20:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{BB32B52B-AC47-4ED0-B17B-1EE63712E321}

O43 - CFD: 01/07/2012 - 08:11:26 - [0] ----D C:\Users\Ricardo\AppData\Local\{BD2FD528-F8D1-4D60-BA23-F32DD2B2A922}

O43 - CFD: 17/07/2012 - 20:40:11 - [0] ----D C:\Users\Ricardo\AppData\Local\{C2644ED8-B86B-4BCA-A409-0E92391F59B2}

O43 - CFD: 16/07/2012 - 19:31:34 - [0] ----D C:\Users\Ricardo\AppData\Local\{C429FD93-69BE-4A0B-9694-0E92FE5CD207}

O43 - CFD: 30/06/2012 - 06:39:12 - [0] ----D C:\Users\Ricardo\AppData\Local\{C48923A9-F58D-4BDD-9B61-3EAB56D4F139}

O43 - CFD: 05/06/2012 - 18:42:18 - [0] ----D C:\Users\Ricardo\AppData\Local\{C82E4105-F096-4174-A605-62C12A8B74AE}

O43 - CFD: 11/06/2012 - 19:20:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{C856C77F-C72E-45F9-8906-C54F971766BC}

O43 - CFD: 09/06/2012 - 13:01:26 - [0] ----D C:\Users\Ricardo\AppData\Local\{C883B9AA-B710-4279-80A3-8BF731EB9741}

O43 - CFD: 08/07/2012 - 23:31:34 - [0] ----D C:\Users\Ricardo\AppData\Local\{C8874BCD-BD68-48B9-96B1-A112DC1C22A0}

O43 - CFD: 22/06/2012 - 06:46:18 - [0] ----D C:\Users\Ricardo\AppData\Local\{CA461CA8-F0D4-4DAD-A0DB-9FD8BD2F5ECD}

O43 - CFD: 20/07/2012 - 19:10:00 - [0] ----D C:\Users\Ricardo\AppData\Local\{CC13830E-2B8A-4870-BD3F-9F8337BDD88E}

O43 - CFD: 25/06/2012 - 19:34:24 - [0] ----D C:\Users\Ricardo\AppData\Local\{CC55FDCE-D2F2-4042-81A4-C3894B1A1028}

O43 - CFD: 14/06/2012 - 22:24:54 - [0] ----D C:\Users\Ricardo\AppData\Local\{CEAFAB12-60D4-4174-AF64-832BA47F7EB8}

O43 - CFD: 07/07/2012 - 18:26:13 - [0] ----D C:\Users\Ricardo\AppData\Local\{D055B14A-87C4-4AD3-AC94-B50D107AD405}

O43 - CFD: 16/07/2012 - 19:31:23 - [0] ----D C:\Users\Ricardo\AppData\Local\{D505EA79-0574-4C95-B2DF-3B68D19ACECC}

O43 - CFD: 20/07/2012 - 19:10:12 - [0] ----D C:\Users\Ricardo\AppData\Local\{D5D85834-55E6-4050-98F0-B90B6546B358}

O43 - CFD: 18/07/2012 - 21:54:54 - [0] ----D C:\Users\Ricardo\AppData\Local\{D91C45E0-ED03-465B-BA45-915A712FA3AF}

O43 - CFD: 18/07/2012 - 21:54:31 - [0] ----D C:\Users\Ricardo\AppData\Local\{D98D27E2-D14A-4C33-BC11-9703D9A29F18}

O43 - CFD: 22/06/2012 - 18:46:56 - [0] ----D C:\Users\Ricardo\AppData\Local\{DE00A931-41D1-4339-A081-2BD8BF3932A6}

O43 - CFD: 08/06/2012 - 01:10:07 - [0] ----D C:\Users\Ricardo\AppData\Local\{DE61C127-BEBC-4149-A2F7-625D89382A1C}

O43 - CFD: 12/06/2012 - 19:52:55 - [0] ----D C:\Users\Ricardo\AppData\Local\{E0AA8280-6E1F-43A5-8CB5-32CE1CD75D12}

O43 - CFD: 19/07/2012 - 20:17:59 - [0] ----D C:\Users\Ricardo\AppData\Local\{EA57A5E2-1A6B-4BE1-9CE8-7762E24177E7}

O43 - CFD: 22/07/2012 - 12:05:34 - [0] ----D C:\Users\Ricardo\AppData\Local\{EC8F12BD-AEC3-46FE-A35C-2678068614A9}

O43 - CFD: 21/07/2012 - 07:10:37 - [0] ----D C:\Users\Ricardo\AppData\Local\{EEBC49BE-5D26-4D6E-A0FA-7D98A2AD60B6}

O43 - CFD: 09/07/2012 - 11:32:23 - [0] ----D C:\Users\Ricardo\AppData\Local\{F20C2857-E97C-4831-B25D-E0B5B3937716}

O43 - CFD: 07/06/2012 - 13:09:25 - [0] ----D C:\Users\Ricardo\AppData\Local\{F3918894-88BA-4B26-AF3A-D9B341D62E88}

O43 - CFD: 18/06/2012 - 18:45:32 - [0] ----D C:\Users\Ricardo\AppData\Local\{F8462B1A-F10F-472F-AAAA-C8B7C52AAF27}

O43 - CFD: 30/06/2012 - 06:39:00 - [0] ----D C:\Users\Ricardo\AppData\Local\{F93702C0-E641-409B-AB98-60525C3E7F43}

O43 - CFD: 05/07/2012 - 20:20:04 - [0] ----D C:\Users\Ricardo\AppData\Local\{F93B64F0-29D0-4407-8F2F-2DFB3B44C679}

O43 - CFD: 10/06/2012 - 21:45:50 - [0] ----D C:\Users\Ricardo\AppData\Local\{FA24E48D-7D86-43E6-B683-C8E7A6D6AC36}

O43 - CFD: 26/06/2012 - 20:26:32 - [0] ----D C:\Users\Ricardo\AppData\Local\{FAAD0CC7-650B-4F1E-861C-9D22E11698D0}

O43 - CFD: 19/06/2012 - 22:25:28 - [0] ----D C:\Users\Ricardo\AppData\Local\{FD4C787F-C2D6-49A8-9B9E-6B4840A07888}

O43 - CFD: 06/07/2012 - 22:02:34 - [0] ----D C:\Users\Ricardo\AppData\Local\{FDFE35E2-C8DB-4755-A9C8-72FBCFAE9177}

O43 - CFD: 01/07/2012 - 20:59:19 - [0] ----D C:\Users\Ricardo\AppData\Local\{FE816F16-CB48-46E2-949F-5C358A1E859B}

O43 - CFD: 15/07/2012 - 20:42:28 - [0] ----D C:\Users\Ricardo\AppData\Local\{FEA27A4A-E866-4388-811D-BB96420DD868}

O51 - MPSK:{b79d5c5f-6ee3-11e1-8720-bcaec570dfe0}\AutoRun\command. (...) -- G:\Setup.exe (.not file.)

c:\Windows\system32\Tasks\{08E27C12-378B-4409-8918-AAF29437F1E6}

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}]

[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\Windows\SysWOW64\srvany.exe [8192] [PID.]

[MD5.BCA43E19E7013331D99FF788EA6B42A0] - (...) -- C:\Windows\KMService.exe [151552] [PID.]

O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe => Infection Diverse (Trojan.Keygen)

[MD5.00000000000000000000000000000000] [APT] [DealPlyUpdate] (...) -- C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (.not file.)

SR - | Auto 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe => Infection Diverse (Trojan.Keygen)

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abraços!

maceno · Julho 25, 2012

boa noite

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Ricardo at 24/07/2012 21:35:51

Windows 7 Ultimate Edition, 64-bit (Build 7600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

========== Memory Process ==========

DELETED Memory Process: C:\Windows\SysWOW64\srvany.exe

DELETED Memory Process: C:\Windows\KMService.exe

========== Registry Key ==========

DELETED CLSID MPSK: {b79d5c5f-6ee3-11e1-8720-bcaec570dfe0}

DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}

DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E7E8B2E-604D-495f-9AF8-EE5C2CB1398D}

DELETED Key*: Service: KMService

NOT FOUND Key: Service: KMService

========== Registry Value ==========

DELETED URLSearchHook: {e0301295-ab3e-4af3-979f-3d453c5f9f48}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (Private) : TCP Query User{06A875B6-0079-4C14-A10A-93CFD3F0B4B0}D:\pasta ricardo\macenim\maceno perfect\maceno\theforgottenserver.exe

DELETED FirewallRaz (Private) : UDP Query User{2B7BDB64-5247-49A3-A050-D76437C3B5B0}D:\pasta ricardo\macenim\maceno perfect\maceno\theforgottenserver.exe

DELETED FirewallRaz (Private) : TCP Query User{82B47B17-C9BC-481D-BA02-8E8ED38092CC}D:\programas\world of warcraft\launcher.exe

DELETED FirewallRaz (Private) : UDP Query User{1437B775-D072-4529-9285-10C2410AF128}D:\programas\world of warcraft\launcher.exe

========== Repertory ==========

NOT FOUND C:\Users\Ricardo\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Ricardo\AppData\Local\Histórico

DELETED Folder: C:\Users\Ricardo\AppData\Local\{04517175-ED81-4469-828F-58DE720B1F2A}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{04D533E7-F63E-4184-94D1-D86CDC88ADB1}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{0578A6F6-386C-4259-A3A2-9C1DBBEF64DE}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{06277DA3-EE5A-4129-9436-084D09EB5F19}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{0723A4F9-9998-40CA-9C33-1A68D97EEEB4}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{0A2BFA01-2425-4562-9E78-DC5D2503A30E}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{0DB5976A-38D8-4197-87A5-8E7EB32733DF}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{13493219-9D1D-4C5D-A71D-7E2CE41BDD00}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{14123968-731E-4B55-9875-45BA64A09EB8}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{1481148A-AC23-4804-ACE8-67416B0BEB21}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{168DA86F-D949-4535-A1AA-BCDDDA02DCD7}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{16AE920E-89CC-4A68-B804-6B073F8EBFC6}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{17E67F65-666D-4299-9FA7-6346117ED944}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{1E26BCE0-9920-4B08-876C-B16DEACFFA7B}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{22E89F8B-7C09-4112-BEB8-CCE56CBFF364}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{2C81EB66-B0CA-4852-AE65-B6A9D894ABFD}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{2F186287-6CDE-4F17-A1A5-D8B746A7A14E}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{2F3AD57A-9BB8-4E7C-9AC1-BB4F3F684F83}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{2F7C58EF-E183-458F-A736-2FEB6593842B}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{2F9850C5-C2A3-4148-B698-0CAF43C49103}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{38D99AE5-2E43-4BF3-AE42-17280C878509}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{3C9FD475-4C7B-4378-9E16-B49F347908B8}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{3D0C9B6D-E4F4-4D12-95AF-007CFB309A99}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{3D801B2C-F7BE-467D-8CAC-53B235B09702}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{3F7535EC-63A2-4B5D-B1A2-7A3C2F450334}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{3F8522A4-F01D-470B-A97F-39BFA24FDBA0}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{4286DB97-CBA6-45CD-8D65-352BA09AFA8A}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{433FB90A-98E0-47A7-B551-5D208771431E}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{43434919-3903-4B96-9EAD-0BCE43836064}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{45FB6C41-F35B-4C2C-BF46-F737420AE7DF}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{4696AC15-3273-455C-8C8C-EC47526A7324}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{4BA0F7DF-6768-4A87-90A8-8912D363761C}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{4C413285-F5D2-4988-87DF-50A8F4ADE930}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{4D12F850-7DA9-46FB-8C43-F8DDDA062500}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{4EDCBE20-B70C-4C39-B075-2160C6FEBB43}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{5360CEF8-4333-4EA6-83D1-5B618F570BC7}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{54129E43-639D-4918-8276-C8635D9BB4A5}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{597AB8A8-36E6-47E6-B9D6-9AE46F7332D6}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{5EF66B5F-740F-4034-8676-7F31EE9328C9}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{62ABA3E7-6E53-4D2D-B2F0-B71C966EE925}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{6627F90F-B33C-4AA7-9C19-D795C133541F}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{6883765C-87F2-4E8A-84DB-8748EA302864}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{6A163689-B652-476B-9332-1E06BB64E093}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{6B6B8D5C-F758-4751-9509-35C1FD21B048}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{6C67999F-C721-4906-91E2-3BD9891500E6}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7083DA16-6AD4-413E-BC30-B0356AEDBAFA}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{713A39AC-94D9-4177-8B54-C1B80BD3FB8E}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{72AA2BFC-78B7-42A3-AAAF-582F8D56975A}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7348A43B-64BD-489A-9471-43FB05653A05}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{735B7922-81D3-4BB4-B1A4-2577D31FF51D}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7388E6A1-9DAF-4752-A358-EB1BA29424AA}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7843E51A-7065-43FD-A084-1F1F328744E5}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{787C868D-6029-4860-AD91-695E9EEE542B}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7BB4AF10-3BCA-4C71-9218-282671DB0787}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7CBFC66D-AE34-4C07-9751-E8EC71192E50}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7D7C43F8-F0D1-4B91-8C6B-516B210A6495}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{7FF6DD07-DEAB-4E5D-A224-8A4CA1570408}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{80105B3B-A363-46F1-97CA-6FAE3E19BDE8}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{80CF6ED6-9290-4AC7-939B-CF550C94C78B}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{85A619A7-CB7B-4F0D-B878-1C2612DD7587}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{86006336-0A51-4FD2-BF10-88EF2D6A045E}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{86342FA5-6E06-4933-9E75-0DB1B583AE28}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{869A72D5-6A26-4339-86D0-33ED60CAC4A7}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{8743A146-1073-4019-9EE9-CA51421F6D58}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{8EB137F1-3955-441A-8A44-389AC8902331}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{8F09236D-4D1D-48CF-8F33-75861D789B77}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{8F55C0BC-080E-4F25-8244-207638279933}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{92EFA9C2-5F89-42C2-95FE-99E6F1F71321}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{948DA12F-240C-4796-B88A-A02CBC59351A}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{959B59BA-6DEC-47D6-9A31-C0050ADD9116}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{95B66985-D25A-49C6-9415-C56E63A16EB0}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{9BE2AB1F-FBB8-4D59-BA0D-C9AB6330ADEE}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{9C646646-B988-4537-8C82-540C55477653}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{9EE3B036-87C9-4F86-9324-AE11E5DD66F4}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{A088B025-68A3-408C-BA3F-BB3AFD4DBD53}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{A3D722AF-7399-4B5C-A17A-2E28109D2435}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{A5E2F94A-0820-4060-AA30-CAEF2E361C41}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{A693E325-6997-4857-A8F6-A115BC1C3BEA}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{A817BCFA-05F7-42C7-AC70-1BE4BA9654C2}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{A9FBB28D-D7C1-4B6C-B555-B137407FD084}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{AA7F1B6F-4098-44AD-B8E8-198207E8EC46}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{AE5ECFFC-7A66-45CD-AA43-05F5BE70D14B}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{B0330FAD-FE41-4E5F-8E19-7D478D08D7ED}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{B23423B1-B110-4BD0-9F99-8A14659F7044}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{B8164F17-894F-4D75-AE08-04DBE82EA3C4}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{B876EF80-030E-45DC-9330-7462C1C872D3}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{BB32B52B-AC47-4ED0-B17B-1EE63712E321}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{BD2FD528-F8D1-4D60-BA23-F32DD2B2A922}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C2644ED8-B86B-4BCA-A409-0E92391F59B2}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C429FD93-69BE-4A0B-9694-0E92FE5CD207}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C48923A9-F58D-4BDD-9B61-3EAB56D4F139}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C82E4105-F096-4174-A605-62C12A8B74AE}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C856C77F-C72E-45F9-8906-C54F971766BC}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C883B9AA-B710-4279-80A3-8BF731EB9741}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{C8874BCD-BD68-48B9-96B1-A112DC1C22A0}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{CA461CA8-F0D4-4DAD-A0DB-9FD8BD2F5ECD}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{CC13830E-2B8A-4870-BD3F-9F8337BDD88E}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{CC55FDCE-D2F2-4042-81A4-C3894B1A1028}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{CEAFAB12-60D4-4174-AF64-832BA47F7EB8}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{D055B14A-87C4-4AD3-AC94-B50D107AD405}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{D505EA79-0574-4C95-B2DF-3B68D19ACECC}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{D5D85834-55E6-4050-98F0-B90B6546B358}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{D91C45E0-ED03-465B-BA45-915A712FA3AF}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{D98D27E2-D14A-4C33-BC11-9703D9A29F18}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{DE00A931-41D1-4339-A081-2BD8BF3932A6}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{DE61C127-BEBC-4149-A2F7-625D89382A1C}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{E0AA8280-6E1F-43A5-8CB5-32CE1CD75D12}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{EA57A5E2-1A6B-4BE1-9CE8-7762E24177E7}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{EC8F12BD-AEC3-46FE-A35C-2678068614A9}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{EEBC49BE-5D26-4D6E-A0FA-7D98A2AD60B6}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{F20C2857-E97C-4831-B25D-E0B5B3937716}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{F3918894-88BA-4B26-AF3A-D9B341D62E88}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{F8462B1A-F10F-472F-AAAA-C8B7C52AAF27}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{F93702C0-E641-409B-AB98-60525C3E7F43}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{F93B64F0-29D0-4407-8F2F-2DFB3B44C679}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{FA24E48D-7D86-43E6-B683-C8E7A6D6AC36}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{FAAD0CC7-650B-4F1E-861C-9D22E11698D0}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{FD4C787F-C2D6-49A8-9B9E-6B4840A07888}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{FDFE35E2-C8DB-4755-A9C8-72FBCFAE9177}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{FE816F16-CB48-46E2-949F-5C358A1E859B}

DELETED Folder: C:\Users\Ricardo\AppData\Local\{FEA27A4A-E866-4388-811D-BB96420DD868}

DELETED Window Temporary:

DELETED Flash Cookies:

========== File ==========

NOT FOUND Folder/File: c:\windows\system32\tasks\{08e27c12-378b-4409-8918-aaf29437f1e6}

DELETED File*: c:\windows\syswow64\srvany.exe

DELETED File*: c:\windows\kmservice.exe

NOT FOUND File: c:\windows\system32\srvany.exe

DELETED Window Temporary:

DELETED Flash Cookies:

========== Task ==========

DELETED Task: {08E27C12-378B-4409-8918-AAF29437F1E6}

DELETED Task: DealPlyUpdate

========== Restoration ==========

Restore System Point created succefully

========== Summary ==========

2 : Memory Process

5 : Registry Key

13 : Registry Value

125 : Repertory

6 : File

2 : Task

1 : Restoration

End of clean in 00mn 22s

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 24/07/2012 21:35:51 [13245]

DigRam · Julho 26, 2012

Boa Noite! maceno

|- Baixe: < > ( ... by OldTimer Tools )

|- Clique em Salvar! < 0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg >

|- Salve-o no desktop!

|- Duplo clique em OTL.exe --> Executar: c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg

>>

|- Configure "Verificação de Arquivos",segundo a screenshot!

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

netsvcs
%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

uninst.exe

/md5stop

regedit /e c:\registrybackup.reg /c

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

|- Clique em Verificar:

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < >

|- Maiores informações: < |Link| >

Abraços!

maceno · Julho 27, 2012

boa noite abaixo o log:

OTL logfile created on: 26/07/2012 22:37:28 - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ricardo\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,98 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 66,00% Memory free

7,96 Gb Paging File | 5,83 Gb Available in Paging File | 73,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 49,65 Gb Free Space | 50,90% Space Free | Partition Type: NTFS

Drive D: | 833,86 Gb Total Space | 613,79 Gb Free Space | 73,61% Space Free | Partition Type: NTFS

Drive F: | 644,32 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: RICARDO-PC | User Name: Ricardo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/26 22:35:29 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ricardo\Desktop\OTL.exe

PRC - [2012/07/11 14:16:22 | 000,275,320 | ---- | M] (Silver Squirrel Software HB) -- C:\Program Files (x86)\Tibiacast\Tibiacast Client.exe

PRC - [2012/07/09 08:57:50 | 004,845,056 | ---- | M] (CipSoft GmbH) -- C:\Program Files (x86)\Tibia\tibia.exe

PRC - [2012/03/06 21:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/11 14:16:22 | 000,091,512 | ---- | M] () -- C:\Program Files (x86)\Tibiacast\UnmanagedExtensions.dll

MOD - [2012/05/22 22:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

MOD - [2012/05/22 22:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

MOD - [2012/05/22 22:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll

MOD - [2012/05/22 22:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll

MOD - [2012/05/22 22:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll

MOD - [2012/05/22 22:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll

MOD - [2012/05/22 22:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll

MOD - [2012/05/22 22:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

MOD - [2012/05/22 22:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll

MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

MOD - [2009/07/14 02:00:48 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\965b1fa2decab0efc0c837ab7252bba1\Microsoft.VisualBasic.ni.dll

MOD - [2009/07/14 01:56:14 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1762137638019a091020b3baf52f6de3\System.Core.ni.dll

MOD - [2009/07/14 01:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll

MOD - [2009/07/14 01:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll

MOD - [2009/07/14 01:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll

MOD - [2009/07/14 01:55:24 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll

MOD - [2009/07/14 01:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll

MOD - [2009/07/14 01:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll

MOD - [2009/07/14 01:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll

MOD - [2009/07/14 01:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll

MOD - [2009/06/10 19:10:40 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009/06/10 19:10:40 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/06/10 19:10:40 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/26 20:29:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/06 21:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010/07/13 18:26:12 | 000,719,216 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Arquivos de Programas\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV - [2010/07/13 18:26:08 | 007,329,648 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Arquivos de Programas\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010/01/09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)

SRV - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/18 21:02:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/03/06 21:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/03/06 21:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/03/06 21:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/03/06 21:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/03/06 21:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/02/03 21:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/05/19 18:52:38 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009/09/21 20:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/02/16 16:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 AC C6 BC 45 2F CC 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found

O1 HOSTS File: ([2012/06/24 20:25:50 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [EPSON TX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGB.EXE /FU "C:\Windows\TEMP\E_S49EA.tmp" /EF "HKCU" File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8:64bit: - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA67A9E2-4133-4D37-9088-B33AE808858A}: DhcpNameServer = 200.204.0.10 200.204.0.138

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/02/05 21:40:28 | 000,000,062 | R--- | M] () - F:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\Shell\AutoRun\command - "" = F:\Desperados.exe -- [2001/03/14 16:24:05 | 000,630,784 | R--- | M] (Spellbound Software)

O33 - MountPoints2\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\Shell\AutoRun\command - "" = F:\cdstart.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 20:05:58 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/07/23 20:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2012/07/21 14:13:44 | 000,000,000 | ---D | C] -- C:\HijackThis

[2012/07/16 20:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibiacast

[2012/07/16 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibiacast

[2012/07/15 20:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia

[2012/07/15 20:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia

[2012/06/30 21:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio

[2012/06/30 21:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameVicio

========== Files - Modified Within 30 Days ==========

[2012/07/26 22:29:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/26 18:38:13 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/26 18:38:13 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/26 18:35:17 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/26 18:35:17 | 000,657,176 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/07/26 18:35:17 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/26 18:35:17 | 000,125,568 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/07/26 18:35:17 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/26 18:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/26 18:30:52 | 3207,323,648 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/23 20:06:43 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2012/07/15 20:44:45 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk

========== Files Created - No Company Name ==========

[2012/07/23 20:06:43 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2012/07/15 20:44:45 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk

[2012/06/18 20:56:23 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2012/06/17 10:58:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2012/06/05 20:31:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2012/06/05 19:48:44 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2012/06/05 19:48:44 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2012/06/05 19:48:44 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2012/06/05 19:48:44 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2012/06/05 19:48:44 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2012/06/05 19:48:44 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2012/06/05 19:48:44 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2012/06/05 19:48:43 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2012/06/05 19:48:43 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2012/06/05 19:48:43 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2012/06/05 19:48:43 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2012/06/05 19:48:43 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2012/06/05 19:48:43 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2012/06/05 19:48:43 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2012/06/05 19:48:43 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2012/06/05 19:48:43 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2012/06/05 19:47:36 | 000,000,045 | ---- | C] () -- C:\Windows\ETX123_125.ini

[2012/06/02 13:25:58 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/06/02 13:25:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2012/06/02 13:25:57 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012/06/02 13:25:57 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012/06/02 13:25:57 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/06/01 20:46:39 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2009/07/14 02:08:49 | 000,029,152 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %APPDATA%\Local\*. >

< %APPDATA%\*.exe /s >

[2012/06/06 23:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012/06/06 23:02:32 | 000,874,384 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012/06/06 23:02:38 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ricardo\AppData\Roaming\Dropbox\bin\Uninstall.exe

< %APPDATA%\*. >

[2012/06/18 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Adobe

[2012/06/03 10:07:26 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Corel

[2012/07/09 12:36:47 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\DAEMON Tools Lite

[2012/06/10 22:36:26 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Dropbox

[2012/06/05 20:42:24 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Epson

[2012/06/01 15:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Identities

[2012/06/05 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\InstallShield

[2012/06/03 00:20:32 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Macromedia

[2009/07/14 04:45:14 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Media Center Programs

[2012/07/25 19:53:36 | 000,000,000 | --SD | M] -- C:\Users\Ricardo\AppData\Roaming\Microsoft

[2012/06/03 00:24:12 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Mozilla

[2012/06/03 01:11:21 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\NVIDIA

[2012/06/03 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Thunderbird

[2012/07/15 20:45:20 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Tibia

[2012/07/16 21:41:10 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\Tibiacast

[2012/07/25 06:39:55 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\uTorrent

[2012/06/18 20:56:47 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\VDownloader

[2012/06/02 14:10:21 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\WinRAR

[2012/06/05 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\Ricardo\AppData\Roaming\WTablet

< %USERPROFILE%\AppData\Local\*.* >

[2012/06/10 11:38:26 | 000,119,176 | ---- | M] () -- C:\Users\Ricardo\AppData\Local\GDIPFONTCACHEV1.DAT

[2012/07/26 06:56:46 | 003,932,323 | -H-- | M] () -- C:\Users\Ricardo\AppData\Local\IconCache.db

< %USERPROFILE%\AppData\Roaming\*.* >

[2012/06/24 23:04:38 | 000,000,132 | ---- | M] () -- C:\Users\Ricardo\AppData\Roaming\Adobe PNG Format CS5 Prefs

< %systemroot%\assembly\tmp\*.* /S /MD5 >

< %systemroot%\assembly\temp\*.* /S /MD5 >

< %systemroot%\assembly\GAC\*.* /S /MD5 >

[2012/06/02 13:39:01 | 000,110,592 | ---- | M] () MD5=C0F0651AC9610796599E87FBB3142802 -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

[2012/06/02 13:39:35 | 000,000,196 | ---- | M] () MD5=213E77DAAA7EE6F0D61692008680FC9B -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:41 | 000,245,760 | ---- | M] () MD5=F7C91E98686039D661951455870ACAE6 -- C:\Windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll

[2012/06/01 21:03:03 | 000,000,194 | ---- | M] () MD5=8BB75F68519BFF52587CAA5B77C721F3 -- C:\Windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:57 | 000,135,168 | ---- | M] () MD5=53D1C344C3F000E06334EBF44FD45B4A -- C:\Windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll

[2012/06/01 21:03:03 | 000,000,196 | ---- | M] () MD5=C1B0E4899C6284BECF42206B9E50773F -- C:\Windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:02 | 000,018,944 | ---- | M] () MD5=25E9ABA3F61580C6B4D0756FF645873C -- C:\Windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll

[2012/06/02 13:39:34 | 000,000,196 | ---- | M] () MD5=E7633A981D83942FEB1093559A9371A3 -- C:\Windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:02 | 000,012,800 | ---- | M] () MD5=956D8049640A1A2205B207B146D4D4F2 -- C:\Windows\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\envdte90a.dll

[2012/06/02 13:39:35 | 000,000,197 | ---- | M] () MD5=78EBB1BDEB1A69A578C45864B2D17505 -- C:\Windows\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:57 | 000,004,608 | ---- | M] () MD5=F8D11C60B70ACD2EC9154EE676F615BA -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

[2012/06/01 21:03:03 | 000,000,204 | ---- | M] () MD5=89E94319A3126A292D0894A1FF82C913 -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2009/07/14 01:55:04 | 000,356,352 | ---- | M] () MD5=DD2EB5E64619613C4C108CFB192F4950 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/14 01:55:04 | 000,000,325 | ---- | M] () MD5=3A74C27634435F509DC024FEEBE670E5 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009/07/14 01:55:04 | 000,516,096 | ---- | M] () MD5=A02EE61542CAAE25F8A44C9428D30247 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/14 01:55:04 | 000,000,328 | ---- | M] () MD5=FAF707724A740277714E33A65F4995BF -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/06/02 13:39:05 | 000,006,656 | ---- | M] () MD5=2DA59279D81D07B97013FDA17D6FB904 -- C:\Windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll

[2012/06/02 13:39:34 | 000,000,237 | ---- | M] () MD5=5BB7294753F09C6D40FE55C01E5781AA -- C:\Windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:02:09 | 008,007,680 | ---- | M] () MD5=5440EE9CD44616D60CDE57EBDB286E95 -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

[2012/06/01 21:03:03 | 000,000,207 | ---- | M] () MD5=1FF29DC2A2197D5984E5D418C904D3DF -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:17 | 000,022,552 | ---- | M] () MD5=F39D9CB981B936E9A465F87C999FDBA6 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

[2012/06/02 13:39:35 | 000,000,210 | ---- | M] () MD5=5FF55305D8CD820F92311575C0B0172B -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:57 | 000,069,632 | ---- | M] () MD5=A307D0F943CEE606C71C2111ED19E443 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll

[2012/06/01 21:03:03 | 000,000,222 | ---- | M] () MD5=7034AAD5729F2BC73C8B5CB0FA85531A -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:57 | 000,176,128 | ---- | M] () MD5=55FDCF04E02EE04FE8F90AD5E437F671 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll

[2012/06/01 21:03:03 | 000,000,227 | ---- | M] () MD5=3E9B82E6CD9CAD2225B56760A1F7378E -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:03 | 000,126,976 | ---- | M] () MD5=F42E3E6C3E11F8880D83A6E24CC9D803 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll

[2012/06/02 13:39:34 | 000,000,228 | ---- | M] () MD5=2B749D0F31D7F034BAC1100D3736F448 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:49 | 000,008,704 | ---- | M] () MD5=4FCA230D88B5AFA87CAA2428031EBED1 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll

[2012/06/01 21:03:03 | 000,000,233 | ---- | M] () MD5=8FEA10406D90B571E90E967F3E9491A5 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:42 | 000,118,784 | ---- | M] () MD5=7A7AE4399AE8097E087A5A66AA9AB32D -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll

[2012/06/01 21:03:03 | 000,000,226 | ---- | M] () MD5=BCE994AD8685A85374F9BF99CD13A031 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:42 | 000,172,032 | ---- | M] () MD5=B9ECDAC7D0067B9072F6FE42E080EC77 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll

[2012/06/01 21:03:03 | 000,000,228 | ---- | M] () MD5=1D7FD2C86B6F7C94EDD9097BBA66E83B -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:04 | 000,040,960 | ---- | M] () MD5=37F96C0CBE0F7DB50828599E145F1C61 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll

[2012/06/02 13:39:34 | 000,000,228 | ---- | M] () MD5=E87EA45C8E833978A49A75A1D3D2CF83 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:04 | 000,259,152 | ---- | M] () MD5=AB46273F68FF32433A4738E3B58BEF80 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll

[2012/06/02 13:39:34 | 000,000,228 | ---- | M] () MD5=B069987CD9A483A76D9F875DCD570229 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:57 | 000,057,344 | ---- | M] () MD5=CA184191038AE1B452E0367E57748752 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll

[2012/06/01 21:03:03 | 000,000,234 | ---- | M] () MD5=07341030AA15C97F4F5E93F8617EBDA5 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:18 | 000,007,680 | ---- | M] () MD5=D6D2BABB9142910AD302D56531D872A5 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll

[2012/06/02 13:39:34 | 000,000,234 | ---- | M] () MD5=353281421B69D0E220C5A06041731560 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:42 | 000,114,688 | ---- | M] () MD5=14CB9EBA7836BCC22365C9DF4929D164 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll

[2012/06/01 21:03:03 | 000,000,234 | ---- | M] () MD5=C9771E037170D4262636B45F66AD840B -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:58 | 000,011,264 | ---- | M] () MD5=B8DB6EDDE57080BF76DDB25E6A1A2784 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll

[2012/06/01 21:03:03 | 000,000,220 | ---- | M] () MD5=A877885BFBC79A0BDEBC632E1571E977 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:58 | 000,008,704 | ---- | M] () MD5=3ED037E93446A1239D992DABAF00E4D5 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll

[2012/06/01 21:03:03 | 000,000,219 | ---- | M] () MD5=3D45556F86ADC367E0075192FD0A6182 -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:17 | 000,013,312 | ---- | M] () MD5=155E5C62C3FFA121DB8642323629678F -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

[2012/06/02 13:39:35 | 000,000,200 | ---- | M] () MD5=75F9D4C5791EA2CB9221F9EF48076770 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:19 | 000,025,592 | ---- | M] () MD5=3063029568589FB9B0A420E7F7FC514C -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

[2012/06/02 13:39:35 | 000,000,197 | ---- | M] () MD5=B369011B201A692896E0586EE52175FC -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:09 | 000,053,248 | ---- | M] () MD5=2A827A39A27EEBF51FF7CE3C99945810 -- C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll

[2012/06/02 13:39:34 | 000,000,201 | ---- | M] () MD5=6035152C04CC5C0E823CB84F403BC068 -- C:\Windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:58 | 000,019,968 | ---- | M] () MD5=8D85B2F35CD05192A9C7BB71A472B02F -- C:\Windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll

[2012/06/01 21:03:03 | 000,000,202 | ---- | M] () MD5=5C3FFB6AB30D2A0A3D90559331C64376 -- C:\Windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/01 21:01:58 | 000,073,728 | ---- | M] () MD5=C3293A5FB62059A8E67CA0FD52021D8E -- C:\Windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll

[2012/06/01 21:03:03 | 000,000,200 | ---- | M] () MD5=65986BBEA176BDC4A4910C5D576EB6D3 -- C:\Windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:09 | 000,005,120 | ---- | M] () MD5=4ECB95FB5907634C44F7CC231D14958D -- C:\Windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll

[2012/06/02 13:39:34 | 000,000,200 | ---- | M] () MD5=5BE390017060E350A224C7A38A669730 -- C:\Windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:12 | 000,049,152 | ---- | M] () MD5=D735647F1CDDBD56344A3954B7F4B63C -- C:\Windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll

[2012/06/02 13:39:34 | 000,000,205 | ---- | M] () MD5=F42F5FA9FB077210A3D635F8C201304D -- C:\Windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/06/02 13:39:14 | 000,012,288 | ---- | M] () MD5=02B1665C8FA87858C9B4141B24835AE4 -- C:\Windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll

[2012/06/02 13:39:34 | 000,000,207 | ---- | M] () MD5=CBE91F96F2AFACB8B3F2D232473EBABF -- C:\Windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2009/07/13 22:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll

[2009/07/13 22:25:34 | 000,238,080 | ---- | M] () MD5=CA14B4670046CA499087F36070E187D6 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2012/06/02 13:37:53 | 000,015,720 | ---- | M] () MD5=952C22690DAFE551E8B686252BBFD400 -- C:\Windows\assembly\GAC_32\Corel.VstaMarshaler\15.0.0.486__e4835428e22ad6f9\Corel.VstaMarshaler.dll

[2009/06/10 18:22:50 | 000,069,120 | ---- | M] () MD5=A7C018EA06C5E8F73BB2BBEF072BFBAC -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2009/07/13 22:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe

[2009/07/13 18:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config

[2009/06/10 18:22:57 | 000,072,192 | ---- | M] () MD5=BBE45F61F5A170FC518F283E872D6F20 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2009/07/13 22:20:04 | 000,134,656 | ---- | M] () MD5=BFE7E37D0E47FAD0FCB0C959AC566DE5 -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2009/07/13 23:12:54 | 000,090,112 | ---- | M] () MD5=7643FE2D5D8DC339868BD4D952E0F385 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2009/07/13 23:52:48 | 000,090,112 | ---- | M] () MD5=EAA4D6750FB7E2867C18894BB14BF18D -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_pt-BR_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2009/07/13 22:21:26 | 000,189,952 | ---- | M] () MD5=1ABB50BC0EC02F4D16C6300CDAD04EDB -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll

[2009/07/13 22:24:07 | 000,146,432 | ---- | M] () MD5=82FBA2151ACAD6329BF79E845B9C1038 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll

[2009/07/13 22:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/13 22:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 22:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll

[2009/06/10 18:14:03 | 000,163,840 | ---- | M] () MD5=4EF239C0475CE7B45993255D5E474AF7 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2012/06/02 13:39:01 | 000,595,456 | ---- | M] () MD5=50B0D148581773FF8A09A60764503728 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.dll

[2012/06/01 21:01:42 | 000,370,608 | ---- | M] () MD5=99D8B5B9A5D631608242BAA23249B2E1 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

[2009/07/13 22:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2009/06/10 18:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009/06/10 18:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2012/06/02 13:39:05 | 001,712,128 | ---- | M] () MD5=775BC6EF79E6D5D1852D6419C2B3011A -- C:\Windows\assembly\GAC_32\mscorcfg\3.5.0.0__b03f5f7f11d50a3a\mscorcfg.dll

[2009/06/10 18:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009/06/10 18:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009/06/10 18:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2009/06/10 18:23:06 | 004,550,656 | ---- | M] () MD5=D262AD9B4F49FA064039D467CCD1B2DD -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009/06/10 18:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009/06/10 18:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009/06/10 18:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009/06/10 18:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009/06/10 18:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009/06/10 18:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009/06/10 18:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009/06/10 18:23:17 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009/06/10 18:23:17 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009/06/10 18:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2009/07/13 22:22:14 | 000,046,080 | ---- | M] () MD5=276A2AEC6AB593A5F01544A25B34BE9C -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2009/07/13 22:22:23 | 000,107,008 | ---- | M] () MD5=7102A6961F0A526A790704946902B23A -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009/07/13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config

[2009/07/13 22:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll

[2009/06/10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009/06/10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config

[2009/07/13 22:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll

[2009/07/13 19:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009/07/13 22:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2009/06/10 18:14:43 | 004,214,784 | ---- | M] () MD5=4D87C59972B6E539FC8942CFC4969B2D -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009/06/10 18:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2009/06/10 18:14:52 | 001,736,536 | ---- | M] () MD5=56099A6F865EA7771CBB88674545DB44 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2009/06/10 18:23:17 | 000,486,400 | ---- | M] () MD5=12777E85B175899C02C645D839C83506 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2009/06/10 18:23:17 | 002,933,248 | ---- | M] () MD5=CE24654E99CB7FB24903F8A1826FF343 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2009/06/10 18:23:18 | 000,258,048 | ---- | M] () MD5=C18C30BFFDF790463B4F5B2311652208 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2009/07/13 17:46:36 | 000,113,664 | ---- | M] () MD5=D16E07E806ABA236B604B92693CE35E0 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2009/06/10 18:14:45 | 000,368,640 | ---- | M] () MD5=B1301F1FF435D9995903A853C0477BE4 -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009/06/10 18:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2009/06/10 18:23:19 | 005,242,880 | ---- | M] () MD5=F8E8CB1DE71593BF6DA450B2C9E1484E -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >

[2009/07/13 22:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll

[2009/07/13 22:54:39 | 000,249,344 | ---- | M] () MD5=AE573EC1A20212E09B6BF1881AFB0DA5 -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2009/06/10 17:39:47 | 000,080,896 | ---- | M] () MD5=2820290884FAF5F7366D39ABB5218A25 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2009/06/10 17:39:54 | 000,089,600 | ---- | M] () MD5=5916D8314CF9A7BA40DA260020FE8ECF -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2009/07/13 22:48:21 | 000,139,264 | ---- | M] () MD5=488D28E8527F2E7BCED8BE600DAF8FD0 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2009/07/13 22:48:36 | 000,197,632 | ---- | M] () MD5=6D58905A3A527D7B28CE64B5D0C8FA72 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe

[2009/07/13 22:50:16 | 000,133,120 | ---- | M] () MD5=DBB6342F1CC95BB412F619875F5D3C37 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll

[2009/07/13 23:32:58 | 000,090,112 | ---- | M] () MD5=36FC4413674DEE77D586535E7075ACB4 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2009/07/14 00:03:34 | 000,090,112 | ---- | M] () MD5=706F974A47418C837A3023120596615D -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_pt-BR_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2009/07/13 22:50:37 | 000,196,096 | ---- | M] () MD5=73F59819AFC2D146077E9E82F8704C76 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll

[2009/07/13 22:50:50 | 000,151,552 | ---- | M] () MD5=0573E5A31CA6FC3E78AA0697E6276E88 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll

[2009/07/13 22:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/13 22:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 22:51:45 | 000,315,392 | ---- | M] () MD5=9BCB77378D830108AA34F6E0A07A89B1 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

[2009/07/13 22:51:49 | 000,147,968 | ---- | M] () MD5=9A764DD58E0554AF30CBC1966428CBD9 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll

[2009/07/13 22:51:56 | 000,056,320 | ---- | M] () MD5=25BE68976381FB1B5D3DC32FD5AA0977 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll

[2009/07/13 22:51:59 | 000,110,592 | ---- | M] () MD5=F90896B7B746150E5399DD150093596E -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll

[2009/07/13 22:52:45 | 000,327,168 | ---- | M] () MD5=F9B537CC695161EBC85560D2BA5D584C -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll

[2012/06/01 21:01:54 | 000,163,248 | ---- | M] () MD5=595C46715D74E357B7B2E43CE732CE89 -- C:\Windows\assembly\GAC_64\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Access.BusinessDataCatalog.DLL

[2012/06/01 21:01:47 | 000,956,288 | ---- | M] () MD5=5F20CC1396134D409FB641CC6F78623C -- C:\Windows\assembly\GAC_64\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll

[2012/06/01 21:02:02 | 000,140,200 | ---- | M] () MD5=07C649EDCCEB97CBAF976053D2392CC8 -- C:\Windows\assembly\GAC_64\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

[2009/07/13 22:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll

[2012/06/01 21:02:04 | 000,513,920 | ---- | M] () MD5=9A1AD8C3023D6D56B685C9694E2068E9 -- C:\Windows\assembly\GAC_64\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll

[2009/06/10 17:30:45 | 000,163,840 | ---- | M] () MD5=C09B03EFC305AB1FFD6332C85AEF4637 -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2012/06/01 21:01:42 | 000,453,040 | ---- | M] () MD5=12AA1A71A9A44F4230611CC38E85CC22 -- C:\Windows\assembly\GAC_64\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

[2009/07/13 22:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2009/07/13 22:46:28 | 000,019,968 | ---- | M] () MD5=EDC3EC8F2564E18BF65AD2EB0A2DDB9E -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll

[2009/06/10 17:31:02 | 000,083,776 | ---- | M] () MD5=FEBE4CE116821F270994901AB7C7E1F2 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009/06/10 17:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009/06/10 17:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009/06/10 17:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009/06/10 17:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2009/06/10 17:39:56 | 004,567,040 | ---- | M] () MD5=930F3EAC850C5C3EE7F660BDCC97CA28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009/06/10 17:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009/06/10 17:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009/06/10 17:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009/06/10 17:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009/06/10 17:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009/06/10 17:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009/06/10 17:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009/06/10 17:40:02 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009/06/10 17:40:02 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009/06/10 17:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2009/07/13 22:51:47 | 000,050,176 | ---- | M] () MD5=3AC0727510A47DEAD2BAE5181840B72F -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2009/07/13 22:50:10 | 000,133,632 | ---- | M] () MD5=06DCA4549FD5ED8868A59D4524B9DC42 -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009/06/10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009/06/10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 18:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009/07/13 22:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2009/06/10 17:30:55 | 003,996,672 | ---- | M] () MD5=F418A6CBE0C4DE6CE9088F4064E96DE0 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009/06/10 17:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2009/06/10 17:30:59 | 002,255,176 | ---- | M] () MD5=15F00DBCA9A868B4DDA651EC47798D5F -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2009/06/10 17:40:02 | 000,502,272 | ---- | M] () MD5=E36203D081BAC6872ED6DE8487C50EA4 -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2009/06/10 17:40:02 | 003,106,304 | ---- | M] () MD5=F3573D7CED8D03F67F24BD459D8E0AEC -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2009/06/10 17:40:03 | 000,245,760 | ---- | M] () MD5=78348CDFDB6BEC66643FA947A9889535 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2009/06/10 17:40:04 | 000,133,120 | ---- | M] () MD5=EB24132FC40F6A0C301539D29C63DC54 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2009/06/10 17:30:58 | 000,357,376 | ---- | M] () MD5=57CD029D3F70CC93AB0586A58829E164 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009/06/10 17:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2009/06/10 17:40:06 | 005,251,072 | ---- | M] () MD5=92AEF178053BB5CBCF0C7DEA99A70F6F -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

[2012/07/25 03:56:52 | 000,007,186 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

"DownloadUpdates" = 1

"Version" = 2

"UpgradeTime" = D8 5F 9A 65 DD 40 CD 01 [binary data]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\${searchCLSID}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

< MD5 for: CSRSS.EXE >

[2009/07/13 22:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe

[2009/07/13 22:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >

[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe

[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009/07/13 22:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe

[2009/07/13 22:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE >

[2009/07/13 22:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe

[2009/07/13 22:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: UNINST.EXE >

[2012/05/23 20:24:36 | 000,133,840 | ---- | M] (Piriform Ltd) MD5=8661FD96C546CEE0AB4636A5E9C76ACD -- C:\Program Files\CCleaner\uninst.exe

[2012/04/17 12:19:46 | 001,561,920 | ---- | M] (DT Soft Ltd) MD5=972A0279B1621778798ECB99F9EAE6E6 -- C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe

< MD5 for: USERINIT.EXE >

[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 22:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009/07/13 22:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >

[2009/07/13 22:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/13 22:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/13 22:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/13 22:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2009/07/13 22:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe

[2009/07/13 22:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< regedit /e c:\registrybackup.reg /c >

< %systemroot%\system32\tasks\*.* /s /64 >

[2012/07/26 20:29:47 | 000,003,840 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater

[2012/06/18 20:48:58 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Ricardo-PC-Ricardo

[2012/07/26 18:38:14 | 000,003,856 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows Defender\MP Scheduled Scan

[2012/06/01 21:08:40 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

[2009/07/14 01:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)

[2009/07/14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)

[2009/07/14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\PolicyConverter

[2009/07/14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck

[2009/07/14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\AitAgent

[2009/07/14 01:54:05 | 000,003,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater

[2009/07/14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Autochk\Proxy

[2009/07/14 01:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask

[2009/07/14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask

[2009/07/14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask

[2009/07/14 02:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam

[2009/07/14 01:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator

[2009/07/14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask

[2009/07/14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip

[2009/07/14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Defrag\ScheduledDefrag

[2009/07/14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Diagnosis\Scheduled

[2012/07/22 01:00:00 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector

[2012/06/01 12:28:49 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver

[2009/07/14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Location\Notifications

[2012/06/03 09:48:30 | 000,004,036 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Maintenance\WinSAT

[2012/06/01 12:28:56 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch

[2012/06/01 12:28:55 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService

[2012/06/01 12:28:57 | 000,002,592 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks

[2012/06/01 12:28:55 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ehDRMInit

[2012/06/01 12:28:56 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\InstallPlayReady

[2012/06/01 12:28:58 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\mcupdate

[2012/06/01 12:29:00 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask

[2012/06/01 12:28:59 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask

[2012/06/01 12:28:54 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURActivate

[2012/06/01 12:28:54 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURDiscovery

[2012/06/01 12:28:54 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscovery

[2012/06/01 12:29:02 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1

[2012/06/01 12:29:03 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2

[2012/06/01 12:28:58 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry

[2012/06/01 12:28:59 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask

[2012/06/01 12:29:00 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrScheduleTask

[2012/06/01 12:28:52 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RecordingRestart

[2012/06/01 12:28:56 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RegisterSearch

[2012/06/01 12:28:56 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot

[2012/06/01 12:28:59 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask

[2012/06/01 12:28:55 | 000,002,736 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\UpdateRecordPath

[2009/07/14 01:53:33 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector

[2009/07/14 01:53:33 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector

[2012/06/01 12:28:53 | 000,003,576 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MobilePC\HotStart

[2009/07/14 01:54:22 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MUI\LPRemove

[2009/07/14 01:57:07 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Multimedia\SystemSoundsService

[2009/07/14 01:54:39 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo

[2012/06/01 15:07:54 | 000,004,180 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Offline Files\Background Synchronization

[2012/06/01 12:28:48 | 000,003,058 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Offline Files\Logon Synchronization

[2009/07/14 01:55:03 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor

[2009/07/14 01:53:47 | 000,003,752 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

[2009/07/14 01:57:07 | 000,004,370 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RAC\RacTask

[2009/07/14 01:49:35 | 000,003,052 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Ras\MobilityManager

[2009/07/14 01:54:36 | 000,003,956 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Registry\RegIdleBackup

[2009/07/14 01:57:09 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask

[2009/07/14 01:57:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControls

[2009/07/14 02:09:03 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration

[2012/06/01 12:28:50 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\AutoWake

[2012/06/01 12:28:52 | 000,003,612 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\GadgetManager

[2012/06/01 15:08:32 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SessionAgent

[2012/06/01 15:08:47 | 000,003,792 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SystemDataProviders

[2009/07/14 01:49:17 | 000,003,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

[2009/07/14 02:01:13 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SystemRestore\SR

[2012/06/05 19:46:10 | 000,003,192 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\TabletPC\InputPersonalization

[2009/07/14 01:53:50 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Task Manager\Interactive

[2009/07/14 01:53:21 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1

[2009/07/14 01:53:21 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2

[2009/07/14 01:53:46 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor

[2009/07/14 01:49:48 | 000,003,388 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime

[2009/07/14 01:49:26 | 000,001,730 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\UPnP\UPnPHostConfig

[2009/07/14 01:53:37 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask

[2009/07/14 01:49:24 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WDI\ResolutionHost

[2009/07/14 01:49:16 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting

[2009/07/14 01:49:42 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange

[2009/07/14 01:57:13 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary

[2012/06/01 15:10:53 | 000,004,340 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification

[2009/07/14 02:09:01 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader

[2012/06/01 21:02:40 | 000,004,392 | ---- | M] () -- C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask

[2012/06/01 20:46:10 | 000,004,486 | ---- | M] () -- C:\Windows\SysNative\tasks\WPD\SqmUpload_S-1-5-21-1551810939-3245405272-4224829174-1000

< %systemroot%\system32\Tasks\*.* /s >

< %windir%\tasks\*.* /s >

[2012/07/26 22:29:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/26 18:30:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/07/14 02:08:49 | 000,029,152 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< End of report >

DigRam · Julho 27, 2012

Boa Tarde! maceno

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

:OTL
O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O33 - MountPoints2\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\Shell\AutoRun\command - "" = F:\Desperados.exe -- [2001/03/14 16:24:05 | 000,630,784 | R--- | M] (Spellbound Software)

O33 - MountPoints2\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\Shell - "" = AutoRun

O33 - MountPoints2\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\Shell\AutoRun\command - "" = F:\cdstart.exe

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Commands

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

Abraços!

maceno · Julho 28, 2012

bom dia

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb374067-b98e-11e1-8ac1-bcaec570dfe0}\ not found.

File move failed. F:\Desperados.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6080667-6c59-11e1-b1f8-bcaec570dfe0}\ not found.

File F:\cdstart.exe not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

User: Default User

User: Documentos

User: Public

User: Ricardo

User: Todos os Usuários

User: Usuário Padrão

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 80152 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68006 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_043212

Files\Folders moved on Reboot...

File\Folder F:\Desperados.exe not found!

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

File F:\Desperados.exe not found!

[2012/07/28 04:33:06 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

DigRam · Julho 28, 2012

Bom Dia! maceno

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

-/-

|- Seus logs estão limpos! :thumbsup:

|- Tudo Ok?

Abraços!

maceno · Julho 30, 2012

ok, muito obrigado está tudo certo limpinho!!

DigRam · Julho 30, 2012

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido] &nbspAnalisem meu log

Recommended Posts

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

maceno 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

PHP+Codeigniter - Adicionar Registro Plano de Contas

Javascript - Passar Parâmetros para uma Função.

PHP - Consulta MySql para prazo de dias

Fóruns

Tempo Real

Informação importante