[Resolvido] &nbspPc Infectado com vírus

[Leandro Jaoar 0]

Olá, boa tarde!

 

Sempre acompanho o fórum e me deparei com um problema...

 

Estava navegando na internet, baixando uns arquivos de jogos quando de repente meu computador parou de executar todos os arquivos, nao deixava eu fazer nada, o que estava bloqueando era um suposto anti virus chamado windows live platinum, pesquisei sobre ele na internet e achei a suposta solução, baixei um tal Spyware doctor PC TOOLS e a principio foi resolvido, a partir dai o windows live platinum foi desintalado e consegui usar o computador numa boa, só que depois disso, o avira segue achando 3 vírus e não consigo removê-los. No primeiro scan achou uns 11 virus, mas depois disso ele acha sempre os mesmos 3 virus e me da o alerta de tempos em tempos.

 

Os vírus são os seguintes:

 

TR/ATRAPS.GEN

TR/ATRAPS.GEN2

W32PATCHED.UA

 

Não sei do que se trata e fico preocupado de ser algo mais grave.

 

Obrigado pela atenção!

 

Segue relatorio do Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:38:56, on 31/07/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Users\Leandro\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 182.72.3.44:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense BANESTES - {C41A1C0E-EA6C-11D4-B1B8-444553540017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: seg.banestes.com.br

O15 - Trusted Zone: www.banestes.com.br

O15 - Trusted Zone: wwws.banestes.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginBnt - C:\Program Files (x86)\GbPlugin\gbiehBnt.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GridspotService - Gridspot - C:\Program Files (x86)\Gridspot\GridspotService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 12219 bytes

[DigRam 144]

Boa Tarde! Leandro Jaoar

 

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Clique em Salvar!

 

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe -> Executar.

 

 

>>

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

netsvcs

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

uninst.exe

/md5stop

regedit /e c:\registrybackup.reg /c

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar:

 

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[Leandro Jaoar 0]

Segue o log, grato

 

OTL logfile created on: 31/07/2012 15:49:54 - Run 2

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Leandro\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

8,00 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 71,95% Memory free

16,00 Gb Paging File | 13,66 Gb Available in Paging File | 85,42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 489,03 Gb Total Space | 376,19 Gb Free Space | 76,92% Space Free | Partition Type: NTFS

 

Computer Name: LEANDRO-PC | User Name: Leandro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/07/31 15:41:33 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Leandro\Desktop\OTL.exe

PRC - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

PRC - [2012/05/09 09:02:12 | 000,214,088 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2012/03/19 22:09:04 | 000,051,568 | ---- | M] (Gridspot) -- C:\Program Files (x86)\Gridspot\GridspotService.exe

PRC - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012/02/03 15:28:47 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/11/03 15:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/08/05 12:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) -- C:\Program Files (x86)\Scpad\scpVista.exe

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/22 09:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/01/26 19:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)

SRV:64bit: - [2009/08/10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV:64bit: - [2009/08/10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/06/22 15:34:12 | 001,118,680 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2012/06/22 14:21:50 | 000,402,368 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2012/06/22 11:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)

SRV - [2012/05/09 09:02:12 | 000,214,088 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2012/03/19 22:09:04 | 000,051,568 | ---- | M] (Gridspot) [Auto | Running] -- C:\Program Files (x86)\Gridspot\GridspotService.exe -- (GridspotService)

SRV - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/11/03 15:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/10/12 16:25:07 | 000,117,640 | R--- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2011/08/05 12:08:08 | 000,368,544 | ---- | M] (Banco Bradesco S.A.) [Auto | Running] -- C:\Program Files (x86)\Scpad\scpVista.exe -- (scpVista)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/22 09:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/07/25 19:15:50 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/06/22 15:35:00 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)

DRV:64bit: - [2012/06/22 11:39:20 | 000,085,224 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)

DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)

DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)

DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)

DRV:64bit: - [2012/02/03 15:29:11 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012/02/03 15:29:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012/02/03 15:29:11 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011/11/22 19:22:39 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/10/12 16:25:08 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011/10/12 16:25:08 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/10/12 16:25:08 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2011/10/12 16:25:08 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\BHDrvx64.sys -- (BHDrvx64)

DRV:64bit: - [2011/10/12 16:25:08 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\symtdi.sys -- (SYMTDI)

DRV:64bit: - [2011/10/12 16:25:08 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\symfw.sys -- (SYMFW)

DRV:64bit: - [2011/10/12 16:25:08 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\symndisv.sys -- (SYMNDISV)

DRV:64bit: - [2011/10/12 16:25:08 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1007000.01E\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2011/10/12 16:25:08 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/26 20:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/01/26 19:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/17 09:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009/10/21 00:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2009/07/30 06:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009/07/16 00:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/07/29 22:43:29 | 000,027,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)

DRV - [2012/04/05 09:34:04 | 000,046,408 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\GbpKm.sys -- (GbpKm)

DRV - [2011/11/04 17:37:00 | 000,224,048 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\Gridspot\VMRuntime\VBoxDrv.sys -- (GridspotVMDriver)

DRV - [2011/10/12 16:25:08 | 001,461,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\EX64.SYS -- (NAVEX15)

DRV - [2011/10/12 16:25:08 | 000,397,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvia64.sys -- (IDSVia64)

DRV - [2011/10/12 16:25:08 | 000,136,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090713.024\ENG64.SYS -- (NAVENG)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 94 DD 3B F6 6D CD 01 [binary data]

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114346&tt=3012_4&babsrc=SP_ss&mntrId=14c53fc200000000000014dae96f97d0

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes\{C816736C-4747-41A6-95F4-1D67251551F4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14782&src=kw&q={searchTerms}&locale=pt_BR&apn_ptnrs=VY&apn_dtid=YYYYYYYYBR&apn_uid=2E4FC3C1-0431-4686-A609-8A0ACDF65E67&apn_sauid=5C54A1E6-88F3-48EA-8E4B-27904FF5DC09&

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 182.72.3.44:3128

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1

FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Leandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (Vitzo)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012/04/21 16:24:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/26 13:42:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/07/25 14:33:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/26 13:42:56 | 000,000,000 | ---D | M]

 

[2011/11/10 20:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leandro\AppData\Roaming\mozilla\Extensions

[2011/11/10 20:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leandro\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/07/27 11:41:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011/11/10 20:53:16 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

 

========== Chrome ==========

 

CHR - homepage: http://search.babylon.com/?affID=114346&tt=3012_4&babsrc=HP_ss&mntrId=14c53fc200000000000014dae96f97d0

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&affID=114346&tt=3012_4&babsrc=SP_ss&mntrId=14c53fc200000000000014dae96f97d0

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://search.babylon.com/?affID=114346&tt=3012_4&babsrc=HP_ss&mntrId=14c53fc200000000000014dae96f97d0

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: VDownloader (Enabled) = C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Leandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/07/09 21:02:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Banco Bradesco S.A.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll (Banco do Estado do Espirito Santo - BANESTES)

O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: banestes.com.br ([seg] * in Trusted sites)

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: banestes.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: banestes.com.br ([wwws] * in Trusted sites)

O15 - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6E5931-4FAE-42E4-B0E7-CA82BCCD949B}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\symres - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll (Symantec Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginBnt: DllName - (C:\Program Files (x86)\GbPlugin\gbiehBnt.dll) - C:\Program Files (x86)\GbPlugin\gbiehBnt.dll (Banco do Estado do Espirito Santo - BANESTES)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399017} - C:\Program Files (x86)\GbPlugin\gbiehbnt.dll (Banco do Estado do Espirito Santo - BANESTES)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3c08cb80-1558-11e1-bfa5-14dae96f97d0}\Shell - "" = AutoRun

O33 - MountPoints2\{3c08cb80-1558-11e1-bfa5-14dae96f97d0}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/07/31 15:41:32 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Leandro\Desktop\OTL.exe

[2012/07/31 11:35:43 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{32F6C1EA-C70E-47EE-B529-6866D70AD5AF}

[2012/07/31 11:35:32 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{85743B91-B8E7-497F-8924-91A70E3EE19F}

[2012/07/30 23:35:08 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{680F77F5-898C-4052-8492-335680601CBC}

[2012/07/30 23:34:57 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{3B1086A4-9BF0-4305-A697-522935B83FB1}

[2012/07/30 10:11:57 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{F0203154-6105-4548-8AD3-9EB5B5F8CDC8}

[2012/07/30 10:11:47 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{0A557D0E-5E9E-4383-88CE-766661C89799}

[2012/07/29 22:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III

[2012/07/29 22:11:22 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{81C582FE-A6F0-4199-B46E-7B02572AE213}

[2012/07/29 22:11:12 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{B6815C8B-0A0E-4F8A-B85A-9E15E53F77AF}

[2012/07/29 10:07:39 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{3BDC1DF3-7111-4864-AB86-6DC24AFFD9BE}

[2012/07/29 10:07:29 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{27B8024C-371D-4235-8B24-8AEB1DCBF4BB}

[2012/07/28 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{1ADBD7E4-BB3A-4DDF-B094-E7D7298CB058}

[2012/07/28 21:56:40 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{782011C7-94DD-48B0-B07D-B47693EAB13F}

[2012/07/28 10:50:25 | 000,000,000 | ---D | C] -- C:\Users\Leandro\Desktop\backup pes 2013 demo

[2012/07/28 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Leandro\Desktop\DEMO PATCH

[2012/07/28 09:56:15 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{7684D467-BB9F-4DF8-BEA5-8E9F38CBF3C6}

[2012/07/28 09:56:04 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{031DBFF7-7E4A-468E-B3DA-1223CEFCDAF2}

[2012/07/27 20:57:00 | 000,000,000 | ---D | C] -- C:\Users\Leandro\Desktop\PATCH 70 TIMES

[2012/07/27 18:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/27 14:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scpad

[2012/07/27 13:09:47 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{E2C9A2A3-3103-47B0-905B-FEFA7EF74C04}

[2012/07/27 13:09:36 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{B7496CD8-A74A-4CBE-BBED-B9EE7BFE8541}

[2012/07/27 11:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012/07/27 01:09:11 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{9BDED6C8-33B4-4DB4-B12D-3AEFDD3DFFB7}

[2012/07/27 01:09:00 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{B6EC3283-24A4-4298-A551-E10BAEFD171A}

[2012/07/27 00:35:11 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{736D346F-AA10-488D-B6B0-D3C415A6B877}

[2012/07/26 12:34:46 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{9B81E389-2A56-4449-A303-F055756F28A2}

[2012/07/26 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{DA7C8D37-4C7C-46CE-A3E6-110315E2DA77}

[2012/07/26 00:34:11 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{47ABC564-C627-47A0-87FD-D9BF804C3FA2}

[2012/07/26 00:34:00 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{9AC41C99-1A03-4247-AB8A-C7B4CDB64E67}

[2012/07/25 22:42:27 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Roaming\Avira

[2012/07/25 22:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012/07/25 22:36:59 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2012/07/25 22:36:59 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2012/07/25 22:36:59 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2012/07/25 22:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012/07/25 22:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012/07/25 19:20:18 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\Symantec

[2012/07/25 19:15:43 | 000,031,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymIMV.sys

[2012/07/25 19:15:40 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/07/25 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/07/25 19:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/07/25 18:19:33 | 000,000,000 | ---D | C] -- C:\Users\Leandro\Desktop\EDITOR PES 13

[2012/07/25 14:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security

[2012/07/25 12:50:52 | 000,000,000 | ---D | C] -- C:\Users\Leandro\Desktop\PES2013

[2012/07/25 12:33:35 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{7674093E-0FC1-4111-B885-01CFBF5F8F70}

[2012/07/25 12:33:25 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{284F4381-C6FA-4486-B754-41B84A0996E7}

[2012/07/25 10:58:13 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0735.old

[2012/07/25 10:58:13 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0701.old

[2012/07/25 10:58:13 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll

[2012/07/25 10:58:13 | 001,689,560 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2012/07/25 10:58:13 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0735.old

[2012/07/25 10:58:13 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0701.old

[2012/07/25 10:58:13 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll

[2012/07/25 10:58:13 | 000,085,224 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys

[2012/07/25 10:57:43 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys

[2012/07/25 10:57:42 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys

[2012/07/25 10:57:42 | 000,341,200 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys

[2012/07/25 10:57:42 | 000,145,464 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys

[2012/07/25 10:57:40 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys

[2012/07/25 10:57:40 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2012/07/25 10:57:40 | 000,014,808 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys

[2012/07/25 10:57:38 | 000,092,928 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys

[2012/07/25 10:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2012/07/25 10:57:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2012/07/25 10:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/07/25 10:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/07/25 10:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/07/25 10:54:30 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Roaming\TestApp

[2012/07/25 10:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/07/25 10:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/07/25 03:09:10 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012/07/25 03:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\82C65AE619415BF5A14FF015F875EF60

[2012/07/25 00:31:42 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{23B5083C-9D01-46CF-93F9-066D5C28E666}

[2012/07/25 00:31:32 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{ED817B38-C9F0-419C-A2E8-6170FF22E581}

[2012/07/24 12:31:21 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{C8DA190F-5543-4F4E-A353-5B1F54BFD46D}

[2012/07/24 12:31:11 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{D89F300A-8A1A-41FB-A105-5ED039417B1A}

[2012/07/23 23:04:02 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{3286C12C-EEC3-4FEA-BD8C-83A8BF66D859}

[2012/07/23 23:03:52 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{8245D526-A6DE-40EC-B39A-22ED5D1FBB78}

[2012/07/23 11:03:28 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{E3ED2541-9861-4E19-9EED-CBD9E693072E}

[2012/07/23 11:03:18 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{68DA2E5A-5BBD-4899-9E60-3473ECA8D6AA}

[2012/07/22 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{EBA799B6-8C13-49D1-8A5F-5FFB96E9291D}

[2012/07/22 15:13:01 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{24A9EACC-121C-4341-9F08-D620EED1BC82}

[2012/07/21 12:14:02 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{F8D3F389-D9C6-46CB-8E2F-334AE29DA184}

[2012/07/21 12:13:51 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{D2FF06E9-7F50-4C4D-B2B4-4414EA245AEB}

[2012/07/20 13:47:13 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{0D13FADC-A747-4F8A-AAD6-4F2F3D38BB75}

[2012/07/20 13:47:02 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{621AEB2E-021C-4B6B-84A6-EE8DC97588D9}

[2012/07/19 23:34:39 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{89BC55E3-5963-455E-AC9B-50CE65381D0B}

[2012/07/19 23:34:28 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{07E16A08-8A71-4E97-BAEF-1A32C355F510}

[2012/07/19 22:23:56 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Roaming\TeamViewer

[2012/07/19 11:21:44 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{2348083F-C810-489F-B811-8CC0CA9FC74C}

[2012/07/19 11:21:33 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{4A1802A9-9BCC-43D1-B0B4-0DE13BDD99D2}

[2012/07/17 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{8A3309A9-3148-4682-9774-ADCEAAB3ACB9}

[2012/07/17 22:48:46 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{1EA48AE3-98C0-4F97-B6D0-4861F9C323F8}

[2012/07/17 22:44:23 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{AF0CACA9-4AC8-4C33-BFB3-DCD85204E38E}

[2012/07/17 10:39:36 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{560D619B-B2AC-466E-B3BB-48A28ECBB799}

[2012/07/17 10:39:26 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{7A50ACAD-2738-446D-80EA-CF4A565DB512}

[2012/07/16 21:26:36 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{1446927A-4736-4957-8FC6-F997B1A60732}

[2012/07/16 21:26:26 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{A380B3FF-BB88-4E8A-A29C-6E7BF545C764}

[2012/07/16 09:26:02 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{8E24BCCF-5F9B-4D2C-87BC-9D6909998679}

[2012/07/16 09:25:49 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{4DAA09C9-B3A6-4A65-96F3-79345672BDBF}

[2012/07/15 20:43:35 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{A41D98FE-E261-4557-941E-CF967954670D}

[2012/07/15 20:43:25 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{FF9DF7C2-69C6-4CD0-B856-2E4FD1EC2FB8}

[2012/07/13 21:33:01 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{83DFE860-2B50-439D-91DA-B59AD282E8F8}

[2012/07/13 21:32:51 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{B5495951-6E7E-4433-9E45-342B66E3E1BF}

[2012/07/11 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{1338F9FB-FE9C-4466-B222-F04948560570}

[2012/07/11 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{BFD19AE0-B15C-426D-943F-87FD3C32D537}

[2012/07/11 07:37:12 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{58B50F55-B111-4799-AA05-F0C754B43173}

[2012/07/11 07:37:02 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{75AD2A1F-EE97-4A2D-8540-B63A9E51D362}

[2012/07/09 21:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/07/09 21:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/07/09 21:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/07/09 20:56:44 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{E9ECAAE5-A106-4B66-B6C8-206D59D4544D}

[2012/07/09 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{577088F6-31C7-4108-B4BD-FA641BCB344E}

[2012/07/08 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{C04B63AD-65DB-4E40-B763-159D74D2C688}

[2012/07/08 15:54:56 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{B8AFE25C-54D7-4210-9EC8-4FF6B3CDD1C8}

[2012/07/08 02:40:35 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{CE15AD36-4292-4B11-B010-A83DCCB93354}

[2012/07/08 02:40:24 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{E43B3007-C3CC-447E-A75C-DF569C702AAB}

[2012/07/07 12:27:45 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{22B09F0B-3B52-46EE-8A5E-FCD88660B2BD}

[2012/07/07 12:27:35 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{D81B8673-A070-4778-A578-3FE9EFA4D9BF}

[2012/07/05 20:38:22 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{E02CD1AA-CBA7-448F-9FC6-9F637CF10705}

[2012/07/05 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{058EFBF2-8FDE-4A8A-BD3E-6DC9CFC8C292}

[2012/07/04 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{051E2778-239A-4EFE-AB86-1C71571BEAF2}

[2012/07/04 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{B6A4E91E-37D7-49FB-B5C1-A266AE6B1092}

[2012/07/03 20:37:04 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{41A5AE21-0E24-4249-B1B9-816CA789F878}

[2012/07/03 20:36:54 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{33F204F0-5AF8-4889-9E3E-0D2FB1850FDF}

[2012/07/02 19:38:02 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{EA75E828-B7B4-4A57-AB0E-48259D857C81}

[2012/07/02 19:37:51 | 000,000,000 | ---D | C] -- C:\Users\Leandro\AppData\Local\{4EB1F045-5579-4F89-B61F-06D3A1D24C62}

[2012/04/21 16:24:36 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

[2012/04/21 16:24:36 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/07/31 15:41:33 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Leandro\Desktop\OTL.exe

[2012/07/31 14:59:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/31 07:17:08 | 000,018,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/31 07:17:08 | 000,018,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/31 07:15:54 | 001,516,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/31 07:15:54 | 000,663,606 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/07/31 07:15:54 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/31 07:15:54 | 000,127,896 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/07/31 07:15:54 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/31 07:09:58 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/31 07:09:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/31 07:09:51 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/29 23:30:36 | 000,001,938 | ---- | M] () -- C:\Users\Leandro\Desktop\wehellas2013-unlock - Atalho.lnk

[2012/07/29 23:27:47 | 000,045,270 | ---- | M] () -- C:\Users\Leandro\AppData\Roaming\room_v3.dat

[2012/07/27 11:41:35 | 000,000,304 | ---- | M] () -- C:\user.js

[2012/07/25 22:37:11 | 002,033,962 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/07/25 22:37:11 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012/07/25 19:15:51 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/07/25 19:15:50 | 000,172,592 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/07/25 19:15:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/07/25 11:05:59 | 000,000,675 | ---- | M] () -- C:\Windows\wininit.ini

[2012/07/23 16:34:15 | 000,515,845 | ---- | M] () -- C:\Users\Leandro\Desktop\Autorização de faturamento.pdf

[2012/07/13 21:51:04 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/07/09 21:02:41 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/07/01 20:40:03 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/07/31 15:50:39 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\800000cb.@

[2012/07/31 15:42:12 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\80000000.@

[2012/07/29 23:30:36 | 000,001,938 | ---- | C] () -- C:\Users\Leandro\Desktop\wehellas2013-unlock - Atalho.lnk

[2012/07/27 11:41:34 | 000,000,304 | ---- | C] () -- C:\user.js

[2012/07/25 22:37:11 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012/07/25 19:15:40 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/07/25 19:15:40 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/07/25 11:05:58 | 000,000,675 | ---- | C] () -- C:\Windows\wininit.ini

[2012/07/25 10:58:13 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0735.old

[2012/07/25 10:58:13 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0701.old

[2012/07/25 10:58:13 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2012/07/25 10:58:13 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip

[2012/07/25 10:58:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml

[2012/07/25 10:58:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml

[2012/07/25 10:58:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip

[2012/07/25 10:57:43 | 002,033,962 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/07/25 02:59:38 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\00000001.@

[2012/07/23 16:36:09 | 000,515,845 | ---- | C] () -- C:\Users\Leandro\Desktop\Autorização de faturamento.pdf

[2012/05/26 13:39:44 | 000,167,171 | ---- | C] () -- C:\Windows\hphins26.dat

[2012/05/26 13:39:44 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl26.dat

[2012/04/21 16:24:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zyadeizbstq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zmpm.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zlvlgaoro.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zbu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yztg.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ywcotf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yruogei.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yqwnxmuqkr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ynbpico.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yft.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yfddtyco.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yeqc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xrjmwls.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xratz.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xnrwoffi.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xkiazoygsu.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xitroqxj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhliavnncf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhi.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhepiahgu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xei.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xdu.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xbwudob.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xabxrnwognq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wztapis.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wvpmojcpagc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wuienx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wmaeoulj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wjd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wgfzxqxc.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vwx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vwvpxtf.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vtccpjjxhbl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vpymgh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vky.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vhgdwwy.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vexcv.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uuknvmo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\upqsk.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uilhoi.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ugh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uaqqwmjt.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tubh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tmksiwyo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tjerrruiu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tgysztaa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tgp.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\szanch.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\swrosmstc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\svh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\surl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sthnpbr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\skjqlknoa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rzuc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rvitifkhda.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ruwy.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rtsquze.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rnaxcorvnpm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rmkgnn.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rfbddh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rckntimj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rbou.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qzegqoobxiy.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qxbus.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qqqewpfdl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qpghwlpi.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qnretzig.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qheefqe.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qbdvroefxtf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pvsbacopgo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\puxozpwjj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ptfcgaof.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\psxulyb.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\psuezqksw.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pqjjgvrcrr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pplmagu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pefaimbebk.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pcpmvigyknw.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oxxpcqneqfk.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\onuhfaqdr.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\olcfhmx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\okbzdweogsf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ogn.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ogknbwh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ocduhsoaeky.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\netcd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ndpxrjvfik.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mxdvmytw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mpuqpwyjjoe.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mlfml.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mhymnl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mhefcltipun.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mcrrrdylbyb.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mbpbf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lxjydaq.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lwcnbd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lvjfqnrfy.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lmkwvtfa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\liif.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lhlcj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ldna.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ktkvvqws.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kokjkgnayl.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kgqeevfnt.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kfkegdfzsmf.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kblu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kaddzumq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jxqxva.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jscxtijpp.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ixrmyzmuf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\itshnv.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\isnvgwxvzx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ikvd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ifvbafbi.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\iduxw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ict.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ibqvywo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hxpuo.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\htzs.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\htubwk.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hqwxnfwmq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hoboh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hmzimwaq.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hhxjfatux.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hgu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hgdxppghmnp.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hfaptb.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hbqnkzjqm.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gzswrdxw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gxveh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gxiglgpq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gswxesatox.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gksspjwk.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gjrxn.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\giemuzl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ggjxmqh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gecrm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gcgii.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gbx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fyvyvw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fqat.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fnyj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fkuuzbgv.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ezafudvoiyt.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ehe.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\egskehx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\edsljcdivuy.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dxrnzku.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dqajfj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dmtlsnues.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\defhdp.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cqbt.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cntaml.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\civwzqm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cfclssx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cdntf.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cbgvboorrjj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bzyz.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bsmobir.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\blxcchdo.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ayyyufnvi.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aso.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\arembuqqlhl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\apluecjxljh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\akjgqsepny.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ajnzyssdz.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ajfm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aclcvmx.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zzmbkjttcv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zvxuplfqaiv.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zmulmsalvp.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zhbezzk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zgtn.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yfguqg.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ybcwdcj.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhxj.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xbeumyws.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wvmaql.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wtkvqxla.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wmcwjfwebcg.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wjjkwjxof.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vuzy.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vekhfmquvd.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uvhkeoo.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ujupkolaxz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uhgxcxne.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\udixx.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ubomomrwsdk.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tttpgilubhz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tixbprzs.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tcu.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\swmx.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\srt.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sqrvkkbktxz.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sntlrnm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\slfzi.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\skcx.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sjzadmi.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sfsz.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rumiqlhw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rpz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\riffaw.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rifbww.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rhw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qttwzyei.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qsopsnklrnj.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qrpcq.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qqqt.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pqognjycvt.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pjtdqi.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\phcioojd.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pedcjlq.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pclkwlz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pathdekgnl.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ousspnt.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\otvbczqzr.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\otorwgb.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oofzxmm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oofsbkfk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ooaomuyhvz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\olhdsirhbjm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oicryjbsxhd.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ntpp.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\npuailglpt.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\narceunvfsr.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mwzhlh.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mwuwz.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mvhxlyyr.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\minowwpnhw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mflohpswrxl.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mbufohzbd.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\maynwlp.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lvzw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lqya.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lnm.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lffhqjpt.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kppamcnflm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\knk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kkrk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kjvzwobzke.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jvpytddxshm.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jvanbm.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jecbuzopv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jazdltqdat.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ivz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ithugwck.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\imisiwl.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ilppyukvb.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hxokmtz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hulemjbpzih.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hrfumedgw.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hiushfclfla.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gwegf.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ghdvcccqxcv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fzzu.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fnxe.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fmlgoxxnn.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fhagevihj.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\epuzw.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\eesejbzog.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dmuuqmc.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dkfd.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\djzobvavx.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dgppwo.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dgckkqqq.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dfswulgomz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\detwvkklv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ctxnogspj.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cbqynozbpo.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\byoqvakieh.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bxqecmpfn.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bulcyfilrrd.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bsxkwl.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\betjex.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\azuxhafgo.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\auemdu.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aesvs.dat

[2011/12/25 16:31:18 | 000,045,270 | ---- | C] () -- C:\Users\Leandro\AppData\Roaming\room_v3.dat

[2011/12/25 15:42:52 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\@

[2011/12/25 15:42:52 | 000,002,048 | -HS- | C] () -- C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}\@

[2011/12/25 15:33:04 | 000,059,708 | ---- | C] () -- C:\Windows\War3Unin.dat

[2011/10/12 16:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/10/12 16:42:41 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/10/12 16:23:51 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll

[2011/10/12 16:23:51 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2011/10/12 16:23:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2011/10/12 16:23:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

[2011/10/12 16:18:38 | 000,030,890 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011/10/12 16:17:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/10/12 16:17:43 | 000,023,142 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

 

========== LOP Check ==========

 

[2011/12/28 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Auto-Joiner

[2011/10/21 12:19:05 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\br.com.meubolsoemdia.jimbo

[2012/04/23 11:13:41 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\DAEMON Tools Lite

[2012/07/29 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\GarenaPlus

[2012/04/07 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\GetRightToGo

[2011/11/22 19:19:21 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\OpenCandy

[2011/10/20 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Origin

[2012/07/19 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TeamViewer

[2012/07/25 10:54:30 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TestApp

[2011/11/10 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TomTom

[2012/04/23 14:49:12 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TS3Client

[2012/03/15 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\ts3overlay

[2012/04/23 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\uTorrent

[2012/04/21 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\VDownloader

[2012/06/24 11:59:00 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< >

 

< %APPDATA%\Local\*. >

 

< %APPDATA%\*.exe /s >

[2011/10/21 12:18:34 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Leandro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011/10/14 04:55:04 | 001,401,352 | ---- | M] () -- C:\Users\Leandro\AppData\Roaming\OpenCandy\BF341CF66DE64A6EB879A7A86AD8D639\SpeechGridInstaller_82.exe

[2011/11/10 20:52:45 | 020,398,464 | ---- | M] (TomTom International B.V.) -- C:\Users\Leandro\AppData\Roaming\TomTom\HOME\Profiles\9me421rj.default\Updates\v2_8_2_2264_win.exe

 

< %APPDATA%\*. >

[2012/04/23 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\.clamwin

[2011/11/09 21:40:57 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Adobe

[2011/10/12 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\ATI

[2011/12/28 20:26:10 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Auto-Joiner

[2012/07/25 22:42:27 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Avira

[2011/10/21 12:19:05 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\br.com.meubolsoemdia.jimbo

[2012/04/23 11:13:41 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\DAEMON Tools Lite

[2012/07/29 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\GarenaPlus

[2012/04/07 22:43:40 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\GetRightToGo

[2012/05/26 13:45:08 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\HP

[2011/10/12 15:47:55 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Identities

[2011/10/12 18:23:48 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Macromedia

[2009/07/14 04:45:14 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Media Center Programs

[2012/07/25 18:51:04 | 000,000,000 | --SD | M] -- C:\Users\Leandro\AppData\Roaming\Microsoft

[2011/11/10 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Mozilla

[2011/11/22 19:19:21 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\OpenCandy

[2011/10/20 18:02:40 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Origin

[2011/10/13 00:02:45 | 000,000,000 | RH-D | M] -- C:\Users\Leandro\AppData\Roaming\SecuROM

[2012/07/30 23:45:41 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\Skype

[2012/07/19 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TeamViewer

[2012/07/25 10:54:30 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TestApp

[2011/11/10 20:49:23 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TomTom

[2012/04/23 14:49:12 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\TS3Client

[2012/03/15 20:34:24 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\ts3overlay

[2012/04/23 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\uTorrent

[2012/04/21 16:25:51 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\VDownloader

[2011/10/13 22:37:40 | 000,000,000 | ---D | M] -- C:\Users\Leandro\AppData\Roaming\WinRAR

 

< %USERPROFILE%\AppData\Local\*.* >

[2012/05/26 13:48:04 | 000,109,208 | ---- | M] () -- C:\Users\Leandro\AppData\Local\GDIPFONTCACHEV1.DAT

[2012/07/30 23:45:40 | 002,915,737 | -H-- | M] () -- C:\Users\Leandro\AppData\Local\IconCache.db

 

< %USERPROFILE%\AppData\Roaming\*.* >

[2012/07/29 23:27:47 | 000,045,270 | ---- | M] () -- C:\Users\Leandro\AppData\Roaming\room_v3.dat

 

< %systemroot%\assembly\tmp\*.* /S /MD5 >

 

< %systemroot%\assembly\temp\*.* /S /MD5 >

 

< %systemroot%\assembly\GAC\*.* /S /MD5 >

[2011/10/15 21:46:23 | 000,110,592 | ---- | M] () MD5=7ECB661F50F34A941A44DAC7241F7D08 -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

[2011/10/15 21:48:31 | 000,000,196 | ---- | M] () MD5=44300D5320DA9FE1A79F85D3CC8369AB -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/10/15 21:46:26 | 000,004,608 | ---- | M] () MD5=F8D11C60B70ACD2EC9154EE676F615BA -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

[2011/10/15 21:48:31 | 000,000,204 | ---- | M] () MD5=89E94319A3126A292D0894A1FF82C913 -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/10/17 22:04:12 | 000,053,248 | ---- | M] () MD5=75933586AFD94EA24C5ACD3DBC89A272 -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

[2011/10/17 22:04:12 | 000,000,328 | ---- | M] () MD5=C0BFB27517CA85FBE4AD8EF155CDDAF8 -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:12 | 000,012,800 | ---- | M] () MD5=C0843F0F45EDEEF233B1E581AE75E3BB -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

[2011/10/17 22:04:12 | 000,000,314 | ---- | M] () MD5=5CD467114DD0090794DAEA9FE798F4F3 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:13 | 000,473,600 | ---- | M] () MD5=7AD4D9FABD109432EED91B359CEAE430 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

[2011/10/17 22:04:13 | 000,000,308 | ---- | M] () MD5=89E032236E2531E6682CF2D7F4463C1A -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:05 | 002,676,224 | ---- | M] () MD5=A73E7421449CCA62B0561BAD4C8EF23D -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:05 | 000,000,310 | ---- | M] () MD5=D6D187F9AC9EA77743EE9CBE23552B3B -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:06 | 002,846,720 | ---- | M] () MD5=5E2B8B8A5ED016468716B9FF82A1806F -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:06 | 000,000,310 | ---- | M] () MD5=73981145CA1B6159C850E0B1DF19D2DC -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:07 | 000,563,712 | ---- | M] () MD5=D3F1922325BE8E7E1C72BFD8179454CE -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:07 | 000,000,310 | ---- | M] () MD5=000B35CCBB5E4BA1A799C66B37AE9C26 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:07 | 000,567,296 | ---- | M] () MD5=FB3BC0754921873A65F5FBDCA845E6EE -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:07 | 000,000,310 | ---- | M] () MD5=32DE1BEF56133D46D972283477B001A1 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:07 | 000,576,000 | ---- | M] () MD5=AFCF5F50C632F3A5598ABC28F196D77C -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:07 | 000,000,310 | ---- | M] () MD5=964A80E0F0A340CB2C785E815732F37F -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:08 | 000,577,024 | ---- | M] () MD5=CCD53738DF4FA27849B6BB05DD67D10D -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:08 | 000,000,310 | ---- | M] () MD5=6D26D6C507F56B96B698CA8C18EB8626 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:09 | 000,577,536 | ---- | M] () MD5=43C280C3B15CEB2472AB560D09629664 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:09 | 000,000,310 | ---- | M] () MD5=3DCCC79DD7D2CA7D5360064CA52AE62A -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:09 | 000,577,536 | ---- | M] () MD5=490807C150B7D8BE44BDE871F4DF8C56 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:09 | 000,000,310 | ---- | M] () MD5=48F4CEB953DC00361E63EEC880E4D9DA -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:10 | 000,578,560 | ---- | M] () MD5=933085360527DE1B4947289CA468184E -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:10 | 000,000,310 | ---- | M] () MD5=22565CFAF2567A548B60CB099DE882E6 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:13 | 000,578,560 | ---- | M] () MD5=25C76C1E29D3E8E7398F0901F558A629 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2011/10/17 22:04:13 | 000,000,310 | ---- | M] () MD5=42C70F29C70B216B7FDD57080ABBFA3E -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:14 | 000,145,920 | ---- | M] () MD5=D9824A9DD107E598575112B4FF897292 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

[2011/10/17 22:04:14 | 000,000,312 | ---- | M] () MD5=E6032B553F6179582DE741F7F233B39A -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:15 | 000,159,232 | ---- | M] () MD5=CEBD995DDEAB2C525A5C4E95789BC961 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

[2011/10/17 22:04:15 | 000,000,314 | ---- | M] () MD5=FE705F11880DF57E59326FD576E0E9E1 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:15 | 000,364,544 | ---- | M] () MD5=46F26E2BAFD44960E7F13B2EF80AA0BC -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

[2011/10/17 22:04:15 | 000,000,312 | ---- | M] () MD5=7133D2B820BBC3AA7A01442B93A1E26B -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:15 | 000,178,176 | ---- | M] () MD5=D035348EC8968861AF585B7132FE4C7B -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

[2011/10/17 22:04:15 | 000,000,314 | ---- | M] () MD5=44CDF1553BC720255F42728EDB8BCC50 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/10/17 22:04:11 | 000,223,232 | ---- | M] () MD5=0C453970E89DB1C1EB9DE087E6EAB5BA -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

[2011/10/17 22:04:11 | 000,000,290 | ---- | M] () MD5=52AF79BA1F0B3A224B0B6139DC5044F2 -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009/07/14 01:55:04 | 000,356,352 | ---- | M] () MD5=DD2EB5E64619613C4C108CFB192F4950 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/14 01:55:04 | 000,000,325 | ---- | M] () MD5=3A74C27634435F509DC024FEEBE670E5 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009/07/14 01:55:04 | 000,516,096 | ---- | M] () MD5=A02EE61542CAAE25F8A44C9428D30247 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/14 01:55:04 | 000,000,328 | ---- | M] () MD5=FAF707724A740277714E33A65F4995BF -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/04/21 16:24:48 | 008,007,680 | ---- | M] () MD5=3BF7213044DD0701E9E03CFED78BB088 -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

[2012/04/21 16:24:48 | 000,000,283 | ---- | M] () MD5=CF15CEB001B08AE629CCCDF4A849ED1F -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/10/15 21:46:42 | 000,013,312 | ---- | M] () MD5=D80746B2F94A3A28E380735D4B8A9EA3 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

[2011/10/15 21:48:31 | 000,000,210 | ---- | M] () MD5=A57C6028DAE8D855FFC2BBC2D6E57246 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/10/15 21:46:42 | 000,004,096 | ---- | M] () MD5=AAA2E20588E154A10747BF1B31B55125 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

[2011/10/15 21:48:31 | 000,000,200 | ---- | M] () MD5=C1F5FADD74964959FC4394832BBC3E59 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/10/15 21:46:46 | 000,016,384 | ---- | M] () MD5=E1EEB7E26AB04075EECC7275239B20B3 -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

[2011/10/15 21:48:31 | 000,000,197 | ---- | M] () MD5=FC75E46DA5B9F9263B958C7B027ACBFC -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

 

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2009/07/13 22:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll

[2010/11/20 09:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010/11/04 22:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2009/07/13 22:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe

[2009/07/13 18:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config

[2012/04/21 16:24:48 | 000,139,264 | ---- | M] () MD5=99B11960D3AC925550CCCA10F0B684C2 -- C:\Windows\assembly\GAC_32\Interop.SHDocVw\1.1.0.0__c8e1c1f3d6d8e203\Interop.SHDocVw.dll

[2010/11/04 22:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010/11/20 09:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2009/07/13 23:12:54 | 000,090,112 | ---- | M] () MD5=7643FE2D5D8DC339868BD4D952E0F385 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2009/07/13 17:52:48 | 000,090,112 | ---- | M] () MD5=EAA4D6750FB7E2867C18894BB14BF18D -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_pt-BR_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2010/11/20 09:35:58 | 000,189,952 | ---- | M] () MD5=38D88B9F15909C5EB12543B9ADD60665 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll

[2010/11/20 09:35:58 | 000,145,920 | ---- | M] () MD5=7473DCFFD01F73BA2B2621555B02E09A -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll

[2009/07/13 22:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/13 22:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 22:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll

[2010/11/04 22:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2011/10/15 21:46:00 | 000,370,608 | ---- | M] () MD5=99D8B5B9A5D631608242BAA23249B2E1 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

[2009/07/13 22:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2009/06/10 18:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009/06/10 18:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009/06/10 18:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009/06/10 18:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009/06/10 18:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2010/11/04 22:57:51 | 004,550,656 | ---- | M] () MD5=2795EAA90EDAB15BB239B4DCD3BEB633 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009/06/10 18:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009/06/10 18:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009/06/10 18:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009/06/10 18:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009/06/10 18:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009/06/10 18:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009/06/10 18:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009/06/10 18:23:17 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009/06/10 18:23:17 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009/06/10 18:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010/11/20 09:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010/11/20 09:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009/07/13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config

[2009/07/13 22:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll

[2009/06/10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009/06/10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config

[2009/07/13 22:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll

[2009/07/13 19:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009/07/13 22:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2010/11/04 22:53:22 | 004,218,880 | ---- | M] () MD5=8A68B7F6F17377EFC0E7B12ABE54A8A4 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009/06/10 18:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2010/11/04 22:53:31 | 001,736,536 | ---- | M] () MD5=189EF45EB56724A888159C084588155D -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010/11/04 22:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010/11/04 22:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010/11/04 22:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010/11/20 01:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2010/11/04 22:53:24 | 000,372,736 | ---- | M] () MD5=D5DB261885C0FEBF106DD3921C764F1E -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009/06/10 18:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2010/11/04 22:58:11 | 005,251,072 | ---- | M] () MD5=03A5313EEC92FB067B774C220761BD7B -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >

[2009/07/13 22:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll

[2010/11/20 10:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010/11/04 22:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2010/11/04 22:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010/11/20 10:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2010/11/20 10:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe

[2010/11/20 10:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll

[2009/07/13 23:32:58 | 000,090,112 | ---- | M] () MD5=36FC4413674DEE77D586535E7075ACB4 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_en_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2009/07/13 18:03:34 | 000,090,112 | ---- | M] () MD5=706F974A47418C837A3023120596615D -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_pt-BR_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll

[2010/11/20 10:44:11 | 000,196,096 | ---- | M] () MD5=6E1F814CEEFC54E14DDBA66415823CFE -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll

[2010/11/20 10:44:11 | 000,151,040 | ---- | M] () MD5=63A87E4AEF8F906BABEF2612C2A00586 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll

[2009/07/13 22:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/13 22:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2011/08/17 02:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

[2010/11/20 10:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll

[2010/11/20 10:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll

[2010/11/20 10:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll

[2010/11/20 10:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll

[2011/10/15 21:46:23 | 000,163,248 | ---- | M] () MD5=595C46715D74E357B7B2E43CE732CE89 -- C:\Windows\assembly\GAC_64\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Access.BusinessDataCatalog.DLL

[2011/10/15 21:46:08 | 000,956,288 | ---- | M] () MD5=5F20CC1396134D409FB641CC6F78623C -- C:\Windows\assembly\GAC_64\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll

[2011/10/15 21:46:32 | 000,140,200 | ---- | M] () MD5=07C649EDCCEB97CBAF976053D2392CC8 -- C:\Windows\assembly\GAC_64\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

[2009/07/13 22:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll

[2011/10/15 21:46:35 | 000,513,920 | ---- | M] () MD5=9A1AD8C3023D6D56B685C9694E2068E9 -- C:\Windows\assembly\GAC_64\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Administration.Client.dll

[2010/11/04 22:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2009/07/13 22:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2010/11/20 10:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll

[2010/11/04 22:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009/06/10 17:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009/06/10 17:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009/06/10 17:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009/06/10 17:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2010/11/04 22:56:49 | 004,567,040 | ---- | M] () MD5=D46B3027FDE4729E484364A8B10C69A5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009/06/10 17:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009/06/10 17:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009/06/10 17:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009/06/10 17:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009/06/10 17:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009/06/10 17:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009/06/10 17:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009/06/10 17:40:02 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009/06/10 17:40:02 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009/06/10 17:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010/11/20 10:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010/11/20 10:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009/06/10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009/06/10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 18:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009/07/13 22:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2010/11/04 22:52:53 | 003,997,696 | ---- | M] () MD5=B3B14A927ECE4440D58052E0B5679B8C -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009/06/10 17:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2010/11/04 22:53:03 | 002,255,192 | ---- | M] () MD5=04A7A2D3B9AC06609AA93834785F0C92 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010/11/04 22:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010/11/04 22:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010/11/04 22:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010/11/04 22:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2010/11/04 22:52:57 | 000,358,912 | ---- | M] () MD5=183FCB53541A77FCCF22CAAC19DD2BA0 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009/06/10 17:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2010/11/04 22:57:04 | 005,259,264 | ---- | M] () MD5=508E39B48592FD3BDE914054DDE31CCF -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

[2012/03/30 21:44:07 | 000,108,824 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT

 

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

 

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

 

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

"DownloadRetries" = 0

"KnownProvidersUpgradeTime" = 48 93 7E DE 10 89 CC 01 [binary data]

"Version" = 1

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C816736C-4747-41A6-95F4-1D67251551F4}]

 

< MD5 for: CSRSS.EXE >

[2009/07/13 22:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe

[2009/07/13 22:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

 

< MD5 for: EXPLORER.EXE >

[2011/02/26 03:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/26 02:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/26 03:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/03 03:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/31 03:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 02:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 10:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/31 03:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 02:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 22:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 03:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/26 03:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/03 03:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 

< MD5 for: SERVICES.EXE >

[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009/07/13 22:39:37 | 000,328,704 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\services.exe

 

< MD5 for: SMSS.EXE >

[2009/07/13 22:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\SysNative\smss.exe

[2009/07/13 22:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

 

< MD5 for: UNINST.EXE >

[2012/03/27 10:17:08 | 000,131,408 | ---- | M] (Piriform Ltd) MD5=0729A2E7124D39DC9791531247610CB8 -- C:\Program Files\CCleaner\uninst.exe

[2011/11/10 06:17:20 | 001,467,200 | ---- | M] (DT Soft Ltd.) MD5=66C21E00BE924AA68DDD6D501C572F78 -- C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe

[2012/07/01 20:40:03 | 000,119,875 | ---- | M] () MD5=9888A2EEDB1447E82F93B45C97F1036D -- C:\Program Files (x86)\Garena Plus\uninst.exe

 

< MD5 for: USERINIT.EXE >

[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 22:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 10:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 10:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 

< MD5 for: WININIT.EXE >

[2009/07/13 22:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/13 22:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/13 22:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/13 22:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2010/11/20 10:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 10:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 22:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 04:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 03:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 

< regedit /e c:\registrybackup.reg /c >

 

< %systemroot%\system32\tasks\*.* /s /64 >

[2012/07/18 00:54:23 | 000,003,814 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore

[2012/07/18 00:54:24 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA

[2012/04/21 16:25:24 | 000,003,826 | ---- | M] () -- C:\Windows\SysNative\tasks\Scheduled Update for Ask Toolbar

[2011/12/25 16:38:05 | 000,003,146 | ---- | M] () -- C:\Windows\SysNative\tasks\{802F582F-2251-4CA2-88E2-17383BA1B469}

[2011/10/12 16:23:56 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\tasks\ASUS\ASUS SIX Engine

[2012/06/20 22:01:46 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

[2009/07/14 01:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)

[2009/07/14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)

[2009/07/14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\PolicyConverter

[2009/07/14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck

[2009/07/14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\AitAgent

[2009/07/14 01:54:05 | 000,003,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater

[2009/07/14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Autochk\Proxy

[2009/07/14 01:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask

[2009/07/14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask

[2009/07/14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask

[2009/07/14 02:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam

[2009/07/14 01:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator

[2009/07/14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask

[2009/07/14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip

[2009/07/14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Defrag\ScheduledDefrag

[2009/07/14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Diagnosis\Scheduled

[2011/11/27 12:49:46 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector

[2011/10/12 15:32:22 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver

[2009/07/14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Location\Notifications

[2011/10/12 23:00:12 | 000,004,032 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Maintenance\WinSAT

[2011/10/12 15:32:27 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch

[2011/10/12 15:32:26 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService

[2012/07/22 18:20:45 | 000,003,650 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks

[2011/10/12 15:32:25 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ehDRMInit

[2011/10/12 15:32:26 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\InstallPlayReady

[2011/10/12 15:32:31 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\mcupdate

[2011/10/12 15:32:32 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask

[2011/10/12 15:32:31 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask

[2011/10/12 15:32:25 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURActivate

[2011/10/12 15:32:24 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURDiscovery

[2011/10/12 15:32:25 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscovery

[2011/10/12 15:32:34 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1

[2011/10/12 15:32:34 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2

[2011/10/12 15:32:29 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry

[2011/10/12 15:32:31 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask

[2011/10/12 15:32:32 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrScheduleTask

[2011/10/12 15:32:28 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RecordingRestart

[2011/10/12 15:32:26 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RegisterSearch

[2011/10/12 15:32:27 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot

[2011/10/12 15:32:32 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask

[2012/07/22 18:20:44 | 000,003,418 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\StartRecording

[2011/10/12 15:32:25 | 000,002,736 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\UpdateRecordPath

[2009/07/14 01:53:33 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector

[2009/07/14 01:53:33 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector

[2011/10/12 15:32:28 | 000,003,576 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MobilePC\HotStart

[2009/07/14 01:54:22 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MUI\LPRemove

[2011/12/25 15:21:25 | 000,003,324 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MUI\Mcbuilder

[2009/07/14 01:57:07 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Multimedia\SystemSoundsService

[2009/07/14 01:54:39 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo

[2011/10/12 15:39:21 | 000,004,152 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Offline Files\Background Synchronization

[2011/10/12 15:32:21 | 000,003,058 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Offline Files\Logon Synchronization

[2009/07/14 01:55:03 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor

[2009/07/14 01:53:47 | 000,003,752 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

[2009/07/14 01:57:07 | 000,004,370 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RAC\RacTask

[2009/07/14 01:49:35 | 000,003,052 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Ras\MobilityManager

[2009/07/14 01:54:36 | 000,003,956 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Registry\RegIdleBackup

[2009/07/14 01:57:09 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask

[2009/07/14 01:57:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControls

[2009/07/14 02:09:03 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration

[2011/10/12 15:32:23 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\AutoWake

[2011/10/12 15:32:23 | 000,003,612 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\GadgetManager

[2011/10/12 15:48:03 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SessionAgent

[2011/10/12 15:48:18 | 000,003,792 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SystemDataProviders

[2009/07/14 01:49:17 | 000,003,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

[2009/07/14 02:01:13 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SystemRestore\SR

[2009/07/14 01:53:50 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Task Manager\Interactive

[2009/07/14 01:53:21 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1

[2009/07/14 01:53:21 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2

[2009/07/14 01:53:46 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor

[2009/07/14 01:49:48 | 000,003,388 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime

[2009/07/14 01:49:26 | 000,001,730 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\UPnP\UPnPHostConfig

[2009/07/14 01:53:37 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask

[2009/07/14 01:49:24 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WDI\ResolutionHost

[2009/07/14 01:49:16 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting

[2009/07/14 01:49:42 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange

[2009/07/14 01:57:13 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary

[2011/10/12 15:48:12 | 000,004,330 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification

[2009/07/14 02:09:01 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader

[2011/10/15 21:48:04 | 000,004,392 | ---- | M] () -- C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask

[2012/01/28 13:04:50 | 000,004,486 | ---- | M] () -- C:\Windows\SysNative\tasks\WPD\SqmUpload_S-1-5-21-2535739708-4231002540-2323369621-1000

 

< %systemroot%\system32\Tasks\*.* /s >

 

< %windir%\tasks\*.* /s >

[2012/07/31 07:09:58 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/31 14:59:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/31 07:09:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2012/06/24 11:59:00 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 259 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

 

< End of report >

[DigRam 144]

Boa Tarde! Leandro Jaoar

 

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 182.72.3.44:3128

|- Foi você que estabeleceu este Proxy?

 

|- Desinstale:

 

|- <1> C:\Program Files (x86)\PC Tools

|- <2> C:\ProgramData\Spybot - Search & Destroy <- Possui tecnologia ultrapassada!

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

#######

:OTL

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00014dae96f97d0

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\..\SearchScopes\{C816736C-4747-41A6-95F4-1D67251551F4}: "URL" = http://websearch.ask...B-27904FF5DC09

FF - user.js - File not found

CHR - homepage: http://search.babylo...00014dae96f97d0

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = http://search.babylo...00014dae96f97d0

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://search.babylo...00014dae96f97d0

O2 - BHO: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (VDownloader Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [] File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\symres - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O33 - MountPoints2\{3c08cb80-1558-11e1-bfa5-14dae96f97d0}\Shell - "" = AutoRun

O33 - MountPoints2\{3c08cb80-1558-11e1-bfa5-14dae96f97d0}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe

[2011/10/14 04:55:04 | 001,401,352 | ---- | M] () -- C:\Users\Leandro\AppData\Roaming\OpenCandy\BF341CF66DE64A6EB879A7A86AD8D639\SpeechGridInstaller_82.exe

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

 

:reg

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C816736C-4747-41A6-95F4-1D67251551F4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

 

:Files

C:\Users\Leandro\AppData\Roaming\OpenCandy\BF341CF66DE64A6EB879A7A86AD8D639\SpeechGridInstaller_82.exe

C:\Users\Leandro\AppData\Local\{*}

PCTLsp.dll /lsp

 

:Commands

[CREATERESTOREPOINT]

[purity]

[emptytemp]

[Reboot]

#######

 

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[Leandro Jaoar 0]

Sobre o proxy, não me lembro de ter mechido em nada sobre proxy. A não ser uma vez para conseguir comprar de um site, mas ja tem bastante tempo. E que me lembre, depois voltei para a configuração original.

 

Desinstalei os dois programas...

 

Copiei as informa~ções e iniciei a correção, mas ta dando um erro que segue:

 

Range Check Error, e o programa parece que para de processar. O que pode ser? Abraço e obrigado

[DigRam 144]

Boa Noite! Leandro Jaoar

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

-/-

 

|- Baixe: < SFT > ( ... de Pierre13 )

|- Salve-o no desktop!

|- Para Windows Vista e 7,execute "SFT.exe" como administrador!

 

 

|- Execute-o e aguarde seu término,que é rápido.

|- Poste o relatório! ( SFT.txt )

|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

|- Acesse,para essa tarefa! < >

 

-/-

 

|- Abra,à seguir,a ferramenta OTL e verifique se pode dar continuidade ao que lhe foi pedido.

 

Abraços!

[Leandro Jaoar 0]

Fiz os dois procedimentos acima, seguem relatórios:

 

http://cjoint.com/?BHbeHcFf5eA

 

http://cjoint.com/?BHbeIYp05ln

 

 

Continua dando o mesmo erro quanto faço o procedimento do OTL... ;/

[DigRam 144]

Boa Noite! Leandro Jaoar

 

|- Cole este script ,no campo da ferramenta OTL,em substituição ao outro.

 

:OTL

IE - HKU\S-1-5-21-2535739708-4231002540-2323369621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 182.72.3.44:3128

[2012/07/31 15:50:39 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\800000cb.@

[2012/07/31 15:42:12 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\80000000.@

[2012/07/25 02:59:38 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\00000001.@

[2011/12/25 15:42:52 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\@

[2011/12/25 15:42:52 | 000,002,048 | -HS- | C] () -- C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}\@

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zyadeizbstq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zmpm.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zlvlgaoro.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zbu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yztg.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ywcotf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yruogei.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yqwnxmuqkr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ynbpico.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yft.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yfddtyco.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yeqc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xrjmwls.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xratz.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xnrwoffi.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xkiazoygsu.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xitroqxj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhliavnncf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhi.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhepiahgu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xei.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xdu.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xbwudob.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xabxrnwognq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wztapis.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wvpmojcpagc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wuienx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wmaeoulj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wjd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wgfzxqxc.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vwx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vwvpxtf.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vtccpjjxhbl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vpymgh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vky.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vhgdwwy.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vexcv.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uuknvmo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\upqsk.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uilhoi.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ugh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uaqqwmjt.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tubh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tmksiwyo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tjerrruiu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tgysztaa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tgp.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\szanch.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\swrosmstc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\svh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\surl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sthnpbr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\skjqlknoa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rzuc.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rvitifkhda.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ruwy.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rtsquze.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rnaxcorvnpm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rmkgnn.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rfbddh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rckntimj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rbou.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qzegqoobxiy.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qxbus.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qqqewpfdl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qpghwlpi.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qnretzig.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qheefqe.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qbdvroefxtf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pvsbacopgo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\puxozpwjj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ptfcgaof.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\psxulyb.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\psuezqksw.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pqjjgvrcrr.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pplmagu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pefaimbebk.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pcpmvigyknw.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oxxpcqneqfk.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\onuhfaqdr.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\olcfhmx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\okbzdweogsf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ogn.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ogknbwh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ocduhsoaeky.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\netcd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ndpxrjvfik.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mxdvmytw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mpuqpwyjjoe.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mlfml.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mhymnl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mhefcltipun.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mcrrrdylbyb.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mbpbf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lxjydaq.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lwcnbd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lvjfqnrfy.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lmkwvtfa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\liif.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lhlcj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ldna.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ktkvvqws.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kokjkgnayl.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kgqeevfnt.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kfkegdfzsmf.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kblu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kaddzumq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jxqxva.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jscxtijpp.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ixrmyzmuf.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\itshnv.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\isnvgwxvzx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ikvd.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ifvbafbi.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\iduxw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ict.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ibqvywo.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hxpuo.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\htzs.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\htubwk.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hqwxnfwmq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hoboh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hmzimwaq.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hhxjfatux.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hgu.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hgdxppghmnp.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hfaptb.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hbqnkzjqm.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gzswrdxw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gxveh.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gxiglgpq.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gswxesatox.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gksspjwk.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gjrxn.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\giemuzl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ggjxmqh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gecrm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gcgii.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gbx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fyvyvw.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fqat.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fnyj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fkuuzbgv.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ezafudvoiyt.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ehe.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\egskehx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\edsljcdivuy.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dxrnzku.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dqajfj.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dmtlsnues.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\defhdp.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cqbt.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cntaml.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\civwzqm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cfclssx.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cdntf.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cbgvboorrjj.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bzyz.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bsmobir.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\blxcchdo.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ayyyufnvi.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aso.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\arembuqqlhl.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\apluecjxljh.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\akjgqsepny.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ajnzyssdz.dat

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ajfm.ini

[2012/03/18 17:09:32 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aclcvmx.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zzmbkjttcv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zvxuplfqaiv.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zmulmsalvp.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zhbezzk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zgtn.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yfguqg.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ybcwdcj.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhxj.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xbeumyws.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wvmaql.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wtkvqxla.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wmcwjfwebcg.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wjjkwjxof.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vuzy.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vekhfmquvd.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uvhkeoo.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ujupkolaxz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uhgxcxne.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\udixx.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ubomomrwsdk.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tttpgilubhz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tixbprzs.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tcu.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\swmx.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\srt.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sqrvkkbktxz.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sntlrnm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\slfzi.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\skcx.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sjzadmi.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sfsz.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rumiqlhw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rpz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\riffaw.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rifbww.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rhw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qttwzyei.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qsopsnklrnj.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qrpcq.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qqqt.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pqognjycvt.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pjtdqi.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\phcioojd.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pedcjlq.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pclkwlz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pathdekgnl.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ousspnt.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\otvbczqzr.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\otorwgb.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oofzxmm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oofsbkfk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ooaomuyhvz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\olhdsirhbjm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oicryjbsxhd.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ntpp.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\npuailglpt.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\narceunvfsr.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mwzhlh.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mwuwz.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mvhxlyyr.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\minowwpnhw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mflohpswrxl.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mbufohzbd.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\maynwlp.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lvzw.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lqya.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lnm.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lffhqjpt.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kppamcnflm.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\knk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kkrk.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kjvzwobzke.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jvpytddxshm.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jvanbm.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jecbuzopv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jazdltqdat.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ivz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ithugwck.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\imisiwl.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ilppyukvb.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hxokmtz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hulemjbpzih.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hrfumedgw.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hiushfclfla.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gwegf.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ghdvcccqxcv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fzzu.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fnxe.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fmlgoxxnn.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fhagevihj.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\epuzw.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\eesejbzog.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dmuuqmc.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dkfd.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\djzobvavx.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dgppwo.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dgckkqqq.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dfswulgomz.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\detwvkklv.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ctxnogspj.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cbqynozbpo.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\byoqvakieh.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bxqecmpfn.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bulcyfilrrd.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bsxkwl.dat

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\betjex.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\azuxhafgo.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\auemdu.ini

[2012/03/18 17:09:31 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aesvs.dat

[2012/07/27 11:41:34 | 000,000,304 | ---- | C] () -- C:\user.js

 

:Files

C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}\@

C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\00000001.@

C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U\800000cb.@

C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}

C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\U

C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}\@

C:\Windows\Installer\{14432719-72f5-ffdc-de5d-e2f2b1014784}

C:\user.js

 

:commands

[emptytemp]

[reboot]

 

|- Recomendo executar este script em Modo de Segurança.

|- Poste o link ao relatório,dado por Cjoint.com.

 

Abs!

[Leandro Jaoar 0]

Agora deu certo... segue relatório

 

http://cjoint.com/?BHcctxmC8kR

[DigRam 144]

Bom Dia! Leandro Jaoar

 

|- Siga,na ordem em que estão propostos,estes procedimentos.

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

[Leandro Jaoar 0]

Ok, fiz o procedimentio, segue log

 

abraço

 

http://cjoint.com/?BHcxwEO0Q0G

[DigRam 144]

Boa Noite! Leandro Jaoar

 

|- Baixe: < > ( ... par tigzy )

 

|- Salve-o no desktop!

|- Feche aplicativos que estejam abertos!

 

 

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.

|- Aguarde a finalização de seu Pre-scan.

 

 

|- Dê início ao diagnóstico,clicando no botão "Verificar".

|- Exemplo: Mode: Verificar -- Date: mm/dd/2012 00:52:24

|- Poste o relatório: RKreport[1].txt

 

-/-

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

 

>>

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

////////////////

R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Vitzo - VDownloader browser plug-in.) (No version) -- (.not file.)

O2 - BHO: IEExtension.VDownloaderBHO [64Bits] - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} . (...) -- mscoree.dll (.not file.)

O4 - Global Startup: C:\Users\Leandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeechGrid.lnk . (...) -- C:\Program Files (x86)\SpeechGrid\SpeechGrid.exe (.not file.)

O4 - Global Startup: C:\Users\Leandro\Desktop\DotaKeys.lnk . (...) -- C:\Program Files (x86)\Dota Keys\source\DotaKeys.exe (.not file.)

O43 - CFD: 31/07/2012 - 17:10:17 - [2,214] ----D C:\Program Files (x86)\Spybot - Search & Destroy

O43 - CFD: 31/07/2012 - 17:10:17 - [7,148] ----D C:\ProgramData\Spybot - Search & Destroy

O43 - CFD: 02/08/2012 - 18:09:27 - [0] ----D C:\Users\Leandro\AppData\Local\{6EAC9147-8A9A-4CCC-961C-FB808D6D1562}

O43 - CFD: 01/08/2012 - 21:07:54 - [0] ----D C:\Users\Leandro\AppData\Local\{99168E7A-F4F2-4C33-8EA8-8BF3C21B60A7}

O43 - CFD: 02/08/2012 - 18:09:18 - [0] ----D C:\Users\Leandro\AppData\Local\{B39BC3CF-747F-4DD5-A251-2C4219D0F1F2}

O43 - CFD: 01/08/2012 - 21:08:04 - [0] ----D C:\Users\Leandro\AppData\Local\{F90F5E82-35B5-4238-9E63-910B9E877001}

O43 - CFD: 31/07/2012 - 17:10:17 - [2,214] ----D C:\Program Files (x86)\Spybot - Search & Destroy

O53 - SMSR:HKLM\...\startupreg\SpeechGrid [Key] . (...) -- C:\Program Files (x86)\SpeechGrid\SpeechGrid.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\ClamWin [Key] . (...) -- C:\Program Files (x86)\ClamWin\bin\ClamTray.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (...) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.)

C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

 

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

////////////////

 

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Caso ocorra travamentos,pode rodar esse script em Modo de Segurança.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

[Leandro Jaoar 0]

Segue relatório do rogue killer, vou agora fazer o outro procedimento.

 

RogueKiller V7.6.4 [07/17/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario: Leandro [Privilegios de Admnistrador]

Modo: Verificar -- Data: 08/02/2012 22:50:08

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 4 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ZeroAccess ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD103SJ SCSI Disk Device +++++

--- User ---

[MBR] 9f7aa25e3666d3dd4c999a78f966cdca

[bSP] 580a9afa28765034cd4d543eba0a5aff : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 500768 Mo

2 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1025779712 | Size: 452999 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

 

-----------------------------------------------

 

Segue relatório do ZHCP.fix

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Leandro at 02/08/2012 22:56:27

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

NOT FOUND Key: CLSID BHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1}

DELETED Key: StartupReg: SpeechGrid

DELETED Key: StartupReg: ClamWin

DELETED Key: StartupReg: SpybotSD TeaTimer

 

========== Registry Value ==========

DELETED URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Registry Data Items ==========

REPLACED Value NoActiveDesktopChanges : Good (0) - Bad (1)

REPLACED Value EnableLUA : Good (1) - Bad (0)

 

========== Repertory ==========

DELETED Folder: C:\Program Files (x86)\Spybot - Search & Destroy

DELETED Folder: C:\ProgramData\Spybot - Search & Destroy

DELETED Folder: C:\Users\Leandro\AppData\Local\{6EAC9147-8A9A-4CCC-961C-FB808D6D1562}

DELETED Folder: C:\Users\Leandro\AppData\Local\{99168E7A-F4F2-4C33-8EA8-8BF3C21B60A7}

DELETED Folder: C:\Users\Leandro\AppData\Local\{B39BC3CF-747F-4DD5-A251-2C4219D0F1F2}

DELETED Folder: C:\Users\Leandro\AppData\Local\{F90F5E82-35B5-4238-9E63-910B9E877001}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: mscoree.dll

DELETED c:\users\leandro\appdata\roaming\microsoft\windows\start menu\programs\speechgrid.lnk

NOT FOUND File: c:\program files (x86)\speechgrid\speechgrid.exe

DELETED c:\users\leandro\desktop\dotakeys.lnk

NOT FOUND Folder/File: c:\windows\system32\tasks\scheduled update for ask toolbar

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: Scheduled Update for Ask Toolbar

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

4 : Registry Key

10 : Registry Value

2 : Registry Data Items

8 : Repertory

7 : File

1 : Task

1 : Restoration

 

 

End of clean in 00mn 16s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 02/08/2012 22:56:27 [2483]

[DigRam 144]

Bom Dia! Leandro Jaoar

 

|- Reinicie o computador,em Modo de Segurança.

|- Abra,novamente,a ferramenta RogueKiller.

 

 

|- <1> Clique em "Verificar" -> Aguarde!

|- <2> Clique em "Deletar" -> Aguarde!

 

 

|- Poste os relatórios,que resultarão dessas operações!

 

Abs!

[Leandro Jaoar 0]

Relatórios seguem:

 

VERIFICAR:

 

 

RogueKiller V7.6.4 [07/17/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo de Segurança

Usuario: Leandro [Privilegios de Admnistrador]

Modo: Verificar -- Data: 08/03/2012 07:26:12

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 3 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ZeroAccess ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD103SJ SCSI Disk Device +++++

--- User ---

[MBR] 9f7aa25e3666d3dd4c999a78f966cdca

[bSP] 580a9afa28765034cd4d543eba0a5aff : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 500768 Mo

2 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1025779712 | Size: 452999 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Concluido : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

 

------------------------

 

DELETAR:

 

RogueKiller V7.6.4 [07/17/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo de Segurança

Usuario: Leandro [Privilegios de Admnistrador]

Modo: Remover -- Data: 08/03/2012 07:26:21

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 3 ¤¤¤

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Leandro\AppData\Local\{14432719-72f5-ffdc-de5d-e2f2b1014784}\n.) -> REPLACED (c:\windows\system32\shell32.dll)

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ZeroAccess ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD103SJ SCSI Disk Device +++++

--- User ---

[MBR] 9f7aa25e3666d3dd4c999a78f966cdca

[bSP] 580a9afa28765034cd4d543eba0a5aff : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 500768 Mo

2 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1025779712 | Size: 452999 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Concluido : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[DigRam 144]

Bom Dia! Leandro Jaoar

 

|- Delete todos os relatórios de RogueKiller.

|- Execute-a,novamente,mas em Modo Normal,e poste seu relatório. ( RKreport[4].txt )

 

|- Baixe: < > ( ... by sUBs )

 

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )

|- Ps: Esteja conectado(a) à Internet. <- Importante!

|- Execute ComboFix.exe,com um duplo clique.

|- Para Windows Vista e/ou 7,dê clique direito em ComboFix.exe e execute-o como administrador.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

 

 

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

Abraços!

[Leandro Jaoar 0]

Segue verificação do roguekiller executado em modo normal do windows

 

RogueKiller V7.6.4 [07/17/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Iniciado em : Modo Normal

Usuario: Leandro [Privilegios de Admnistrador]

Modo: Verificar -- Data: 08/03/2012 18:42:00

 

¤¤¤ Entradas ruins: 0 ¤¤¤

 

¤¤¤ Entradas do Registro: 0 ¤¤¤

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver: [Não Carregado] ¤¤¤

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD103SJ SCSI Disk Device +++++

--- User ---

[MBR] 9f7aa25e3666d3dd4c999a78f966cdca

[bSP] 580a9afa28765034cd4d543eba0a5aff : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 500768 Mo

2 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 1025779712 | Size: 452999 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

[DigRam 144]

Olá!

 

|- Ok! Aguardando,apenas,o relatório do ComboFix.

|- Pode postá-lo após esta mensagem,onde não haverá necessidade de editar a sua.

|- Pelo relatório de RogueKiller,você está livre do rootkit. Mas..como esse malware compromete alguns serviços do Windows,terei que realizar uma verificação mais acurada,antes de dar o PC como limpo.

 

Abs! e...bom trabalho.

[Leandro Jaoar 0]

Olá!

 

|- Ok! Aguardando,apenas,o relatório do ComboFix.

|- Pode postá-lo após esta mensagem,onde não haverá necessidade de editar a sua.

|- Pelo relatório de RogueKiller,você está livre do rootkit. Mas..como esse malware compromete alguns serviços do Windows,terei que realizar uma verificação mais acurada,antes de dar o PC como limpo.

 

Abs! e...bom trabalho.

 

 

segue combofix

 

ComboFix 12-07-31.06 - Leandro 03/08/2012 18:52:11.1.6 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.8191.6615 [GMT -3:00]

Executando de: c:\users\Leandro\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 309 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Amazon.ico

c:\programdata\MercadoLivre.ico

c:\programdata\ntuser.dat

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-03 to 2012-08-03 ))))))))))))))))))))))))))))

.

.

2012-08-02 21:19 . 2012-08-02 21:19 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2012-08-02 21:17 . 2012-08-03 01:56 -------- d-----w- C:\ZHP

2012-08-02 21:17 . 2012-08-02 21:19 -------- d-----w- c:\program files (x86)\ZHPDiag

2012-07-31 18:52 . 2012-07-31 18:53 150632020 ----a-w- C:\REGISTRYBACKUP.REG

2012-07-30 01:41 . 2012-07-30 01:49 -------- d-----w- c:\program files (x86)\Warcraft III

2012-07-27 17:32 . 2012-07-27 17:32 -------- d-----w- c:\program files (x86)\Scpad

2012-07-26 01:42 . 2012-07-26 01:42 -------- d-----w- c:\users\Leandro\AppData\Roaming\Avira

2012-07-26 01:36 . 2012-02-03 18:29 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-07-26 01:36 . 2012-02-03 18:29 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-07-26 01:36 . 2012-02-03 18:29 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-07-26 01:36 . 2012-07-26 01:36 -------- d-----w- c:\programdata\Avira

2012-07-26 01:36 . 2012-07-26 01:36 -------- d-----w- c:\program files (x86)\Avira

2012-07-25 22:20 . 2012-07-25 22:20 -------- d-----w- c:\users\Leandro\AppData\Local\Symantec

2012-07-25 22:15 . 2011-10-12 19:25 31280 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-07-25 22:15 . 2012-07-25 22:15 -------- d-----w- c:\program files\Symantec

2012-07-25 22:15 . 2012-07-25 22:15 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-07-25 22:15 . 2012-07-25 22:15 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-07-25 13:58 . 2012-06-22 14:39 149464 ----a-w- c:\windows\SGDetectionTool.dll0735.old

2012-07-25 13:58 . 2012-06-22 14:39 149464 ----a-w- c:\windows\SGDetectionTool.dll0701.old

2012-07-25 13:58 . 2012-06-22 14:39 2267096 ----a-w- c:\windows\PCTBDCore.dll0735.old

2012-07-25 13:58 . 2012-06-22 14:39 2267096 ----a-w- c:\windows\PCTBDCore.dll0701.old

2012-07-25 13:58 . 2012-06-22 14:38 767960 ----a-w- c:\windows\BDTSupport.dll0735.old

2012-07-25 13:58 . 2012-06-22 14:38 767960 ----a-w- c:\windows\BDTSupport.dll0701.old

2012-07-25 13:57 . 2012-06-22 18:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-07-25 13:57 . 2012-06-22 18:33 14808 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys

2012-07-25 13:57 . 2012-07-31 20:11 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-07-25 13:57 . 2012-07-25 13:57 -------- d-----w- c:\program files (x86)\PC Tools

2012-07-25 13:54 . 2012-07-25 13:57 -------- d-----w- c:\programdata\PC Tools

2012-07-25 13:54 . 2012-07-25 13:54 -------- d-----w- c:\users\Leandro\AppData\Roaming\TestApp

2012-07-25 13:17 . 2012-07-25 13:17 -------- d-----w- c:\program files\Enigma Software Group

2012-07-25 06:09 . 2012-07-25 06:09 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-25 06:00 . 2012-07-27 04:00 -------- d-----w- c:\programdata\82C65AE619415BF5A14FF015F875EF60

2012-07-20 01:23 . 2012-07-20 01:44 -------- d-----w- c:\users\Leandro\AppData\Roaming\TeamViewer

2012-07-10 00:03 . 2012-07-10 00:03 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-07-10 00:03 . 2012-07-10 00:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-10 00:03 . 2012-07-10 00:03 -------- d-----w- c:\program files (x86)\Java

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-16 18:12 . 2012-04-21 19:24 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe

2011-09-16 18:12 . 2012-04-21 19:24 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe

2010-01-26 14:11 . 2012-04-21 19:24 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-07-14 01:39 . !HASH: COULD NOT OPEN FILE !!!!! . 328704 . . [------] .. c:\windows\system32\services.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="c:\program files (x86)\Ares\Ares.exe" [2012-02-02 3209216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399017}"= "c:\program files (x86)\GbPlugin\gbiehbnt.dll" [2011-11-16 694216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-05-09 12:01 1313864 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBnt]

2011-11-16 16:47 694216 ------w- c:\program files (x86)\GbPlugin\gbiehbnt.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]

R3 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\NISx64\1007000.01E\BHDrvx64.sys [2011-10-12 334384]

R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1007000.01E\ccHPx64.sys [2011-10-12 583296]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [2012-07-30 27744]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 136176]

R3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVia64.sys [2011-10-12 397360]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1007000.01E\SYMEFA64.SYS [2011-10-12 402992]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\NISx64\1007000.01E\SYMNDISV.SYS [2011-10-12 56880]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;tsusbhub [x]

R4 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2011-10-12 117640]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-22 279616]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]

S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]

S2 AntiVirSchedulerService;Avira Programador;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86224]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-05-09 214088]

S2 GridspotService;GridspotService;c:\program files (x86)\Gridspot\GridspotService.exe [2012-03-20 51568]

S2 GridspotVMDriver;GridspotVMDriver;c:\program files (x86)\Gridspot\VMRuntime\VBoxDrv.sys [2011-11-04 224048]

S2 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe [2011-08-05 368544]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 21:23]

.

2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 21:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF27237.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: banestes.com.br\seg

Trusted Zone: banestes.com.br\www

Trusted Zone: banestes.com.br\wwws

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-SpeechGrid - c:\program files (x86)\SpeechGrid\Uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2535739708-4231002540-2323369621-1000\Software\SecuROM\License information*]

"datasecu"=hex:36,01,a0,fd,47,87,f1,91,9e,32,f0,32,1a,a7,50,a8,50,31,f5,23,81,

57,9a,23,22,68,b7,4c,b2,22,a2,e2,79,9b,a0,98,a9,f9,be,d3,12,32,a7,11,f7,9d,\

"rkeysecu"=hex:11,8f,a4,aa,f8,5d,ee,e9,22,6c,5d,0c,ad,30,22,cc

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-08-03 19:01:03 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-08-03 22:01

.

Pré-execução: 408.336.273.408 bytes disponíveis

Pós execução: 407.745.867.776 bytes disponíveis

.

- - End Of File - - 82656A78176C0E8C28FEA701D428DE52

 

 

 

 

abraços

[DigRam 144]

Boa Noite! Leandro Jaoar

 

|- ComboFix mostrou corrupção no services.exe,que deve ser substituído por cópia legítima.

 

|- Baixe: < > ( ... by Farbar )

|- Salve-o no desktop!

|- Clique direito em "FSS.exe",e execute-o como administrador.

 

 

|- Marque essas caixinhas,caso não estejam assinaladas. ( Include All Files )

|- Clique em "Scan".

|- Poste o relatório! ( FSS.txt )

 

-/-

 

|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.

|- Salve-o,no desktop,com o nome: CFScript <-- Texto!

 

############

 

KillAll::

 

FCopy::

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

 

############

 

|- Ps: Desabilite,temporariamente,seu antivírus.

|- Ps: Não utilizem este script em outra máquina!

|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.

|- Veja a demonstração!

 

 

|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )

|- Concluindo,poste: C:\ComboFix.txt

 

Abraços!