Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

.matiello

[Resolvido] &nbsppc lento

Recommended Posts

pc esta lento, demorando a ligar

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:48:27, on 20/08/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe

C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.megaware.com.br

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=101416&babsrc=HP_ss&mntrId=242e9e5b000000000000001cc0fe32ab

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{923CF0BB-AD2F-4A18-9EF7-3A1E438138FD}: NameServer = 200.175.5.139,200.175.182.139

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehCef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Programador (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\PCT-SAFE\Firebird\Bin\fbguard.exe (file missing)

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\PCT-SAFE\Firebird\Bin\fbserver.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 14149 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! .matiello

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Suppression.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

|- Baixe: < ZHPDiag_Silent.jpg >

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120820_y10e15g13w10r11

 

 

# AdwCleaner v1.801 - Logfile created 08/20/2012 at 13:53:18

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Marcus - MARCUS-PC

# Boot Mode : Normal

# Running from : C:\Users\Marcus\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Users\Marcus\AppData\Local\APN

Folder Deleted : C:\Users\Marcus\AppData\Local\Babylon

Folder Deleted : C:\Users\Marcus\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Marcus\AppData\LocalLow\facemoods.com

Folder Deleted : C:\Users\Marcus\AppData\Roaming\Babylon

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\Program Files (x86)\facemoods.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\searchplugins\Askcom.xml

File Deleted : C:\user.js

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\facemoods.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\facemoods.com

Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?AF=101416&babsrc=HP_ss&mntrId=242e9e5b000000000000001cc0fe32ab --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 --> hxxp://www.google.com

 

-\\ Google Chrome v21.0.1180.79

 

File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]

Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]

Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

Deleted : "explicit_host": [ "hxxp://*.facemoods.com/*" ],

Deleted : "css": [ "style/facemoods_chrome_1.0.1.css" ],

Deleted : "name": "Facemoods",

Deleted : "permissions": [ "tabs", "cookies", "hxxp://*.facemoods.com/" ],

Deleted : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

Deleted : "path": "C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.[...]

Deleted : "path": "C:\\Users\\Marcus\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

 

*************************

 

AdwCleaner[s1].txt - [11829 octets] - [20/08/2012 13:53:18]

 

########## EOF - C:\AdwCleaner[s1].txt - [11958 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! .matiello

 

|- Baixe: < ZHPFix.zip >

 

|- Descompacte-o para o desktop.

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_logo.jpg >> Administrador_Exec.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

[MD5.00000000000000000000000000000000] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) => Toolbar.Ask

[MD5.00000000000000000000000000000000] [APT] [{05D1631B-4897-4D37-A0BC-CAF169EDB167}] (...) -- C:\Users\Marcus\Downloads\IRPF2010win32v1.1.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{5B241A4A-7771-43E2-87E5-F3FD4CF2F84A}] (...) -- C:\MARCUS\Adiversos\3DHOME\3DHOME.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{633DF3EA-89BE-4DFE-B733-71AEB64ACFD4}] (...) -- C:\MARCUS\DBASE\DBSETUP.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{68D59038-78BF-4D9F-8358-06EDFC20A1BA}] (...) -- C:\MARCUS\DBASE\DBASE.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{86CA8B94-3765-4DE7-B4C3-9B2B3CF781D5}] (...) -- C:\Users\Marcus\Downloads\jre-6u18-windows-i586-s.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{A3716CA1-6CD1-4A96-B47D-D97E20279C4D}] (...) -- C:\Users\Marcus\Downloads\winstbrz.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{B9593D70-3363-47CD-9AEF-06D68B958EE8}] (...) -- C:\Users\Marcus\AppData\Local\Temp\Temp1_balabolka[1].zip\setup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{F1285689-4246-4112-B03F-325D45CD56C9}] (...) -- C:\MARCUS\Adiversos\.MAR\FRU\SCM.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{352747F2-1390-4438-BA6A-70CC94185FB0}] (...) -- D:\INSTALL.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{7E5501AE-873B-4ECC-82CD-1FD77F6E23D6}] (...) -- D:\Setup.exe (.not file.) => Existe aussi en malware DELF-CA.Troj

SS - | Demand 0 | (X6va005) . (...) - C:\Users\Marcus\AppData\Local\Temp\005D7F9.tmp

SS - | Demand 0 | (X6va006) . (...) - C:\Users\Marcus\AppData\Local\Temp\006AA44.tmp

SS - | Demand 0 | (X6va007) . (...) - C:\Users\Marcus\AppData\Local\Temp\007EC46.tmp

O4 - Global Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC MEGA RAPIDO PRO.lnk . (...) -- C:\Program Files (x86)\PC MEGA RAPIDO PRO 2.1\pcmega_registro.exe (.not file.)

O43 - CFD: 11/03/2010 - 17:24:24 - [0] ----D C:\Users\Marcus\AppData\Local\Dados de aplicativos

O43 - CFD: 11/03/2010 - 17:24:24 - [0] ----D C:\Users\Marcus\AppData\Local\Histórico

O43 - CFD: 14/06/2011 - 19:11:06 - [0] ----D C:\Users\Marcus\AppData\Local\VHS to DVD

O43 - CFD: 11/07/2012 - 14:21:46 - [0] ----D C:\Users\Marcus\AppData\Local\{0026BD67-8373-4E12-B12C-B0E4737883C7}

O43 - CFD: 28/01/2012 - 18:01:13 - [0] ----D C:\Users\Marcus\AppData\Local\{021A4F13-319F-40C7-A95F-01CE3B5AAF74}

O43 - CFD: 30/01/2012 - 12:13:23 - [0] ----D C:\Users\Marcus\AppData\Local\{023D510A-AE3F-4996-901A-F40A485A2FDE}

O43 - CFD: 10/07/2012 - 12:32:25 - [0] ----D C:\Users\Marcus\AppData\Local\{08347AA0-DDCB-4B5E-8B8D-86987EEE75F9}

O43 - CFD: 14/07/2012 - 12:54:53 - [0] ----D C:\Users\Marcus\AppData\Local\{0A1CE580-32E0-478A-96DD-C60415CEEDD0}

O43 - CFD: 16/06/2011 - 06:38:47 - [0] ----D C:\Users\Marcus\AppData\Local\{0B0CB94A-ADFA-47DA-9D1B-94FED784D076}

O43 - CFD: 13/07/2012 - 09:53:52 - [0] ----D C:\Users\Marcus\AppData\Local\{1E5DEC61-DCE7-41D0-A782-524E67B36260}

O43 - CFD: 05/07/2012 - 10:06:14 - [0] ----D C:\Users\Marcus\AppData\Local\{213D09A8-13A6-453E-9DAC-C6D7152BE7C3}

O43 - CFD: 10/07/2012 - 12:32:14 - [0] ----D C:\Users\Marcus\AppData\Local\{23293C9A-4B58-48BD-B2A7-BD753A046992}

O43 - CFD: 31/07/2012 - 13:28:13 - [0] ----D C:\Users\Marcus\AppData\Local\{2F99C863-D2A1-41F0-B6C1-A89A0C56BCC9}

O43 - CFD: 06/07/2012 - 11:02:27 - [0] ----D C:\Users\Marcus\AppData\Local\{3199EC0A-ADA4-4906-80EF-8599CA22F444}

O43 - CFD: 11/07/2012 - 14:21:57 - [0] ----D C:\Users\Marcus\AppData\Local\{3213BEB9-5331-4895-BC5B-B8EA8A9D6CED}

O43 - CFD: 13/08/2012 - 12:43:33 - [0] ----D C:\Users\Marcus\AppData\Local\{331C2C5B-FBF4-4462-B55A-FF4A98895518}

O43 - CFD: 02/07/2012 - 10:47:47 - [0] ----D C:\Users\Marcus\AppData\Local\{345C314A-ABA8-4924-993B-BD6A4B0C54D0}

O43 - CFD: 12/07/2012 - 12:39:28 - [0] ----D C:\Users\Marcus\AppData\Local\{3A53689F-57BF-4FE0-8EEA-BD8A5A05C218}

O43 - CFD: 02/07/2012 - 10:47:36 - [0] ----D C:\Users\Marcus\AppData\Local\{3BB9653B-844E-4C7F-877C-5679B5E8007A}

O43 - CFD: 16/07/2012 - 18:46:24 - [0] ----D C:\Users\Marcus\AppData\Local\{40BF85FF-30D4-4106-A8C5-86799FB4A841}

O43 - CFD: 15/07/2012 - 16:26:42 - [0] ----D C:\Users\Marcus\AppData\Local\{45AA46D2-AF12-4260-A975-5533A15B9580}

O43 - CFD: 16/07/2012 - 18:46:13 - [0] ----D C:\Users\Marcus\AppData\Local\{4C54CEC4-D369-46F3-87B9-F9D103935D98}

O43 - CFD: 30/07/2012 - 15:37:12 - [0] ----D C:\Users\Marcus\AppData\Local\{4D9796BD-03AE-42E4-95FD-C804896CFA43}

O43 - CFD: 01/08/2012 - 11:36:29 - [0] ----D C:\Users\Marcus\AppData\Local\{4F879DE9-21D8-47FE-BEF4-EB6A075CB566}

O43 - CFD: 30/07/2012 - 15:37:24 - [0] ----D C:\Users\Marcus\AppData\Local\{5194A5E3-C62F-4745-BFD6-BDE655310C3A}

O43 - CFD: 28/01/2012 - 18:00:38 - [0] ----D C:\Users\Marcus\AppData\Local\{5259D497-C550-465A-8E8F-2B37C6E391A3}

O43 - CFD: 25/06/2012 - 19:34:28 - [0] ----D C:\Users\Marcus\AppData\Local\{55B89179-5605-43CB-BDB6-BC3C5AA11CD8}

O43 - CFD: 03/07/2012 - 11:43:23 - [0] ----D C:\Users\Marcus\AppData\Local\{5E5C3B05-37CF-428C-B49C-8217DA3FF0AD}

O43 - CFD: 28/01/2012 - 17:59:54 - [0] ----D C:\Users\Marcus\AppData\Local\{656439C9-0199-44BD-8A08-4AF0CBC9B171}

O43 - CFD: 03/08/2012 - 11:15:48 - [0] ----D C:\Users\Marcus\AppData\Local\{65974CE8-A673-4094-8FC1-EC5753F5DCF5}

O43 - CFD: 05/07/2012 - 10:06:01 - [0] ----D C:\Users\Marcus\AppData\Local\{6AA3D605-2FFA-442F-9623-7F721987C79A}

O43 - CFD: 10/08/2012 - 09:14:45 - [0] ----D C:\Users\Marcus\AppData\Local\{6F3275FB-F034-4217-AFA6-295BFEA4741C}

O43 - CFD: 25/06/2012 - 19:33:58 - [0] ----D C:\Users\Marcus\AppData\Local\{70A3DAAF-1E45-48C3-ABEF-450E06A35AF6}

O43 - CFD: 16/06/2011 - 06:38:59 - [0] ----D C:\Users\Marcus\AppData\Local\{776B1128-FA61-4EE9-AE72-12913C53D79E}

O43 - CFD: 17/07/2012 - 11:05:05 - [0] ----D C:\Users\Marcus\AppData\Local\{7C58520F-6E53-488D-A793-325FB23D5B6F}

O43 - CFD: 06/07/2012 - 11:02:16 - [0] ----D C:\Users\Marcus\AppData\Local\{7C7724E9-85C6-434E-B035-C3696D6CCD6E}

O43 - CFD: 12/07/2012 - 12:39:42 - [0] ----D C:\Users\Marcus\AppData\Local\{87F43280-A27F-49AF-85F0-391AF9828A96}

O43 - CFD: 15/07/2012 - 16:26:31 - [0] ----D C:\Users\Marcus\AppData\Local\{94C79A23-FEFB-4C2A-8687-4F50171AF96B}

O43 - CFD: 14/08/2012 - 14:02:42 - [0] ----D C:\Users\Marcus\AppData\Local\{952F431E-90EA-46FB-8922-F759D3A49854}

O43 - CFD: 29/01/2012 - 19:31:12 - [0] ----D C:\Users\Marcus\AppData\Local\{98C8E5E0-BF2A-474E-A4C6-51253D539ADA}

O43 - CFD: 27/06/2012 - 20:07:10 - [0] ----D C:\Users\Marcus\AppData\Local\{9E46B083-8C09-496F-8759-9936DE4BFF73}

O43 - CFD: 14/08/2012 - 14:02:54 - [0] ----D C:\Users\Marcus\AppData\Local\{A56CB0D6-7375-4D24-A23F-E7973CD10442}

O43 - CFD: 04/08/2012 - 19:20:52 - [0] ----D C:\Users\Marcus\AppData\Local\{AC3175DF-63DB-44FD-9668-1F380C43F253}

O43 - CFD: 31/07/2012 - 13:28:24 - [0] ----D C:\Users\Marcus\AppData\Local\{AD8B0AD6-7BB0-40D7-A4DF-72CF52D1E691}

O43 - CFD: 07/08/2012 - 16:31:52 - [0] ----D C:\Users\Marcus\AppData\Local\{B894A4C2-33B5-468A-AD1F-BD3BB17986FF}

O43 - CFD: 04/08/2012 - 19:21:04 - [0] ----D C:\Users\Marcus\AppData\Local\{BB085EB6-A01E-4034-B7E5-C83915EB2F40}

O43 - CFD: 17/07/2012 - 11:05:17 - [0] ----D C:\Users\Marcus\AppData\Local\{BEE3CBF2-49BB-4719-A268-F7344F943552}

O43 - CFD: 09/07/2012 - 14:13:26 - [0] ----D C:\Users\Marcus\AppData\Local\{C1E761A8-783C-4128-8061-23E0D9D92B61}

O43 - CFD: 10/08/2012 - 09:14:56 - [0] ----D C:\Users\Marcus\AppData\Local\{C683B403-B628-46DD-BFCF-2F126C8931AF}

O43 - CFD: 13/08/2012 - 12:43:22 - [0] ----D C:\Users\Marcus\AppData\Local\{C843573C-2EBC-4DE3-AFE6-96D8299C97DE}

O43 - CFD: 13/07/2012 - 09:53:40 - [0] ----D C:\Users\Marcus\AppData\Local\{CAABF6D5-5C4D-47A2-903E-B09FECD39C9E}

O43 - CFD: 30/01/2012 - 12:13:34 - [0] ----D C:\Users\Marcus\AppData\Local\{CE3B5252-BBB5-4114-B135-5C1619CD47F5}

O43 - CFD: 09/07/2012 - 14:13:15 - [0] ----D C:\Users\Marcus\AppData\Local\{D669F607-931F-44AD-B608-71950C30C958}

O43 - CFD: 14/07/2012 - 12:55:07 - [0] ----D C:\Users\Marcus\AppData\Local\{D9B01E83-7505-467B-A8D9-2012C36A8F66}

O43 - CFD: 01/08/2012 - 11:36:18 - [0] ----D C:\Users\Marcus\AppData\Local\{DBA6BCCE-B8CD-4791-9CB0-C63745C0E167}

O43 - CFD: 03/08/2012 - 11:15:37 - [0] ----D C:\Users\Marcus\AppData\Local\{DE4DAB4B-454D-4343-B16B-074093EECFD1}

O43 - CFD: 03/07/2012 - 11:43:12 - [0] ----D C:\Users\Marcus\AppData\Local\{DF9EDAE3-21BA-463B-BD5E-09A347AFAAA4}

O43 - CFD: 29/01/2012 - 19:30:59 - [0] ----D C:\Users\Marcus\AppData\Local\{ED6DB499-8B96-47D1-A0D8-7A0895025499}

O43 - CFD: 27/06/2012 - 20:06:59 - [0] ----D C:\Users\Marcus\AppData\Local\{F6EEC108-BC5A-41AA-A715-73C35C15CEA7}

O43 - CFD: 07/08/2012 - 16:32:03 - [0] ----D C:\Users\Marcus\AppData\Local\{FE760D43-21E7-4527-BD54-7C307753955F}

O51 - MPSK:{3fe5d0b4-defe-11e0-a8c9-001cc0fe32ab}\AutoRun\command. (...) -- I:\steambackup2.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\facemoods [Key] . (...) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (.not file.) => facemoods.com facemoods Toolbar

 

C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Toolbar.Ask

 

emptytemp

emptyflash

proxyfix

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Marcus at 20/08/2012 14:50:22

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Registry Key ==========

DELETED Key*: Service: X6va005

DELETED Key*: Service: X6va006

DELETED Key*: Service: X6va007

DELETED CLSID MPSK: {3fe5d0b4-defe-11e0-a8c9-001cc0fe32ab}

DELETED Key: StartupReg: facemoods

 

========== Registry Value ==========

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {CF113EE3-CBDE-46AE-8910-B749737656F1}

 

========== Repertory ==========

NOT FOUND C:\Users\Marcus\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Marcus\AppData\Local\Histórico

DELETED Folder: C:\Users\Marcus\AppData\Local\VHS to DVD

DELETED Folder: C:\Users\Marcus\AppData\Local\{0026BD67-8373-4E12-B12C-B0E4737883C7}

DELETED Folder: C:\Users\Marcus\AppData\Local\{021A4F13-319F-40C7-A95F-01CE3B5AAF74}

DELETED Folder: C:\Users\Marcus\AppData\Local\{023D510A-AE3F-4996-901A-F40A485A2FDE}

DELETED Folder: C:\Users\Marcus\AppData\Local\{08347AA0-DDCB-4B5E-8B8D-86987EEE75F9}

DELETED Folder: C:\Users\Marcus\AppData\Local\{0A1CE580-32E0-478A-96DD-C60415CEEDD0}

DELETED Folder: C:\Users\Marcus\AppData\Local\{0B0CB94A-ADFA-47DA-9D1B-94FED784D076}

DELETED Folder: C:\Users\Marcus\AppData\Local\{1E5DEC61-DCE7-41D0-A782-524E67B36260}

DELETED Folder: C:\Users\Marcus\AppData\Local\{213D09A8-13A6-453E-9DAC-C6D7152BE7C3}

DELETED Folder: C:\Users\Marcus\AppData\Local\{23293C9A-4B58-48BD-B2A7-BD753A046992}

DELETED Folder: C:\Users\Marcus\AppData\Local\{2F99C863-D2A1-41F0-B6C1-A89A0C56BCC9}

DELETED Folder: C:\Users\Marcus\AppData\Local\{3199EC0A-ADA4-4906-80EF-8599CA22F444}

DELETED Folder: C:\Users\Marcus\AppData\Local\{3213BEB9-5331-4895-BC5B-B8EA8A9D6CED}

DELETED Folder: C:\Users\Marcus\AppData\Local\{331C2C5B-FBF4-4462-B55A-FF4A98895518}

DELETED Folder: C:\Users\Marcus\AppData\Local\{345C314A-ABA8-4924-993B-BD6A4B0C54D0}

DELETED Folder: C:\Users\Marcus\AppData\Local\{3A53689F-57BF-4FE0-8EEA-BD8A5A05C218}

DELETED Folder: C:\Users\Marcus\AppData\Local\{3BB9653B-844E-4C7F-877C-5679B5E8007A}

DELETED Folder: C:\Users\Marcus\AppData\Local\{40BF85FF-30D4-4106-A8C5-86799FB4A841}

DELETED Folder: C:\Users\Marcus\AppData\Local\{45AA46D2-AF12-4260-A975-5533A15B9580}

DELETED Folder: C:\Users\Marcus\AppData\Local\{4C54CEC4-D369-46F3-87B9-F9D103935D98}

DELETED Folder: C:\Users\Marcus\AppData\Local\{4D9796BD-03AE-42E4-95FD-C804896CFA43}

DELETED Folder: C:\Users\Marcus\AppData\Local\{4F879DE9-21D8-47FE-BEF4-EB6A075CB566}

DELETED Folder: C:\Users\Marcus\AppData\Local\{5194A5E3-C62F-4745-BFD6-BDE655310C3A}

DELETED Folder: C:\Users\Marcus\AppData\Local\{5259D497-C550-465A-8E8F-2B37C6E391A3}

DELETED Folder: C:\Users\Marcus\AppData\Local\{55B89179-5605-43CB-BDB6-BC3C5AA11CD8}

DELETED Folder: C:\Users\Marcus\AppData\Local\{5E5C3B05-37CF-428C-B49C-8217DA3FF0AD}

DELETED Folder: C:\Users\Marcus\AppData\Local\{656439C9-0199-44BD-8A08-4AF0CBC9B171}

DELETED Folder: C:\Users\Marcus\AppData\Local\{65974CE8-A673-4094-8FC1-EC5753F5DCF5}

DELETED Folder: C:\Users\Marcus\AppData\Local\{6AA3D605-2FFA-442F-9623-7F721987C79A}

DELETED Folder: C:\Users\Marcus\AppData\Local\{6F3275FB-F034-4217-AFA6-295BFEA4741C}

DELETED Folder: C:\Users\Marcus\AppData\Local\{70A3DAAF-1E45-48C3-ABEF-450E06A35AF6}

DELETED Folder: C:\Users\Marcus\AppData\Local\{776B1128-FA61-4EE9-AE72-12913C53D79E}

DELETED Folder: C:\Users\Marcus\AppData\Local\{7C58520F-6E53-488D-A793-325FB23D5B6F}

DELETED Folder: C:\Users\Marcus\AppData\Local\{7C7724E9-85C6-434E-B035-C3696D6CCD6E}

DELETED Folder: C:\Users\Marcus\AppData\Local\{87F43280-A27F-49AF-85F0-391AF9828A96}

DELETED Folder: C:\Users\Marcus\AppData\Local\{94C79A23-FEFB-4C2A-8687-4F50171AF96B}

DELETED Folder: C:\Users\Marcus\AppData\Local\{952F431E-90EA-46FB-8922-F759D3A49854}

DELETED Folder: C:\Users\Marcus\AppData\Local\{98C8E5E0-BF2A-474E-A4C6-51253D539ADA}

DELETED Folder: C:\Users\Marcus\AppData\Local\{9E46B083-8C09-496F-8759-9936DE4BFF73}

DELETED Folder: C:\Users\Marcus\AppData\Local\{A56CB0D6-7375-4D24-A23F-E7973CD10442}

DELETED Folder: C:\Users\Marcus\AppData\Local\{AC3175DF-63DB-44FD-9668-1F380C43F253}

DELETED Folder: C:\Users\Marcus\AppData\Local\{AD8B0AD6-7BB0-40D7-A4DF-72CF52D1E691}

DELETED Folder: C:\Users\Marcus\AppData\Local\{B894A4C2-33B5-468A-AD1F-BD3BB17986FF}

DELETED Folder: C:\Users\Marcus\AppData\Local\{BB085EB6-A01E-4034-B7E5-C83915EB2F40}

DELETED Folder: C:\Users\Marcus\AppData\Local\{BEE3CBF2-49BB-4719-A268-F7344F943552}

DELETED Folder: C:\Users\Marcus\AppData\Local\{C1E761A8-783C-4128-8061-23E0D9D92B61}

DELETED Folder: C:\Users\Marcus\AppData\Local\{C683B403-B628-46DD-BFCF-2F126C8931AF}

DELETED Folder: C:\Users\Marcus\AppData\Local\{C843573C-2EBC-4DE3-AFE6-96D8299C97DE}

DELETED Folder: C:\Users\Marcus\AppData\Local\{CAABF6D5-5C4D-47A2-903E-B09FECD39C9E}

DELETED Folder: C:\Users\Marcus\AppData\Local\{CE3B5252-BBB5-4114-B135-5C1619CD47F5}

DELETED Folder: C:\Users\Marcus\AppData\Local\{D669F607-931F-44AD-B608-71950C30C958}

DELETED Folder: C:\Users\Marcus\AppData\Local\{D9B01E83-7505-467B-A8D9-2012C36A8F66}

DELETED Folder: C:\Users\Marcus\AppData\Local\{DBA6BCCE-B8CD-4791-9CB0-C63745C0E167}

DELETED Folder: C:\Users\Marcus\AppData\Local\{DE4DAB4B-454D-4343-B16B-074093EECFD1}

DELETED Folder: C:\Users\Marcus\AppData\Local\{DF9EDAE3-21BA-463B-BD5E-09A347AFAAA4}

DELETED Folder: C:\Users\Marcus\AppData\Local\{ED6DB499-8B96-47D1-A0D8-7A0895025499}

DELETED Folder: C:\Users\Marcus\AppData\Local\{F6EEC108-BC5A-41AA-A715-73C35C15CEA7}

DELETED Folder: C:\Users\Marcus\AppData\Local\{FE760D43-21E7-4527-BD54-7C307753955F}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND Folder/File: c:\users\marcus\appdata\local\temp\temp1_balabolka

NOT FOUND File: c:\users\marcus\appdata\local\temp\005d7f9.tmp

NOT FOUND File: c:\users\marcus\appdata\local\temp\006aa44.tmp

NOT FOUND File: c:\users\marcus\appdata\local\temp\007ec46.tmp

DELETED File: c:\users\marcus\appdata\roaming\microsoft\internet explorer\quick launch\pc mega rapido pro.lnk

NOT FOUND File: c:\program files (x86)\pc mega rapido pro 2.1\pcmega_registro.exe

NOT FOUND Folder/File: c:\windows\system32\tasks\scheduled update for ask toolbar

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: Scheduled Update for Ask Toolbar

DELETED Task: {05D1631B-4897-4D37-A0BC-CAF169EDB167}

DELETED Task: {5B241A4A-7771-43E2-87E5-F3FD4CF2F84A}

DELETED Task: {633DF3EA-89BE-4DFE-B733-71AEB64ACFD4}

DELETED Task: {68D59038-78BF-4D9F-8358-06EDFC20A1BA}

DELETED Task: {86CA8B94-3765-4DE7-B4C3-9B2B3CF781D5}

DELETED Task: {A3716CA1-6CD1-4A96-B47D-D97E20279C4D}

DELETED Task: {B9593D70-3363-47CD-9AEF-06D68B958EE8}

DELETED Task: {F1285689-4246-4112-B03F-325D45CD56C9}

DELETED Task: {352747F2-1390-4438-BA6A-70CC94185FB0}

DELETED Task: {7E5501AE-873B-4ECC-82CD-1FD77F6E23D6}

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

5 : Registry Key

9 : Registry Value

62 : Repertory

9 : File

11 : Task

1 : Restoration

 

 

End of clean in 00mn 23s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 20/08/2012 14:50:22 [7627]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! .matiello

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar!

 

abbLFX11.jpg

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

 

OTL_Configuracao.jpg >> OTL_Padrao.jpg

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

OTL_SemExt2.jpg

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s

*keygen* /s

*serial* /s

*AutoKMS* /s

*loader* /s

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

regedit /e c:\registrybackup.reg /c

type c:\boot.ini >> test.txt /c

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar: OTL_Verificar.jpg

 

|- Concluindo,poste o relatório: OTL.txt

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL logfile created on: 20/08/2012 21:09:31 - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Marcus\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,99 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,59% Memory free

7,98 Gb Paging File | 6,38 Gb Available in Paging File | 79,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,76 Gb Total Space | 279,69 Gb Free Space | 60,05% Space Free | Partition Type: NTFS

 

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/08/20 21:07:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe

PRC - [2012/07/31 12:19:49 | 008,886,256 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/03/07 15:17:52 | 027,473,760 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

PRC - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012/02/03 15:28:49 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

PRC - [2012/02/03 15:28:47 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011/10/04 21:20:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/08/10 16:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/08/08 19:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011/04/18 15:13:40 | 000,056,776 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2011/04/14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

PRC - [2011/03/21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

PRC - [2011/03/01 11:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2010/04/27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

PRC - [2009/07/14 21:25:32 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe

PRC - [2009/07/10 10:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) -- C:\Program Files (x86)\Scpad\scpVista.exe

PRC - [2007/12/19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

PRC - [2006/09/28 06:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/04/10 14:24:20 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/07/31 12:19:48 | 000,426,480 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll

MOD - [2012/07/31 12:19:48 | 000,235,504 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll

MOD - [2012/07/31 12:19:48 | 000,230,384 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll

MOD - [2012/07/31 12:19:48 | 000,159,216 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll

MOD - [2011/08/08 19:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2011/04/14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

MOD - [2011/03/21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

MOD - [2011/03/18 12:51:44 | 007,859,200 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtGui4.dll

MOD - [2011/03/18 12:51:44 | 002,210,816 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtCore4.dll

MOD - [2011/03/18 12:51:44 | 000,814,080 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\QtNetwork4.dll

MOD - [2011/03/18 12:51:44 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg4.dll

MOD - [2011/03/18 12:51:44 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif4.dll

MOD - [2010/04/27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

MOD - [2009/07/14 21:25:32 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe

MOD - [2009/07/14 21:24:16 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraPtb.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/08/20 12:42:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/08/15 21:55:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/08/15 13:44:42 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/02/03 15:28:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/02/03 15:28:49 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2012/02/03 15:28:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/01/19 08:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011/10/04 21:20:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/08/28 17:12:00 | 004,621,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2011/08/10 16:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011/04/18 15:13:40 | 000,056,776 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011/03/01 11:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/07/10 10:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) [Auto | Running] -- C:\Program Files (x86)\Scpad\scpVista.exe -- (scpVista)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2006/09/28 06:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/08/20 13:56:07 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/03 15:29:11 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012/02/03 15:29:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012/02/03 15:29:11 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011/09/14 15:29:51 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/30 23:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)

DRV:64bit: - [2010/06/07 16:02:24 | 001,917,576 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkCMini.sys -- (StkCMini)

DRV:64bit: - [2010/03/23 15:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)

DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/22 08:05:58 | 000,273,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/11/04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (NCPro)

DRV - [2011/04/18 15:14:16 | 000,046,664 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.megaware.com.br

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_pt-BR

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\SearchScopes\{6C40590E-0C07-4D68-A111-50555F5DD19A}: "URL" = http://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marcus\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marcus\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/08 15:17:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Marcus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Skype Click to Call = C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\

 

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll (Caixa Economica Federal)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)

O4 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)

O15 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..Trusted Domains: sony.com ([]* in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923CF0BB-AD2F-4A18-9EF7-3A1E438138FD}: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923CF0BB-AD2F-4A18-9EF7-3A1E438138FD}: NameServer = 200.175.5.139,200.175.182.139

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehCef.dll) - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehCef.dll (Caixa Economica Federal)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Program Files (x86)\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll (Caixa Economica Federal)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/03/11 20:02:51 | 000,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/08/20 21:07:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe

[2012/08/20 15:33:57 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\{15CC6928-8F7A-4391-98F2-84A2D6EC200C}

[2012/08/20 14:06:38 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/08/20 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag

[2012/08/16 02:05:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/08/16 02:05:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/08/16 02:05:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/08/16 02:05:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/08/16 02:05:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/08/16 02:05:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/08/16 02:05:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/08/16 02:05:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/08/16 02:05:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/08/16 02:05:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/08/16 02:05:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/08/16 02:05:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/08/16 02:05:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/08/15 11:44:58 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012/08/15 11:44:52 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012/08/15 11:44:52 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/08/15 11:44:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012/08/15 11:44:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/08/15 11:44:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012/08/15 11:44:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012/08/15 11:44:46 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2012/07/26 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\Marcus\AppData\Local\Chromium

[2012/07/26 20:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios

[2012/07/26 20:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios

[2012/07/26 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/08/20 21:07:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Marcus\Desktop\OTL.exe

[2012/08/20 20:53:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/20 20:42:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/20 20:34:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000UA.job

[2012/08/20 17:53:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/20 17:28:04 | 000,009,118 | ---- | M] () -- C:\Users\Marcus\Desktop\174617_116524375509_3927547_n.jpg

[2012/08/20 14:11:53 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/20 14:11:53 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/20 14:07:33 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2012/08/20 14:06:37 | 000,001,002 | ---- | M] () -- C:\Users\Marcus\Desktop\ZHPDiag.lnk

[2012/08/20 14:06:37 | 000,001,002 | ---- | M] () -- C:\Users\Marcus\Desktop\MBRCheck.lnk

[2012/08/20 14:06:37 | 000,000,990 | ---- | M] () -- C:\Users\Marcus\Desktop\ZHPFix.lnk

[2012/08/20 13:56:20 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2012/08/20 13:56:07 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys

[2012/08/20 13:55:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/20 13:55:06 | 3213,594,624 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/20 13:52:34 | 000,618,227 | ---- | M] () -- C:\Users\Marcus\Desktop\adwcleaner.exe

[2012/08/19 23:51:46 | 000,000,219 | ---- | M] () -- C:\Users\Marcus\Desktop\Counter-Strike Global Offensive Beta.url

[2012/08/16 12:06:02 | 000,442,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/15 11:38:02 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012/08/14 21:35:11 | 000,002,459 | ---- | M] () -- C:\Users\Marcus\Desktop\Google Chrome.lnk

[2012/08/13 17:24:37 | 000,116,370 | ---- | M] () -- C:\Users\Marcus\Desktop\vale-boquete-testosterona.jpg

[2012/08/10 10:34:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000Core.job

[2012/07/26 20:17:21 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk

[2012/07/26 20:17:21 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk

[2012/07/25 22:38:36 | 000,012,369 | ---- | M] () -- C:\Users\Marcus\Desktop\juninho_pernambucano.jpg

[2012/07/23 18:36:04 | 000,344,341 | ---- | M] () -- C:\Users\Marcus\Desktop\iKeroXeQuix(LoL).jpg

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/08/20 17:28:07 | 000,009,118 | ---- | C] () -- C:\Users\Marcus\Desktop\174617_116524375509_3927547_n.jpg

[2012/08/20 14:07:33 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2012/08/20 14:06:37 | 000,344,187 | ---- | C] () -- C:\Users\Marcus\Desktop\ZHP_uninstall.exe

[2012/08/20 14:06:37 | 000,001,002 | ---- | C] () -- C:\Users\Marcus\Desktop\ZHPDiag.lnk

[2012/08/20 14:06:37 | 000,001,002 | ---- | C] () -- C:\Users\Marcus\Desktop\MBRCheck.lnk

[2012/08/20 14:06:37 | 000,000,990 | ---- | C] () -- C:\Users\Marcus\Desktop\ZHPFix.lnk

[2012/08/20 13:52:10 | 000,618,227 | ---- | C] () -- C:\Users\Marcus\Desktop\adwcleaner.exe

[2012/08/20 11:49:29 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/19 23:51:46 | 000,000,219 | ---- | C] () -- C:\Users\Marcus\Desktop\Counter-Strike Global Offensive Beta.url

[2012/08/15 11:38:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW

[2012/08/13 17:24:48 | 000,116,370 | ---- | C] () -- C:\Users\Marcus\Desktop\vale-boquete-testosterona.jpg

[2012/07/26 20:17:21 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk

[2012/07/26 20:17:21 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk

[2012/07/25 22:38:45 | 000,012,369 | ---- | C] () -- C:\Users\Marcus\Desktop\juninho_pernambucano.jpg

[2012/07/23 18:33:07 | 000,344,341 | ---- | C] () -- C:\Users\Marcus\Desktop\iKeroXeQuix(LoL).jpg

[2012/03/25 18:44:27 | 000,045,056 | ---- | C] () -- C:\Users\Marcus\AppData\Local\usb.exe

[2011/11/29 13:43:33 | 000,001,479 | ---- | C] () -- C:\Users\Marcus\.recently-used.xbel

[2011/11/05 09:12:03 | 000,001,320 | ---- | C] () -- C:\Windows\cm108.ini

[2011/10/04 21:20:12 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/10/04 21:20:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/09/19 21:31:05 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32.exe

[2011/09/19 21:31:05 | 000,009,136 | ---- | C] () -- C:\Windows\SysWow64\Inetwh16.dll

[2011/09/19 21:31:05 | 000,004,528 | ---- | C] () -- C:\Windows\SysWow64\Setbrows.exe

[2011/09/19 21:31:02 | 000,000,032 | ---- | C] () -- C:\Windows\WIPO_up.ini

[2011/09/15 16:23:37 | 012,212,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys

[2011/09/15 16:23:37 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe

[2011/09/15 16:23:37 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys

[2011/09/15 16:23:37 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe

[2011/09/15 16:23:37 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini

[2011/09/15 16:23:36 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

[2011/08/26 14:19:39 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/08/26 14:19:38 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/08/26 14:19:38 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/08/26 14:19:38 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/06/14 19:19:44 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe

[2011/05/24 00:14:21 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/03/17 18:45:17 | 000,000,000 | ---- | C] () -- C:\Windows\pgdDmed.ini

[2010/11/20 06:33:10 | 001,508,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/03/13 08:05:09 | 000,007,614 | ---- | C] () -- C:\Users\Marcus\AppData\Local\resmon.resmoncfg

 

========== LOP Check ==========

 

[2011/09/03 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AVG9

[2012/02/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BANDISOFT

[2011/09/03 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitCometLite

[2012/04/08 17:13:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite

[2010/05/29 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DiskAid

[2011/12/18 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo

[2011/09/15 20:52:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\gtk-2.0

[2012/06/17 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\LolClient

[2012/06/03 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\LolClient2

[2012/04/08 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Razer

[2010/10/18 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Software4u

[2011/12/19 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer

[2012/07/29 16:25:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client

[2011/12/22 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ubisoft

[2011/06/14 19:27:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ulead Systems

[2012/05/28 20:24:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Unity

[2012/08/15 22:04:54 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent

[2012/06/09 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WGB_Panther_PB

[2012/07/30 12:03:14 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/08/20 13:56:20 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< *crack* /s >

[2010/08/11 16:22:20 | 006,373,387 | ---- | M] () -- \ongame\Pointblank\Pack\Crackdown.i3Pack

[2010/08/11 16:22:22 | 001,023,295 | ---- | M] () -- \ongame\Pointblank\Pack\Crackdown_Col.i3Pack

[2010/08/24 15:50:58 | 000,158,143 | ---- | M] () -- \ongame\Pointblank\Pack\Crackdown_Col_Hero.i3Pack

[2010/08/11 16:22:20 | 000,111,364 | ---- | M] () -- \ongame\Pointblank\Pack\Crackdown_Scene.i3Pack

[2010/08/11 16:22:22 | 002,035,641 | ---- | M] () -- \ongame\Pointblank\Pack\Crackdown_SubData.i3Pack

[2010/10/04 22:50:56 | 000,062,238 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat

 

< *keygen* /s >

 

< *serial* /s >

[2012/02/20 17:21:34 | 000,024,576 | R--- | M] () -- \Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\Binaries\Autoreporter.XmlSerializers.dll

[2012/03/29 06:01:00 | 000,413,696 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll

[2012/05/11 00:39:04 | 001,186,816 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll

[2010/11/04 22:52:27 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll

[2010/11/04 22:53:16 | 000,094,208 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR\System.RunTime.Serialization.Resources.dll

[2011/09/18 12:53:56 | 000,723,648 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\matielloo\team fortress 2\bin\dmserializers.dll

[2010/11/04 22:52:08 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll

[2010/11/04 22:55:19 | 000,094,208 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\pt-BR\System.RunTime.Serialization.Resources.dll

[2010/05/08 07:59:13 | 000,000,560 | ---- | M] () -- \Users\Marcus\Downloads\Seriales_Office_2007__Enterprise.txt

[2009/07/14 14:55:06 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2009/06/10 18:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2009/07/14 14:55:16 | 000,094,208 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_pt-BR_b77a5c561934e089\System.RunTime.Serialization.Resources.dll

[2010/11/04 22:52:27 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2012/05/11 09:50:39 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ff4e90c5842525f7a7456639de090d8\System.Runtime.Serialization.Formatters.Soap.ni.dll

[2012/05/11 11:04:46 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll

[2012/05/11 12:28:44 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\265531568722647aab229a2cec195b3d\System.Runtime.Serialization.ni.dll

[2012/05/11 09:52:45 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\807759890a40e4047c35a24e64dc76d5\System.Runtime.Serialization.Formatters.Soap.ni.dll

[2012/05/11 11:06:36 | 000,311,296 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\5a4d233916a69d48fa12a9f7f103d893\System.Runtime.Serialization.Formatters.Soap.ni.dll

[2012/05/11 11:06:32 | 002,647,040 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll

[2012/05/11 12:28:06 | 000,009,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\4b540b784465ca3f0742990e5af444e3\System.Xml.Serialization.ni.dll

[2012/05/11 12:32:57 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\7590828d50338d512b11a4d3f87d69a2\System.Runtime.Serialization.Formatters.Soap.ni.dll

[2012/05/11 12:32:50 | 003,412,992 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\affb28e2d9cc3c19de0758e7e8c68e8f\System.Runtime.Serialization.ni.dll

[2012/05/11 14:38:58 | 000,010,240 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\7fa267d10b2df6dbd00d00d130715f0a\System.Xml.Serialization.ni.dll

[2012/06/14 00:32:07 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2012/06/14 00:32:06 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2012/06/14 00:32:08 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

[2009/06/10 18:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

[2010/11/04 22:53:12 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2010/11/04 22:52:39 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

[2010/03/18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll

[2010/03/18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll

[2011/04/06 16:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll

[2009/06/10 17:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

[2010/11/04 22:55:09 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\pt-BR\System.Runtime.Serialization.Formatters.Soap.Resources.dll

[2010/11/04 22:52:16 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

[2010/03/18 13:16:28 | 001,026,936 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll

[2010/03/18 13:16:28 | 000,122,264 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll

[2011/04/06 16:48:20 | 000,011,120 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll

[2009/07/13 22:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll

[1 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]

[2009/07/13 21:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys

[2009/06/10 17:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys

[2009/07/14 14:55:08 | 000,005,120 | ---- | M] () -- \Windows\System32\pt-BR\serialui.dll.mui

[2009/07/13 22:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll

[1 \Windows\SysWOW64\*.tmp files -> \Windows\SysWOW64\*.tmp -> ]

[2009/07/14 14:55:08 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\pt-BR\serialui.dll.mui

[2009/07/14 14:55:04 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6113de7b18b573c2\System.Runtime.Serialization.Formatters.Soap.Resources.dll

[2010/11/04 22:55:09 | 000,011,776 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_6344f24315a3f75c\System.Runtime.Serialization.Formatters.Soap.Resources.dll

[2009/07/14 14:55:06 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ef525519510a2520\serialui.dll.mui

[2009/07/13 22:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll

[2009/07/14 14:55:16 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_fe5b8618bfde39ff\System.RunTime.Serialization.Resources.dll

[2010/11/04 22:55:19 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_008c99e0bcccbd99\System.RunTime.Serialization.Resources.dll

[2009/07/14 14:55:12 | 000,011,264 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_659d960db99bc4c9\serial.sys.mui

[2009/07/13 21:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys

[2009/06/10 17:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll

[2009/06/10 17:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys

[2009/06/10 17:30:46 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c\System.Runtime.Serialization.dll

[2010/11/04 22:52:16 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll

[2009/06/10 17:30:43 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05\System.Runtime.Serialization.dll

[2010/11/04 22:52:08 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll

[2011/08/14 15:11:39 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest

[2011/08/14 15:11:39 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744

[2009/07/14 14:55:29 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_ef525519510a2520_serialui.dll.mui_7d29d2a3

[2009/07/13 23:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328

[2009/07/14 14:55:31 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9333b99598acb3ea_serialui.dll.mui_7d29d2a3

[2009/07/13 23:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328

[2009/07/13 23:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest

[2011/02/05 10:10:43 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16757_none_6dccf6b5c641c933.manifest

[2011/02/05 10:05:47 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.20897_none_6e2b53d0df7fd8c1.manifest

[2011/02/05 14:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest

[2011/02/05 10:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest

[2009/07/13 23:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest

[2009/07/13 23:26:23 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7600.16385_none_5943b25a748cb06c.manifest

[2010/11/20 06:21:24 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest

[2009/07/13 23:27:09 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_941abf24c884ab05.manifest

[2010/11/20 06:22:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest

[2009/07/13 22:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest

[2010/11/20 05:06:16 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest

[2009/07/14 14:54:41 | 000,001,635 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_pt-br_8319a97708bbf95b.manifest

[2009/07/13 22:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest

[2010/11/20 05:05:38 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest

[2009/07/13 22:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest

[2010/11/20 05:10:46 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest

[2009/06/10 18:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll

[2009/07/14 14:55:06 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_pt-br_2487a3575ea111ef\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2009/06/10 18:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll

[2010/11/04 22:52:39 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll

[2009/07/14 14:55:16 | 000,094,208 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_pt-br_8319a97708bbf95b\System.RunTime.Serialization.Resources.dll

[2009/06/10 18:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll

[2010/11/04 22:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll

[2009/07/14 14:55:06 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6888cd4d1635bd\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2010/11/04 22:53:12 | 000,011,776 | ---- | M] () -- \Windows\winsxs\wow64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_6d999c954a04b957\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2009/07/14 14:55:08 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_9333b99598acb3ea\serialui.dll.mui

[2009/07/13 22:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll

[2009/07/14 14:55:16 | 000,094,208 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a23cea950780c8c9\System.RunTime.Serialization.Resources.dll

[2010/11/04 22:53:16 | 000,094,208 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.17514_pt-br_a46dfe5d046f4c63\System.RunTime.Serialization.Resources.dll

[2009/06/10 18:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

[2010/11/04 22:52:27 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll

 

< *AutoKMS* /s >

 

< *loader* /s >

[2011/06/15 14:22:16 | 000,110,592 | ---- | M] () -- \Level Up! Games\Combat Arms\Uploader.exe

[2010/06/08 13:32:26 | 000,119,808 | ---- | M] () -- \ongame\Pointblank\PhysXLoader.2.8.1.dll

[2012/02/03 15:28:49 | 000,047,568 | ---- | M] () -- \Program Files (x86)\Avira\AntiVir Desktop\avwebloader.dll

[2012/02/03 15:28:49 | 000,234,448 | ---- | M] () -- \Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe

[2012/02/03 15:28:50 | 001,715,152 | ---- | M] () -- \Program Files (x86)\Avira\AntiVir Desktop\avwebloadergui.dll

[2006/10/26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.dll

[2006/10/26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\coloader.tlb

[2010/02/07 22:40:00 | 000,000,543 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders

[2009/12/15 18:58:18 | 000,017,056 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll

[2009/12/15 18:58:20 | 000,018,592 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll

[2009/12/15 18:58:24 | 000,026,272 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll

[2009/12/15 18:58:26 | 000,012,960 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll

[2009/12/15 18:58:28 | 000,017,568 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll

[2009/12/15 18:58:56 | 000,019,616 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll

[2009/12/15 18:59:04 | 000,015,008 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll

[2009/12/15 18:59:06 | 000,019,104 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll

[2009/12/15 18:59:10 | 000,017,056 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll

[2009/12/15 18:59:14 | 000,012,448 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll

[2009/12/15 18:59:16 | 000,016,544 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll

[2009/12/15 18:59:20 | 000,016,544 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll

[2009/12/15 18:59:22 | 000,011,936 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll

[2009/12/15 18:59:24 | 000,013,984 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll

[2009/12/15 18:59:28 | 000,028,320 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll

[2009/05/01 20:42:00 | 000,009,880 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll

[2011/06/27 14:06:26 | 000,064,280 | R--- | M] () -- \Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\Binaries\Win32\PhysXLoader.dll

[2008/06/20 19:13:32 | 000,044,032 | ---- | M] () -- \Program Files (x86)\WinRAR\RarExtLoader.exe

[2011/10/24 15:52:21 | 000,047,616 | ---- | M] () -- \Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlus-WLMLoader.dll

[2011/06/16 06:23:45 | 000,001,192 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities\Uploader Software.lnk

[2011/10/27 13:08:42 | 000,007,715 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js

[2011/10/27 13:08:42 | 000,000,319 | ---- | M] () -- \ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul

[2012/05/15 09:59:24 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif

[2012/05/15 09:59:24 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png

[2012/02/15 15:39:14 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.152\deploy\assets\storeImages\layout\small_loader.gif

[2012/02/15 15:39:14 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.157\deploy\assets\storeImages\layout\small_loader.gif

[2012/02/15 15:39:14 | 000,000,404 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.190\deploy\assets\storeImages\layout\small_loader.gif

[2011/06/16 06:23:45 | 000,001,192 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\Programs\Utilities\Uploader Software.lnk

[2011/10/27 13:08:42 | 000,007,715 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js

[2011/10/27 13:08:42 | 000,000,319 | ---- | M] () -- \Users\All Users\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul

[2012/05/15 09:59:24 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif

[2012/05/15 09:59:24 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png

[2012/08/18 01:47:51 | 000,005,505 | ---- | M] () -- \Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB3YKD9I\queryLoader[1].js

[2012/08/18 01:47:52 | 000,000,353 | ---- | M] () -- \Users\Marcus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5ZERCG1\queryLoader[1].css

[2012/05/28 20:24:07 | 000,001,057 | ---- | M] () -- \Users\Marcus\AppData\Roaming\Unity\WebPlayerPrefs\files_2edeadfrontier_2ecom\prefdeadfrontier-df3d-deadfrontierloader_2eunity3d.upp

[2011/10/01 20:27:45 | 001,881,640 | ---- | M] () -- \Users\Marcus\Downloads\CombatArms_BR_2.1109.02_Downloader.exe

[2012/08/12 21:08:44 | 004,110,768 | ---- | M] () -- \Users\Marcus\Downloads\The.Lion.King.1994.704p.x264.BRRip.GokU61.mp4_downloader_98828.exe

[2011/09/09 09:47:16 | 000,002,001 | ---- | M] () -- \Users\Marcus\Lol\LOLPBE\RADS\projects\lol_air_client\releases\0.0.0.133\deploy\assets\images\SpinLoader.png

[2011/09/09 10:27:38 | 000,000,404 | ---- | M] () -- \Users\Marcus\Lol\LOLPBE\RADS\projects\lol_air_client\releases\0.0.0.133\deploy\assets\storeImages\layout\small_loader.gif

[2011/09/09 09:47:16 | 000,002,001 | ---- | M] () -- \Users\Marcus\Lol\LOLPBE\RADS\projects\lol_air_client\releases\0.0.0.9\deploy\assets\images\SpinLoader.png

[2011/09/09 10:27:38 | 000,000,404 | ---- | M] () -- \Users\Marcus\Lol\LOLPBE\RADS\projects\lol_air_client\releases\0.0.0.9\deploy\assets\storeImages\layout\small_loader.gif

[2011/06/16 06:23:45 | 000,001,192 | ---- | M] () -- \Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Utilities\Uploader Software.lnk

[2011/10/27 13:08:42 | 000,007,715 | ---- | M] () -- \Users\Todos os Usuários\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.js

[2011/10/27 13:08:42 | 000,000,319 | ---- | M] () -- \Users\Todos os Usuários\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Chrome\Content\browserrecordloader.xul

[2012/05/15 09:59:24 | 000,072,638 | ---- | M] () -- \Users\Todos os Usuários\Skype\Apps\login\images\loader.gif

[2012/05/15 09:59:24 | 000,003,032 | ---- | M] () -- \Users\Todos os Usuários\Skype\Apps\login\images\loader.png

[2010/03/11 19:22:58 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll

[2009/07/15 12:33:35 | 000,263,680 | R--- | M] () -- \Windows\ConfigSetRoot\SOURCES\UPGLOADER.DLL

[2009/07/15 12:33:35 | 000,024,576 | R--- | M] () -- \Windows\ConfigSetRoot\SOURCES\PT-BR\UPGLOADER.DLL.MUI

[2012/08/20 15:40:13 | 000,030,120 | ---- | M] () -- \Windows\Prefetch\RAREXTLOADER.EXE-4B76CB3C.pf

[2011/07/16 01:15:45 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2009/07/13 22:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll

[1 \Windows\System32\*.tmp files -> \Windows\System32\*.tmp -> ]

[2012/04/26 09:26:34 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr

[2012/04/29 20:16:44 | 000,004,421 | ---- | M] () -- \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\moodsLoader[1].js

[2011/07/16 01:15:45 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

[2009/07/13 22:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll

[1 \Windows\SysWOW64\*.tmp files -> \Windows\SysWOW64\*.tmp -> ]

[2012/04/26 09:26:34 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr

[2012/04/29 20:16:44 | 000,004,421 | ---- | M] () -- \Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\moodsLoader[1].js

[2009/07/13 22:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll

[2009/07/13 22:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/05/14 04:18:33 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_66f39ad995474166\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/02 03:23:09 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_66e5ca0f95521152\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 02:04:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_66c2596d956d1920\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/03 03:39:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_673e58b0ae93bb84\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 02:06:43 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_67770e0aae6a7c68\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/05/14 04:04:21 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_68daf829926cc6a9\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/03 03:44:53 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_68ce27a99276afec\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 02:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/05/14 04:00:38 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_695ac552ab919bbb\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/03 03:40:10 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_694ff566ab99b7ac\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 02:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll

[2009/07/14 14:55:28 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9.manifest

[2009/07/14 14:55:28 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9_winload.efi.mui_35ee487d

[2009/07/14 14:55:28 | 000,035,392 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9_winload.exe.mui_3bc5b827

[2009/07/14 14:55:28 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9_winresume.efi.mui_f412814e

[2009/07/14 14:55:28 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9_winresume.exe.mui_ff8b5358

[2011/08/14 15:11:59 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest

[2011/08/14 15:11:59 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0

[2011/08/14 15:11:59 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076

[2011/08/14 15:11:59 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f

[2011/08/14 15:11:59 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215

[2009/07/13 23:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest

[2009/07/13 23:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0

[2009/07/14 14:54:25 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_d429e2316a68dab9.manifest

[2009/07/13 23:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest

[2011/02/05 10:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest

[2011/02/05 10:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest

[2010/11/20 06:12:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest

[2011/02/05 14:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest

[2011/02/05 10:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest

[2009/07/13 23:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest

[2009/07/13 22:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll

[2009/07/13 22:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/05/14 03:22:35 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16816_none_0ad4ff55dce9d030\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/02 02:45:50 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16823_none_0ac72e8bdcf4a01c\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 01:19:58 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16850_none_0aa3bde9dd0fa7ea\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/03 02:50:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.20978_none_0b1fbd2cf6364a4e\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 01:12:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.21010_none_0b587286f60d0b32\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/05/14 03:13:36 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17617_none_0cbc5ca5da0f5573\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/03 02:47:28 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17625_none_0caf8c25da193eb6\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 01:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/05/14 04:15:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21728_none_0d3c29cef3342a85\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/06/03 03:56:06 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21738_none_0d3159e2f33c4676\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/07/16 01:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll

 

< %APPDATA%\Local\*. >

 

< %APPDATA%\*.exe /s >

[2010/03/13 11:25:24 | 000,010,134 | R--- | M] () -- C:\Users\Marcus\AppData\Roaming\Microsoft\Installer\{C12A2A3D-0D08-8262-E189-E831A8AC3D37}\ARPPRODUCTICON.exe

[2011/01/11 18:44:36 | 000,514,216 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marcus\AppData\Roaming\Real\Update\setup3.13\setup.exe

[2011/01/04 14:14:48 | 000,092,328 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marcus\AppData\Roaming\Real\Update\setup3.13\ui_data\vista.exe

[2012/05/19 16:02:13 | 000,316,536 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe

[2012/08/12 21:16:31 | 028,111,328 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_data\RealPlayer_br.exe

[2012/05/19 19:02:27 | 000,692,480 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\stub_exe\RealPlayer_br.exe

 

< %APPDATA%\*. >

[2010/03/13 07:40:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Adobe

[2011/08/11 20:36:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Apple Computer

[2010/03/11 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ATI

[2011/09/03 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\AVG9

[2012/07/14 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Avira

[2012/02/02 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BANDISOFT

[2011/09/03 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitCometLite

[2012/04/08 17:13:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools Lite

[2010/05/29 18:11:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DiskAid

[2011/12/18 12:38:59 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\GetRightToGo

[2010/03/13 06:23:57 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Google

[2011/09/15 20:52:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\gtk-2.0

[2010/03/11 17:29:32 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Identities

[2011/06/14 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\InstallShield

[2012/06/17 14:35:25 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\LolClient

[2012/06/03 12:57:48 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\LolClient2

[2010/03/11 21:01:19 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Macromedia

[2012/04/02 20:40:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Malwarebytes

[2009/07/14 15:11:46 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Media Center Programs

[2012/08/16 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Media Player Classic

[2011/08/23 20:50:03 | 000,000,000 | --SD | M] -- C:\Users\Marcus\AppData\Roaming\Microsoft

[2011/06/16 06:23:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\NCH Software

[2012/04/08 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Razer

[2011/01/17 18:51:52 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Real

[2012/08/20 13:58:54 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Skype

[2010/10/18 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Software4u

[2011/12/19 21:08:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TeamViewer

[2012/07/29 16:25:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\TS3Client

[2011/12/22 15:49:41 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ubisoft

[2011/06/14 19:27:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ulead Systems

[2012/05/28 20:24:07 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Unity

[2012/08/15 22:04:54 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent

[2012/06/09 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WGB_Panther_PB

[2010/03/16 19:42:06 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinRAR

[2010/03/11 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Yahoo!

 

< %USERPROFILE%\AppData\Local\*.* >

[2012/04/13 17:34:10 | 000,121,000 | ---- | M] () -- C:\Users\Marcus\AppData\Local\GDIPFONTCACHEV1.DAT

[2012/08/20 13:54:16 | 009,351,905 | -H-- | M] () -- C:\Users\Marcus\AppData\Local\IconCache.db

[2011/04/14 21:05:44 | 000,007,614 | ---- | M] () -- C:\Users\Marcus\AppData\Local\resmon.resmoncfg

[2008/02/05 14:28:20 | 000,000,051 | ---- | M] () -- C:\Users\Marcus\AppData\Local\setup.txt

[2012/03/25 18:44:27 | 000,045,056 | ---- | M] () -- C:\Users\Marcus\AppData\Local\usb.exe

 

< %USERPROFILE%\AppData\Roaming\*.* >

 

< %systemroot%\assembly\tmp\*.* /S /MD5 >

 

< %systemroot%\assembly\temp\*.* /S /MD5 >

 

< %systemroot%\assembly\GAC\*.* /S /MD5 >

[2010/03/11 19:22:59 | 000,110,592 | ---- | M] () MD5=7ECB661F50F34A941A44DAC7241F7D08 -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

[2010/03/11 19:23:44 | 000,000,196 | ---- | M] () MD5=44300D5320DA9FE1A79F85D3CC8369AB -- C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/03/13 11:26:50 | 000,135,168 | ---- | M] () MD5=0B9B541D535D967743DDC5E7AD543878 -- C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\AxInterop.MSComctlLib.DLL

[2010/03/13 11:26:50 | 000,000,308 | ---- | M] () MD5=4C237A8BED2C6CDACEC02D10A616C08C -- C:\Windows\assembly\GAC\AxInterop.MSComctlLib\2.0.0.0__90ba9c70f846762e\__AssemblyInfo__.ini

[2010/03/13 11:26:50 | 000,212,992 | ---- | M] () MD5=B2D776ABCD8A02022D0793D522AC90D9 -- C:\Windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\AxInterop.MSForms.DLL

[2010/03/13 11:26:50 | 000,000,300 | ---- | M] () MD5=F93B9CAC505D83D82BCAD9B909F2B2C7 -- C:\Windows\assembly\GAC\AxInterop.MSForms\2.0.0.0__90ba9c70f846762e\__AssemblyInfo__.ini

[2010/03/11 19:22:58 | 000,065,536 | ---- | M] () MD5=BA073EDDE13179DA2DEFF264C2A272AB -- C:\Windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

[2010/03/11 19:23:44 | 000,000,195 | ---- | M] () MD5=19B3B194049ED86FA5D9F6EB31556E80 -- C:\Windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2010/03/11 19:23:00 | 000,004,608 | ---- | M] () MD5=74C8987F1B2549E1DF3EB3874B68ECAC -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll

[2010/03/11 19:23:44 | 000,000,204 | ---- | M] () MD5=B020031BAAF51236A37136B9198E0ECC -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/03/11 19:22:58 | 001,215,328 | ---- | M] () MD5=11CD947E77F4B91E61EFDCF7DD1A8766 -- C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll

[2010/03/11 19:23:58 | 000,000,197 | ---- | M] () MD5=518608D6F97FAB45E5D610E3793EF228 -- C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2010/03/11 19:22:58 | 000,082,784 | ---- | M] () MD5=523E4CC118AD2751A6A6C0EA3CC08F70 -- C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll

[2010/03/11 19:23:58 | 000,000,199 | ---- | M] () MD5=3689B8AC7230590BB996DD400FA24139 -- C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2010/03/13 11:26:48 | 000,143,360 | ---- | M] () MD5=2CCCADAA3052CEB5B112554F041BCD22 -- C:\Windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\ICSharpCode.SharpZipLib.DLL

[2010/03/13 11:26:48 | 000,000,321 | ---- | M] () MD5=FE076117EC2468D8FA2B53C4E5FF444E -- C:\Windows\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini

[2010/03/13 11:26:51 | 000,225,280 | ---- | M] () MD5=3EA79E7CD3B2BBCCCBC1AA9E7032A3C9 -- C:\Windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\Interop.MSComctlLib.DLL

[2010/03/13 11:26:51 | 000,000,304 | ---- | M] () MD5=06183CB4B5FCCBC4D3D30D2851C89EDC -- C:\Windows\assembly\GAC\Interop.MSComctlLib\2.0.0.0__90ba9c70f846762e\__AssemblyInfo__.ini

[2010/03/13 11:26:51 | 000,360,448 | ---- | M] () MD5=2E05B3124B43288B6F256CA7864BE2DF -- C:\Windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\Interop.MSForms.DLL

[2010/03/13 11:26:51 | 000,000,296 | ---- | M] () MD5=B0B33EF64D1647E473E629EF779D2686 -- C:\Windows\assembly\GAC\Interop.MSForms\2.0.0.0__90ba9c70f846762e\__AssemblyInfo__.ini

[2010/03/13 11:26:51 | 000,049,152 | ---- | M] () MD5=E3A801C4C1450EB03A753EFA80843F5A -- C:\Windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\Interop.NewIWshRuntimeLibrary.DLL

[2010/03/13 11:26:51 | 000,000,324 | ---- | M] () MD5=CAEBAB539B4A69DDA797332F8B503515 -- C:\Windows\assembly\GAC\Interop.NewIWshRuntimeLibrary\1.0.0.0__90ba9c70f846762e\__AssemblyInfo__.ini

[2010/03/13 11:26:48 | 000,013,312 | ---- | M] () MD5=1BF1820B86F4921D42D74C922044AC18 -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL

[2010/03/13 11:26:48 | 000,000,306 | ---- | M] () MD5=6D74831C5B706C6FF99EC3DD5C82A570 -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\__AssemblyInfo__.ini

[2010/03/11 19:22:53 | 000,031,560 | ---- | M] () MD5=038334CD1EFE7B2CB5684B09AF39F666 -- C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL

[2010/03/11 19:23:58 | 000,000,197 | ---- | M] () MD5=D4A0EA981874B9885745A2F6E62C273A -- C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,053,248 | ---- | M] () MD5=75933586AFD94EA24C5ACD3DBC89A272 -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

[2012/08/20 01:14:37 | 000,000,327 | ---- | M] () MD5=28058DE969A620A154CAE3170CE96528 -- C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,012,800 | ---- | M] () MD5=C0843F0F45EDEEF233B1E581AE75E3BB -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

[2012/08/20 01:14:37 | 000,000,313 | ---- | M] () MD5=A0A3C07721E7DF24DD69F1B525A96DD1 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,473,600 | ---- | M] () MD5=7AD4D9FABD109432EED91B359CEAE430 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

[2012/08/20 01:14:37 | 000,000,307 | ---- | M] () MD5=F39F95D1BFBD96019D80D5B5CF7D821C -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:34 | 002,676,224 | ---- | M] () MD5=A73E7421449CCA62B0561BAD4C8EF23D -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:34 | 000,000,309 | ---- | M] () MD5=D86E01FE35BA9DB8497A75C2730ED787 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:35 | 002,846,720 | ---- | M] () MD5=5E2B8B8A5ED016468716B9FF82A1806F -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:35 | 000,000,309 | ---- | M] () MD5=50EDACC870955B07BC1AB67B2F555DD8 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:35 | 000,563,712 | ---- | M] () MD5=D3F1922325BE8E7E1C72BFD8179454CE -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:35 | 000,000,309 | ---- | M] () MD5=03C7A7661D208418E9443DFA502A0CE3 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:35 | 000,567,296 | ---- | M] () MD5=FB3BC0754921873A65F5FBDCA845E6EE -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:35 | 000,000,309 | ---- | M] () MD5=E23E7422B26D1636D84DB3ACACA191B5 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:36 | 000,576,000 | ---- | M] () MD5=AFCF5F50C632F3A5598ABC28F196D77C -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:36 | 000,000,309 | ---- | M] () MD5=49A74783DECDD4F9CA150C7D2E364F3B -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:36 | 000,577,024 | ---- | M] () MD5=CCD53738DF4FA27849B6BB05DD67D10D -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:36 | 000,000,309 | ---- | M] () MD5=D766FF47A4779D9234AB5EBFBBFE891F -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:36 | 000,577,536 | ---- | M] () MD5=43C280C3B15CEB2472AB560D09629664 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:36 | 000,000,309 | ---- | M] () MD5=1475C1DF3547888329D510C569530BC9 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:36 | 000,577,536 | ---- | M] () MD5=490807C150B7D8BE44BDE871F4DF8C56 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:36 | 000,000,309 | ---- | M] () MD5=A5212A2290DC6B319C1652F132BA8795 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,578,560 | ---- | M] () MD5=933085360527DE1B4947289CA468184E -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:37 | 000,000,309 | ---- | M] () MD5=FAF1ECEBA3202D7A41528CBE74B1665C -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,578,560 | ---- | M] () MD5=25C76C1E29D3E8E7398F0901F558A629 -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/08/20 01:14:37 | 000,000,309 | ---- | M] () MD5=62FF7DDE61750ECB8300A382A074853C -- C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,145,920 | ---- | M] () MD5=D9824A9DD107E598575112B4FF897292 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

[2012/08/20 01:14:37 | 000,000,311 | ---- | M] () MD5=397F3A1346A115CC94F1954B948BA889 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:38 | 000,159,232 | ---- | M] () MD5=CEBD995DDEAB2C525A5C4E95789BC961 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

[2012/08/20 01:14:38 | 000,000,313 | ---- | M] () MD5=1EAE0C52D2E46E06BCD3D8D487B65767 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:38 | 000,364,544 | ---- | M] () MD5=46F26E2BAFD44960E7F13B2EF80AA0BC -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

[2012/08/20 01:14:38 | 000,000,311 | ---- | M] () MD5=613FC11A2AB3C92B234B79726B085D44 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:38 | 000,178,176 | ---- | M] () MD5=D035348EC8968861AF585B7132FE4C7B -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

[2012/08/20 01:14:38 | 000,000,313 | ---- | M] () MD5=AC23720D7B404D4E9FC3C51C83E17C53 -- C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/08/20 01:14:37 | 000,223,232 | ---- | M] () MD5=0C453970E89DB1C1EB9DE087E6EAB5BA -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

[2012/08/20 01:14:37 | 000,000,289 | ---- | M] () MD5=DE4A57640D697830DE7C90FDB7AB0616 -- C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009/07/14 01:55:04 | 000,356,352 | ---- | M] () MD5=DD2EB5E64619613C4C108CFB192F4950 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/14 01:55:04 | 000,000,325 | ---- | M] () MD5=3A74C27634435F509DC024FEEBE670E5 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2009/07/14 01:55:04 | 000,516,096 | ---- | M] () MD5=A02EE61542CAAE25F8A44C9428D30247 -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/14 01:55:04 | 000,000,328 | ---- | M] () MD5=FAF707724A740277714E33A65F4995BF -- C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini

[2010/03/11 19:22:59 | 008,007,680 | ---- | M] () MD5=5440EE9CD44616D60CDE57EBDB286E95 -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

[2010/03/11 19:23:44 | 000,000,207 | ---- | M] () MD5=1FF29DC2A2197D5984E5D418C904D3DF -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/03/11 19:22:54 | 000,016,712 | ---- | M] () MD5=8CB3CF3CDD7E41FAE6D0CBF94F00DEF5 -- C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll

[2010/03/11 19:23:58 | 000,000,225 | ---- | M] () MD5=0C4DC2E9F3A0B42477BA5BFCA042ACF7 -- C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:39 | 000,080,696 | ---- | M] () MD5=54582B7054EAD1EFBF9F0A8218B61C4B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll

[2010/03/11 19:23:58 | 000,000,224 | ---- | M] () MD5=553A1D17C8B2C73D599EC156ACA6CB7D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:45 | 001,612,592 | ---- | M] () MD5=F653D1F20A2EC194EAEC6E59435C5C7B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

[2010/03/11 19:23:44 | 000,000,220 | ---- | M] () MD5=BD77A7B56575BAF85941BF1AB5589890 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/02/29 01:22:20 | 001,279,864 | ---- | M] () MD5=A30331358FA33B3C7FDB972D802F57C4 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

[2012/02/29 01:22:45 | 000,000,219 | ---- | M] () MD5=1F7EE91CD8AE8A1CBF71624227DB3D63 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/02/29 01:22:16 | 000,149,368 | ---- | M] () MD5=3AF754C16AF954DB7367FB39C3739387 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

[2012/02/29 01:22:45 | 000,000,219 | ---- | M] () MD5=2E0B0F90BA89FA1EDCC289688BF58A7B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:55 | 000,404,296 | ---- | M] () MD5=604DE0F15138665E4108B986F0FDD94B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll

[2010/03/11 19:23:58 | 000,000,232 | ---- | M] () MD5=0AFFE8E498124664ADDFAB6632A93927 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:46 | 000,088,896 | ---- | M] () MD5=B1CD282FBEF31E321F48E103E2840DD0 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

[2010/03/11 19:23:58 | 000,000,226 | ---- | M] () MD5=0A56011D14E56BA6037C48FAE6064F2B -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:46 | 000,146,232 | ---- | M] () MD5=9A0E901BACEF14628977517AA002C765 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

[2010/03/11 19:23:58 | 000,000,222 | ---- | M] () MD5=CCC7961EC6B4CEF20C4A41E1BFF5CF78 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:52 | 000,017,208 | ---- | M] () MD5=5B8B3F76720166BF777A6AD38D12010F -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll

[2010/03/11 19:23:58 | 000,000,221 | ---- | M] () MD5=7C1C66BFBB15C0B3C1B9AFEEE2986CF8 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:46 | 000,920,376 | ---- | M] () MD5=5CBE57423C5CAFAA11B50E5C25DAE19D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

[2010/03/11 19:23:58 | 000,000,221 | ---- | M] () MD5=6B6872FAF93931EA6EB4F2E1E30A37D4 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/02/29 01:22:20 | 000,034,696 | ---- | M] () MD5=7E181C30E192223908BBF509AB827B41 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

[2012/02/29 01:22:46 | 000,000,228 | ---- | M] () MD5=2C6E214F297382A5343D10D8D8ED62C6 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2011/12/15 01:29:13 | 000,350,080 | ---- | M] () MD5=5C62BA3A0FEE2D763BB79F858204D09D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

[2011/12/15 01:29:14 | 000,000,224 | ---- | M] () MD5=EF446200B015C1662F07955E95322DCE -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:46 | 000,232,248 | ---- | M] () MD5=0944C6C65C258A4BE89605D666DE5880 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

[2010/03/11 19:23:58 | 000,000,223 | ---- | M] () MD5=89274E3F135691355EBD73770EAFF34D -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:56:54 | 000,019,320 | ---- | M] () MD5=3CC99DCCB5B9F51483AF7532A6D65F92 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

[2010/03/13 07:57:47 | 000,000,222 | ---- | M] () MD5=3C3CC20ADA56EB38EAF363E7A6BEEE93 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/02/29 01:22:20 | 000,870,256 | ---- | M] () MD5=54719FDC6A752DC78B364A3980DBC2E9 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

[2012/02/29 01:22:46 | 000,000,218 | ---- | M] () MD5=2A6411671028D5A543646989CB01DBD8 -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:59 | 000,013,312 | ---- | M] () MD5=D80746B2F94A3A28E380735D4B8A9EA3 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

[2010/03/11 19:23:44 | 000,000,210 | ---- | M] () MD5=A57C6028DAE8D855FFC2BBC2D6E57246 -- C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/03/11 19:22:46 | 000,371,496 | ---- | M] () MD5=BA4FB255E3887A039CB74A5870192220 -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

[2010/03/11 19:23:58 | 000,000,216 | ---- | M] () MD5=E9A3D4644D3B7C20C5EE60970BC5681C -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/02/29 01:22:17 | 000,063,336 | ---- | M] () MD5=B60C87E3CD3ACFA71DAD8145C66D6E9C -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

[2012/02/29 01:22:45 | 000,000,210 | ---- | M] () MD5=F4663120ABF3E8FF67D7AAF33BD68EDF -- C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:59 | 000,229,376 | ---- | M] () MD5=FDA48714F6A291E25A1A219E89D59D9B -- C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

[2010/03/11 19:23:58 | 000,000,200 | ---- | M] () MD5=481E504FBEA25FBF5408DB65F44FA5FA -- C:\Windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2010/03/11 19:22:59 | 000,004,096 | ---- | M] () MD5=AAA2E20588E154A10747BF1B31B55125 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

[2010/03/11 19:23:44 | 000,000,200 | ---- | M] () MD5=C1F5FADD74964959FC4394832BBC3E59 -- C:\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/03/13 07:56:55 | 000,423,784 | ---- | M] () MD5=DF7CBCD2DB89880A8A92EA134611B038 -- C:\Windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL

[2010/03/13 07:57:45 | 000,000,195 | ---- | M] () MD5=7C4A765B5AC30DBD8B53CD071B73840C -- C:\Windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:39 | 000,000,900 | ---- | M] () MD5=3D144BF3BA28D9E2BEDBA405FA672780 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.config

[2010/03/11 19:22:39 | 000,012,104 | ---- | M] () MD5=3BBBF705C91C7F399A073D96A4AE304A -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll

[2010/03/11 19:23:44 | 000,000,232 | ---- | M] () MD5=F14297FB0C6A046E4FB77263CBE167AF -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:57:10 | 000,000,898 | ---- | M] () MD5=DCC5E6E13187570656FB60EBB51751A8 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.config

[2010/03/13 07:57:10 | 000,011,144 | ---- | M] () MD5=AA14986D717AF25CF6362C69BFA13359 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll

[2010/03/13 07:57:48 | 000,000,231 | ---- | M] () MD5=4B9F522E4B403A5B090681600D9070C2 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:56:54 | 000,000,898 | ---- | M] () MD5=CC9313747F69E39B66D6B7EFE22FD328 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.config

[2010/03/13 07:56:54 | 000,011,128 | ---- | M] () MD5=CE0EDD4D644A7C624FA79E1B14B00323 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll

[2010/03/13 07:57:46 | 000,000,231 | ---- | M] () MD5=69CD87BB9C6DA0537CE63A53E7092F32 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:55 | 000,000,912 | ---- | M] () MD5=8A8FAFB921AFF270260924C1D31CE163 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.config

[2010/03/11 19:22:55 | 000,012,616 | ---- | M] () MD5=EC7F771DBC984954E076D03F055E0DBF -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll

[2010/03/11 19:23:58 | 000,000,238 | ---- | M] () MD5=8352AC255CC3F25FDF9AF1FECC8BD6F3 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:55 | 000,000,904 | ---- | M] () MD5=577D9B55DE8E70B51042ED8124D55C18 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.config

[2010/03/11 19:22:55 | 000,012,616 | ---- | M] () MD5=5B97D1FFA46C9CF752FA8164AB171C56 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll

[2010/03/11 19:23:58 | 000,000,234 | ---- | M] () MD5=8F1C69873B1ADCE21B3005A52A6921BA -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:52 | 000,000,902 | ---- | M] () MD5=E2724C2DF4C312D34E4A7BCABBDD5AB6 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.config

[2010/03/11 19:22:52 | 000,012,104 | ---- | M] () MD5=2EE2F1AD6A3B6317D045D2C31F6FEF65 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll

[2010/03/11 19:23:58 | 000,000,233 | ---- | M] () MD5=A1C0A9578F9D8E0FCA9A4440070F31B0 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:52 | 000,000,916 | ---- | M] () MD5=DA6AC9B205A7A7FF0AB028049FD3AEA1 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.config

[2010/03/11 19:22:52 | 000,012,632 | ---- | M] () MD5=DB1CC715650EC69FA2B20042B2DC6B5B -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll

[2010/03/11 19:23:58 | 000,000,240 | ---- | M] () MD5=47440CFB37970DEFA6E164D85EE5491B -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:57:20 | 000,000,908 | ---- | M] () MD5=49E684EE5FF535D8FF08056769A9F9E6 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.config

[2010/03/13 07:57:20 | 000,011,152 | ---- | M] () MD5=445F0A07EAE252BE0464273767B22453 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll

[2010/03/13 07:57:49 | 000,000,236 | ---- | M] () MD5=CC90EB2A26912AB4C5102CDEF753E91F -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:53 | 000,000,906 | ---- | M] () MD5=1B1C62C31CB95E0E1D20FF7F4EE99A34 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.config

[2010/03/11 19:22:53 | 000,012,104 | ---- | M] () MD5=554DA52E16EAB6C18D003C0157BE0DD3 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll

[2010/03/11 19:23:58 | 000,000,235 | ---- | M] () MD5=B3B78A70350941D7D6992D5142275669 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:56:55 | 000,000,904 | ---- | M] () MD5=AC1B446DC4969CE1D3F605D9CE098DDB -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.config

[2010/03/13 07:56:55 | 000,011,136 | ---- | M] () MD5=C2F8D5E1D25BCAE6516E88AA0342FB6E -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll

[2010/03/13 07:57:47 | 000,000,234 | ---- | M] () MD5=79D81B7149BDC2CD7CB5B48D05D75F37 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2012/02/29 01:22:20 | 000,000,896 | ---- | M] () MD5=33324BF6E22A322816FD4C1C58BB032C -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.config

[2012/02/29 01:22:20 | 000,011,144 | ---- | M] () MD5=2CE989B779144889EA1F30A046DF13CB -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll

[2012/02/29 01:22:46 | 000,000,230 | ---- | M] () MD5=314847472C40A8C3574130C873856447 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:56:55 | 000,000,880 | ---- | M] () MD5=AEEFC22DA8D1EBBA43AC2E8B0599DFE3 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.config

[2010/03/13 07:56:55 | 000,011,112 | ---- | M] () MD5=FFD49049DE84727DE54922181E0AFBA5 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll

[2010/03/13 07:57:46 | 000,000,222 | ---- | M] () MD5=122F7F6C517CFA276B874A7F20A796B4 -- C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/13 07:56:55 | 000,000,850 | ---- | M] () MD5=5717939AB3C1CFFDF93DDC9A14856755 -- C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.office.config

[2010/03/13 07:56:55 | 000,010,576 | ---- | M] () MD5=B6C7C64CB13A418DF859A018EC93727B -- C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll

[2010/03/13 07:57:46 | 000,000,207 | ---- | M] () MD5=E7E59ABBFF65ED4C142D4006A6197E0E -- C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2010/03/11 19:22:59 | 000,016,384 | ---- | M] () MD5=E1EEB7E26AB04075EECC7275239B20B3 -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

[2010/03/11 19:23:44 | 000,000,197 | ---- | M] () MD5=FC75E46DA5B9F9263B958C7B027ACBFC -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

 

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2010/11/20 09:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010/11/04 22:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2009/07/13 22:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe

[2009/07/13 18:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config

[2010/11/04 22:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010/11/20 09:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2009/07/13 22:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/13 22:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2012/07/12 01:12:12 | 000,117,160 | ---- | M] () MD5=569124F95660007F8C470D00A96CBD7D -- C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll

[2010/11/04 22:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2010/03/11 19:23:00 | 000,367,400 | ---- | M] () MD5=6CAD87F2BE4A4BC31D3FD5C923741418 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll

[2009/07/13 22:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2009/06/10 18:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009/06/10 18:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009/06/10 18:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009/06/10 18:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009/06/10 18:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2012/01/03 23:50:59 | 004,550,656 | ---- | M] () MD5=C850A6041F5AEDE21C53514BBE9AB09D -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009/06/10 18:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009/06/10 18:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009/06/10 18:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009/06/10 18:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009/06/10 18:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009/06/10 18:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009/06/10 18:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009/06/10 18:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009/06/10 18:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009/06/10 18:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010/11/20 09:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010/11/20 09:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009/07/13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config

[2009/07/13 22:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll

[2009/06/10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009/06/10 18:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 19:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config

[2009/07/13 22:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll

[2009/07/13 19:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009/07/13 22:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2012/02/10 20:31:40 | 004,218,880 | ---- | M] () MD5=AEDDFD540E3E6BECDB14C30D1F12B78A -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009/06/10 18:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2012/02/10 20:31:42 | 001,737,496 | ---- | M] () MD5=DDFBFD8959F32AC0CF3947F36BAC3081 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010/11/04 22:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010/11/04 22:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010/11/04 22:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010/11/20 01:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2012/02/10 20:31:41 | 000,372,736 | ---- | M] () MD5=A151947AD131A883870A6174CACF423B -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009/06/10 18:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2011/12/25 17:42:15 | 005,255,168 | ---- | M] () MD5=7D2B8E2CE3EF2DC633689F1E1F4A7504 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\assembly\GAC_64\*.* /S /MD5 >

[2010/11/20 10:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll

[2010/11/04 22:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2010/11/04 22:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010/11/20 10:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

[2010/11/20 10:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe

[2010/11/20 10:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll

[2009/07/13 22:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll

[2009/07/13 22:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll

[2011/08/17 02:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

[2010/11/20 10:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll

[2010/11/20 10:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll

[2010/11/20 10:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll

[2010/11/20 10:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll

[2010/11/04 22:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2009/07/13 22:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll

[2010/11/20 10:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll

[2010/11/04 22:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe

[2009/06/10 17:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config

[2009/06/10 17:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2009/06/10 17:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2009/06/10 17:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2012/01/04 00:34:35 | 004,567,040 | ---- | M] () MD5=12E5EDB59F4FE680B7AD9ADC8E2C17D3 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2009/06/10 17:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2009/06/10 17:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2009/06/10 17:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2009/06/10 17:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2009/06/10 17:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2009/06/10 17:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2009/06/10 17:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2009/06/10 17:40:02 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2009/06/10 17:40:02 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2009/06/10 17:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2010/11/20 10:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL

[2010/11/20 10:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL

[2009/06/10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll

[2009/06/10 17:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.config

[2009/07/13 22:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll

[2009/07/13 18:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config

[2009/07/13 22:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll

[2012/02/10 20:29:43 | 003,998,208 | ---- | M] () MD5=C264145F107437CBD3B30303733AEE4F -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2009/06/10 17:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config

[2012/02/10 20:29:45 | 002,256,152 | ---- | M] () MD5=C8541AECCCA9260DE93C85F214110FA8 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll

[2010/11/04 22:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2010/11/04 22:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2010/11/04 22:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2010/11/04 22:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2012/02/10 20:29:44 | 000,358,912 | ---- | M] () MD5=02DD476B37E663BBBB81C47F4AF45C78 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2009/06/10 17:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2011/12/25 17:40:47 | 005,263,360 | ---- | M] () MD5=5566D4BABE2900CDB906F470F098188B -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

 

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

 

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

[2012/08/20 15:01:31 | 000,009,186 | ---- | M] () -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]

 

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

"DownloadRetries" = 0

"DownloadUpdates" = 1

"Version" = 3

"UpgradeTime" = 19 69 B3 21 99 19 CC 01 [binary data]

"KnownProvidersUpgradeTime" = 62 BE BD 20 99 19 CC 01 [binary data]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C40590E-0C07-4D68-A111-50555F5DD19A}]

 

< regedit /e c:\registrybackup.reg /c >

 

< type c:\boot.ini >> test.txt /c >

 

< %systemroot%\system32\tasks\*.* /s /64 >

[2012/08/20 12:42:44 | 000,003,840 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater

[2012/07/15 17:48:32 | 000,003,812 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore

[2012/07/15 17:48:33 | 000,004,064 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA

[2012/07/14 10:29:33 | 000,003,658 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000Core

[2012/07/14 10:29:33 | 000,004,054 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000UA

[2011/08/14 15:04:07 | 000,003,040 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_IPoint_exe

[2011/08/14 14:31:35 | 000,003,050 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_IType_exe

[2011/05/23 19:33:18 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft_Hardware_Launch_rundll32_exe

[2011/09/24 18:15:11 | 000,003,232 | ---- | M] () -- C:\Windows\SysNative\tasks\MotoHelper Initial Update

[2011/09/24 18:15:09 | 000,003,412 | ---- | M] () -- C:\Windows\SysNative\tasks\MotoHelper MUM

[2011/09/24 18:15:08 | 000,003,406 | ---- | M] () -- C:\Windows\SysNative\tasks\MotoHelper Routing

[2011/09/24 18:15:10 | 000,003,424 | ---- | M] () -- C:\Windows\SysNative\tasks\MotoHelper Update

[2011/10/27 13:09:24 | 000,003,212 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-1155938839-3185402113-654261445-1000

[2011/10/27 13:09:21 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-1155938839-3185402113-654261445-1000

[2012/05/19 19:02:16 | 000,003,604 | ---- | M] () -- C:\Windows\SysNative\tasks\RNUpgradeHelperResumePrompt_Marcus

[2012/01/31 17:14:30 | 000,003,230 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute

[2012/08/20 13:56:20 | 000,002,840 | ---- | M] () -- C:\Windows\SysNative\tasks\SlimDrivers Startup

[2010/03/16 06:00:43 | 000,002,970 | ---- | M] () -- C:\Windows\SysNative\tasks\{2A9239BC-D671-4603-AC92-9419606AEEC2}

[2010/03/16 06:02:28 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\tasks\{8984F7BA-413E-4909-98BD-EDF4D71265D2}

[2012/07/24 15:23:14 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\tasks\{B5C8897E-8953-4555-BCF3-5683FC154A11}

[2011/08/06 19:22:06 | 000,003,374 | ---- | M] () -- C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate

[2012/08/20 14:03:16 | 000,003,856 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows Defender\MP Scheduled Scan

[2012/06/25 19:31:36 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

[2009/07/14 01:53:29 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)

[2009/07/14 01:53:29 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)

[2009/07/14 01:54:39 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\PolicyConverter

[2009/07/14 01:54:39 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck

[2009/07/14 01:54:05 | 000,003,458 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\AitAgent

[2009/07/14 01:54:05 | 000,003,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater

[2009/07/14 01:49:22 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Autochk\Proxy

[2009/07/14 01:57:09 | 000,001,862 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask

[2009/07/14 01:53:22 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\SystemTask

[2009/07/14 01:53:22 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask

[2009/07/14 02:09:01 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam

[2009/07/14 01:57:09 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator

[2009/07/14 01:53:33 | 000,003,946 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask

[2009/07/14 01:54:08 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip

[2009/07/14 01:57:12 | 000,003,886 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Defrag\ScheduledDefrag

[2009/07/14 01:57:07 | 000,004,018 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Diagnosis\Scheduled

[2010/05/02 05:29:59 | 000,003,760 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector

[2010/03/11 17:21:01 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver

[2009/07/14 01:57:13 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Location\Notifications

[2010/03/14 09:32:29 | 000,004,036 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Maintenance\WinSAT

[2010/03/11 17:21:08 | 000,002,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch

[2010/03/11 17:21:07 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService

[2011/05/25 20:33:24 | 000,003,690 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks

[2010/03/11 17:21:06 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ehDRMInit

[2010/03/11 17:21:07 | 000,002,546 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\InstallPlayReady

[2010/03/11 17:21:10 | 000,002,790 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\mcupdate

[2010/03/11 17:21:11 | 000,002,954 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask

[2010/03/11 17:21:10 | 000,002,958 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask

[2010/03/11 17:21:06 | 000,002,380 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURActivate

[2010/03/11 17:21:05 | 000,002,400 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\OCURDiscovery

[2010/03/11 17:21:05 | 000,002,384 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscovery

[2010/03/11 17:21:04 | 000,003,226 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1

[2010/03/11 17:21:04 | 000,003,228 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2

[2010/03/11 17:21:12 | 000,003,822 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PeriodicScanRetry

[2010/03/11 17:21:10 | 000,002,926 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrRecoveryTask

[2010/03/11 17:21:11 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\PvrScheduleTask

[2010/03/11 17:21:09 | 000,003,078 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RecordingRestart

[2010/03/11 17:21:07 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\RegisterSearch

[2010/03/11 17:21:08 | 000,002,432 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\ReindexSearchRoot

[2010/03/11 17:21:11 | 000,002,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask

[2011/05/25 20:33:20 | 000,003,418 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\StartRecording

[2010/03/11 17:21:07 | 000,002,736 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Media Center\UpdateRecordPath

[2009/07/14 01:53:33 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector

[2009/07/14 01:53:33 | 000,003,510 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector

[2010/03/11 17:21:03 | 000,003,576 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MobilePC\HotStart

[2009/07/14 01:54:22 | 000,003,168 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\MUI\LPRemove

[2009/07/14 01:57:07 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Multimedia\SystemSoundsService

[2009/07/14 01:54:39 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo

[2009/07/14 01:55:03 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor

[2009/07/14 01:53:47 | 000,003,752 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

[2009/07/14 01:57:07 | 000,004,370 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RAC\RacTask

[2009/07/14 01:49:35 | 000,003,052 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Ras\MobilityManager

[2009/07/14 01:54:36 | 000,003,956 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Registry\RegIdleBackup

[2009/07/14 01:57:09 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask

[2009/07/14 01:57:07 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControls

[2009/07/14 02:09:03 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration

[2010/03/11 17:21:01 | 000,003,784 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\AutoWake

[2010/03/11 17:21:02 | 000,003,612 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\GadgetManager

[2010/03/11 17:24:42 | 000,003,698 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SessionAgent

[2010/03/11 17:24:57 | 000,003,792 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SideShow\SystemDataProviders

[2009/07/14 01:49:17 | 000,003,942 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

[2009/07/14 02:01:13 | 000,003,506 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\SystemRestore\SR

[2009/07/14 01:53:50 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Task Manager\Interactive

[2009/07/14 01:53:21 | 000,003,950 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict1

[2009/07/14 01:53:21 | 000,004,066 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Tcpip\IpAddressConflict2

[2009/07/14 01:53:46 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor

[2009/07/14 01:49:48 | 000,003,388 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime

[2009/07/14 01:49:26 | 000,001,730 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\UPnP\UPnPHostConfig

[2009/07/14 01:53:37 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\User Profile Service\HiveUploadTask

[2009/07/14 01:49:24 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WDI\ResolutionHost

[2012/05/24 22:47:02 | 000,004,234 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask

[2012/05/24 22:47:02 | 000,004,232 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline

[2009/07/14 01:49:16 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting

[2009/07/14 01:49:42 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange

[2009/07/14 01:57:13 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary

[2010/03/11 17:29:52 | 000,004,340 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsBackup\ConfigNotification

[2010/05/18 20:31:47 | 000,003,530 | ---- | M] () -- C:\Windows\SysNative\tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader

[2011/08/21 13:36:25 | 000,004,480 | ---- | M] () -- C:\Windows\SysNative\tasks\WPD\SqmUpload_S-1-5-21-1155938839-3185402113-654261445-1000

 

< %systemroot%\system32\Tasks\*.* /s >

 

< %windir%\tasks\*.* /s >

[2012/08/20 20:42:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/20 17:53:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/20 20:53:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/10 10:34:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000Core.job

[2012/08/20 20:34:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000UA.job

[2012/08/20 13:55:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2012/07/30 12:03:14 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

[2012/08/20 13:56:20 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

 

========== Files - Unicode (All) ==========

[2011/10/02 00:31:05 | 000,000,000 | ---D | M](C:\A\Documents\?? ???) -- C:\A\Documents\넥슨 플러그

[2011/10/02 00:31:05 | 000,000,000 | ---D | C](C:\A\Documents\?? ???) -- C:\A\Documents\넥슨 플러그

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! .matiello

 

|- Ps: você utiliza o Bonjour,para configurar alguma rede?

 

|- C:\Arquivos de Programas\Bonjour <<

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

IE - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1155938839-3185402113-654261445-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O13:64bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[2012/08/20 20:53:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/20 20:42:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/20 20:34:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000UA.job

[2012/08/20 17:53:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/20 13:56:20 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

 

:Commands

[CREATERESTOREPOINT]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não que eu saiba, pode ser que tenha sido utilizado pelo meu irmão, já que o pc era dele e quando fiquei com ele acabei não formatando.

 

 

All processes killed

========== OTL ==========

HKEY_USERS\S-1-5-21-1155938839-3185402113-654261445-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1155938839-3185402113-654261445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar para o Microsoft Excel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar para o Microsoft Excel\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.

File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.

File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Windows\msdownld.tmp folder deleted successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1155938839-3185402113-654261445-1000UA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\Windows\Tasks\SlimDrivers Startup.job moved successfully.

ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Marcus

->Temp folder emptied: 2486179 bytes

->Temporary Internet Files folder emptied: 25069736 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 391509252 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 859 bytes

 

User: Public

 

User: Todos os Usuários

 

User: Usuário Padrão

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 5 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1107908 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68073 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 1255763 bytes

 

Total Files Cleaned = 402,00 mb

 

 

OTL by OldTimer - Version 3.2.58.1 log created on 08212012_120044

 

Files\Folders moved on Reboot...

C:\Users\Marcus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! .matiello

 

snapback.png .matiello, em 21 agosto 2012 - 13:08 , disse:

Não que eu saiba, pode ser que tenha sido utilizado pelo meu irmão, já que o pc era dele e quando fiquei com ele acabei não formatando.

|- Nesse caso,não removeremos o Bonjour.

 

-/-

 

|- Caso esteja tudo Ok,apague seus Pontos de restauração.

 

:COMMANDS

[CLEARALLRESTOREPOINTS]

[reboot]

|- Rode este script.

|- Cole as informações que estão no Código,para o campo "Exames Personalizados Correções".

|- Clique em Consertar.

|- Ps: Haverá reboot! <- Aguarde!

|- Abra,novamente,a ferramenta OTL -> Clique em Limpeza. <- Confirme!

|- O computador irá reiniciar!

|- Seus logs estão limpos!

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok, removo os itens que instalei? adwcleaner, zhpfix, mbrcheck

Olá!

 

|- Sim!

 

ZHPDiag_4cones.jpg

 

|- Para desinstalar ZHPDiag,clique: ZHP_uninstall

|- Para remover AdwCleaner,faça a mesma coisa!

 

AdwCleaner_Uninstall2.jpg

 

|- Abra a ferramenta AdwCleaner e clique em "Uninstall".

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.