[Resolvido] &nbspHistórico desaparecendo o tempo todo

[rehcarlos 0]

Fala pessoal beleza?

 

Então, não sei se é um problema de vírus ou não, mas todo vez que saio do firefox meu histórico é deletado. Sim, já mudei nas configurações para lembrar o histórico, mas quando volto ao firefox a mudança é desfeita.

 

Deu esse erro quando cliquei em scan: http://s18.postimage.org/ha4le8jq1/erro_Hijack.jpg

 

Segue o log do Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:47:34, on 23/8/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\ATnotes\ATnotes.exe

C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\HijackThis\HiJackThis.exe

C:\WINDOWS\system32\svchost.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com.br/0SEPTBR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.mobseguroatualiza.com/kbr1308201202.win

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: ::1 localhost

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ATnotes.exe] C:\Arquivos de programas\ATnotes\ATnotes.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [TaskCounter] C:\Arquivos de programas\Nine Vectors\Task Counter\TaskCounter.exe

O4 - HKUS\S-1-5-21-448539723-1757981266-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')

O4 - HKUS\S-1-5-21-448539723-1757981266-1801674531-1004\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'postgres')

O4 - HKUS\S-1-5-21-448539723-1757981266-1801674531-1004\..\RunOnce: [NeroHomeFirstStart] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMFirstStart.exe (User 'postgres')

O4 - HKUS\S-1-5-21-448539723-1757981266-1801674531-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-448539723-1757981266-1801674531-1005\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Global Startup: VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?4072c717e10e44b48d03be992d4ab2b5

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?4072c717e10e44b48d03be992d4ab2b5

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{406B8789-CA90-4EAF-BEE9-1294A2DA258D}: NameServer = 200.175.5.139,200.175.189.139

O17 - HKLM\System\CS1\Services\Tcpip\..\{406B8789-CA90-4EAF-BEE9-1294A2DA258D}: NameServer = 8.8.8.8,200.175.5.139,200.175.189.139

O17 - HKLM\System\CS2\Services\Tcpip\..\{406B8789-CA90-4EAF-BEE9-1294A2DA258D}: NameServer = 200.175.5.139,200.175.189.139

O17 - HKLM\System\CS3\Services\Tcpip\..\{406B8789-CA90-4EAF-BEE9-1294A2DA258D}: NameServer = 200.175.5.139,200.175.189.139

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Arquivos de programas/PostgreSQL/8.4/bin/pg_ctl.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

 

--

End of file - 10768 bytes

[DigRam 144]

Boa Noite! rehcarlos

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

|- Baixe: < > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abs!

[wings 22]

Tópico Reaberto

 

 

Conforme pedido do autor.

[rehcarlos 0]

Log do AdwCleaner:

 

# AdwCleaner v2.000 - Logfile created 09/04/2012 at 23:04:28

# Updated 30/08/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrador - USER-3820A0E53B

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Arquivos de programas\Conduit

Folder Deleted : C:\Arquivos de programas\IMinent toolbar

Folder Deleted : C:\Arquivos de programas\uTorrentBar_PT

Folder Deleted : C:\Documents and Settings\All Users\Menu Iniciar\Programas\DealPly

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DealPly

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\TBSB01620

Key Deleted : HKCU\Software\uTorrentBar_PT

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851643

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0A2E6A4-24C8-4931-B59B-EA02A97EA99D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B932C0A1-A570-469A-A6BA-DA2B283E6572}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_PT Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{075FB993-E0E5-42BC-9558-BE07965E184A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_PT Toolbar

Key Deleted : HKLM\Software\uTorrentBar_PT

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v6.0.2900.5512

 

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-21-448539723-1757981266-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-21-448539723-1757981266-1801674531-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

 

*************************

 

AdwCleaner[s1].txt - [10702 octets] - [04/09/2012 23:04:28]

 

########## EOF - C:\AdwCleaner[s1].txt - [10763 octets] ##########

 

Link do ZHPDiag

 

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120905_t7n10k5h11e8

[DigRam 144]

Bom Dia! rehcarlos

 

#######

System drive C: has 7 GB (2%) free of 298 GB

#######

|- Você tem pouco espaço disponível no drive "C". Desinstale o que não for essencial.

 

-/-

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

 

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

[MD5.C7052E176D939D1C6D6585F62C02A8A2] - (.Microsoft Corporation - Windows Explorer.) (.30/12/1899 - 16:21:00.) -- ??/??/?? [0]

[MD5.8F718DDFA603F9CB73B2D164A239D1B9] - (...) -- ystem32\RunDLL32.exe [0] [PID.]

O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\Notepad .lnk . (.Don HO don.h@free.fr.) -- C:\Arquivos de programas\Notepad \notepad .exe => Infection Vundo (Possible)

O4 - Global Startup: C:\Documents And Settings\Administrador\Desktop\Notepad .lnk . (.Don HO don.h@free.fr.) -- C:\Arquivos de programas\Notepad \notepad .exe => Infection Vundo (Possible)

O4 - HKCU\..\Run: [PlayNC Launcher] Orphean Key

O4 - HKCU\..\Run: [TaskCounter] C:\Arquivos de programas\Nine Vectors\Task Counter\TaskCounter.exe (.not file.)

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - (.not file.) - C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - (.not file.) - C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll

O8 - Extra context menu item: Add to Windows Live Favorites - (.not file.) - http:\\favorites.live.com\quickadd.aspx

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -- C:\Arquivos de programas\PokerStars\main.ico (.not file.) => PokerStars Online Game

O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)

O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)

O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars => PartyGaming PokerStars

O42 - Logiciel: Spybot - Search Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 => Safer Networking Limited Spybot - S&D

O43 - CFD: 16/4/2011 - 22:55:30 - [79,196] ----D C:\Arquivos de programas\PokerStars => PartyGaming PokerStars

O43 - CFD: 9/9/2009 - 17:06:21 - [46,746] ----D C:\Arquivos de programas\Spybot - Search Destroy

O43 - CFD: 6/5/2012 - 13:52:13 - [0,063] ----D C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit

O47 - AAKE:Key Export SP - "C:\crossfire2\crossfire_downloader.exe" [Enabled] .(...) -- C:\crossfire2\crossfire_downloader.exe (.not file.)

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\RelevantKnowledge]

[HKLM\Software\Cheat Engine\OpenCandy]

 

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit => Toolbar.Conduit

 

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

[rehcarlos 0]

Fala DigRam beleza?

 

Estou liberando espaço no HD, mas ainda tenho que tirar muitas coisas...

 

relatorio:

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Administrador at 5/9/2012 12:52:04

Windows XP Professional Service Pack 3 (Build 2600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Uninstall Process: c:\arquivos de programas\pokerstars\pokerstarsuninstall.exe

DELETED Spybot - Search Destroy

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars]

DELETED Key*: Menu Contextuel: Abrir em uma nova guia do plano de fundo

DELETED Key*: Menu Contextuel: Abrir em uma nova guia do primeiro plano

NOT FOUND Key: Menu Contextuel: Add to Windows Live Favorites

DELETED Key*: CLSID Extra Buttons: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}

DELETED Driver Key: InCDPass

DELETED Driver Key: InCDRm

DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Iminent

DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\RelevantKnowledge

DELETED Key*: HKLM\Software\Cheat Engine\OpenCandy

 

========== Registry Value ==========

DELETED RunValue: PlayNC Launcher

DELETED RunValue: TaskCounter

DELETED AAKE KeyValue: C:\crossfire2\crossfire_downloader.exe

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

DELETED FirewallRaz (SP) : %windir%\system32\sessmgr.exe

DELETED FirewallRaz (SP) : C:\Arquivos de programas\World of Warcraft\Launcher.patch.exe

DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe

No Value in Firewall Exception Register Key (FirewallRaz)

 

========== Repertory ==========

DELETED Folder: C:\Arquivos de programas\PokerStars

NOT FOUND C:\Arquivos de programas\Spybot - Search Destroy

DELETED Folder: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\documents and settings\administrador\desktop\notepad .lnk

NOT FOUND File: c:\arquivos de programas\notepad \notepad .exe

NOT FOUND File: c:\arquivos de programas\nine vectors\task counter\taskcounter.exe

NOT FOUND File: c:\arquivos de programas\windows live toolbar\components\pt-br\msntabres.dll

NOT FOUND File: p:\\favorites.live.com

NOT FOUND File: c:\arquivos de programas\pokerstars\main.ico (.not file.)

NOT FOUND File: c:\crossfire2\crossfire_downloader.exe

NOT FOUND Folder/File: c:\documents and settings\administrador\configurações locais\dados de aplicativos\conduit

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

========== Other ==========

NOT SUPPORTED ??/??/??

NOT SUPPORTED ystem32\RunDLL32.exe

 

 

========== Summary ==========

10 : Registry Key

13 : Registry Value

5 : Repertory

10 : File

2 : Software

1 : Restoration

2 : Other

 

 

End of clean in 00mn 49s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 5/9/2012 12:52:04 [3190]

[DigRam 144]

Boa Tarde! rehcarlos

 

|- Baixe: < > ( ... by OldTimer Tools )

 

|- Clique em Salvar!

 

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

 

>>

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

 

|- Ps: Faça o mesmo para estes!

|- Assinale,também,a inclusão da verificação para 64bits.

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s

*keygen* /s

*serial* /s

*AutoKMS* /s

*loader* /s

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

regedit /e c:\registrybackup.reg /c

type c:\boot.ini >> test.txt /c

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar:

 

|- Concluindo,poste o relatório: OTL.txt

 

|- Para grandes relatórios,acesse: < >

 

|- Maiores informações: < |Link| >

 

Abraços!

[rehcarlos 0]

DigRam, não achei a opção "Assinale,também,a inclusão da verificação para 64bits."

 

Poderia indicar onde fica por favor?

 

Abraços!!!

[DigRam 144]

DigRam, não achei a opção "Assinale,também,a inclusão da verificação para 64bits."

 

Poderia indicar onde fica por favor?

 

Abraços!!!

Olá!

 

|- Se não encontrou,pode ignorar essa parte e seguir adiante,com os outros ajustes.

 

Abs!

[rehcarlos 0]

OTL logfile created on: 5/9/2012 17:19:27 - Run 2

OTL by OldTimer - Version 3.2.61.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,26% Memory free

3,85 Gb Paging File | 3,27 Gb Available in Paging File | 85,16% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 298,08 Gb Total Space | 25,94 Gb Free Space | 8,70% Space Free | Partition Type: NTFS

 

Computer Name: USER-3820A0E53B | User Name: Administrador | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/09/05 16:29:38 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

PRC - [2012/08/24 22:59:03 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2012/05/15 07:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe

PRC - [2009/09/08 04:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Arquivos de programas\PostgreSQL\8.4\bin\pg_ctl.exe

PRC - [2009/09/08 04:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Arquivos de programas\PostgreSQL\8.4\bin\postgres.exe

PRC - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2008/04/13 16:21:00 | 001,554,432 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/07/31 08:33:50 | 000,036,864 | ---- | M] (VisualTaskTips.com) -- C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe

PRC - [2005/10/28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

PRC - [2005/01/05 15:45:36 | 001,015,808 | ---- | M] (Thomas Ascher) -- C:\Arquivos de programas\ATnotes\ATnotes.exe

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/09/01 10:53:17 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

MOD - [2012/08/24 22:59:17 | 002,242,528 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\mozjs.dll

MOD - [2008/04/13 16:20:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2006/07/31 08:33:45 | 000,007,680 | ---- | M] () -- C:\Arquivos de programas\VisualTaskTips\VttHooks.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/09/01 10:53:20 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/08/24 22:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/05/27 14:01:50 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/05/15 07:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/04/13 10:28:24 | 001,529,152 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Arquivos de programas\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/12/31 08:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)

SRV - [2010/12/31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)

SRV - [2010/03/21 16:41:00 | 003,532,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)

SRV - [2009/09/08 04:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Arquivos de programas\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)

SRV - [2009/08/28 18:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva399.sys -- (XDva399)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva398.sys -- (XDva398)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva397.sys -- (XDva397)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva386.sys -- (XDva386)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys -- (catchme)

DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2011/11/25 01:02:55 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\78975193.sys -- (78975193)

DRV - [2011/07/14 20:55:24 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Arquivos de programas\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0)

DRV - [2010/06/14 21:33:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2009/04/06 12:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)

DRV - [2008/12/10 15:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer)

DRV - [2008/04/17 11:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2008/01/03 23:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/10/24 10:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)

DRV - [2007/02/13 15:35:26 | 000,025,896 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scramby.sys -- (scramby)

DRV - [2006/02/26 12:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.bleepingcomputer.com/forums/"

FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3

FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..network.proxy.autoconfig_url: "http://www.mobseguroatualiza.com/kbr1308201202.win"

FF - prefs.js..network.proxy.socks_port: 80

FF - prefs.js..network.proxy.type: 2

 

FF - user.js..network.proxy.autoconfig_url: "http://www.mobseguroatualiza.com/kbr1308201202.win"

FF - user.js..network.proxy.socks_port: 80

FF - user.js..network.proxy.type: 2

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\Documents and Settings\All Users\Dados de aplicativos\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Arquivos de programas\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Arquivos de programas\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/08/28 22:22:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2012/05/06 18:11:53 | 000,000,000 | ---D | M]

 

[2009/09/09 14:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions

[2012/08/31 21:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions

[2012/03/30 13:38:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/02/11 13:16:04 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

[2012/02/11 13:32:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2012/08/31 21:56:35 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\firebug@software.joehewitt.com.xpi

[2011/08/25 15:44:37 | 000,011,510 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\youtube2mp3@mondayx.de.xpi

[2012/02/16 14:47:41 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

[2012/05/18 19:10:54 | 000,080,872 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi

[2012/09/04 18:51:31 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\searchplugins\interfilmes.xml

[2010/03/29 22:41:45 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\searchplugins\MyStart Search.xml

[2012/08/28 22:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2012/08/24 23:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2010/01/13 19:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npwachk.dll

[2012/08/25 00:56:03 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2012/08/25 00:56:02 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2012/08/25 00:56:02 | 000,002,253 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

[2012/08/25 00:56:02 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2012/08/25 00:56:02 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

========== Chrome ==========

 

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Iminent (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Picasa (Enabled) = C:\Arquivos de programas\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: QUAKE LIVE (Enabled) = C:\Documents and Settings\All Users\Dados de aplicativos\id Software\QuakeLive\npquakezero.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: uTorrentBar_PT = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda\2.3.7.1_0\

CHR - Extension: Gmail = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/08/25 02:12:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [MSC] c:\Arquivos de programas\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKCU..\Run: [ATnotes.exe] C:\Arquivos de programas\ATnotes\ATnotes.exe (Thomas Ascher)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\VisualTaskTips.lnk = C:\Arquivos de programas\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406B8789-CA90-4EAF-BEE9-1294A2DA258D}: NameServer = 200.175.5.139,200.175.189.139

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/08 20:50:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/09/04 23:08:58 | 000,000,000 | ---D | C] -- C:\ZHP

[2012/09/04 23:08:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ZHPDiag

[2012/09/02 21:27:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent

[2012/09/02 19:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Men In Black III 2012 TS XViD UNiQUE

[2012/08/30 21:57:11 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2012/08/26 15:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\World of Warcraft

[2012/08/26 15:22:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\World of Warcraft

[2012/08/26 14:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Free Metronome

[2012/08/26 14:04:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free Metronome

[2012/08/25 21:06:57 | 000,000,000 | ---D | C] -- C:\CFLog

[2012/08/25 19:51:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/08/25 00:14:35 | 004,739,802 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2012/08/24 12:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Diablo III

[2012/08/24 12:05:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Diablo III

[2012/08/24 00:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.rpgonline.rpg2ic

[2012/08/24 00:06:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\RPG Online

[2012/08/24 00:06:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\rpg2ic

[2012/08/22 21:09:41 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Nine Vectors

[2012/08/22 21:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1

[2012/08/22 21:07:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\focus booster

[2012/08/22 21:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Adobe

[2012/08/15 13:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Gmer

[2012/08/15 13:24:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\dds.scr

[2012/08/14 09:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight

[2012/08/14 09:26:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Silverlight

[2012/08/14 09:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

[2012/08/13 20:51:23 | 000,043,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\teugbsnr.sys

[2012/08/13 03:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Realteks

[2012/08/12 20:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\StarCraft II

[2012/08/12 20:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\StarCraft II

[2012/08/12 19:47:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\StarCraft II

[2012/08/12 19:47:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\StarCraft II

[2012/08/10 21:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Cliente Faster Tunnel

[2012/08/10 21:49:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Cliente Faster Tunnel

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/09/05 17:22:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/09/05 17:06:13 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/09/05 16:29:38 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2012/09/05 10:33:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/09/05 10:23:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job

[2012/09/05 10:23:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2012/09/05 10:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/09/05 10:23:47 | 2146,619,392 | -HS- | M] () -- C:\hiberfil.sys

[2012/09/04 23:11:57 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2012/09/04 23:11:22 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/09/04 23:08:57 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag.lnk

[2012/09/04 23:08:57 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\MBRCheck.lnk

[2012/09/04 23:08:57 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\ZHPFix.lnk

[2012/09/04 23:07:52 | 000,794,216 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag_silent.exe

[2012/09/04 23:05:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/09/04 22:44:37 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

[2012/09/04 19:44:31 | 000,100,393 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Trab2_CB_2012_1.pdf

[2012/09/03 21:01:37 | 000,124,956 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Sessao06_vetor.pdf

[2012/09/02 02:24:36 | 000,137,264 | ---- | M] () -- C:\uniao.exe

[2012/09/02 02:24:34 | 000,000,484 | ---- | M] () -- C:\uniao.c

[2012/09/02 02:23:22 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\compactacao.c

[2012/09/01 20:18:58 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/08/31 20:28:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/08/28 22:23:04 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/08/28 20:48:08 | 000,255,742 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Exercicios_Vetores.pdf

[2012/08/27 12:20:29 | 001,629,052 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\gotes.jpg

[2012/08/26 22:26:44 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2012/08/26 14:05:57 | 000,000,150 | ---- | M] () -- C:\WINDOWS\MetroTimer.ini

[2012/08/25 02:12:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/08/25 01:56:37 | 004,739,802 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe

[2012/08/24 12:06:02 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diablo III.lnk

[2012/08/16 11:35:22 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/08/15 13:24:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrador\Desktop\dds.scr

[2012/08/13 21:03:38 | 000,547,860 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2012/08/13 21:03:38 | 000,511,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/08/13 21:03:38 | 000,103,406 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2012/08/13 21:03:38 | 000,091,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/08/13 20:51:23 | 000,043,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\teugbsnr.sys

[2012/08/13 12:48:33 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/12 20:39:15 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/09/04 23:11:57 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2012/09/04 23:08:57 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag.lnk

[2012/09/04 23:08:57 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MBRCheck.lnk

[2012/09/04 23:08:57 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ZHPFix.lnk

[2012/09/04 23:08:56 | 000,344,187 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ZHP_uninstall.exe

[2012/09/04 23:07:54 | 000,794,216 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag_silent.exe

[2012/09/04 22:44:39 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe

[2012/09/04 19:44:37 | 000,100,393 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Trab2_CB_2012_1.pdf

[2012/09/03 21:01:37 | 000,124,956 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Sessao06_vetor.pdf

[2012/09/02 18:04:20 | 2146,619,392 | -HS- | C] () -- C:\hiberfil.sys

[2012/09/02 02:11:25 | 000,000,461 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\compactacao.c

[2012/09/01 21:18:16 | 000,137,264 | ---- | C] () -- C:\uniao.exe

[2012/09/01 21:13:48 | 000,000,484 | ---- | C] () -- C:\uniao.c

[2012/08/28 20:59:04 | 000,255,742 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Exercicios_Vetores.pdf

[2012/08/27 12:20:28 | 001,629,052 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\gotes.jpg

[2012/08/26 15:22:07 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2012/08/26 14:05:57 | 000,000,150 | ---- | C] () -- C:\WINDOWS\MetroTimer.ini

[2012/08/24 12:05:26 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Diablo III.lnk

[2012/08/22 21:07:04 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\focus booster.lnk

[2012/08/12 19:47:07 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk

[2012/08/02 02:09:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\PUTTY.RND

[2012/08/01 21:58:45 | 000,008,848 | ---- | C] () -- C:\WINDOWS\System32\DirectIP.ini

[2012/08/01 21:58:45 | 000,004,840 | ---- | C] () -- C:\WINDOWS\System32\DirectIPOff.ini

[2012/07/16 04:58:04 | 000,010,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmonitor45.sys

[2012/05/29 13:47:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2012/05/27 17:00:23 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

[2012/05/27 16:59:59 | 003,130,440 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_blr.exe

[2012/03/23 23:33:36 | 000,000,020 | ---- | C] () -- C:\WINDOWS\wp.ini

[2012/03/23 23:33:35 | 000,002,992 | ---- | C] () -- C:\WINDOWS\wp2.ini

[2012/02/15 08:25:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/09 13:55:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/02/09 13:55:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/02/09 13:55:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/02/09 13:55:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/02/09 13:55:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/26 22:45:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2011/12/24 14:49:08 | 000,058,208 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/11/23 18:55:12 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\~vZD90hcsTotaqcr

[2011/11/23 18:55:11 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\~vZD90hcsTotaqc

[2011/11/23 18:42:24 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\vZD90hcsTotaqc

[2011/10/05 19:19:56 | 000,482,152 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-448539723-1757981266-1801674531-500-0.dat

[2011/10/05 19:19:56 | 000,288,342 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat

[2011/09/12 18:43:43 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2011/09/12 18:43:43 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2011/09/12 18:43:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2011/09/12 18:43:19 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2010/11/22 10:56:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2010/10/11 08:56:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/10/11 08:56:02 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/10/11 08:56:01 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/10/11 08:56:01 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/10/11 08:56:01 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/09/09 14:46:37 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/13 16:20:08 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\@

[2008/04/13 16:20:08 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\@

 

========== LOP Check ==========

 

[2010/03/31 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AnvSoft

[2012/04/03 16:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Auslogics

[2012/06/28 21:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

[2012/08/12 02:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Call Graph

[2010/03/31 14:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CocoonSoftware

[2011/12/24 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/08/22 21:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1

[2012/08/24 00:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.rpgonline.rpg2ic

[2010/01/21 23:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

[2012/06/28 21:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Dev-Cpp

[2012/01/03 22:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DriverCure

[2012/05/01 15:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\driveridentifier

[2011/12/14 17:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Dropbox

[2010/01/19 15:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\EssentialPIM

[2012/03/02 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Foxit Software

[2012/02/11 13:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo

[2010/12/31 09:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\HEM Data

[2009/09/09 14:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\id Software

[2011/11/25 05:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mekek

[2009/12/13 11:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\NetMedia Providers

[2010/03/07 10:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Notepad++

[2011/12/29 09:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Oracle

[2012/01/03 22:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ParetoLogic

[2009/12/13 11:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers

[2011/07/04 12:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\runic games

[2009/11/05 21:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Screaming Bee

[2011/07/12 22:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony

[2009/11/05 20:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Steinberg

[2009/09/09 15:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Styler

[2012/04/04 21:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SumatraPDF

[2012/01/03 21:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall

[2012/07/03 00:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TS3Client

[2012/05/01 14:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TuneUp Software

[2012/06/26 15:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Unity

[2012/09/02 21:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

[2012/07/31 21:26:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\wyUpdate AU

[2012/05/20 01:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Battle.net

[2012/05/01 13:55:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files

[2009/12/05 14:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2011/07/14 22:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EA Core

[2011/11/26 09:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts

[2012/05/10 21:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\F4D55F3B212C27CD6A43996DD151FC4E

[2009/09/09 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\id Software

[2010/03/29 22:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IM

[2010/03/29 22:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IncrediMail

[2012/07/14 03:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

[2010/07/19 21:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2012/01/03 23:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ParetoLogic

[2012/07/30 21:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

[2009/11/05 21:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Screaming Bee

[2009/12/13 11:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

[2009/11/05 20:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Syncrosoft

[2012/05/01 13:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

[2012/05/01 13:55:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2010/01/11 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2012/06/16 16:03:30 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\classCron.job

[2012/09/05 10:23:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job

[2012/09/05 10:23:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2012/06/15 18:39:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\WavePadReminder.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< *crack* /s >

[2006/11/02 12:41:24 | 000,041,019 | ---- | M] () -- \Arquivos de programas\EasyPHP 2.0b1\php5\ext\php_crack.dll

[2010/08/20 03:15:54 | 000,033,441 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksAimed.ani

[2010/09/08 00:47:54 | 000,041,273 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksBow.ani

[2010/08/20 03:15:54 | 000,030,057 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksControlIncrease01.ani

[2010/08/20 03:15:54 | 000,034,153 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksFlamea.ani

[2010/08/20 03:15:54 | 000,030,057 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksHwakEye01.ani

[2010/08/20 03:15:54 | 000,034,153 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksIceArr.ani

[2010/08/20 03:15:54 | 000,036,289 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksPierci.ani

[2010/08/20 03:15:54 | 000,034,153 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksPoison.ani

[2010/08/20 03:15:54 | 000,030,057 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksPowerIncrease01.ani

[2010/08/20 03:15:54 | 000,034,153 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksRain.ani

[2010/08/20 03:15:54 | 000,035,237 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksRangeStrike01.ani

[2010/08/20 03:15:54 | 000,031,305 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksSilent.ani

[2010/08/20 03:15:54 | 000,036,289 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksSltaro.ani

[2010/08/20 03:15:54 | 000,030,797 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Female_SklCracksTriple.ani

[2010/08/20 03:15:54 | 000,031,305 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksAimed.ani

[2010/09/08 00:47:54 | 000,039,909 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksBow.ani

[2010/08/20 03:15:54 | 000,030,057 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksControlIncrease01.ani

[2010/08/20 03:15:54 | 000,033,069 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksFlamea.ani

[2010/08/20 03:15:54 | 000,030,057 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksHwakEye01.ani

[2010/08/20 03:15:54 | 000,033,069 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksIceArr.ani

[2010/08/20 03:15:54 | 000,036,289 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksPierci.ani

[2010/08/20 03:15:54 | 000,033,069 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksPoison.ani

[2010/08/20 03:15:54 | 000,030,057 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksPowerIncrease01.ani

[2010/08/20 03:15:54 | 000,030,333 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksRain.ani

[2010/08/20 03:15:54 | 000,035,237 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksRangeStrike01.ani

[2010/08/20 03:15:54 | 000,030,333 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksSilent.ani

[2010/08/20 03:15:54 | 000,036,289 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksSltaro.ani

[2010/08/20 03:15:54 | 000,030,797 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Mvr_Male_SklCracksTriple.ani

[2011/02/20 22:07:00 | 000,013,128 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_fCracksSet01Cap.o3d

[2011/02/20 22:07:10 | 000,040,476 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_fCracksSet01Foot.o3d

[2011/02/20 22:07:02 | 000,036,712 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_fCracksSet01Hand.o3d

[2011/02/20 22:07:14 | 000,127,976 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_fCracksSet01Upper.o3d

[2011/02/20 22:07:04 | 000,016,166 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_mCracksSet01Cap.o3d

[2011/02/20 22:07:12 | 000,043,112 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_mCracksSet01Foot.o3d

[2011/02/20 22:07:04 | 000,026,760 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_mCracksSet01Hand.o3d

[2011/02/20 22:07:02 | 000,128,762 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Part_mCracksSet01Upper.o3d

[2009/06/04 23:03:12 | 000,174,890 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Crack.dds

[2009/06/25 05:05:01 | 000,174,890 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\obj_Ominous_Crack.dds

[2011/02/20 22:04:30 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_fCracksSet01Cap.dds

[2011/02/20 22:04:30 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_fCracksSet01Foot.dds

[2011/02/20 22:04:36 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_fCracksSet01Hand.dds

[2011/02/20 22:04:36 | 000,174,904 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_fCracksSet01Upper.dds

[2011/02/20 22:04:38 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_mCracksSet01Cap.dds

[2011/02/20 22:04:34 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_mCracksSet01Foot.dds

[2011/02/20 22:04:38 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_mCracksSet01Hand.dds

[2011/02/20 22:04:32 | 000,174,904 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\Texture\Part_mCracksSet01Upper.dds

[2009/06/04 23:03:21 | 000,011,050 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Crack.dds

[2009/06/25 05:05:11 | 000,011,050 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\obj_Ominous_Crack.dds

[2011/02/20 22:05:52 | 000,002,872 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_fCracksSet01Cap.dds

[2011/02/20 22:05:52 | 000,002,872 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_fCracksSet01Foot.dds

[2011/02/20 22:05:54 | 000,002,872 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_fCracksSet01Hand.dds

[2011/02/20 22:05:54 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_fCracksSet01Upper.dds

[2011/02/20 22:05:54 | 000,002,872 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_mCracksSet01Cap.dds

[2011/02/20 22:05:52 | 000,002,872 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_mCracksSet01Foot.dds

[2011/02/20 22:05:54 | 000,002,872 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_mCracksSet01Hand.dds

[2011/02/20 22:05:52 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureLow\Part_mCracksSet01Upper.dds

[2009/06/04 23:03:30 | 000,043,818 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Crack.dds

[2009/06/25 05:05:19 | 000,043,818 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\obj_Ominous_Crack.dds

[2011/02/20 22:06:42 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_fCracksSet01Cap.dds

[2011/02/20 22:06:42 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_fCracksSet01Foot.dds

[2011/02/20 22:06:44 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_fCracksSet01Hand.dds

[2011/02/20 22:06:46 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_fCracksSet01Upper.dds

[2011/02/20 22:06:46 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_mCracksSet01Cap.dds

[2011/02/20 22:06:44 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_mCracksSet01Foot.dds

[2011/02/20 22:06:46 | 000,011,064 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_mCracksSet01Hand.dds

[2011/02/20 22:06:44 | 000,043,832 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Model\TextureMid\Part_mCracksSet01Upper.dds

[2005/01/18 03:37:18 | 000,182,738 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\PcSkillD-Burstcrack.wav

[2010/08/23 02:33:50 | 000,082,594 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_POWERINCREASE01.wav

[2010/08/23 06:36:56 | 000,123,648 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_RANGEINCREASE01.wav

[2010/08/23 06:36:56 | 000,102,968 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_RANGEINCREASE02.wav

[2010/08/23 06:36:56 | 000,109,002 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE01.wav

[2010/08/23 06:36:56 | 000,108,934 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE02.wav

[2010/08/23 06:36:56 | 000,111,748 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE03.wav

[2010/08/23 06:36:56 | 000,130,780 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE04.wav

[2010/11/17 05:08:44 | 000,121,544 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Theme\Default\SkillTreeCracks.tga

[2010/08/10 23:53:12 | 000,049,208 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Theme\Default\SlotCracks.bmp

[2011/03/14 21:54:28 | 000,121,544 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Theme\Portuguese\SkillTreeCracks.tga

[2011/03/14 21:54:08 | 000,049,208 | ---- | M] () -- \Arquivos de programas\Gpotato\BR_Flyff\Theme\Portuguese\SlotCracks.bmp

[2012/02/08 22:06:26 | 000,004,328 | ---- | M] () -- \Arquivos de programas\JDownloader\jd\plugins\hoster\CrackedCom.class

[2010/09/13 17:34:02 | 002,481,175 | ---- | M] () -- \Arquivos de programas\METRO 2033\up.adrianinha.www.theevolution.org.M2033-SKIDROW.CRACK.rar

[2011/10/05 18:54:09 | 000,182,738 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\PcSkillD-Burstcrack.wav

[2011/10/05 18:54:14 | 000,082,594 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_POWERINCREASE01.wav

[2011/10/05 18:54:14 | 000,123,648 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_RANGEINCREASE01.wav

[2011/10/05 18:54:14 | 000,102,968 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_RANGEINCREASE02.wav

[2011/10/05 18:54:14 | 000,109,002 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE01.wav

[2011/10/05 18:54:14 | 000,108,934 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE02.wav

[2011/10/05 18:54:14 | 000,111,748 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE03.wav

[2011/10/05 18:54:14 | 000,130,780 | ---- | M] () -- \Arquivos de programas\MonsterFlyff\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE04.wav

[2011/09/01 14:29:04 | 000,182,738 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\PcSkillD-Burstcrack.wav

[2011/09/01 14:29:26 | 000,082,594 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_POWERINCREASE01.wav

[2011/09/01 14:29:26 | 000,123,648 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_RANGEINCREASE01.wav

[2011/09/01 14:29:26 | 000,102,968 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_RANGEINCREASE02.wav

[2011/09/01 14:29:26 | 000,109,002 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE01.wav

[2011/09/01 14:29:26 | 000,108,934 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE02.wav

[2011/09/01 14:29:26 | 000,111,748 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE03.wav

[2011/09/01 14:29:26 | 000,130,780 | ---- | M] () -- \Arquivos de programas\MonsterFlyff2\Sound\Xl_SKILL_CRACKS_BOW_RANGESTRIKE04.wav

[2012/05/11 14:55:48 | 000,016,512 | ---- | M] () -- \Arquivos de programas\NCSoft\Aion\Data\USA\Items\icon_cash_item_firecracker_01.dds

[2012/05/11 14:55:48 | 000,016,512 | ---- | M] () -- \Arquivos de programas\NCSoft\Aion\Data\USA\Items\icon_cash_item_firecracker_01_64.dds

[2012/06/01 01:04:03 | 000,063,831 | ---- | M] () -- \Arquivos de programas\Pixel\Patterns\Crack.ptx

[2012/05/20 01:17:48 | 000,003,072 | ---- | M] () -- \Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\http_skidrowcrack.com_0.localstorage

[2010/03/08 08:00:34 | 000,003,031 | ---- | M] () -- \Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IM\Sound\tchaikovsky_the_nutcracker.imw

[2012/05/27 00:13:05 | 000,011,183 | ---- | M] () -- \Documents and Settings\Administrador\Dados de aplicativos\uTorrent\Nexuiz Crack by SKIDROW.torrent

[2012/05/27 00:15:10 | 000,010,653 | ---- | M] () -- \Documents and Settings\Administrador\Dados de aplicativos\uTorrent\NEXUIZ Crack.rar.torrent

[2012/05/27 00:15:27 | 000,002,094 | ---- | M] () -- \Documents and Settings\Administrador\Dados de aplicativos\uTorrent\NEXUIZ-FLT CRACK 2012.rar.torrent

[2003/03/27 19:18:00 | 000,349,873 | ---- | M] () -- \Documents and Settings\Administrador\Meus documentos\My Videos\Creativity Fun Packs\Sound Effects\graduation_sound_effects\Fireworks Scream Crackle.wma

[2003/03/27 19:18:00 | 000,027,167 | ---- | M] () -- \Documents and Settings\Administrador\Meus documentos\My Videos\Creativity Fun Packs\Sound Effects\sports\Baseball Bat Hit, Crack.wma

 

< *keygen* /s >

[2012/01/29 17:36:10 | 000,003,168 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIKeygenThread.idl

[2010/04/13 16:26:14 | 000,009,728 | ---- | M] () -- \Arquivos de programas\RVG Software\Holdem Manager\KeyGenerateClassLibrary.dll

 

< *serial* /s >

[2012/03/14 11:12:42 | 000,002,869 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\komodo\pref_serialization.py

[2012/03/14 11:14:02 | 000,009,249 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\komodo\html5lib\serializer\htmlserializer.py

[2012/05/29 23:28:30 | 000,007,973 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\komodo\html5lib\serializer\htmlserializer.pyo

[2012/03/14 11:14:02 | 000,000,269 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\komodo\html5lib\serializer\xhtmlserializer.py

[2012/05/29 23:28:30 | 000,000,747 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\komodo\html5lib\serializer\xhtmlserializer.pyo

[2012/01/29 17:29:58 | 000,003,522 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIDOMSerializer.idl

[2012/01/29 17:35:32 | 000,002,245 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIIPCSerializable.idl

[2012/01/29 17:36:06 | 000,002,452 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIRDFXMLSerializer.idl

[2012/01/29 17:38:02 | 000,002,886 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsISerializable.idl

[2012/01/29 17:35:32 | 000,002,460 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsISerializationHelper.idl

[2012/01/29 17:36:06 | 000,002,443 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\rdfISerializer.idl

[2011/07/02 21:18:28 | 000,003,589 | ---- | M] () -- \Arquivos de programas\EasyPHP-5.3.6.1\phpmyadmin\libraries\PHPExcel\PHPExcel\CachedObjectStorage\MemorySerialized.php

[2012/04/11 01:15:28 | 000,434,288 | ---- | M] () -- \Arquivos de programas\Microsoft Silverlight\5.1.10411.0\System.Runtime.Serialization.dll

[2012/08/14 09:26:46 | 001,164,288 | ---- | M] () -- \Arquivos de programas\Microsoft Silverlight\5.1.10411.0\System.Runtime.Serialization.ni.dll

[2006/01/26 22:44:04 | 000,000,612 | ---- | M] () -- \Arquivos de programas\Microsoft Visual Studio 9.0\Common7\IDE\VBExpress\Snippets\1033\other\connectivity\EnumerateSerialPorts.snippet

[2006/01/26 22:44:04 | 000,001,198 | ---- | M] () -- \Arquivos de programas\Microsoft Visual Studio 9.0\Common7\IDE\VBExpress\Snippets\1033\other\connectivity\ReadDatafromaSerialPort.snippet

[2006/01/26 22:44:04 | 000,001,512 | ---- | M] () -- \Arquivos de programas\Microsoft Visual Studio 9.0\Common7\IDE\VBExpress\Snippets\1033\other\connectivity\UseaSerialPorttoDialaPhoneNumber.snippet

[2011/11/08 19:03:36 | 000,029,631 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\serialized-form.html

[2009/09/08 05:17:41 | 000,010,836 | ---- | M] () -- \Arquivos de programas\PostgreSQL\8.4\doc\pljava\pljava\serialized-form.html

[2010/04/07 22:48:30 | 000,970,752 | ---- | M] () -- \Arquivos de programas\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll

[2007/09/17 15:13:52 | 000,284,352 | ---- | M] () -- \Arquivos de programas\Reference Assemblies\Microsoft\Framework\v3.0\en\System.Runtime.Serialization.xml

[2010/05/13 19:42:40 | 000,000,000 | ---- | M] () -- \Arquivos de programas\RVG Software\Holdem Manager\Logs\Serial.txt

[2012/05/27 15:51:29 | 000,723,648 | ---- | M] () -- \Arquivos de programas\Steam\steamapps\frankjr11\team fortress 2\bin\dmserializers.dll

[2004/08/04 00:42:00 | 000,030,345 | ---- | M] () -- \cmdcons\SERIAL.SY_

[2010/03/22 23:38:54 | 000,000,024 | ---- | M] () -- \Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Picasa2\cache\cacheindex_serial.pmp

[2008/09/18 23:10:54 | 000,001,673 | ---- | M] () -- \Utilitarios\Photoshop\PhotoshopPortable\PhotoshopPortable\App\Photoshop\lmresources\BadSerialNumberAlert.exv

[2008/09/18 23:10:54 | 000,001,561 | ---- | M] () -- \Utilitarios\Photoshop\PhotoshopPortable\PhotoshopPortable\App\Photoshop\lmresources\CantChangeSerialNumberAlert.exv

[2008/09/18 23:10:54 | 000,001,639 | ---- | M] () -- \Utilitarios\Photoshop\PhotoshopPortable\PhotoshopPortable\App\Photoshop\lmresources\InValidUpGradeSerialNumberAlert.exv

[2008/09/18 23:10:54 | 000,000,849 | ---- | M] () -- \Utilitarios\Photoshop\PhotoshopPortable\PhotoshopPortable\App\Photoshop\lmresources\ReserializeAlert.exv

[2008/09/18 23:10:54 | 000,027,443 | ---- | M] () -- \Utilitarios\Photoshop\PhotoshopPortable\PhotoshopPortable\App\Photoshop\lmresources\SerializationWF.exv

[2011/01/04 18:58:48 | 000,003,589 | ---- | M] () -- \wamp\apps\phpmyadmin3.3.9\libraries\PHPExcel\PHPExcel\CachedObjectStorage\MemorySerialized.php

[2011/01/04 18:58:50 | 000,004,063 | ---- | M] () -- \wamp\apps\phpmyadmin3.3.9\libraries\PHPExcel\PHPExcel\Reader\Serialized.php

[2011/01/04 18:58:52 | 000,005,339 | ---- | M] () -- \wamp\apps\phpmyadmin3.3.9\libraries\PHPExcel\PHPExcel\Writer\Serialized.php

[2012/06/14 01:07:44 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2011/12/01 00:05:35 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2012/05/09 17:09:23 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll

[2012/05/09 17:43:19 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll

[2012/05/09 17:44:24 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6a37764b2df9b3f9c7775701027ef779\System.Runtime.Serialization.Formatters.Soap.ni.dll

[2012/05/09 17:44:19 | 002,637,312 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll

[2012/06/21 22:21:57 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\v4.0_4.0.0.0_pt-BR_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2012/06/23 01:30:26 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

[2012/06/21 22:21:56 | 000,100,744 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.RunTime.Serialization.resources\v4.0_4.0.0.0_pt-BR_b77a5c561934e089\System.RunTime.Serialization.resources.dll

[2012/06/23 01:30:24 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

[2008/07/25 10:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

[2007/09/27 15:26:08 | 000,007,862 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\en\System.Runtime.Serialization.Formatters.Soap.xml

[2010/04/07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

[2010/03/18 13:16:28 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll

[2010/03/18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll

[2010/08/20 15:11:16 | 000,017,840 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\pt-BR\System.Runtime.Serialization.Formatters.Soap.resources.dll

[2010/08/20 15:11:16 | 000,100,744 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\pt-BR\System.RunTime.Serialization.resources.dll

[2001/10/28 09:06:20 | 000,054,032 | ---- | M] () -- \WINDOWS\system32\dpserial.dll

[2001/10/28 09:07:26 | 000,014,848 | ---- | M] () -- \WINDOWS\system32\serialui.dll

[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

[2001/10/28 09:06:20 | 000,054,032 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll

[2001/10/28 09:07:26 | 000,014,848 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll

[2008/04/13 15:55:22 | 000,065,536 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

[2009/08/06 00:00:00 | 000,002,030 | ---- | M] () -- \xampp\perl\site\lib\SOAP\Deserializer.pod

[2009/08/06 00:00:00 | 000,013,276 | ---- | M] () -- \xampp\perl\site\lib\SOAP\Serializer.pod

[2009/08/06 00:00:00 | 000,002,125 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\Deserializer.php

[2009/08/06 00:00:00 | 000,001,697 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\Serializer.php

[2009/08/06 00:00:00 | 000,009,310 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\Amf0\Deserializer.php

[2009/08/06 00:00:00 | 000,013,031 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\Amf0\Serializer.php

[2009/08/06 00:00:00 | 000,015,575 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\Amf3\Deserializer.php

[2009/08/06 00:00:00 | 000,017,464 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\Amf3\Serializer.php

[2010/09/27 17:43:20 | 000,005,687 | ---- | M] () -- \ZHP\Quarantine\PokerStars.DIR\gx\tokenserial.jpg

 

< *AutoKMS* /s >

 

< *loader* /s >

[2012/01/30 09:21:50 | 000,056,320 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\components\pyloader.dll

[2012/01/29 20:46:42 | 000,002,716 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\components\uriloader.xpt

[2012/01/30 09:21:52 | 000,009,648 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\xpcom\server\loader.py

[2012/05/29 23:27:42 | 000,007,633 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\mozilla\python\xpcom\server\loader.pyo

[2010/04/07 12:59:16 | 000,043,008 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\python\Lib\site-packages\isapi\PyISAPI_loader.dll

[2010/04/07 12:59:24 | 000,007,680 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\python\Lib\site-packages\win32\_win32sysloader.pyd

[2012/01/29 17:35:24 | 000,005,109 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\imgILoader.idl

[2012/01/29 17:33:10 | 000,002,681 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\mozIJSSubScriptLoader.idl

[2012/01/29 17:37:46 | 000,003,235 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsCURILoader.idl

[2012/01/29 17:37:46 | 000,002,790 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIDocumentLoader.idl

[2012/01/29 17:30:38 | 000,003,385 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIDocumentLoaderFactory.idl

[2012/01/29 17:35:32 | 000,003,519 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIDownloader.idl

[2012/01/29 17:29:58 | 000,009,403 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIFrameLoader.idl

[2012/01/29 17:29:58 | 000,003,372 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIScriptLoaderObserver.idl

[2012/01/29 17:35:32 | 000,004,179 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIStreamLoader.idl

[2012/01/29 17:35:32 | 000,004,678 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIUnicharStreamLoader.idl

[2012/01/29 17:37:48 | 000,007,495 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\nsIURILoader.idl

[2012/01/29 17:33:10 | 000,004,403 | ---- | M] () -- \Arquivos de programas\ActiveState Komodo Edit 7\lib\sdk\idl\xpcIJSModuleLoader.idl

[2001/01/16 06:55:36 | 000,053,248 | ---- | M] () -- \Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\COLOADER.DLL

[2001/01/16 04:22:34 | 000,002,560 | ---- | M] () -- \Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\COLOADER.TLB

[2007/11/07 09:21:26 | 000,072,192 | ---- | M] () -- \Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\coloader80.dll

[2007/11/06 19:10:00 | 000,004,096 | ---- | M] () -- \Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\coloader80.tlb

[2011/09/21 17:08:16 | 000,106,496 | ---- | M] () -- \Arquivos de programas\Driver Identifier\DriverUploader.exe

[2011/07/02 21:18:28 | 000,001,963 | ---- | M] () -- \Arquivos de programas\EasyPHP-5.3.6.1\phpmyadmin\libraries\PHPExcel\PHPExcel\Autoloader.php

[2009/10/26 17:52:34 | 000,214,528 | ---- | M] () -- \Arquivos de programas\JDownloader\JDownloader.exe

[2012/02/08 21:53:27 | 000,593,293 | ---- | M] () -- \Arquivos de programas\JDownloader\JDownloader.jar

[2009/10/06 19:48:58 | 000,000,113 | ---- | M] () -- \Arquivos de programas\JDownloader\jd\img\hosterlogos\uploader.pl.png

[2010/01/14 13:55:17 | 000,003,107 | ---- | M] () -- \Arquivos de programas\JDownloader\jd\plugins\decrypter\UploaderRo.class

[2009/10/30 15:18:06 | 000,003,264 | ---- | M] () -- \Arquivos de programas\JDownloader\jd\plugins\hoster\IPAUploaderCom.class

[2012/02/08 21:58:41 | 000,007,073 | ---- | M] () -- \Arquivos de programas\JDownloader\jd\plugins\hoster\UploaderPl.class

[2009/10/26 17:48:22 | 000,032,222 | ---- | M] () -- \Arquivos de programas\JDownloader\licenses\jdownloader.license

[2009/07/05 14:33:03 | 000,059,728 | ---- | M] () -- \Arquivos de programas\Messenger Plus! Live\MsgPlusLoader.dll

[2011/07/28 18:42:57 | 000,002,941 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\config\ModuleAutoDeps\org-openide-loaders.xml

[2011/07/28 18:42:57 | 000,000,411 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\config\Modules\org-openide-loaders.xml

[2011/12/29 09:54:34 | 001,322,173 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\modules\org-openide-loaders.jar

[2011/12/29 09:54:32 | 000,007,062 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\modules\locale\org-openide-loaders_ja.jar

[2011/12/29 09:54:31 | 000,006,437 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\modules\locale\org-openide-loaders_pt_BR.jar

[2011/12/29 09:54:32 | 000,007,588 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\modules\locale\org-openide-loaders_ru.jar

[2011/12/29 09:54:31 | 000,006,722 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\modules\locale\org-openide-loaders_zh_CN.jar

[2011/12/29 09:55:21 | 000,000,465 | ---- | M] () -- \Arquivos de programas\NetBeans 7.0.1\platform\update_tracking\org-openide-loaders.xml

[2011/10/17 14:10:26 | 000,071,528 | ---- | M] () -- \Arquivos de programas\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll

[2011/11/06 11:09:52 | 000,083,816 | ---- | M] () -- \Arquivos de programas\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll

[2011/11/08 19:03:14 | 000,013,211 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.ErrorNotification.html

[2011/11/08 19:03:30 | 000,020,432 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.html

[2011/11/08 19:03:14 | 000,006,597 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.PreloaderNotification.html

[2011/11/08 19:03:28 | 000,010,567 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.ProgressNotification.html

[2011/11/08 19:03:10 | 000,015,082 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.StateChangeNotification.html

[2011/11/08 19:03:30 | 000,014,414 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.StateChangeNotification.Type.html

[2011/11/08 19:03:34 | 000,006,842 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.ErrorNotification.html

[2011/11/08 19:03:12 | 000,004,449 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.html

[2011/11/08 19:03:20 | 000,009,261 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.PreloaderNotification.html

[2011/11/08 19:03:26 | 000,006,893 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.ProgressNotification.html

[2011/11/08 19:03:42 | 000,006,977 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.StateChangeNotification.html

[2011/11/08 19:03:32 | 000,011,165 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.StateChangeNotification.Type.html

[2011/11/08 19:03:10 | 000,010,377 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.Attribute.html

[2011/11/08 19:03:34 | 000,012,768 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ControllerMethodEventHandler.html

[2011/11/08 19:03:30 | 000,014,222 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.CopyElement.html

[2011/11/08 19:03:38 | 000,011,488 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.DefineElement.html

[2011/11/08 19:03:34 | 000,020,205 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.Element.html

[2011/11/08 19:03:16 | 000,014,212 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ExpressionTargetMapping.html

[2011/11/08 19:03:10 | 000,044,046 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.html

[2011/11/08 19:03:34 | 000,014,967 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.IncludeElement.html

[2011/11/08 19:03:44 | 000,016,588 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.InstanceDeclarationElement.html

[2011/11/08 19:03:24 | 000,013,878 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.PropertyChangeListener.html

[2011/11/08 19:03:36 | 000,015,658 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.PropertyElement.html

[2011/11/08 19:03:12 | 000,014,271 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ReferenceElement.html

[2011/11/08 19:03:46 | 000,015,319 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ScriptElement.html

[2011/11/08 19:03:42 | 000,012,568 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ScriptEventHandler.html

[2011/11/08 19:03:34 | 000,015,451 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ValueElement.html

[2011/11/08 19:03:32 | 000,008,341 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.Attribute.html

[2011/11/08 19:03:44 | 000,004,702 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ControllerMethodEventHandler.html

[2011/11/08 19:03:40 | 000,004,515 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.CopyElement.html

[2011/11/08 19:03:32 | 000,004,537 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.DefineElement.html

[2011/11/08 19:03:10 | 000,006,719 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.Element.html

[2011/11/08 19:03:14 | 000,004,647 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ExpressionTargetMapping.html

[2011/11/08 19:03:20 | 000,007,272 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.html

[2011/11/08 19:03:30 | 000,004,548 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.IncludeElement.html

[2011/11/08 19:03:26 | 000,004,680 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.InstanceDeclarationElement.html

[2011/11/08 19:03:28 | 000,004,636 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.PropertyChangeListener.html

[2011/11/08 19:03:18 | 000,006,587 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.PropertyElement.html

[2011/11/08 19:03:24 | 000,004,570 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ReferenceElement.html

[2011/11/08 19:03:40 | 000,004,537 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ScriptElement.html

[2011/11/08 19:03:12 | 000,004,592 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ScriptEventHandler.html

[2011/11/08 19:03:30 | 000,004,526 | ---- | M] () -- \Arquivos de programas\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ValueElement.html

[2009/09/08 05:17:40 | 000,015,473 | ---- | M] () -- \Arquivos de programas\PostgreSQL\8.4\doc\pljava\pljava\org\postgresql\pljava\sqlj\Loader.html

[2009/09/08 04:30:48 | 000,000,708 | ---- | M] () -- \Arquivos de programas\PostgreSQL\8.4\include\server\utils\dynamic_loader.h

[2012/08/12 20:08:46 | 000,001,907 | ---- | M] () -- \Arquivos de programas\StarCraft II\Logs\Downloader.log

[2009/09/25 14:00:00 | 000,001,849 | ---- | M] () -- \Arquivos de programas\TuneUp Utilities 2012\data\Integrator\images\panel6\loader.gif

[2006/12/23 17:37:56 | 000,044,032 | ---- | M] () -- \Arquivos de programas\WinRAR\RarExtLoader.exe

[2012/08/26 15:22:13 | 006,396,128 | ---- | M] () -- \Arquivos de programas\World of Warcraft\BackgroundDownloader.exe

[2012/08/26 23:25:05 | 000,000,978 | ---- | M] () -- \Arquivos de programas\World of Warcraft\Logs\Downloader.log

[2012/08/02 16:36:27 | 003,146,824 | ---- | M] () -- \CrossFire\crossfire_downloader.exe

[2012/05/30 18:23:14 | 002,997,832 | ---- | M] () -- \CrossFire\CF_Installler\cfPT_downloader.exe

[2012/05/30 18:11:27 | 003,146,824 | ---- | M] () -- \CrossFire\CF_Installler\crossfire_downloader.exe

[2012/05/16 20:47:14 | 000,000,673 | ---- | M] () -- \Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda\2.3.7.1_0\Media\ajax-loader.gif

[2009/12/04 15:48:20 | 000,000,342 | ---- | M] () -- \Documents and Settings\Administrador\Menu Iniciar\Programas\JDownloader\JDownloader Support.lnk

[2009/12/04 15:48:20 | 000,000,862 | ---- | M] () -- \Documents and Settings\Administrador\Menu Iniciar\Programas\JDownloader\JDownloader.lnk

[2009/12/04 15:48:23 | 000,000,852 | ---- | M] () -- \Documents and Settings\Administrador\Menu Iniciar\Programas\JDownloader\Uninstall JDownloader.lnk

[2012/05/07 15:33:00 | 000,004,472 | ---- | M] () -- \Documents and Settings\Administrador\Meus documentos\CurriculumVitae\vendo-esteira-profissional-marca-cybex-mod-700t-excelente-estado-novinha-paguei-20-mil-iid-330945886_arquivos\ajax-loader.gif

[2012/05/07 15:42:15 | 000,004,472 | ---- | M] () -- \Documents and Settings\Administrador\Meus documentos\vendo-esteira-profissional-marca-cybex-mod-700t-excelente-estado-novinha-paguei-20-mil-iid-330945886_arquivos\ajax-loader.gif

[2012/04/27 17:14:26 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Dados de aplicativos\Skype\Apps\login\images\loader.gif

[2012/04/27 17:14:26 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Dados de aplicativos\Skype\Apps\login\images\loader.png

[2010/05/09 19:58:44 | 002,000,552 | ---- | M] () -- \Jogos\FlyFF\FlyffBrasilDownloaderV15.exe

[2011/07/03 21:08:16 | 002,052,168 | ---- | M] () -- \Jogos\FlyFFUS\Flyff_US_20110524_Downloader.exe

[2012/05/22 18:37:44 | 000,003,451 | ---- | M] () -- \Utilitarios\CakePHP\cakephp-cakephp-2.1.3-0-gc26df70\cakephp-cakephp-4b81775\lib\Cake\TestSuite\CakeTestLoader.php

[2009/12/04 15:38:05 | 028,253,422 | ---- | M] () -- \Utilitarios\jDownloader\JDownloaderSetup0.9.579.exe

[2011/01/04 18:58:48 | 000,001,651 | ---- | M] () -- \wamp\apps\phpmyadmin3.3.9\libraries\PHPExcel\PHPExcel\Autoloader.php

[2008/04/13 16:20:26 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll

[1 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

[2008/04/13 16:20:26 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll

[2009/08/06 00:00:00 | 000,068,096 | ---- | M] () -- \xampp\MercuryMail\loader.exe

[2009/08/06 00:00:00 | 000,014,997 | ---- | M] () -- \xampp\perl\lib\AutoLoader.pm

[2009/08/06 00:00:00 | 000,025,786 | ---- | M] () -- \xampp\perl\lib\DynaLoader.pm

[2009/08/06 00:00:00 | 000,017,341 | ---- | M] () -- \xampp\perl\lib\SelfLoader.pm

[2009/08/06 00:00:00 | 000,010,882 | ---- | M] () -- \xampp\perl\lib\XSLoader.pm

[2009/08/06 00:00:00 | 000,001,329 | ---- | M] () -- \xampp\perl\lib\Locale\Maketext\GutsLoader.pm

[2009/08/06 00:00:00 | 000,001,027 | ---- | M] () -- \xampp\perl\site\lib\Apache2\XSLoader.pm

[2009/08/06 00:00:00 | 000,001,031 | ---- | M] () -- \xampp\perl\site\lib\APR\XSLoader.pm

[2009/08/06 00:00:00 | 000,010,720 | ---- | M] () -- \xampp\perl\site\lib\ModPerl\RegistryLoader.pm

[2009/08/06 00:00:00 | 000,006,786 | ---- | M] () -- \xampp\php\PEAR\PEAR\Autoloader.php

[2009/08/06 00:00:00 | 000,066,788 | ---- | M] () -- \xampp\php\PEAR\PEAR\Downloader.php

[2009/08/06 00:00:00 | 000,009,232 | ---- | M] () -- \xampp\php\PEAR\Zend\Loader.php

[2009/08/06 00:00:00 | 000,007,300 | ---- | M] () -- \xampp\php\PEAR\Zend\Amf\Parse\TypeLoader.php

[2009/08/06 00:00:00 | 000,002,788 | ---- | M] () -- \xampp\php\PEAR\Zend\Application\Module\Autoloader.php

[2009/08/06 00:00:00 | 000,013,365 | ---- | M] () -- \xampp\php\PEAR\Zend\Loader\Autoloader.php

[2009/08/06 00:00:00 | 000,014,623 | ---- | M] () -- \xampp\php\PEAR\Zend\Loader\PluginLoader.php

[2009/08/06 00:00:00 | 000,010,500 | ---- | M] () -- \xampp\php\PEAR\Zend\Search\Lucene\Index\DictionaryLoader.php

[2009/08/06 00:00:00 | 000,004,153 | ---- | M] () -- \xampp\php\PEAR\Zend\Tool\Framework\Loader\IncludePathLoader.php

 

< %APPDATA%\Local\*. >

 

< %APPDATA%\*.exe /s >

[2009/11/06 07:04:40 | 010,377,728 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\CocoonSoftware\QMC\ffmpeg.exe

[2008/04/02 12:35:18 | 007,945,216 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\CocoonSoftware\QMC\ffmpegHD.exe

[2007/03/22 07:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\GRETECH\GomPlayer\GrLauncher.exe

[2012/05/25 19:43:45 | 001,003,520 | ---- | M] (Gretech Corporation) -- C:\Documents and Settings\Administrador\Dados de aplicativos\GRETECH\GomPlayer\GrLauncherTempSetup.exe

[2011/12/24 14:50:46 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2010/01/22 01:19:16 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2010/03/05 16:49:50 | 000,197,632 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\TbHelper2.exe

[2010/03/12 17:45:00 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\uninstall.exe

[2010/03/12 17:45:00 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\update.exe

[2010/03/19 12:04:44 | 000,152,664 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ahfb6ogq.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\setup_widget_serv.exe

[2012/01/03 23:19:58 | 000,370,176 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall\Delphi 7 Second Edition\%ProgramFilesDir%\delphi7se\Projects\Project1.exe

[2012/01/03 22:19:25 | 000,375,296 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall\Delphi 7 Second Edition\%ProgramFilesDir%\delphi7se\Projects\Project2.exe

[2007/10/23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\U3\temp\cleanup.exe

[2008/05/02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Administrador\Dados de aplicativos\U3\temp\Launchpad Removal.exe

 

< %APPDATA%\*. >

[2012/08/22 21:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe

[2009/09/08 21:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead

[2010/03/31 19:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AnvSoft

[2012/06/26 15:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

[2012/04/03 16:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Auslogics

[2012/06/28 21:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

[2012/08/12 02:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Call Graph

[2010/03/31 14:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CocoonSoftware

[2011/12/24 14:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/08/22 21:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1

[2012/08/24 00:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.rpgonline.rpg2ic

[2010/01/21 23:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

[2012/06/28 21:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Dev-Cpp

[2012/01/03 22:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DriverCure

[2012/05/01 15:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\driveridentifier

[2011/12/14 17:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Dropbox

[2010/01/19 15:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\EssentialPIM

[2012/03/02 14:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Foxit Software

[2012/02/11 13:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo

[2009/09/08 19:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Google

[2009/11/28 16:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GRETECH

[2010/12/31 09:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\HEM Data

[2009/09/09 14:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\id Software

[2009/09/08 20:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Identities

[2009/12/16 00:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

[2009/09/08 19:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia

[2010/06/04 15:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

[2009/11/13 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

[2011/11/25 05:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mekek

[2011/07/06 10:20:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft

[2010/06/30 22:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\mIRC

[2009/09/09 14:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla

[2012/06/02 18:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\NCH Software

[2009/12/13 11:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\NetMedia Providers

[2010/03/07 10:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Notepad++

[2012/03/06 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\NVIDIA

[2011/12/29 09:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Oracle

[2012/01/03 22:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ParetoLogic

[2009/12/13 11:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers

[2009/12/25 16:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Real

[2012/08/13 03:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Realteks

[2011/07/04 12:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\runic games

[2009/11/05 21:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Screaming Bee

[2010/07/01 22:18:22 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

[2012/09/02 02:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

[2011/07/12 22:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony

[2009/11/05 20:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Steinberg

[2009/09/09 15:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Styler

[2012/04/04 21:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SumatraPDF

[2009/09/09 06:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun

[2009/11/07 20:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2

[2012/01/03 21:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thinstall

[2012/07/03 00:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TS3Client

[2012/05/01 14:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TuneUp Software

[2010/04/24 09:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\U3

[2012/06/26 15:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Unity

[2012/09/02 21:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

[2009/09/12 11:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\WinRAR

[2012/07/31 21:26:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\wyUpdate AU

 

< %USERPROFILE%\AppData\Local\*.* >

 

< %USERPROFILE%\AppData\Roaming\*.* >

 

< %systemroot%\assembly\tmp\*.* /S /MD5 >

 

< %systemroot%\assembly\temp\*.* /S /MD5 >

 

< %systemroot%\assembly\GAC\*.* /S /MD5 >

[2011/07/06 10:18:45 | 000,110,592 | ---- | M] () MD5=C0F0651AC9610796599E87FBB3142802 -- C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

[2011/07/06 10:20:07 | 000,000,196 | ---- | M] () MD5=213E77DAAA7EE6F0D61692008680FC9B -- C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:21 | 000,245,760 | ---- | M] () MD5=5CED75DC6415D2F84520C609210860E5 -- C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll

[2011/12/26 21:57:10 | 000,000,194 | ---- | M] () MD5=5C0507D4A1346613928ED69C2791FFD1 -- C:\WINDOWS\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:27 | 000,135,168 | ---- | M] () MD5=CC5C4FC689E3B2E4AE2FF2D3F158EB48 -- C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll

[2011/12/26 21:57:11 | 000,000,196 | ---- | M] () MD5=D5B22164E7EEC4C9802EDB4296BDB5C0 -- C:\WINDOWS\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:27 | 000,018,944 | ---- | M] () MD5=0D3BD6C1BD5C10514CF8DBAFB9F356A8 -- C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll

[2011/12/26 21:57:11 | 000,000,196 | ---- | M] () MD5=5E8F94B66B871D7CBFCFF162953406D9 -- C:\WINDOWS\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2012/05/27 16:59:23 | 000,053,248 | ---- | M] () MD5=75933586AFD94EA24C5ACD3DBC89A272 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

[2012/05/27 16:59:23 | 000,000,319 | ---- | M] () MD5=93A4FCE606DB54DDFF6BAA87765D5AD5 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:24 | 000,012,800 | ---- | M] () MD5=C0843F0F45EDEEF233B1E581AE75E3BB -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

[2012/05/27 16:59:24 | 000,000,305 | ---- | M] () MD5=4CC864444011BE02E37392090B995550 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:24 | 000,473,600 | ---- | M] () MD5=7AD4D9FABD109432EED91B359CEAE430 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

[2012/05/27 16:59:24 | 000,000,299 | ---- | M] () MD5=E207E3DA66C63AB196CED683E756BF8E -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:15 | 002,676,224 | ---- | M] () MD5=A73E7421449CCA62B0561BAD4C8EF23D -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:16 | 000,000,301 | ---- | M] () MD5=D6E4F90AC326BFEA8AB9C443B105B10F -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:17 | 002,846,720 | ---- | M] () MD5=5E2B8B8A5ED016468716B9FF82A1806F -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:17 | 000,000,301 | ---- | M] () MD5=38939225A72C7325543CA03153041969 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:17 | 000,563,712 | ---- | M] () MD5=D3F1922325BE8E7E1C72BFD8179454CE -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:17 | 000,000,301 | ---- | M] () MD5=0746E446433FDC12FEEBA4CED46B2214 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:18 | 000,567,296 | ---- | M] () MD5=FB3BC0754921873A65F5FBDCA845E6EE -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:18 | 000,000,301 | ---- | M] () MD5=627792D702A09E3B4988028B7A59E7D3 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:19 | 000,576,000 | ---- | M] () MD5=AFCF5F50C632F3A5598ABC28F196D77C -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:19 | 000,000,301 | ---- | M] () MD5=028DECD7A854D5F2EB88A318E648E479 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:19 | 000,577,024 | ---- | M] () MD5=CCD53738DF4FA27849B6BB05DD67D10D -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:19 | 000,000,301 | ---- | M] () MD5=355A336545DE84F8F0F3CA07EE4ECC82 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:20 | 000,577,536 | ---- | M] () MD5=43C280C3B15CEB2472AB560D09629664 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:20 | 000,000,301 | ---- | M] () MD5=865C28361D00DDC4E2ED8BDB7D3EDF81 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:21 | 000,577,536 | ---- | M] () MD5=490807C150B7D8BE44BDE871F4DF8C56 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:21 | 000,000,301 | ---- | M] () MD5=90F362BE98921484737A9A555EDD0BF6 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:21 | 000,578,560 | ---- | M] () MD5=933085360527DE1B4947289CA468184E -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:21 | 000,000,301 | ---- | M] () MD5=6F95E32D4ED1BA21D9D50F67654BB916 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:25 | 000,578,560 | ---- | M] () MD5=25C76C1E29D3E8E7398F0901F558A629 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

[2012/05/27 16:59:25 | 000,000,301 | ---- | M] () MD5=138C9F76CB5D362D582B0D82DFC86026 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:26 | 000,145,920 | ---- | M] () MD5=D9824A9DD107E598575112B4FF897292 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

[2012/05/27 16:59:26 | 000,000,303 | ---- | M] () MD5=A54F8E8E9D77209DD01DA6271344E5E5 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:26 | 000,159,232 | ---- | M] () MD5=CEBD995DDEAB2C525A5C4E95789BC961 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

[2012/05/27 16:59:26 | 000,000,305 | ---- | M] () MD5=77D9D4FB1E823BAD82FA78DD9013197A -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:27 | 000,364,544 | ---- | M] () MD5=46F26E2BAFD44960E7F13B2EF80AA0BC -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

[2012/05/27 16:59:27 | 000,000,303 | ---- | M] () MD5=C2DAE87BBC95A1A7CDD601ADDABC435B -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:27 | 000,178,176 | ---- | M] () MD5=D035348EC8968861AF585B7132FE4C7B -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

[2012/05/27 16:59:27 | 000,000,305 | ---- | M] () MD5=A388CDE8795AFC0FBB032067BA114075 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2012/05/27 16:59:22 | 000,223,232 | ---- | M] () MD5=0C453970E89DB1C1EB9DE087E6EAB5BA -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

[2012/05/27 16:59:22 | 000,000,281 | ---- | M] () MD5=0AF3B8FE1EDCF79AF77609078DCD2847 -- C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

[2011/12/26 21:55:39 | 000,006,656 | ---- | M] () MD5=063358A97661C49AAB9F70F215F50B8A -- C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll

[2011/12/26 21:57:11 | 000,000,237 | ---- | M] () MD5=B00947F6E1C61433029100CF5C25160C -- C:\WINDOWS\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/01/05 08:11:33 | 000,091,488 | ---- | M] () MD5=E913F8C8E10511D5A7B914602300CF45 -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

[2010/01/05 08:11:35 | 000,000,226 | ---- | M] () MD5=81187974248A74AD0B113A11D7015FFD -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2011/11/23 19:24:31 | 000,111,624 | ---- | M] () MD5=72371703EF5847DC746382850D85C526 -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

[2011/11/23 19:24:33 | 000,000,222 | ---- | M] () MD5=5766F9FC97548DF5EB7D871B7252EB23 -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2011/12/26 21:56:18 | 000,022,552 | ---- | M] () MD5=D3072F8EA0DECEABF899F2595F920E49 -- C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll

[2011/12/26 21:57:13 | 000,000,210 | ---- | M] () MD5=3FADCA5ECEA55550E29C34004BF04B5D -- C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/01/05 08:11:32 | 000,066,936 | ---- | M] () MD5=056AD274C2AC6C794C75FDB5B2664C88 -- C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

[2010/01/05 08:11:35 | 000,000,210 | ---- | M] () MD5=416C8116829C6071393AC9FC3C293AB1 -- C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2011/12/26 21:55:31 | 000,069,632 | ---- | M] () MD5=55443F2C73DC8177E2D9D608D14F8FEA -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll

[2011/12/26 21:57:12 | 000,000,222 | ---- | M] () MD5=DB9C15B9261AEB4A7463234CDA2F4324 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:32 | 000,176,128 | ---- | M] () MD5=62BCEFC86078125C92BFCABC9F5769F4 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll

[2011/12/26 21:57:11 | 000,000,227 | ---- | M] () MD5=18507EF7417A7F3F488E1E4B9592E890 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:32 | 000,126,976 | ---- | M] () MD5=F42E3E6C3E11F8880D83A6E24CC9D803 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll

[2011/12/26 21:57:11 | 000,000,228 | ---- | M] () MD5=2B749D0F31D7F034BAC1100D3736F448 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:18 | 000,008,704 | ---- | M] () MD5=4FCA230D88B5AFA87CAA2428031EBED1 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll

[2011/12/26 21:57:12 | 000,000,233 | ---- | M] () MD5=8FEA10406D90B571E90E967F3E9491A5 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:35 | 000,118,784 | ---- | M] () MD5=CCC8B61611505D9208D70486BC77BEE6 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll

[2011/12/26 21:57:11 | 000,000,226 | ---- | M] () MD5=EFFD71405C5E761D8F56A3B8A7EB003A -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:36 | 000,172,032 | ---- | M] () MD5=9515448FC70D82305B8B24A6A8F525D7 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll

[2011/12/26 21:57:11 | 000,000,228 | ---- | M] () MD5=4CFCBF0D9E9B0BA3F92D5A390E6B721A -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:36 | 000,040,960 | ---- | M] () MD5=82E2CBA6AF70158C0D2567F2677EF051 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll

[2011/12/26 21:57:11 | 000,000,228 | ---- | M] () MD5=305A16A571ED5B5B9C232E5C7033DA7F -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:36 | 000,249,856 | ---- | M] () MD5=0F9898E45D4B0341A88C331FB1633972 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll

[2011/12/26 21:57:11 | 000,000,228 | ---- | M] () MD5=DCE3ED9D08EC619CB05FD8D41B326EAD -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:36 | 000,057,344 | ---- | M] () MD5=D3739DA297AD259237F5F3A18C7156C5 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll

[2011/12/26 21:57:11 | 000,000,234 | ---- | M] () MD5=F492469C61EC07CB769017674E74D6DB -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:20 | 000,007,680 | ---- | M] () MD5=E0A7D8300A89FC424923CC462D8A7F45 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll

[2011/12/26 21:57:11 | 000,000,234 | ---- | M] () MD5=56576C3CF579E68B54F712FF93860E65 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:36 | 000,114,688 | ---- | M] () MD5=7145D4A6D6887E3DF8628E92B35CCD3E -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll

[2011/12/26 21:57:11 | 000,000,234 | ---- | M] () MD5=441FDF7316F973FB5463A61443C44B87 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:37 | 000,011,264 | ---- | M] () MD5=B65B2BAEF93A017FAB7AD6EDF1062557 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll

[2011/12/26 21:57:11 | 000,000,220 | ---- | M] () MD5=6437A9434F22D9C78638EF9FE0828628 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:55:38 | 000,008,704 | ---- | M] () MD5=89D2BB61B38623CA3719198D116995F8 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll

[2011/12/26 21:57:11 | 000,000,219 | ---- | M] () MD5=28727FCE5280169DE2A13C7464B67772 -- C:\WINDOWS\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/07/06 10:19:42 | 000,013,312 | ---- | M] () MD5=FCB6603200F3CC96A464C0D29FC86BEA -- C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

[2011/07/06 10:20:07 | 000,000,200 | ---- | M] () MD5=585BD3D1F51F73D45B079581549BCF45 -- C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2010/01/05 08:11:32 | 000,226,656 | ---- | M] () MD5=C73E12F0E652CCFF2E23DFC726EB7F44 -- C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

[2010/01/05 08:11:35 | 000,000,195 | ---- | M] () MD5=2C6A6A92ABE5F257904F2305E536BEFF -- C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini

[2011/07/06 10:19:45 | 000,016,384 | ---- | M] () MD5=2878E2CEA511AF5562DAD618218C632A -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

[2011/07/06 10:20:07 | 000,000,197 | ---- | M] () MD5=B369011B201A692896E0586EE52175FC -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:05 | 000,053,248 | ---- | M] () MD5=DC24B9BF2CE3DFD5F3A282B43EDD23D6 -- C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll

[2011/12/26 21:57:12 | 000,000,201 | ---- | M] () MD5=11C9F71BA4115677FB54FA5B72789511 -- C:\WINDOWS\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:06 | 000,019,968 | ---- | M] () MD5=8D85B2F35CD05192A9C7BB71A472B02F -- C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll

[2011/12/26 21:57:12 | 000,000,202 | ---- | M] () MD5=5C3FFB6AB30D2A0A3D90559331C64376 -- C:\WINDOWS\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:08 | 000,073,728 | ---- | M] () MD5=D15668F7AC2A32875D526E050CA54CC0 -- C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll

[2011/12/26 21:57:12 | 000,000,200 | ---- | M] () MD5=7C976021D7A0617DE87D42127D35D59E -- C:\WINDOWS\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:08 | 000,005,120 | ---- | M] () MD5=3358CA71F79CC131211D82E1B58462BB -- C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll

[2011/12/26 21:57:12 | 000,000,200 | ---- | M] () MD5=1ECA5FB5B3F35DED6A9965167A3B7FA6 -- C:\WINDOWS\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:13 | 000,049,152 | ---- | M] () MD5=D735647F1CDDBD56344A3954B7F4B63C -- C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll

[2011/12/26 21:57:12 | 000,000,205 | ---- | M] () MD5=F42F5FA9FB077210A3D635F8C201304D -- C:\WINDOWS\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

[2011/12/26 21:56:16 | 000,012,288 | ---- | M] () MD5=4419D9FEE3E3551DBEEA8D68D4EA235B -- C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll

[2011/12/26 21:57:12 | 000,000,207 | ---- | M] () MD5=677A96BD6386D4BFF2246D345AEC8A3A -- C:\WINDOWS\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini

 

< %systemroot%\assembly\GAC_32\*.* /S /MD5 >

[2012/06/14 01:07:38 | 000,069,120 | ---- | M] () MD5=DC426A365577F27187F99EB506ECD5D1 -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

[2012/06/14 01:07:41 | 000,072,192 | ---- | M] () MD5=29B35A999E341A37BE67771BE01CC275 -- C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

[2010/01/06 22:01:00 | 000,163,840 | ---- | M] () MD5=36BDD82A92AA704034475C2DEF7FBD29 -- C:\WINDOWS\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

[2011/12/26 21:55:20 | 000,573,440 | ---- | M] () MD5=4C135ED80BC53BD1E13C6C68E36563C3 -- C:\WINDOWS\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.dll

[2011/12/26 21:55:39 | 001,712,128 | ---- | M] () MD5=833959FB31E2778EC66C2509E4F793E1 -- C:\WINDOWS\assembly\GAC_32\mscorcfg\3.5.0.0__b03f5f7f11d50a3a\mscorcfg.dll

[2012/06/14 01:07:49 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp

[2012/06/14 01:07:49 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp

[2012/06/14 01:07:49 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp

[2012/06/14 01:07:49 | 004,550,656 | ---- | M] () MD5=3BDAE07DA44654FA393A2A2BA242EA41 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

[2012/06/14 01:07:49 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp

[2012/06/14 01:07:49 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp

[2012/06/14 01:07:49 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp

[2012/06/14 01:07:49 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp

[2012/06/14 01:07:49 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp

[2012/06/14 01:07:49 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp

[2012/06/14 01:07:49 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp

[2012/06/14 01:07:49 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

[2012/06/14 01:07:49 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp

[2012/06/14 01:07:49 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp

[2012/05/09 15:13:02 | 004,214,784 | ---- | M] () MD5=E0EB0BDC866E2C0CC792B83BD2422501 -- C:\WINDOWS\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

[2012/06/14 01:07:50 | 000,486,400 | ---- | M] () MD5=759FD3779911F89C450CCAE06B92AE3A -- C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

[2012/06/14 01:07:51 | 002,933,248 | ---- | M] () MD5=16F96C1496CBD0965285AB19A9271D02 -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

[2012/06/14 01:07:43 | 000,258,048 | ---- | M] () MD5=9631B15DB7C43C267636FF43C3075E07 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

[2012/06/14 01:07:43 | 000,113,664 | ---- | M] () MD5=E786C33D35D39C5CCB523AECC18D7BD7 -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

[2012/05/09 15:13:03 | 000,368,640 | ---- | M] () MD5=E915933B0E68B61A6AC22E06BD1AD651 -- C:\WINDOWS\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

[2012/06/14 01:07:43 | 000,261,632 | ---- | M] () MD5=F054572A92573CA32D5F3AA8C15D2BAC -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

[2012/06/14 01:07:35 | 005,246,976 | ---- | M] () MD5=661268A6BEEF1C1B0D1B9137F530A9FD -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

 

< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >

 

< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* >

 

< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes >

"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

< regedit /e c:\registrybackup.reg /c >

 

< type c:\boot.ini >> test.txt /c >

[boot loader]

timeout=15

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=GEV0XO /Kernel=TUKernel.exe

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=GEV0XO-BAK

C:\wubildr.mbr = "Ubuntu"

 

< %systemroot%\system32\Tasks\*.* /s >

 

< %windir%\tasks\*.* /s >

[2012/09/05 17:22:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/08/31 20:28:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/06/16 16:03:30 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\classCron.job

[2001/10/28 09:07:04 | 000,000,065 | R--- | M] () -- C:\WINDOWS\tasks\desktop.ini

[2012/09/05 10:23:59 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job

[2012/09/05 10:33:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2012/09/05 10:23:58 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2012/09/05 10:23:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2012/06/15 18:39:01 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\WavePadReminder.job

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 522 bytes -> C:\WINDOWS\System32\drivers\teugbsnr.sys:changelist

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:احتضان

 

< End of report >

[DigRam 144]

Boa Noite! rehcarlos

 

|- Baixe: < > ( ... par tigzy )

 

|- Salve-o no desktop!

|- Feche aplicativos que estejam abertos!

|- Execute RogueKiller.exe e aceite a Eula.

 

 

|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.

|- Aguarde a finalização de seu Pre-scan.

 

 

|- Dê início ao diagnóstico,clicando no botão "Verificar".

|- Exemplo: Mode: Verificar -- Date: mm/dd/2012 00:52:24

|- Poste o relatório: RKreport[1].txt

 

-/-

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys -- (catchme)

FF - prefs.js..network.proxy.autoconfig_url: "http://www.mobseguroatualiza.com/kbr1308201202.win"

FF - user.js..network.proxy.autoconfig_url: "http://www.mobseguroatualiza.com/kbr1308201202.win"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2012/09/04 23:11:22 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/13 16:20:08 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\@

[2008/04/13 16:20:08 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\@

 

:Files

mdnsNSP.dll /lsp

C:\Arquivos de programas\Bonjour\mdnsNSP.dll

C:\Arquivos de programas\Bonjour

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\@

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}

C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\@

C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}

C:\Documents and Settings\All Users\DRM:?????? /U

netsh advfirewall firewall /C

 

:Services

"Bonjour Service"

 

:Commands

[CREATERESTOREPOINT]

[purity]

[emptytemp]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abs!

[rehcarlos 0]

EDIT: calma ae DigRam, consegui iniciar o PC

 

EDIT 2: O PC estava congelando depois da tela de bemv vindo, ae depois de uns 5min, apareceu os icones e tudo mais, só que a internet nao esta funcionando...

 

(estou usando notebook)

 

e agora? :huh:

[DigRam 144]

EDIT: calma ae DigRam, consegui iniciar o PC

 

EDIT 2: O PC estava congelando depois da tela de bemv vindo, ae depois de uns 5min, apareceu os icones e tudo mais, só que a internet nao esta funcionando...

 

(estou usando notebook)

 

e agora? :huh:

Olá!

 

|- Estranho essa ocorrência com a OTL,mas pode ser devido a remoção do mdnsNSP.dll e ter 'mexido' na pilha winsock.

 

ipconfig /flushdns /c

 

|- Digite no prompt este comando e aperte Enter.

|- Verifique se retorna a conexão.

 

Abs!

[rehcarlos 0]

Agora, em conexões de rede apareceu a conexão local, e aí agora aparece o íconezinho no canto inferior direito... Eu cliquei em reparar, ele fala o seguinte: "O windows nao pode concluir o reparo do problema por que a seguinte ação nao pode ser concluída: Registrando-se com DNS"

[DigRam 144]

Agora, em conexões de rede apareceu a conexão local, e aí agora aparece o íconezinho no canto inferior direito... Eu cliquei em reparar, ele fala o seguinte: "O windows nao pode concluir o reparo do problema por que a seguinte ação nao pode ser concluída: Registrando-se com DNS"

Olá!

 

|- Baixe: < >

 

|- Utilize o Notebook para baixar,e copie para o PC utilizando um pendrive.

 

|- < Link - 2 >

|- < Link - 3 >

 

|- Salve-o no desktop!

|- Reinicie o computador em Modo de Segurança!

|- Execute o WinsockFix!

|- Duplo-clique em WinsockFix.exe

|- Abrir-se-á a janela: VB_Winfix 1.2

|- Clique em Fix.

|- Surgirá uma mensagem! >> Clique em Sim!

|- Terminando,reinicie normalmente o computador!

 

Abs1

[rehcarlos 0]

Iniciando normalmente, internet funcionando, e histórico funcionando

 

:clap:

[DigRam 144]

Iniciando normalmente, internet funcionando, e histórico funcionando

 

:clap:

Olá!

 

|- Tudo bem...a sua felicidade é contagiante,mas e os logs de RogueKiller e da OTL?

|- Eles sumiram? rsrs...

 

Abs!

[rehcarlos 0]

ahuahuha, foi mal xD é que fazia tempo que meu histórico nao salvava...

 

RogueKiller:

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : Administrador [Privilegios de Admnistrador]

Modo : Verificar -- Data : 09/05/2012 19:53:57

 

¤¤¤ Entradas ruins : 0 ¤¤¤

 

¤¤¤ Entradas do Registro : 14 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\3127 (\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\3127.sys) -> ENCONTRADO

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\78975193 (system32\DRIVERS\78975193.sys) -> ENCONTRADO

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\78975193 (system32\DRIVERS\78975193.sys) -> ENCONTRADO

[services][ROGUE ST] HKLM\[...]\ControlSet003\Services\78975193 (system32\DRIVERS\78975193.sys) -> ENCONTRADO

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{406B8789-CA90-4EAF-BEE9-1294A2DA258D} : NameServer (8.8.8.8,200.175.5.139,200.175.189.139) -> ENCONTRADO

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{406B8789-CA90-4EAF-BEE9-1294A2DA258D} : NameServer (200.175.5.139,200.175.189.139) -> ENCONTRADO

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{406B8789-CA90-4EAF-BEE9-1294A2DA258D} : NameServer (200.175.5.139,200.175.189.139) -> ENCONTRADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Papel de parede.bmp) -> ENCONTRADO

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\@ --> ENCONTRADO

[ZeroAccess][FOLDER] U : C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\U --> ENCONTRADO

[ZeroAccess][FOLDER] L : C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\L --> ENCONTRADO

[ZeroAccess][FILE] @ : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\@ --> ENCONTRADO

[ZeroAccess][FOLDER] U : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\U --> ENCONTRADO

[ZeroAccess][FOLDER] L : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\L --> ENCONTRADO

 

¤¤¤ Driver : [Carregado] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_CREATE_NAMED_PIPE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_READ] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_WRITE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_EA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_EA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_FLUSH_BUFFERS] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_VOLUME_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_VOLUME_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_DIRECTORY_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_FILE_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_SHUTDOWN] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_LOCK_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CLEANUP] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CREATE_MAILSLOT] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_SECURITY] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_SECURITY] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_QUOTA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_QUOTA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7976864)

 

¤¤¤ Infecção : ZeroAccess ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD322HJ +++++

--- User ---

[MBR] 82103ead3856b4803573920831139034

[bSP] eaf282cb0537f0b1bf56ee7af08a96e9 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[1].txt >>

RKreport[1].txt

 

 

OTL:

 

All processes killed

========== OTL ==========

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys not found.

Prefs.js: "http://www.mobseguroatualiza.com/kbr1308201202.win" removed from network.proxy.autoconfig_url

C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\FireFox\Profiles\ahfb6ogq.default\user.js moved successfully.

Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP folder deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\@ moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\@ moved successfully.

========== FILES ==========

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ deleted successfully.

C:\Arquivos de programas\Bonjour\mdnsNSP.dll moved successfully.

File\Folder C:\Arquivos de programas\Bonjour\mdnsNSP.dll not found.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\zh_TW.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\zh_CN.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\sv.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\ru.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\pt_PT.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\pt.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\pl.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\nl.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\nb.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\ko.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\ja.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\it.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\fr.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\fi.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\es.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\en_GB.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\en.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\de.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources\da.lproj folder moved successfully.

C:\Arquivos de programas\Bonjour\Bonjour.Resources folder moved successfully.

C:\Arquivos de programas\Bonjour folder moved successfully.

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\@ not found.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\U folder moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e}\L folder moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{b7bbff73-7622-f626-eef3-33ca3306213e} folder moved successfully.

File\Folder C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\@ not found.

C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\U folder moved successfully.

C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e}\L folder moved successfully.

C:\WINDOWS\Installer\{b7bbff73-7622-f626-eef3-33ca3306213e} folder moved successfully.

File\Folder C:\Documents and Settings\All Users\DRM:?????? not found.

< netsh advfirewall firewall /C >

A função de inicialização InitHelperDll in IPMONTR.DLL falhou com o código de erro 11003

O seguinte comando não foi encontrado: advfirewall firewall.

C:\Documents and Settings\Administrador\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Administrador\Desktop\cmd.txt deleted successfully.

========== SERVICES/DRIVERS ==========

Error: No service named "Bonjour Service" was found to stop!

Service\Driver key "Bonjour Service" not found.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 2321418 bytes

->Temporary Internet Files folder emptied: 7272793 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 56626990 bytes

->Google Chrome cache emptied: 5982934 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 73985 bytes

 

User: All Users

 

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

 

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 1491078 bytes

->FireFox cache emptied: 2309995 bytes

 

User: NetworkService

->Temp folder emptied: 87936 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 271316 bytes

RecycleBin emptied: 4025953857 bytes

 

Total Files Cleaned = 3.912,00 mb

 

 

OTL by OldTimer - Version 3.2.61.0 log created on 09052012_210135

 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_c9c.dat moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c9c.dat not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c9c.dat not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c9c.dat not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[DigRam 144]

Olá!

 

|- Ainda caminharemos mais um pouco,pois existe infecção em seu computador.

 

-/-

 

|- Abra,novamente,a ferramenta RogueKiller.

 

 

|- <1> Clique em "Verificar" -> Aguarde!

|- <2> Clique em "Deletar" -> Aguarde!

 

 

|- Cabe relatar que teremos 2 relatórios,em função das guias utilizadas.

|- Poste todos os relatórios,que resultarão dessas operações!

 

Abs!

[rehcarlos 0]

|- Ainda caminharemos mais um pouco,pois existe infecção em seu computador.

 

Vamos lá entao

 

RKReport[2]:

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : Administrador [Privilegios de Admnistrador]

Modo : Verificar -- Data : 09/05/2012 23:32:10

 

¤¤¤ Entradas ruins : 0 ¤¤¤

 

¤¤¤ Entradas do Registro : 12 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\3127 (\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\3127.sys) -> ENCONTRADO

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\78975193 (system32\DRIVERS\78975193.sys) -> ENCONTRADO

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\78975193 (system32\DRIVERS\78975193.sys) -> ENCONTRADO

[services][ROGUE ST] HKLM\[...]\ControlSet003\Services\78975193 (system32\DRIVERS\78975193.sys) -> ENCONTRADO

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{406B8789-CA90-4EAF-BEE9-1294A2DA258D} : NameServer (8.8.8.8,200.175.5.139,200.175.189.139) -> ENCONTRADO

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> ENCONTRADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> ENCONTRADO

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ENCONTRADO

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Papel de parede.bmp) -> ENCONTRADO

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver : [Carregado] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_CREATE_NAMED_PIPE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_READ] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_WRITE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_EA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_EA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_FLUSH_BUFFERS] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_VOLUME_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_VOLUME_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_DIRECTORY_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_FILE_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_SHUTDOWN] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_LOCK_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CLEANUP] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CREATE_MAILSLOT] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_SECURITY] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_SECURITY] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_QUOTA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_QUOTA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7976864)

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD322HJ +++++

--- User ---

[MBR] 82103ead3856b4803573920831139034

[bSP] eaf282cb0537f0b1bf56ee7af08a96e9 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

 

 

RKreport[3]:

 

RogueKiller V8.0.2 [08/31/2012] Por Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Iniciado em : Modo Normal

Usuario : Administrador [Privilegios de Admnistrador]

Modo : Remover -- Data : 09/05/2012 23:33:24

 

¤¤¤ Entradas ruins : 0 ¤¤¤

 

¤¤¤ Entradas do Registro : 12 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\3127 (\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\3127.sys) -> DELETADO

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\78975193 (system32\DRIVERS\78975193.sys) -> DELETADO

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\78975193 (system32\DRIVERS\78975193.sys) -> DELETADO

[services][ROGUE ST] HKLM\[...]\ControlSet003\Services\78975193 (system32\DRIVERS\78975193.sys) -> DELETADO

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{406B8789-CA90-4EAF-BEE9-1294A2DA258D} : NameServer (8.8.8.8,200.175.5.139,200.175.189.139) -> NÃO REMOVIDO, USE A OPÇÃO REPARAR DNS

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETADO

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> SUBSTITUIDO (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> SUBSTITUIDO (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> SUBSTITUIDO (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> SUBSTITUIDO (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Papel de parede.bmp) -> SUBSTITUIDO (C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp)

 

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

 

¤¤¤ Driver : [Carregado] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_CREATE_NAMED_PIPE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_READ] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_WRITE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_EA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_EA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_FLUSH_BUFFERS] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_VOLUME_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_VOLUME_INFORMATION] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_DIRECTORY_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_FILE_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_SHUTDOWN] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_LOCK_CONTROL] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CLEANUP] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_CREATE_MAILSLOT] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_SECURITY] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_SECURITY] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_QUERY_QUOTA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_SET_QUOTA] : Unknown -> HOOKED ([MAJOR] TUKERNEL.EXE @ 0x804F9759)

IRP[iRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7978B40)

IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7976864)

 

¤¤¤ Infecção : ¤¤¤

 

¤¤¤ Arquivo de Hosts: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ Verificaçao do MBR: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HD322HJ +++++

--- User ---

[MBR] 82103ead3856b4803573920831139034

[bSP] eaf282cb0537f0b1bf56ee7af08a96e9 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Concluido : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt