prrsilva 0 Denunciar post Postado Setembro 8, 2012 olá, pessoal gostaria se possivel analizassem o log. do hijackthis pois acho que estou com algum tipo de virus ou spyware pois o meu ie 9 do nada abre uma aba com propaganda e qdo fecho o mesmo ele reinicia e fica conectado novamente.Segue abaixo o log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:53:19, on 07/09/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\HIJAKTHIS\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\PAULOROBERTO\AppData\Roaming\Complitly\AutocompletePro.dll O2 - BHO: IncrediMail MediaBar Portugues 2 - {140afdc9-061f-4b86-8c58-42994309768f} - C:\Program Files (x86)\IncrediMail_MediaBar_Portugues_2\prxtbIncr.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: IncrediMail MediaBar Portugues 2 Toolbar - {140afdc9-061f-4b86-8c58-42994309768f} - C:\Program Files (x86)\IncrediMail_MediaBar_Portugues_2\prxtbIncr.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" O4 - HKLM\..\Run: [OiVelox] C:\Program Files (x86)\Oi\Programmer\OiVeloxCheck.exe O4 - HKLM\..\Run: [CCLite] C:\Windows\system32\Event Agent\ea.exe O4 - HKLM\..\RunOnce: [updateTutoriaisSlimbaHP.exe] C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe -runonce O4 - HKCU\..\Run: [Office2010Tips_Notifier] C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-2415253309-3379223506-2882669795-1020\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2415253309-3379223506-2882669795-1020\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: limpartemporarios.bat O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) O9 - Extra 'Tools' menuitem: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: Event Agent - CustomEvents.dll (file missing) O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: System Event Agent - Unknown owner - C:\Windows\system32\Event Agent\bin\spoolsv .exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14220 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 8, 2012 Boa Noite! prrsilva |- Baixe: < > ( ... par Xplode ) |- Ao acessar,clique na imagem: < > |- Salve-o no desktop! |- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador". |- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression". |- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt |- Baixe: < > ( ... par Nicolas Coolman ) |- Salve-o no desktop! |- Desabilite seu antivírus! |- Caso utilize o Avast,estabeleça esta configuração à SandBox. |- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador. |- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde! |- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix |- Poste e/ou cole aqui,o link que foi gerado! Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 8, 2012 olá, Digram segue relatório AdwCleaner. # AdwCleaner v2.000 - Logfile created 09/08/2012 at 16:44:48 # Updated 30/08/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : PAULOROBERTO - PAULOROBERTO # Boot Mode : Normal # Running from : C:\Users\PAULOROBERTO\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Web Assistant Updater ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\searchplugins\Conduit.xml File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp Folder Deleted : C:\Program Files (x86)\Complitly Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\ConduitEngine Folder Deleted : C:\Program Files (x86)\Iminent Folder Deleted : C:\Program Files (x86)\IncrediMail_MediaBar_Portugues_2 Folder Deleted : C:\Program Files\Web Assistant Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Iminent Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\PAULOROBERTO\AppData\Local\Babylon Folder Deleted : C:\Users\PAULOROBERTO\AppData\Local\Conduit Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\Conduit Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\IncrediMail_MediaBar_2 Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\IncrediMail_MediaBar_Portugues_2 Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Babylon Folder Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Complitly Folder Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Iminent ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2 Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Portugues_2 Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Complitly Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{140AFDC9-061F-4B86-8C58-42994309768F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{140AFDC9-061F-4B86-8C58-42994309768F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Iminent Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1 Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1 Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2727622 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\ImInstaller Key Deleted : HKLM\Software\IncrediMail_MediaBar_Portugues_2 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{146122B3-5C62-4808-98F1-4FE63A58576D} Key Deleted : HKLM\Software\Web Assistant Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{140AFDC9-061F-4B86-8C58-42994309768F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{146122B3-5C62-4808-98F1-4FE63A58576D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E4051AC-F22A-47B8-A537-5B948A6B9245} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE031F62-BB72-4654-89B3-534ABDE39EF2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C993F299-4A81-4CC0-BA57-AE485E42AD0F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140AFDC9-061F-4B86-8C58-42994309768F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{140AFDC9-061F-4B86-8C58-42994309768F}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{140AFDC9-061F-4B86-8C58-42994309768F}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-21-2415253309-3379223506-2882669795-1020\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0.1 (pt-BR) Profile name : default File : C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\prefs.js C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "MyStart Search"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 28); Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR"); Deleted : user_pref("extensions.BabylonToolbar.firstRun", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "D52E08589301B1160FDC6D103AA38AE3"); Deleted : user_pref("extensions.BabylonToolbar.id", "c7af23e47989435eb6eff07e2af03489"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15154"); Deleted : user_pref("extensions.BabylonToolbar.lastActv", "28"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 28); Deleted : user_pref("extensions.BabylonToolbar.sid", "c7af23e47989435eb6eff07e2af03489"); Deleted : user_pref("extensions.facemoods.aflt", "_#gppc"); Deleted : user_pref("extensions.facemoods.firstRun", false); Deleted : user_pref("extensions.facemoods.lastActv", "26"); Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[s1].txt - [29688 octets] - [08/09/2012 16:44:48] ########## EOF - C:\AdwCleaner[s1].txt - [29749 octets] ########## olá, segue link ZHPDIAG http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120908_t8o7s9k11c11 Segue Relatório Rapport de ZHPDiag v1.31.105 par Nicolas Coolman, Update du 25/06/2012 Run by PAULOROBERTO at 08/09/2012 17:01:53 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ State : ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) MFIE: Mozilla Firefox 15.0.1 v15.0.1 ---\\ Windows Product Information ~ Langage: Anglais Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : OK Key Management Service client information : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095 MB (65% free) System Restore: Activé (Enable) System drive C: has 206 GB (64%) free of 323 GB ---\\ Logged in mode ~ Computer Name: PAULOROBERTO ~ User Name: PAULOROBERTO ~ All Users Names: UpdatusUser, PAULOROBERTO, HomeGroupUser$, Convidado, Administrador, ~ Unselected Option: O45,O61,O62,O65,O82 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\PAULOROBERTO\AppData\Roaming\ ~ %Desktop% : C:\Users\PAULOROBERTO\Desktop\ ~ %Favorites% : C:\Users\PAULOROBERTO\Favorites\ ~ %LocalAppData% : C:\Users\PAULOROBERTO\AppData\Local\ ~ %StartMenu% : C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 206 Go of 323 Go) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Scan Security Center in 00mn 00s ---\\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.8EA68FD3780DDDD5072F8CB830B3CB3D] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/09/2012 - 15:07:57.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 05:25:32.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 05:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 01:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 01:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 02:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 01:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 03:41:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 02:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 03:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 01:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 05:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Scan Generic Processes in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/1464 ~ Mes musiques (My Musics) : 40/1355 ~ Mes Videos (My Videos) : 2/150 ~ Mes Favoris (My Favorites) : 1/38 ~ Mes Documents (My Documents) : 2/676 ~ Mon Bureau (My Desktop) : 1/19 ~ Menu demarrer (Programs) : 1/61 ~ Scan Hidden Files in 00mn 07s ---\\ Running Processes [MD5.C5D8219BD558A153371E1931134B94A7] - (.pctuto - updatepctutoHP.) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe [691048] [PID.3288] [MD5.618AAD350B96592F453DEA37B8794352] - (.Microsoft - Notifier.) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe [28672] [PID.3616] [MD5.F26AB739E1554156BC4040009ECE24B3] - (.IDEVFH - Memory Fox Version Beta 7.4.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [647168] [PID.44 [MD5.9C376F42BDE37F18D0A39AF7415D9BE6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917984] [PID.5028] [MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Users\PAULOROBERTO\Desktop\ZHPDiag_silent.exe [794216] [PID.4024] [MD5.BE955BAB4EFC2A28BE2692D102FFC85A] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3838464] [PID.2568] [MD5.C354621B6B94E10AE7F5CDBE745FEB86] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272] [PID.] [MD5.3F533397532AADF1E8C957BD4E18260F] - (.Unknown owner - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [211888] [PID.] [MD5.C845BAD94BB9AB52806E1402FC04AD89] - (.UASSOFT.COM - Keyboard And Mouse Communication Service.) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [1821184] [PID.] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\prefs.js M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\buscape.xml M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mercadolivre.xml M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\twitter.xml M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-br.xml M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-br.xml P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\np-mswmp.dll P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.7.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Windows\system32\npDeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (...) -- C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (.not file.) P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.7.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.7.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\system32\Wat\npWatWeb.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.10411.0.) -- c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll P2 - FPN: [HKCU] [@talk.google.com/GoogleTalkPlugin] - (.Google - Version 2.5.8.4958.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll P2 - FPN: [HKCU] [@talk.google.com/O3DPlugin] - (.Unknown owner - Google Talk Plugin Video Accelerator version:0.1.44.14.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll ~ Scan Firefox Browser in 00mn 01s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Scan Keys in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 42 ---\\ Browser Helper Objects (O2) O2 - BHO: HP Print Enhancer [64Bits] - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: IEVkbdBHO [64Bits] - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll O2 - BHO: BywifiBHO [64Bits] - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} . (.bywifi.com - Bywifi: Video Streaming Helper.) -- C:\Program Files (x86)\Bywifi\bywifiie.dll O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (...) -- "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (.not file.) O2 - BHO: Java Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho [64Bits] - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll O2 - BHO: HP Smart BHO Class [64Bits] - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll ~ Scan Toolbar in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKCU\..\Run: [Office2010Tips_Notifier] . (.Microsoft - Notifier.) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe O4 - HKLM\..\Wow6432Node\Run: [avp] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O4 - HKLM\..\Wow6432Node\Run: [OiVelox] . (...) -- C:\Program Files (x86)\Oi\Programmer\OiVeloxCheck.exe O4 - HKLM\..\Wow6432Node\Run: [CCLite] C:\Windows\system32\Event Agent\ea.exe (.not file.) O4 - HKLM\..\Wow6432Node\RunOnce: [updateTutoriaisSlimbaHP.exe] . (.pctuto - updatepctutoHP.) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-2415253309-3379223506-2882669795-1020-2415253309-3379223506-2882669795-1000\..\Run: [Office2010Tips_Notifier] . (.Microsoft - Notifier.) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Scan Application in 00mn 00s ---\\ Other User Links (O4) O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Acelerador de Vídeo Bywifi.lnk . (.bywifi.com.) -- C:\Program Files (x86)\Bywifi\bywifi.exe O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Bywifi FLV Merger.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Transcodificador de Mídia Bywifi.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe O4 - Global Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Acelerador de Vídeo Bywifi.lnk . (.bywifi.com.) -- C:\Program Files (x86)\Bywifi\bywifi.exe O4 - Global Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Transcodificador de Mídia Bywifi.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\DVD Shrink 3.2.lnk . (.DVD Shrink.) -- C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\EVEREST Ultimate Edition.lnk . (.Lavalys, Inc..) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\EVGA Precision X.lnk . (...) -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\FreeUndelete.lnk . (...) -- C:\Users\PAULOROBERTO\AppData\Local\Apps\OfficeRecovery\fru\fru.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\JoyToKey - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Documents\Downloads\jtk374en\JoyToKey.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\madotate.exe - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Documents\outros\madotate.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Microsoft Excel 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Microsoft PowerPoint 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\My Lockbox.lnk . (.FSPro Labs.) -- C:\Program Files\My Lockbox\mylbx.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\ZHPDiag.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiags.exe O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\ZHPFix.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\ZHPFix.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Acelerador de Vídeo Bywifi.lnk . (.bywifi.com.) -- C:\Program Files (x86)\Bywifi\bywifi.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 2010 Advanced.lnk . (...) -- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2010 Advanced\burningstudio2010adv.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk . (.VSO Software SARL.) -- C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CorelDRAW X5.lnk . (.Acresso Software Inc..) -- c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk . (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Transcodificador de Mídia Bywifi.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Webcam Video Viewer.lnk . (.ArcSoft, Inc..) -- C:\Program Files (x86)\ArcSoft\Webcam Video Viewer\Webcam Video Viewer.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk . (.Microsoft Corporation.) -- C:\Windows\explorer.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\zsnesw - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Downloads\zsnesw.exe O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files (x86)\uTorrent\uTorrent.exe ~ Scan Global Startup in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: &Enviar para o OneNote [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll ~ Scan Winsock in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpDomain = lan O17 - HKLM\System\CS2\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpDomain = lan ~ Scan Domain in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) -- O18 - Handler: dvd [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) -- O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: its [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (...) -- O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) -- O18 - Handler: mhtml [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) -- O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) -- O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (...) -- O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) -- O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll ~ Scan Winlogon in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ Scan SSODL in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe O23 - Service: Gbp Service (GbpSv) . (.Unknown owner - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) . (.UASSOFT.COM - Keyboard And Mouse Communication Service.) - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) . (.Nitro PDF Software - Nitro PDF Spool Service.) - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 301.4.) - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: System Event Agent (System Event Agent) . (.Unknown owner - Event Agent Startup.) - C:\Windows\SysWOW64\Event Agent\bin\spoolsv .exe O23 - Service: (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) ~ Scan Services in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sasnative64) - File not found ~ Scan Keys in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AWC AutoSweep.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AWC Update.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\EXErrorsFix Schedule.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000UA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000Core.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000UA.job O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job [MD5.B2B64AF436FACCFA854DD397027C5360] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.83605CA0BB3FCE6B45BE12148AD8B3C9] [APT] [AutoKMS] (.Microsoft.) -- C:\Windows\AutoKMS.exe [MD5.00000000000000000000000000000000] [APT] [AWC AutoSweep] (...) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [AWC Update] (...) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe (.not file.) [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\Moo0\FileShredder 1.17\FileShredder.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{1E1958F2-72FA-4297-8943-F06E0AFA129E}] (...) -- C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{884A3003-179D-4C41-849F-4B5889A22200}] (...) -- C:\Users\PAULOROBERTO\Desktop\Johnny+Castaway+Vista.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{AAD3343B-61CF-410C-BBF1-1EF41EFA888A}] (...) -- F:\VisualizadorNFeCTe_v50e.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{C7279582-ED02-4131-9AA6-19E554EE7756}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D2865EF1-7A6C-41EB-B50A-4F0F61F98F7C}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D85C16D1-2301-4ED8-AEE0-2F203D40C854}] (...) -- C:\Users\PAULOROBERTO\Desktop\ReceitanetJava2010.02d_setup_win32.exe (.not file.) [MD5.561E0C22ADDBB4714F473781168EA9CE] [APT] [{D9FDE37E-3E92-4A18-8147-885880EF567A}] (.Hewlett-Packard.) -- C:\Program Files (x86)\HP\Digital Imaging\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}\HPZstub.exe ~ Scan Scheduled Task in 00mn 04s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Java (Sun) [64Bits] - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (...) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll ~ Scan Active Setup in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows x64 I/O driver.) - C:\Windows\System32\Drivers\ElbyCDIO.sys O41 - Driver: (kl2) . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) - C:\Windows\System32\DRIVERS\kl2.sys O41 - Driver: (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wlh_AMD64].) - C:\Windows\System32\DRIVERS\klif.sys O41 - Driver: (KLIM6) . (.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) - C:\Windows\System32\DRIVERS\klim6.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (truecrypt) . (.TrueCrypt Foundation - TrueCrypt Driver.) - C:\Windows\System32\drivers\truecrypt.sys O41 - Driver: (TrustedInstaller) . (.TrueCrypt Foundation - TrueCrypt Driver.) - C:\Windows\System32\drivers\truecrypt.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys ~ Scan Drivers in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Shockwave Player 11.6 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player O42 - Logiciel: Bywifi 2.8.1 - (.bywifi.com.) [HKLM] -- Bywifi O42 - Logiciel: EVGA Precision X 3.0.3 - (.EVGA Corporation.) [HKLM] -- PrecisionX O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {32603085-C839-4226-A1FD-BF8FAE0185CB} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail O42 - Logiciel: Malwarebytes Anti-Malware versão 1.62.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E} O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {3889988F-762B-4B85-AB17-71C9CC3AE445} O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM] -- {91140000-0011-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} O42 - Logiciel: Mozilla Firefox 15.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 15.0.1 (x86 pt-BR) O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo O42 - Logiciel: Office 2010 Screensaver - (.Microsoft Corporation.) [HKLM] -- {43492EDB-25B6-4788-B0CD-89627419DBDB} O42 - Logiciel: Oi Velox - (.LightComm Tecnologia.) [HKLM] -- programmeroi_is1 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2487367) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 O42 - Logiciel: Skype™ 5.10 - (.Skype Technologies S.A..) [HKLM] -- {EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} O42 - Logiciel: Tuto_4pc - (.Tuto_4pc.) [HKLM] -- Tuto_4pc_is1 O42 - Logiciel: Twin USB Vibration Gamepad - (.Unknown owner.) [HKLM] -- {BA12FD6D-169A-11D7-A6A9-00C026281E5A} O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066} O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {43B43577-2514-4CE0-B14A-7E85C17C0453} O42 - Logiciel: Windows Live Galeria de Fotos - (.Microsoft Corporation.) [HKLM] -- {F7A46527-DF1F-4B0F-9637-98547E189442} O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917} O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9D56775A-93F3-44A3-8092-840E3826DE30} O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9DA3F03B-2CEE-4344-838E-117861E61FAF} O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {644063FA-ABA3-42AC-A8AC-3EDC0706018B} O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {C9E1343D-E21E-4508-A1BE-04A089EC137D} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11} O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9} O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {92EA4134-10D1-418A-91E1-5A0453131A38} O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {A199DB88-E22D-4CE7-90AC-B8BE396D7BF4} O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {B33B61FE-701F-425F-98AB-2B85725CBF68} O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1} O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4} O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {DF71ABBB-B834-41C0-BB58-80B0545D754C} O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {A726AE06-AAA3-43D1-87E3-70F510314F04} O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF} O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {B3BE54A4-8DFE-4593-8E66-56AB7133B812} O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5} ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow\Software\Adobe] [HKCU\Software\AppDataLow\Software\Macromedia] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software\Softonic_Brasil] [HKCU\Software\AppDataLow\Software\ThinPrint] [HKCU\Software\AppDataLow\Software] [HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Adobe] [HKLM\Software\AdwCleaner] [HKLM\Software\AppDataLow] [HKLM\Software\ArcSoft] [HKLM\Software\Ashampoo] [HKLM\Software\BVRP Software] [HKLM\Software\Bitstream] [HKLM\Software\Bunndle] [HKLM\Software\CAPCOM] [HKLM\Software\CBS Interactive] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Codec Tweak Tool] [HKLM\Software\Compelson] [HKLM\Software\Connectix] [HKLM\Software\Corel] [HKLM\Software\DT Soft] [HKLM\Software\EVGA] [HKLM\Software\Elaborate Bytes] [HKLM\Software\Eset] [HKLM\Software\FSPro Labs] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\GameVicio] [HKLM\Software\Google] [HKLM\Software\HDTune] [HKLM\Software\HP] [HKLM\Software\HaaliMkx] [HKLM\Software\Hewlett-Packard] [HKLM\Software\I.R.I.S.] [HKLM\Software\ICE] [HKLM\Software\IObit] [HKLM\Software\ImgBurn] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\KWorld MultiMedia] [HKLM\Software\KasperskyLab] [HKLM\Software\Khronos] [HKLM\Software\Licenses] [HKLM\Software\Loader] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\McAfee.com] [HKLM\Software\MimarSinan] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Mpath] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\Netscape] [HKLM\Software\Nitro PDF] [HKLM\Software\ODBC] [HKLM\Software\Philips] [HKLM\Software\Photo Notifier and Animation Creator] [HKLM\Software\Policies] [HKLM\Software\Protexis] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\RssScreenSaver] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Skype] [HKLM\Software\Symantec] [HKLM\Software\ThinPrint] [HKLM\Software\TrendMicro] [HKLM\Software\Trymedia Systems] [HKLM\Software\Tuto_4pc] [HKLM\Software\USB2800] [HKLM\Software\Uniblue] [HKLM\Software\VDownloader] [HKLM\Software\VMware, Inc.] [HKLM\Software\VSO] [HKLM\Software\Volatile] [HKLM\Software\WinPcap] [HKLM\Software\Windows] [HKLM\Software\Zemana] [HKLM\Software\mozilla.org] [HKLM\Software\p2plog] [HKLM\Software\uebbi.com] ~ Scan Softwares in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 28/08/2011 - 21:23:55 - [7,408] ----D C:\Program Files (x86)\ArcSoft O43 - CFD: 01/01/2011 - 18:50:09 - [77,973] ----D C:\Program Files (x86)\Ashampoo O43 - CFD: 26/06/2011 - 18:04:07 - [2,746] ----D C:\Program Files (x86)\Avanquest update O43 - CFD: 05/01/2011 - 22:21:03 - [5,228] ----D C:\Program Files (x86)\AvRack O43 - CFD: 01/05/2012 - 13:19:33 - [0] ----D C:\Program Files (x86)\BlueStacks O43 - CFD: 03/07/2012 - 19:46:41 - [20,628] ----D C:\Program Files (x86)\Bywifi O43 - CFD: 28/08/2011 - 21:28:50 - [0,657] ----D C:\Program Files (x86)\C3 Tech Multimedia O43 - CFD: 11/12/2011 - 12:14:48 - [533,222] ----D C:\Program Files (x86)\CAPCOM O43 - CFD: 03/08/2012 - 22:30:45 - [9,924] ----D C:\Program Files (x86)\CCleaner O43 - CFD: 24/08/2012 - 19:29:59 - [472,998] ----D C:\Program Files (x86)\Common Files O43 - CFD: 29/05/2012 - 22:04:03 - [0] ----D C:\Program Files (x86)\CommViewWiFi O43 - CFD: 19/03/2011 - 19:16:20 - [1201,746] ----D C:\Program Files (x86)\Corel O43 - CFD: 31/07/2012 - 00:18:22 - [2,556] ----D C:\Program Files (x86)\DOOM 3 O43 - CFD: 01/01/2011 - 23:12:23 - [0,484] ----D C:\Program Files (x86)\Driver Checker O43 - CFD: 11/08/2011 - 21:27:01 - [0,902] ----D C:\Program Files (x86)\DVD Decrypter O43 - CFD: 08/12/2010 - 21:17:56 - [0,926] ----D C:\Program Files (x86)\DVD Shrink O43 - CFD: 26/11/2010 - 23:34:29 - [2,038] ----D C:\Program Files (x86)\Elaborate Bytes O43 - CFD: 01/04/2011 - 22:44:02 - [111,381] ----D C:\Program Files (x86)\ESET O43 - CFD: 03/06/2012 - 12:04:57 - [29,602] ----D C:\Program Files (x86)\EVGA Precision O43 - CFD: 04/09/2012 - 19:50:58 - [29,271] ----D C:\Program Files (x86)\EVGA Precision X O43 - CFD: 02/09/2012 - 14:22:14 - [0,000] ----D C:\Program Files (x86)\EXErrorsFix O43 - CFD: 26/04/2011 - 22:18:42 - [2,390] ----D C:\Program Files (x86)\FileSaver O43 - CFD: 11/09/2011 - 21:39:20 - [0,202] ----D C:\Program Files (x86)\GameVicio O43 - CFD: 21/07/2012 - 15:00:55 - [2,277] ----D C:\Program Files (x86)\GbPlugin O43 - CFD: 05/10/2011 - 21:53:56 - [21,932] ----D C:\Program Files (x86)\Google O43 - CFD: 23/11/2010 - 23:41:53 - [0] ----D C:\Program Files (x86)\Hewlett-Packard O43 - CFD: 23/04/2011 - 18:36:26 - [0] ----D C:\Program Files (x86)\hkSFV O43 - CFD: 04/02/2012 - 11:03:55 - [248,337] ----D C:\Program Files (x86)\HP O43 - CFD: 16/10/2011 - 12:58:35 - [3,102] ----D C:\Program Files (x86)\ImgBurn O43 - CFD: 25/11/2010 - 20:54:29 - [26,494] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 12/06/2011 - 12:28:39 - [1,461] --H-D C:\Program Files (x86)\InstallJammer Registry O43 - CFD: 30/07/2012 - 23:39:03 - [127,953] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 08/03/2011 - 16:14:12 - [0,091] ----D C:\Program Files (x86)\Intel O43 - CFD: 05/09/2012 - 20:40:34 - [12,343] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 26/01/2011 - 23:20:24 - [1,920] ----D C:\Program Files (x86)\IObit O43 - CFD: 11/04/2011 - 09:48:36 - [84,269] ----D C:\Program Files (x86)\Java O43 - CFD: 20/03/2011 - 22:21:48 - [47,172] ----D C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 31/12/2011 - 00:15:11 - [131,537] ----D C:\Program Files (x86)\Kaspersky Lab O43 - CFD: 08/03/2011 - 15:16:57 - [6,172] ----D C:\Program Files (x86)\Keyboard Driver O43 - CFD: 14/04/2011 - 22:49:19 - [15,944] ----D C:\Program Files (x86)\Lavalys O43 - CFD: 07/09/2012 - 15:41:12 - [11,719] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD: 08/03/2011 - 16:42:59 - [19,687] ----D C:\Program Files (x86)\Microsoft O43 - CFD: 20/12/2010 - 22:07:35 - [37,956] ----D C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 20/12/2010 - 22:12:03 - [820,372] ----D C:\Program Files (x86)\Microsoft Office O43 - CFD: 17/03/2011 - 18:42:42 - [0,183] ----D C:\Program Files (x86)\Microsoft SDKs O43 - CFD: 09/05/2012 - 00:25:40 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 20/12/2010 - 22:12:01 - [3,467] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition O43 - CFD: 20/12/2010 - 22:12:01 - [0,757] ----D C:\Program Files (x86)\Microsoft Sync Framework O43 - CFD: 20/12/2010 - 22:12:54 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services O43 - CFD: 20/12/2010 - 22:09:24 - [1,200] ----D C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD: 17/03/2011 - 18:43:10 - [66,765] ----D C:\Program Files (x86)\Microsoft Visual Studio 9.0 O43 - CFD: 14/01/2011 - 01:08:35 - [7,824] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 03/11/2011 - 22:42:09 - [0,021] ----D C:\Program Files (x86)\MOBILedit! O43 - CFD: 09/05/2012 - 00:06:19 - [0] ----D C:\Program Files (x86)\Moo0 O43 - CFD: 19/08/2011 - 15:58:32 - [0] ----D C:\Program Files (x86)\Moozy O43 - CFD: 23/11/2010 - 21:53:17 - [6,172] ----D C:\Program Files (x86)\Mouse Driver O43 - CFD: 08/09/2012 - 16:41:19 - [39,210] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 08/09/2012 - 16:46:33 - [0,211] ----D C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 20/12/2010 - 22:13:41 - [0,025] ----D C:\Program Files (x86)\MSBuild O43 - CFD: 26/11/2010 - 00:13:43 - [0] ----D C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 22/07/2012 - 10:38:00 - [0,000] ----D C:\Program Files (x86)\MyRouter O43 - CFD: 14/07/2012 - 20:22:05 - [73,798] ----D C:\Program Files (x86)\Nitro PDF O43 - CFD: 04/09/2011 - 17:20:39 - [0] ----D C:\Program Files (x86)\Nobilis O43 - CFD: 25/05/2012 - 20:06:01 - [121,455] ----D C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 25/05/2012 - 00:09:16 - [6,211] ----D C:\Program Files (x86)\Oi O43 - CFD: 09/07/2011 - 18:27:38 - [0,000] ----D C:\Program Files (x86)\Opera O43 - CFD: 29/09/2011 - 23:15:05 - [15,027] ----D C:\Program Files (x86)\PCSX2 0.9.8 O43 - CFD: 28/11/2010 - 23:45:36 - [18,054] ----D C:\Program Files (x86)\Philips O43 - CFD: 26/05/2012 - 19:10:22 - [2,630] ----D C:\Program Files (x86)\Photo Notifier and Animation Creator O43 - CFD: 09/07/2011 - 18:19:16 - [0,006] ----D C:\Program Files (x86)\PowerDataRecovery O43 - CFD: 12/06/2011 - 12:31:59 - [0] ----D C:\Program Files (x86)\Programas RFB O43 - CFD: 14/04/2011 - 12:25:26 - [5,588] ----D C:\Program Files (x86)\Realtek O43 - CFD: 05/01/2011 - 22:20:58 - [40,006] ----D C:\Program Files (x86)\Realtek AC97 O43 - CFD: 05/01/2011 - 22:21:03 - [0] ----D C:\Program Files (x86)\Realtek Sound Manager O43 - CFD: 14/07/2009 - 02:32:38 - [106,401] ----D C:\Program Files (x86)\Reference Assemblies O43 - CFD: 01/01/2011 - 23:35:09 - [0] ----D C:\Program Files (x86)\Searchster.Net O43 - CFD: 24/08/2012 - 19:30:01 - [16,855] R---D C:\Program Files (x86)\Skype O43 - CFD: 01/01/2011 - 22:54:37 - [0] ----D C:\Program Files (x86)\SM O43 - CFD: 10/07/2011 - 18:06:50 - [0] ----D C:\Program Files (x86)\Sony Ericsson O43 - CFD: 08/03/2011 - 16:07:27 - [0] --H-D C:\Program Files (x86)\Temp O43 - CFD: 01/05/2012 - 12:54:16 - [0,602] ----D C:\Program Files (x86)\Trine O43 - CFD: 02/09/2012 - 12:03:19 - [4,236] ----D C:\Program Files (x86)\Tuto_4pc O43 - CFD: 13/07/2012 - 23:09:12 - [0,141] ----D C:\Program Files (x86)\Twin USB Vibration Gamepad O43 - CFD: 20/05/2011 - 23:15:31 - [0] ----D C:\Program Files (x86)\UEBBI.com O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information O43 - CFD: 29/04/2012 - 22:45:57 - [0,839] ----D C:\Program Files (x86)\uTorrent O43 - CFD: 20/06/2011 - 00:20:08 - [0,013] ----D C:\Program Files (x86)\VDownloader O43 - CFD: 26/11/2010 - 23:30:30 - [2,432] ----D C:\Program Files (x86)\Visual Clipboard O43 - CFD: 02/01/2012 - 21:08:53 - [12,352] ----D C:\Program Files (x86)\VMware O43 - CFD: 29/12/2010 - 23:07:46 - [64,974] ----D C:\Program Files (x86)\VSO O43 - CFD: 20/03/2011 - 21:37:53 - [0] ----D C:\Program Files (x86)\Win7codecs O43 - CFD: 01/09/2012 - 03:28:05 - [2,016] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 23/06/2012 - 11:48:39 - [176,175] ----D C:\Program Files (x86)\Windows Live O43 - CFD: 01/09/2012 - 03:28:07 - [23,116] ----D C:\Program Files (x86)\Windows Mail O43 - CFD: 01/09/2012 - 03:28:07 - [7,741] ----D C:\Program Files (x86)\Windows Media Player O43 - CFD: 14/07/2009 - 02:32:38 - [16,805] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 01/09/2012 - 03:28:07 - [6,047] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 25/02/2011 - 23:47:39 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 01/09/2012 - 03:28:08 - [35,948] ----D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 20/05/2011 - 22:58:19 - [0] ----D C:\Program Files (x86)\Yitsoft Software O43 - CFD: 08/09/2012 - 17:02:34 - [13,194] ----D C:\Program Files (x86)\ZHPDiag O43 - CFD: 28/08/2011 - 21:23:54 - [22,639] ----D C:\Program Files (x86)\Common Files\ArcSoft O43 - CFD: 11/06/2011 - 11:50:21 - [2,967] ----D C:\Program Files (x86)\Common Files\Corel O43 - CFD: 20/12/2010 - 22:12:51 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD: 23/11/2010 - 23:41:48 - [0,448] ----D C:\Program Files (x86)\Common Files\Hewlett-Packard O43 - CFD: 23/11/2010 - 23:42:00 - [5,425] ----D C:\Program Files (x86)\Common Files\HP O43 - CFD: 07/01/2012 - 01:50:18 - [10,228] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 11/04/2011 - 09:49:11 - [1,189] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 19/11/2011 - 20:09:17 - [298,072] ----D C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 14/07/2012 - 20:22:05 - [15,292] ----D C:\Program Files (x86)\Common Files\Nitro PDF O43 - CFD: 19/03/2011 - 19:19:04 - [1,620] ----D C:\Program Files (x86)\Common Files\Protexis O43 - CFD: 14/07/2009 - 00:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 24/08/2012 - 19:29:59 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype O43 - CFD: 14/07/2009 - 00:20:08 - [87,659] ----D C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 01/09/2012 - 03:28:05 - [25,305] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 24/11/2010 - 22:32:42 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live O43 - CFD: 08/09/2012 - 08:57:20 - [0] ----D C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Application Data O43 - CFD: 24/06/2011 - 12:07:38 - [0,010] ----D C:\ProgramData\ArcSoft O43 - CFD: 31/12/2010 - 19:38:57 - [0,343] ----D C:\ProgramData\ashampoo O43 - CFD: 26/06/2011 - 18:04:06 - [0] ----D C:\ProgramData\Avanquest O43 - CFD: 23/12/2011 - 21:31:36 - [0,152] ----D C:\ProgramData\Avira O43 - CFD: 26/06/2011 - 18:03:03 - [0] ----D C:\ProgramData\BVRP Software O43 - CFD: 01/05/2011 - 17:08:43 - [274,589] ----D C:\ProgramData\Corel O43 - CFD: 11/06/2011 - 11:58:23 - [0] ----D C:\ProgramData\CorelDRAW Graphics Suite X5 O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Dados de aplicativos O43 - CFD: 21/08/2011 - 16:12:08 - [0,001] ----D C:\ProgramData\DAEMON Tools Lite O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Desktop O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Documentos O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Documents O43 - CFD: 24/05/2011 - 21:54:08 - [10,702] ----D C:\ProgramData\Downloaded Installations O43 - CFD: 05/08/2012 - 20:55:15 - [0,036] ----D C:\ProgramData\DVD Shrink O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Favorites O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Favoritos O43 - CFD: 04/05/2012 - 20:08:13 - [0,053] ----D C:\ProgramData\gas O43 - CFD: 21/07/2012 - 15:01:10 - [0,009] ----D C:\ProgramData\GbPlugin O43 - CFD: 05/10/2011 - 21:54:03 - [0,514] ----D C:\ProgramData\Google O43 - CFD: 23/11/2010 - 23:53:52 - [0,520] ----D C:\ProgramData\Hewlett-Packard O43 - CFD: 20/12/2010 - 11:34:58 - [12,037] ----D C:\ProgramData\HP O43 - CFD: 10/06/2011 - 21:21:30 - [0,009] ----D C:\ProgramData\HP Product Assistant O43 - CFD: 25/11/2010 - 20:55:38 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 25/11/2010 - 20:54:29 - [12,495] ----D C:\ProgramData\IncrediMail O43 - CFD: 07/01/2012 - 01:58:37 - [0,001] ----D C:\ProgramData\InstallShield O43 - CFD: 17/04/2011 - 17:13:28 - [0] ----D C:\ProgramData\IObit O43 - CFD: 08/09/2012 - 16:50:40 - [788,510] ----D C:\ProgramData\Kaspersky Lab O43 - CFD: 05/06/2012 - 19:45:35 - [0,000] ----D C:\ProgramData\Lightcomm O43 - CFD: 07/12/2010 - 21:48:15 - [0,000] ----D C:\ProgramData\Lingoes O43 - CFD: 16/06/2012 - 21:53:06 - [6,664] ----D C:\ProgramData\Malwarebytes O43 - CFD: 18/04/2011 - 11:59:07 - [0,007] ----D C:\ProgramData\McAfee O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Menu Iniciar O43 - CFD: 18/12/2011 - 19:00:26 - [575,454] -S--D C:\ProgramData\Microsoft O43 - CFD: 16/08/2012 - 13:37:19 - [0,292] ----D C:\ProgramData\Microsoft Help O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Modelos O43 - CFD: 25/04/2012 - 23:57:21 - [0,010] ----D C:\ProgramData\Mozilla O43 - CFD: 24/11/2010 - 23:51:38 - [0,000] ----D C:\ProgramData\Nitro PDF O43 - CFD: 08/09/2012 - 16:46:42 - [3,850] ----D C:\ProgramData\NVIDIA O43 - CFD: 16/01/2012 - 23:57:17 - [3,128] ----D C:\ProgramData\NVIDIA Corporation O43 - CFD: 13/04/2012 - 21:02:34 - [0,708] ----D C:\ProgramData\Oi O43 - CFD: 28/11/2010 - 23:45:36 - [0,031] ----D C:\ProgramData\Philips O43 - CFD: 01/02/2011 - 19:55:32 - [0,982] ----D C:\ProgramData\Photo Notifier and Animation Creator O43 - CFD: 17/03/2011 - 19:24:41 - [0,003] ----D C:\ProgramData\Protexis O43 - CFD: 24/08/2012 - 19:30:18 - [36,511] ----D C:\ProgramData\Skype O43 - CFD: 21/01/2011 - 12:48:32 - [56,450] ----D C:\ProgramData\Soluto O43 - CFD: 10/07/2011 - 18:06:50 - [0,427] ----D C:\ProgramData\Sony Ericsson O43 - CFD: 15/12/2011 - 20:14:20 - [0,975] ----D C:\ProgramData\Spybot - Search & Destroy O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Start Menu O43 - CFD: 03/12/2010 - 23:09:22 - [0,000] ----D C:\ProgramData\Sun O43 - CFD: 27/12/2010 - 23:10:48 - [0] ----D C:\ProgramData\Systweak O43 - CFD: 29/05/2012 - 21:57:57 - [0,000] ----D C:\ProgramData\TamoSoft O43 - CFD: 18/12/2011 - 23:08:03 - [0] ----D C:\ProgramData\TEMP O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Templates O43 - CFD: 07/07/2012 - 19:00:58 - [0] ----D C:\ProgramData\Ubisoft O43 - CFD: 02/01/2012 - 21:10:04 - [0,064] ----D C:\ProgramData\VMware O43 - CFD: 13/02/2011 - 20:14:09 - [0,000] ----D C:\ProgramData\vsosdk O43 - CFD: 23/11/2010 - 23:54:59 - [0,000] ----D C:\ProgramData\WEBREG O43 - CFD: 20/03/2011 - 21:37:53 - [27,700] ----D C:\ProgramData\Win7codecs O43 - CFD: 14/06/2011 - 22:59:05 - [0,002] ----D C:\ProgramData\Windows Genuine Advantage O43 - CFD: 26/11/2010 - 22:53:11 - [0,104] ----D C:\Users\PAULOROBERTO\AppData\Roaming\7plus O43 - CFD: 09/07/2011 - 20:14:51 - [2,379] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Abelssoft O43 - CFD: 23/11/2010 - 23:56:42 - [4,102] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Adobe O43 - CFD: 27/11/2010 - 09:25:19 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Alzex O43 - CFD: 12/06/2011 - 14:09:57 - [0,525] ----D C:\Users\PAULOROBERTO\AppData\Roaming\ArcSoft O43 - CFD: 02/01/2011 - 16:08:41 - [0,879] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Ashampoo O43 - CFD: 17/03/2011 - 18:48:47 - [20,184] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Corel O43 - CFD: 21/08/2011 - 16:18:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\DAEMON Tools Lite O43 - CFD: 14/07/2012 - 19:43:16 - [693,343] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Downloaded Installations O43 - CFD: 01/01/2011 - 21:00:58 - [0,007] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Easeware O43 - CFD: 29/04/2012 - 21:08:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\GetRightToGo O43 - CFD: 28/11/2010 - 23:40:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Google O43 - CFD: 20/12/2010 - 11:34:01 - [0,095] ----D C:\Users\PAULOROBERTO\AppData\Roaming\HP O43 - CFD: 02/09/2012 - 16:17:26 - [0,002] ----D C:\Users\PAULOROBERTO\AppData\Roaming\HPAppData O43 - CFD: 14/05/2012 - 09:53:52 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\HpUpdate O43 - CFD: 23/11/2010 - 21:39:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Identities O43 - CFD: 16/10/2011 - 13:08:59 - [0,325] ----D C:\Users\PAULOROBERTO\AppData\Roaming\ImgBurn O43 - CFD: 28/11/2010 - 23:42:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\InstallShield O43 - CFD: 01/05/2011 - 11:53:06 - [0,028] ----D C:\Users\PAULOROBERTO\AppData\Roaming\InterSoft Common O43 - CFD: 26/01/2011 - 23:20:24 - [5,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\IObit O43 - CFD: 18/12/2011 - 23:10:00 - [0,016] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Kutawaves Games O43 - CFD: 11/03/2012 - 23:22:50 - [0,211] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Launchy O43 - CFD: 07/12/2010 - 21:48:21 - [0,181] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Lingoes O43 - CFD: 24/11/2010 - 00:37:03 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Macromedia O43 - CFD: 21/12/2010 - 20:57:16 - [0,574] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Malwarebytes O43 - CFD: 14/07/2009 - 15:11:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Media Center Programs O43 - CFD: 01/09/2012 - 19:00:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Media Player Classic O43 - CFD: 07/09/2012 - 14:43:37 - [16,267] -S--D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft O43 - CFD: 03/11/2011 - 21:43:28 - [0,008] ----D C:\Users\PAULOROBERTO\AppData\Roaming\MOBILedit O43 - CFD: 29/05/2012 - 20:42:51 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Movier O43 - CFD: 12/12/2011 - 20:23:05 - [41,290] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla O43 - CFD: 07/08/2012 - 20:39:50 - [0,008] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Nitro PDF O43 - CFD: 28/01/2012 - 22:05:36 - [0,027] ----D C:\Users\PAULOROBERTO\AppData\Roaming\NVIDIA O43 - CFD: 04/12/2011 - 19:53:29 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\OfficeRecovery O43 - CFD: 09/07/2011 - 18:27:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Opera O43 - CFD: 24/08/2012 - 19:31:06 - [1,984] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Skype O43 - CFD: 27/12/2010 - 23:12:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Systweak O43 - CFD: 11/02/2011 - 22:04:28 - [17,011] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Thunderbird O43 - CFD: 12/05/2012 - 00:18:11 - [0,002] ----D C:\Users\PAULOROBERTO\AppData\Roaming\TrueCrypt O43 - CFD: 06/08/2012 - 21:28:34 - [3,936] ----D C:\Users\PAULOROBERTO\AppData\Roaming\uTorrent O43 - CFD: 02/01/2012 - 21:05:39 - [0,007] ----D C:\Users\PAULOROBERTO\AppData\Roaming\VMware O43 - CFD: 01/09/2012 - 19:00:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Vso O43 - CFD: 17/03/2012 - 21:41:15 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\WinISO Computing O43 - CFD: 29/04/2011 - 10:23:34 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\WinRAR O43 - CFD: 09/07/2011 - 20:14:52 - [0,014] ----D C:\Users\PAULOROBERTO\AppData\Local\Abelssoft O43 - CFD: 04/12/2011 - 19:53:08 - [0,729] ----D C:\Users\PAULOROBERTO\AppData\Local\Apps O43 - CFD: 10/06/2011 - 21:50:43 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\ArcSoft O43 - CFD: 31/12/2010 - 20:57:34 - [0,343] ----D C:\Users\PAULOROBERTO\AppData\Local\ashampoo O43 - CFD: 01/05/2012 - 13:10:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\BlueStacks O43 - CFD: 29/04/2012 - 23:04:28 - [99,954] ----D C:\Users\PAULOROBERTO\AppData\Local\BlueStacksSetup O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos O43 - CFD: 05/06/2011 - 22:23:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Deployment O43 - CFD: 22/04/2011 - 20:38:51 - [2,007] ----D C:\Users\PAULOROBERTO\AppData\Local\Diagnostics O43 - CFD: 24/06/2012 - 21:50:38 - [69,431] ----D C:\Users\PAULOROBERTO\AppData\Local\Downloaded Installations O43 - CFD: 16/01/2012 - 22:42:43 - [5,847] ----D C:\Users\PAULOROBERTO\AppData\Local\ElevatedDiagnostics O43 - CFD: 29/05/2012 - 22:02:32 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\Eraser 6 O43 - CFD: 22/01/2012 - 23:19:11 - [7,372] ----D C:\Users\PAULOROBERTO\AppData\Local\Facebook O43 - CFD: 10/07/2011 - 18:10:20 - [13,085] ----D C:\Users\PAULOROBERTO\AppData\Local\FixItCenter O43 - CFD: 12/12/2011 - 20:23:05 - [21,483] ----D C:\Users\PAULOROBERTO\AppData\Local\Google O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Histórico O43 - CFD: 27/11/2010 - 09:23:22 - [1,763] ----D C:\Users\PAULOROBERTO\AppData\Local\HP O43 - CFD: 06/02/2011 - 00:25:10 - [308,624] ----D C:\Users\PAULOROBERTO\AppData\Local\IM O43 - CFD: 02/04/2011 - 00:08:17 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Local\Inverse_Karma O43 - CFD: 07/12/2010 - 21:48:21 - [0,009] ----D C:\Users\PAULOROBERTO\AppData\Local\Lingoes O43 - CFD: 15/06/2012 - 00:16:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Macromedia O43 - CFD: 15/06/2012 - 00:16:04 - [871,654] ----D C:\Users\PAULOROBERTO\AppData\Local\Microsoft O43 - CFD: 13/12/2010 - 12:42:51 - [1,543] ----D C:\Users\PAULOROBERTO\AppData\Local\Microsoft Games O43 - CFD: 23/11/2010 - 22:07:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Microsoft Help O43 - CFD: 05/12/2010 - 09:53:36 - [68,015] ----D C:\Users\PAULOROBERTO\AppData\Local\Mozilla O43 - CFD: 22/07/2012 - 10:26:18 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\MyRouter O43 - CFD: 09/07/2011 - 18:27:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Opera O43 - CFD: 08/03/2011 - 15:37:53 - [573,098] ----D C:\Users\PAULOROBERTO\AppData\Local\SlimWare Utilities Inc O43 - CFD: 26/06/2011 - 18:03:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Sony Ericsson O43 - CFD: 08/09/2012 - 16:50:59 - [0,661] ----D C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba O43 - CFD: 08/09/2012 - 17:02:32 - [0,483] ----D C:\Users\PAULOROBERTO\AppData\Local\Temp O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Temporary Internet Files O43 - CFD: 11/02/2011 - 22:04:28 - [4,343] ----D C:\Users\PAULOROBERTO\AppData\Local\Thunderbird O43 - CFD: 02/09/2012 - 12:03:46 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\tuto4pc_br_3 O43 - CFD: 19/08/2011 - 22:40:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\uTorrent O43 - CFD: 05/01/2011 - 22:30:07 - [1,722] ----D C:\Users\PAULOROBERTO\AppData\Local\VirtualStore O43 - CFD: 20/11/2011 - 20:24:59 - [0,005] ----D C:\Users\PAULOROBERTO\AppData\Local\VMware O43 - CFD: 13/08/2012 - 21:31:11 - [0,137] ----D C:\Users\PAULOROBERTO\AppData\Local\Windows Live O43 - CFD: 17/03/2012 - 21:41:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\WinISO Computing O43 - CFD: 20/08/2011 - 22:12:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{00F4F231-F954-4B9C-B23C-6A5CC67EC444} O43 - CFD: 15/06/2011 - 16:58:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0210C146-0236-4C1F-BC2D-4B7D2704D259} O43 - CFD: 03/08/2012 - 14:58:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{02A26541-0209-433A-B549-6D6436CE17EC} O43 - CFD: 20/03/2012 - 10:10:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{03317A69-A0AD-4BD9-B478-594D0989C33D} O43 - CFD: 17/04/2012 - 11:24:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{039A5CD6-6BC4-41E4-92CC-347D4314D7EB} O43 - CFD: 25/05/2012 - 18:22:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{046F5414-3B69-4D88-9B0D-0C7A31D19AE4} O43 - CFD: 27/03/2012 - 11:44:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{053C9CB3-C583-498E-B5F3-27878A76E5AE} O43 - CFD: 19/11/2011 - 19:59:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{070D0DC1-4B1D-4921-9BFC-FD6692FFDB05} O43 - CFD: 14/01/2012 - 13:25:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{088F2EB2-A08A-4B16-BB75-0D0B36DC8057} O43 - CFD: 17/02/2012 - 09:36:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{08A5DE3B-9DB0-471F-AA5D-3F2C42476419} O43 - CFD: 16/07/2011 - 11:36:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{09BF84FC-20B0-4F8E-A34C-5BC3EABD97AB} O43 - CFD: 05/05/2012 - 11:35:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0C0371F1-91FE-457E-8498-E7570238F398} O43 - CFD: 19/06/2012 - 16:01:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{103BCF28-C2AF-45E0-A228-A7079622D0BA} O43 - CFD: 28/10/2011 - 11:43:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1220C7CD-BCB8-4AD5-B7C0-4B5AC49E8B71} O43 - CFD: 08/05/2012 - 20:00:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{12925EE2-2FB9-4247-8AEE-EDB9968DAECD} O43 - CFD: 11/08/2012 - 11:35:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{13F50FCF-9AE6-4281-8F35-CA81AEB6B740} O43 - CFD: 05/07/2011 - 20:22:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{14683B31-094E-42FC-9623-505B09AFBC31} O43 - CFD: 09/07/2011 - 12:07:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15033920-076E-48B6-98C0-759684E792FC} O43 - CFD: 08/06/2012 - 18:30:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15372CE0-3A5A-4415-AFC7-553D97631373} O43 - CFD: 24/05/2011 - 23:20:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15FC2A6A-4503-4ECA-9810-2692B586C9B9} O43 - CFD: 16/05/2012 - 21:35:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1606896D-1092-42F4-BEDB-7C87B7E6C20C} O43 - CFD: 20/01/2012 - 16:32:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{16C19A8E-5DAB-4794-A260-9C418945EFB2} O43 - CFD: 18/01/2012 - 09:54:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{179FCAFA-6F4E-44FC-890E-108B1F0C771C} O43 - CFD: 26/06/2012 - 09:11:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1945E11C-15B5-44C1-9E65-CE3D01D0B818} O43 - CFD: 25/05/2012 - 18:22:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1AF167D6-57A1-4069-B6BA-65FF16859E63} O43 - CFD: 28/06/2012 - 11:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C31741C-0431-4008-9FBC-DEF185CC4612} O43 - CFD: 06/05/2011 - 11:44:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C83A534-5153-46B1-B561-B1BE7BB967C1} O43 - CFD: 08/07/2011 - 20:03:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1D717EC7-97AF-4BED-9820-EDB472174D4C} O43 - CFD: 26/04/2011 - 09:32:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1E0B28A5-A9C2-4FA2-87D0-CB0A54A4A7C8} O43 - CFD: 28/06/2011 - 19:29:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1F798B63-D942-4EF4-B528-156800586070} O43 - CFD: 30/04/2011 - 13:34:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2315F420-3E42-473D-A47D-FFC1EB4F4DB3} O43 - CFD: 04/02/2012 - 21:59:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2491BE60-7ECC-4A86-8248-C42F39F736B2} O43 - CFD: 06/02/2012 - 19:55:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2565103F-8291-402B-8E81-42C820F12140} O43 - CFD: 03/09/2011 - 12:46:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2567346A-EE13-44EA-B598-C39B5C555D09} O43 - CFD: 05/09/2012 - 21:09:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{281ECC3C-CF64-47F9-B45D-85CD82091750} O43 - CFD: 26/05/2012 - 19:27:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{28DAE245-9622-4A7F-8AFB-2F46FE87269A} O43 - CFD: 03/08/2012 - 14:58:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{29E24AC7-F034-4E6D-837D-F5CC3553DB6D} O43 - CFD: 09/06/2012 - 10:49:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2D691E10-50A9-45C0-9268-3E41CB483DC0} O43 - CFD: 01/05/2012 - 11:02:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E2743A6-2260-4A01-83AD-F37EDBD06206} O43 - CFD: 27/01/2012 - 11:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E60D613-16B6-4B62-91C5-006FA4CDD04D} O43 - CFD: 16/05/2012 - 21:35:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30301572-A4AE-4095-A160-2B83F49D3165} O43 - CFD: 23/06/2012 - 11:31:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{305BBF4F-2DC9-499C-96F9-0F9E1E2B2E65} O43 - CFD: 18/04/2012 - 20:10:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30DEAC39-31E0-4326-A1F1-423220D3BCDB} O43 - CFD: 31/12/2011 - 20:44:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{327D5FAA-9700-40D9-9BC8-FF1FED6E270F} O43 - CFD: 18/10/2011 - 14:37:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3389890D-7AC8-4D34-9272-B3AC449CD717} O43 - CFD: 12/06/2012 - 22:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{34329794-ADBD-4A36-AEBD-922831D8416B} O43 - CFD: 25/01/2012 - 18:27:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{357F54F6-B589-42FF-A37D-2EE81B03F34E} O43 - CFD: 10/06/2011 - 11:03:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3854C9F3-815F-4A3A-9E91-E3FED88C1915} O43 - CFD: 17/06/2012 - 17:19:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{38783BBD-2E89-4807-ADA1-6ADFD6986E76} O43 - CFD: 10/08/2011 - 11:19:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{389FE628-295D-4C70-AD1C-430F8A0617D1} O43 - CFD: 03/06/2011 - 11:36:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{397AD953-6D8E-4F49-B352-A9D6A15E591B} O43 - CFD: 24/01/2012 - 17:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B0A9B4A-6724-4F18-9F09-0C991E4ABA45} O43 - CFD: 07/03/2012 - 16:29:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B49AB33-10A7-463D-939A-AE56F728DD4B} O43 - CFD: 03/05/2012 - 20:34:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C141791-0E9D-453B-BC93-CA12846F4419} O43 - CFD: 24/12/2011 - 19:26:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C56C4B7-3D39-4EBF-B003-BC54EF534B0A} O43 - CFD: 10/05/2012 - 20:15:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D5630E4-59DB-43A1-AF3B-3C86E815BC2D} O43 - CFD: 10/01/2012 - 15:25:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D9EC2A4-E3E6-496B-AA4D-11CDB03D28F7} O43 - CFD: 22/04/2012 - 19:28:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3E424CF5-F89F-4A40-90CB-650D2353C14F} O43 - CFD: 19/11/2011 - 20:26:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3F674C72-1571-4B12-A353-971FAD8FC21C} O43 - CFD: 05/11/2011 - 11:01:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{41FFFD4B-3C3E-4A00-9ACB-CFD1F834541A} O43 - CFD: 22/05/2012 - 18:44:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{420E1D61-AA19-49A3-9978-A2A974FAFE6B} O43 - CFD: 04/02/2012 - 22:00:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42A98A64-EE96-42CE-A024-56120C545EBB} O43 - CFD: 02/12/2011 - 21:12:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42AF04B9-8714-491B-ADDE-4181F322B20D} O43 - CFD: 02/08/2012 - 16:44:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42D314FE-8E2F-4A55-8C22-5161C71FD9FB} O43 - CFD: 05/06/2012 - 14:59:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{44A81291-DE7A-48B4-B41B-19C4659D7D00} O43 - CFD: 02/08/2011 - 11:05:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{458D9B96-CD88-41AF-BB56-F6B20CC129F0} O43 - CFD: 18/04/2012 - 20:28:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{46974A91-7060-486A-8448-17CDC69C5508} O43 - CFD: 29/07/2011 - 18:00:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{47C9C047-8724-4651-8A84-3F263B0A6FB6} O43 - CFD: 02/06/2012 - 12:02:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{48DDE63C-6421-4595-850A-9A450361C2F9} O43 - CFD: 17/02/2012 - 09:36:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49236BB4-FB73-4D80-A766-A146B05D8605} O43 - CFD: 02/06/2012 - 17:34:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49A00D90-5B4D-4021-B03E-CAA9796FACDC} O43 - CFD: 17/01/2012 - 18:24:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4C22B66A-8AC2-4228-9DFE-B3E6AEE276D4} O43 - CFD: 12/06/2012 - 22:05:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4D18B8A4-B385-46BE-825A-1ADFF7984E67} O43 - CFD: 25/01/2012 - 18:27:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{50039014-CE9F-41D9-862E-A7B4D855724B} O43 - CFD: 15/07/2011 - 17:15:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5034EC67-0970-4691-ACAA-25B6B72A9DCA} O43 - CFD: 19/07/2011 - 16:18:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{503E0967-EEE1-4695-8C91-AD1CA10CE117} O43 - CFD: 14/10/2011 - 10:38:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5113999F-4E24-468F-A760-7416268C3C10} O43 - CFD: 28/02/2012 - 19:13:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{511827F5-DCFF-43A1-8CB8-B3A0C78D4A06} O43 - CFD: 19/04/2012 - 10:04:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{51338AC8-2C1A-489E-A173-9960F478C4F5} O43 - CFD: 18/07/2011 - 11:48:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{53C6C867-539A-45FA-A114-F86EA8D2047E} O43 - CFD: 08/03/2012 - 11:29:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{545E30D5-A125-465E-86DD-435729270AA3} O43 - CFD: 05/03/2012 - 20:47:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{54BE11AC-1483-4C89-ABFB-8D77629E4B87} O43 - CFD: 02/12/2011 - 21:12:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{55E5FCB6-C810-44D4-9B1C-E34C16D487EF} O43 - CFD: 08/10/2011 - 12:29:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564C0A73-34E0-4925-B45C-74DB66FA6E0C} O43 - CFD: 23/05/2011 - 22:34:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564FB850-B5FB-4565-80F3-7F1AD406F53E} O43 - CFD: 20/08/2011 - 22:12:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58F8D357-2B1D-4094-AEB5-457D98D9E24A} O43 - CFD: 31/12/2011 - 20:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58FF5309-4F25-43DE-80FC-C7243F7CA3E9} O43 - CFD: 09/08/2011 - 11:34:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C1E817A-6C3A-4E17-BC0C-54C1902A3A44} O43 - CFD: 27/03/2012 - 11:45:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C35D4C3-442D-4780-8580-3AC1A1FEB512} O43 - CFD: 08/10/2011 - 12:29:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C9B252A-36C5-4FFB-82B3-3457D57FC021} O43 - CFD: 26/05/2012 - 18:53:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5D91F207-4FB4-4F08-8AC6-9D6352D37727} O43 - CFD: 13/08/2012 - 21:31:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FAE381B-0AB2-4977-ACC5-368FA7F26AF9} O43 - CFD: 28/02/2012 - 19:13:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FFBC631-BF06-413A-A19D-0F20E321C0B8} O43 - CFD: 27/08/2011 - 12:21:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6005DCC3-970F-4E46-B9C5-9B47D755ADED} O43 - CFD: 03/12/2011 - 22:08:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{604F1250-4B3E-4DE1-9397-4620D69B08FA} O43 - CFD: 04/07/2011 - 20:03:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{60E6B64F-3ABC-4C10-AAD6-A6BD6CF00EA5} O43 - CFD: 09/06/2012 - 10:50:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{611EABBA-A411-4D54-BB73-292F35DD3007} O43 - CFD: 13/08/2012 - 21:31:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6168A489-162C-4090-B2A2-CD911247C61B} O43 - CFD: 10/08/2012 - 18:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61756327-F48E-4D16-B495-CAEF3A5ABF9E} O43 - CFD: 07/08/2011 - 21:47:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61A76CF7-160D-456D-9909-76C01C9E5E7A} O43 - CFD: 21/08/2012 - 16:01:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{659AD626-9E34-49DC-B8D5-E0A76A98E839} O43 - CFD: 17/03/2012 - 11:50:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{65DA37D5-CDD0-46BE-BBD2-16A476F06A82} O43 - CFD: 13/08/2011 - 14:14:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{669B8C0F-77DC-4DF1-90B5-B16E71B2669A} O43 - CFD: 31/03/2012 - 17:20:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6778FB08-5801-4FD6-B042-DC6972B882A5} O43 - CFD: 29/05/2011 - 19:14:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{69A71769-B405-4606-A0F1-422E5C509616} O43 - CFD: 22/05/2012 - 18:44:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6C700B60-EAA5-4F8E-B485-AC5AB801251D} O43 - CFD: 21/05/2011 - 19:10:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6CEA190A-3ED5-4DE8-B3BF-B573C68118E3} O43 - CFD: 01/08/2011 - 18:01:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6DE24520-D463-4C95-8B3A-4F1BBB4DE42B} O43 - CFD: 19/06/2012 - 16:00:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{702B4399-D61F-4C6F-AF16-B8C9D2A622A8} O43 - CFD: 26/05/2012 - 18:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{705842A0-B883-4973-B85E-E7D3DBFE312B} O43 - CFD: 27/04/2012 - 20:37:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{718FA3C9-FC4F-4173-B32E-6205BE4A1AED} O43 - CFD: 29/08/2012 - 20:35:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72A11FD4-707A-4723-B6FC-C9B0B3DED641} O43 - CFD: 22/04/2011 - 11:27:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72C6B4D2-F792-4F31-85C0-416859499A5C} O43 - CFD: 26/05/2011 - 20:06:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{738C7055-E9BE-45B4-90BD-5E0D1D1FBB1B} O43 - CFD: 27/07/2011 - 15:25:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7391A456-9FBD-4606-A9BD-29FD95FEF01B} O43 - CFD: 20/03/2012 - 10:10:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7404F573-FE84-4F76-ABC0-033A4E5E5660} O43 - CFD: 09/05/2012 - 20:38:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7433F93E-1789-49EA-B305-C54A469B99C4} O43 - CFD: 30/07/2012 - 11:49:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743AD8E5-3F83-4F15-B294-36CC42CA2080} O43 - CFD: 01/08/2012 - 17:05:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743C7856-84B2-42EB-A159-CDAC7BA47846} O43 - CFD: 25/05/2011 - 20:16:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{75130D14-6848-4FFD-A845-96A980A8D551} O43 - CFD: 18/04/2012 - 20:10:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{76ADC5BC-D1E0-4A71-8E7D-11EEB0AC1C4E} O43 - CFD: 18/04/2012 - 20:28:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{776AE50F-955C-41DF-A933-D5C50273E2C8} O43 - CFD: 27/01/2012 - 11:36:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{780C4E29-E245-459D-B32B-7DC9BA277BA1} O43 - CFD: 24/12/2011 - 19:26:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{78997733-15DC-4674-8914-CC72F9FC22FB} O43 - CFD: 31/01/2012 - 12:05:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{790DFAB7-0C64-4B6E-8DD5-A902FCEE0EC7} O43 - CFD: 14/07/2011 - 12:11:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{793A43ED-A608-4B30-A2FA-106D930B7812} O43 - CFD: 24/04/2011 - 14:44:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7C2A4677-9B42-4FC9-99CD-50272695B56A} O43 - CFD: 15/05/2011 - 18:30:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7F206D8C-400A-4AB6-8C6F-E18363DF104F} O43 - CFD: 27/06/2011 - 21:09:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{80452835-7547-4B9C-8D43-DC34F39BD83A} O43 - CFD: 11/07/2012 - 11:51:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{81FF45F1-B25D-4ABE-8521-355B13BF3834} O43 - CFD: 14/01/2012 - 13:25:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{862D16C9-39F3-427F-9A51-40E66AE6CF1F} O43 - CFD: 23/06/2012 - 16:56:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{867D7B11-70EB-4597-A3EC-31DE654ABD0B} O43 - CFD: 28/07/2012 - 10:40:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{86A70624-24FE-4848-A23F-F28333E00AB4} O43 - CFD: 14/06/2012 - 17:28:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{87D9215E-5397-4249-A253-2374B8BF42FB} O43 - CFD: 24/01/2012 - 17:38:02 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8C57852B-8FDC-49A1-9E51-5272F02BF160} O43 - CFD: 25/06/2012 - 12:03:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8CF2C62F-CFD3-482A-B4E2-F41A5A23CDF8} O43 - CFD: 25/07/2011 - 16:27:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8D7386BB-F175-4F30-9AF8-427530D444E2} O43 - CFD: 24/06/2011 - 17:01:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8FF6CE42-D751-4A0C-A371-7097DF017844} O43 - CFD: 14/10/2011 - 17:04:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{90C20204-EB26-4845-A4A8-EA4A3B6600CA} O43 - CFD: 14/06/2011 - 22:00:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94153A08-1E2A-4276-83A6-8147CCED3F7B} O43 - CFD: 18/07/2012 - 19:21:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94649819-5806-437F-BF32-18844A133222} O43 - CFD: 06/02/2012 - 19:55:57 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9486F1D9-3607-4478-A006-51F270BDFF79} O43 - CFD: 19/08/2011 - 15:44:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{954F3661-1395-4058-93AD-7B74CA563450}O43 - CFD: 13/07/2011 - 11:38:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9576FC1F-A2FE-44B7-B74A-87E6D72B3F8B} O43 - CFD: 10/05/2012 - 20:15:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{964CA773-8677-446B-B884-F9587A6FF166} O43 - CFD: 19/08/2011 - 15:44:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{978F37DC-1569-45ED-9797-9E17FE99892C} O43 - CFD: 19/11/2011 - 20:26:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{97CD1FCC-8F1C-4080-87D1-2963F31D843C} O43 - CFD: 20/07/2012 - 14:38:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{990DE35F-42AA-4FB9-8F42-FB59A2F787E3} O43 - CFD: 05/02/2012 - 23:08:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{99BAF654-C18B-4842-8367-BA6B5CE032B6} O43 - CFD: 28/10/2011 - 11:43:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9A78FFAF-3DEB-44F2-A3E3-E41251588BF2} O43 - CFD: 30/07/2012 - 11:49:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9BBD54C9-DF22-47ED-BE9D-17AE6D636CBD} O43 - CFD: 25/04/2012 - 15:21:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C46E3DF-782F-41F7-A76A-44ABB3C3A08F} O43 - CFD: 16/01/2012 - 09:54:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C83854E-CDB8-4C61-B148-AC9E18359EDD} O43 - CFD: 18/06/2012 - 09:03:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EA1F630-8856-4206-A18B-20A5D64CEC1F} O43 - CFD: 25/08/2011 - 11:53:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EB71E41-148B-4786-9595-C9ECBFD1CDB2} O43 - CFD: 13/08/2011 - 14:14:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9F2B9ECF-384F-4D99-9AED-3929D6AD1A27} O43 - CFD: 20/01/2012 - 16:32:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FC6CEED-3836-4ECE-B881-F66A00B1CDD6} O43 - CFD: 11/06/2011 - 11:33:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FE426F4-23F8-4F17-85A2-65F0E46816AE} O43 - CFD: 16/06/2012 - 22:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A05204A7-0B4C-43A0-BDF4-591D39F115BC} O43 - CFD: 03/12/2011 - 22:08:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A51353F0-FBDF-42FD-8A6F-1AA5C4E569D6} O43 - CFD: 30/05/2011 - 11:19:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6069280-F3D7-4C8F-AD41-D069D0C928C3} O43 - CFD: 02/08/2012 - 16:45:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6697EFE-96D3-4A51-ACA7-9C60314C477B} O43 - CFD: 11/07/2011 - 11:50:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A67911B2-F3D8-4D21-BB4B-AD3FC530C8F5} O43 - CFD: 28/07/2012 - 10:40:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A88407FF-C140-4EAB-9DA8-1B2C09FBCA5A} O43 - CFD: 03/05/2012 - 20:33:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A8D460ED-536F-4AE9-866F-AA35CAA133A4} O43 - CFD: 09/01/2012 - 09:28:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A94291AE-8B84-4316-9487-918356D26567} O43 - CFD: 25/01/2012 - 18:26:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A976A775-C01E-49C0-8BC7-12E0B23EBAFF} O43 - CFD: 23/03/2012 - 10:49:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AAC8A007-37BE-45B9-9682-13B1ABB26FD1} O43 - CFD: 17/08/2012 - 18:59:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AB484D35-B0C7-4FCC-B5F9-604A314B50F2} O43 - CFD: 27/04/2012 - 20:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ADDD8BBF-6EBB-4423-8505-BC3205ED8C54} O43 - CFD: 05/08/2011 - 11:42:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AF6B0C98-DADC-44E3-B80C-63166D2188F6} O43 - CFD: 26/06/2012 - 09:11:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AFD56E1F-1D25-4554-9995-878FF0C20852} O43 - CFD: 08/06/2012 - 18:29:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0757281-6178-46ED-B005-26C890395C59} O43 - CFD: 28/05/2011 - 19:11:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0E2C766-628B-416D-98E9-1379EF6BA11F} O43 - CFD: 19/11/2011 - 20:00:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B14FE2E9-057B-42FF-986C-87AA8069B31F} O43 - CFD: 05/06/2011 - 21:47:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B17F6F67-62E9-4323-8DAA-957E83DC95FA} O43 - CFD: 14/10/2011 - 10:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B1F6D0A6-D807-4DA7-8592-E3FE49319C37} O43 - CFD: 14/10/2011 - 17:04:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B412A248-F8D1-40A9-8014-3FF9139F01B9} O43 - CFD: 25/08/2011 - 11:53:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B5012B5B-941F-44BE-AF08-FB863D4C92DD} O43 - CFD: 10/08/2012 - 18:36:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B50C87FE-0E7E-4815-A63B-88D91B5D57D3} O43 - CFD: 18/07/2012 - 19:21:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B63B020C-75F6-434F-952D-6DE9C5B2D5D6} O43 - CFD: 25/04/2012 - 15:21:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B728BCD8-7509-43AF-80D3-34CA3C4FD57E} O43 - CFD: 08/03/2012 - 11:29:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8492EF9-5686-4B2D-AF7F-560021889466} O43 - CFD: 28/01/2012 - 12:04:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B891C550-76C2-45E5-9913-E8479EC0AD0C} O43 - CFD: 01/05/2012 - 11:02:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8A23A85-B9D8-46F0-8E82-402FF363914B} O43 - CFD: 15/11/2011 - 09:57:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B9E7CD25-9C80-432E-A7DA-E19A688A4DDB} O43 - CFD: 08/06/2011 - 11:07:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BA151CC2-9A4D-43C7-9310-182811590608} O43 - CFD: 23/06/2012 - 16:57:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BAE247B5-055D-4B44-A574-1402C94F8E36} O43 - CFD: 11/08/2011 - 12:13:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BE89D8F9-D4BE-4546-80EA-D28A1FAC0D11} O43 - CFD: 05/06/2012 - 15:00:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF331A2F-BBA9-49BA-A7A7-573CB78AE922} O43 - CFD: 01/06/2011 - 12:07:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF345FDF-0548-4DCF-952B-10E3368E9EF1} O43 - CFD: 02/07/2011 - 21:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF6DABF9-E8C1-4103-BBAB-92BCE9B29833} O43 - CFD: 11/07/2012 - 11:51:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BFD8B59D-A8B0-4449-9701-1B8063A6F7F3} O43 - CFD: 10/08/2011 - 11:19:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C1C6C418-C210-41EE-90EC-E093EFC21D53} O43 - CFD: 09/05/2012 - 20:38:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C28F0782-E6ED-481B-82E1-A7213E1AB326} O43 - CFD: 02/06/2012 - 12:02:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C6D9FA07-953C-4228-BFB4-59599411096C} O43 - CFD: 03/07/2011 - 20:45:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C790E081-A8C0-4D14-96C8-458FCC852D26} O43 - CFD: 12/01/2012 - 14:58:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C796DAD4-5755-4CA7-BBD0-099EEC92C540} O43 - CFD: 19/06/2011 - 22:05:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7A4A3D6-1783-4FF0-B582-883AE0320CE8} O43 - CFD: 12/07/2011 - 12:06:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7E5416E-64DD-4B8E-A070-A2F02D631BC8} O43 - CFD: 17/03/2012 - 11:51:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C8EE61C1-1B6B-4CC5-84F7-0AA98D37D49B} O43 - CFD: 09/08/2011 - 11:35:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C932BA6C-DE16-43BF-BA9B-2638698D0987} O43 - CFD: 22/06/2011 - 21:21:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C9D7A54E-A566-48A1-AA9E-FE21BC0336BC} O43 - CFD: 20/07/2012 - 14:37:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CB660A7C-1BE9-415B-B1C3-CF3D627347DF} O43 - CFD: 20/07/2011 - 10:36:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CBDEBCDE-17FF-4C29-953E-CC81278478BE} O43 - CFD: 23/07/2011 - 11:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CD709A6C-C6E2-4D69-B343-EECD32A53296} O43 - CFD: 22/04/2012 - 19:29:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D2B547C8-F9C6-485B-94A9-40BF0D2A3604} O43 - CFD: 11/05/2011 - 22:27:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D48D9CB6-5347-4593-8BDC-2A15739FCBC7} O43 - CFD: 12/01/2012 - 14:58:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D54EA7D7-DE8B-4C11-8B15-5E4E5FC589EB} O43 - CFD: 25/01/2012 - 18:26:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D58D7AFA-1E06-4662-B38E-912FB29E652E} O43 - CFD: 16/01/2012 - 09:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D6A6B481-28A5-4CFF-9FEA-B0174C9F25C5} O43 - CFD: 18/02/2012 - 19:50:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D756CD04-BBC3-4FB6-8357-2834799BBC1F} O43 - CFD: 03/09/2011 - 12:46:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D7A83F02-B072-4759-B381-93D3C90FDDEB} O43 - CFD: 05/03/2012 - 20:47:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D82F233D-5260-4FFF-94CF-AE7E8601FCDD} O43 - CFD: 28/01/2012 - 12:04:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D99E055F-1B5D-4ACA-BB35-924E8C84467F} O43 - CFD: 01/08/2012 - 17:05:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DA6A6F03-B454-40D4-8CD3-4640C4329579} O43 - CFD: 04/08/2011 - 20:39:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DC309D7D-1107-461B-9121-2C88F0E3E8BD} O43 - CFD: 30/07/2011 - 13:37:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DD37E408-2AB7-4E53-A0AF-E2B78328FD03} O43 - CFD: 20/04/2011 - 23:06:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DDE3FEEB-AF94-4D7F-9EE2-6F6DE8244818} O43 - CFD: 15/11/2011 - 09:57:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DE52219A-A478-4D6B-8216-399C771A3B4D} O43 - CFD: 23/03/2012 - 10:49:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0231D41-BD0C-4DE5-B093-118D59BCC734} O43 - CFD: 11/08/2012 - 11:35:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0D36E16-FEC4-412D-A2D0-01ACC560E6D5} O43 - CFD: 28/08/2012 - 19:05:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1609A45-54E8-4658-9FF0-5D5B169D7499} O43 - CFD: 07/03/2012 - 16:29:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1705C6F-CF3F-4FB4-A9C7-E59E6178AA1A} O43 - CFD: 07/08/2011 - 21:47:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E23E874F-275B-4719-8DB2-D038DFF195E7} O43 - CFD: 18/02/2012 - 19:50:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E3114627-B157-4CB9-A8BC-CC1F504E33C3} O43 - CFD: 11/08/2011 - 12:13:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E62C9541-8A76-4BC5-8CEB-5EC33428D916} O43 - CFD: 20/08/2012 - 19:20:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E63F7EB3-FAB2-473C-9998-43B63A26F8D7} O43 - CFD: 17/01/2012 - 18:25:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E7F24925-8B06-40FC-BED0-019FC4E98671} O43 - CFD: 09/01/2012 - 09:29:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E83A8FF6-8227-4BED-B562-8B1AC5DE13DB} O43 - CFD: 18/10/2011 - 14:37:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E8442A36-D776-4870-A151-91588A918973} O43 - CFD: 31/01/2012 - 12:05:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E99A4590-AE91-4144-B500-BE2B0243F4EA} O43 - CFD: 12/06/2011 - 20:26:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E9CBC65D-F19F-4F37-BAD0-7FC30623C7FA} O43 - CFD: 06/07/2011 - 19:52:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EB69F983-5E5C-41EC-B953-A2FC0AE71D62} O43 - CFD: 19/04/2012 - 10:04:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EBF874DA-34EC-4F32-A1ED-A98FBD2255B6} O43 - CFD: 02/06/2012 - 17:34:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ECB187EF-E069-4F0E-A21F-F01F0959AF8A} O43 - CFD: 05/05/2011 - 20:47:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDAF8BE7-29C1-4C13-B1A1-1CEB4C90BAA0} O43 - CFD: 05/11/2011 - 11:01:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDD66320-496C-4ED6-A460-B32EE4592E7A} O43 - CFD: 26/05/2012 - 19:27:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EE5CC157-73DA-44FA-9E0D-1810A04DD8CF} O43 - CFD: 27/11/2011 - 18:17:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EF05B9DF-7C3D-4B00-8D99-943E830F53AF} O43 - CFD: 05/02/2012 - 23:08:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F15D49E8-9E38-41B6-8187-1BD016D5824E} O43 - CFD: 10/01/2012 - 15:24:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1CA2C83-18E4-40FE-A3DD-49113865EB52} O43 - CFD: 14/06/2012 - 17:27:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1D2C45B-A842-4EC7-9041-268107451A6C} O43 - CFD: 03/07/2012 - 17:17:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F218BB45-85A4-4F8D-93F4-D0B1977B015B} O43 - CFD: 28/06/2012 - 11:43:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4170A31-57A4-4CD5-864F-2438F7895647} O43 - CFD: 27/08/2011 - 12:21:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4F3E800-7C51-4960-ABD0-5A5E40B2E263} O43 - CFD: 18/01/2012 - 09:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5541822-771F-4AD7-9A42-E79C555C385D} O43 - CFD: 25/06/2012 - 12:03:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5649858-DFB4-4ADB-AB8F-4AC54D9ECCA5} O43 - CFD: 03/07/2012 - 17:17:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F6DC0AF1-C8A6-492D-8E23-D295EEDC06E1} O43 - CFD: 15/06/2012 - 00:18:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7088F1D-8D61-4417-98D5-8973DA9C3877} O43 - CFD: 23/04/2011 - 15:48:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7635666-2AFE-40F5-8718-1A04DFC652B3} O43 - CFD: 14/05/2011 - 11:31:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7ED5527-BA39-496E-9F4E-D1D126A1488B} O43 - CFD: 10/04/2012 - 20:48:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F8D9A2E5-8109-48E5-B8CF-0C0B02362CC0} O43 - CFD: 08/08/2012 - 20:32:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F92FAC23-4B18-4D18-8B8D-A1C717FAF52E} O43 - CFD: 27/11/2011 - 18:17:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FAD752F5-2F6B-49CF-8077-6EF5D0BF623A} O43 - CFD: 23/06/2012 - 11:32:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FD680FEE-385A-43AC-8672-023D7AA7A9A5} O43 - CFD: 05/05/2012 - 11:35:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE24EABF-9543-4C38-A92B-F7FEBE61C38E} O43 - CFD: 08/08/2012 - 20:32:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE7E7F80-ABAF-4161-B351-8F6EC87078D5} O43 - CFD: 08/05/2012 - 20:00:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FEE0A23A-1D91-42B0-92D5-DD8C068778F5} O43 - CFD: 14/07/2009 - 01:54:32 - [0,014] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 11/07/2012 - 23:52:09 - [0,000] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 29/05/2012 - 21:15:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bywifi O43 - CFD: 24/11/2010 - 00:42:40 - [0,002] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner O43 - CFD: 11/08/2011 - 21:26:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter O43 - CFD: 27/11/2011 - 17:51:53 - [0,010] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision O43 - CFD: 03/06/2012 - 12:06:11 - [0,010] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X O43 - CFD: 04/12/2011 - 19:53:08 - [0,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeUndelete O43 - CFD: 30/07/2012 - 23:47:00 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games O43 - CFD: 11/09/2011 - 21:39:20 - [0,007] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio O43 - CFD: 14/07/2009 - 01:49:38 - [0,001] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 29/05/2012 - 20:47:00 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0 O43 - CFD: 15/01/2011 - 21:16:57 - [0,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox O43 - CFD: 24/07/2012 - 21:22:56 - [0,000] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 29/04/2011 - 10:23:15 - [0,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR O43 - CFD: 28/08/2011 - 21:23:55 - [7,408] ----D C:\Program Files (x86)\ArcSoft O43 - CFD: 01/01/2011 - 18:50:09 - [77,973] ----D C:\Program Files (x86)\Ashampoo O43 - CFD: 26/06/2011 - 18:04:07 - [2,746] ----D C:\Program Files (x86)\Avanquest update O43 - CFD: 05/01/2011 - 22:21:03 - [5,228] ----D C:\Program Files (x86)\AvRack O43 - CFD: 01/05/2012 - 13:19:33 - [0] ----D C:\Program Files (x86)\BlueStacks O43 - CFD: 03/07/2012 - 19:46:41 - [20,628] ----D C:\Program Files (x86)\Bywifi O43 - CFD: 28/08/2011 - 21:28:50 - [0,657] ----D C:\Program Files (x86)\C3 Tech Multimedia O43 - CFD: 11/12/2011 - 12:14:48 - [533,222] ----D C:\Program Files (x86)\CAPCOM O43 - CFD: 03/08/2012 - 22:30:45 - [9,924] ----D C:\Program Files (x86)\CCleaner O43 - CFD: 24/08/2012 - 19:29:59 - [472,998] ----D C:\Program Files (x86)\Common Files O43 - CFD: 29/05/2012 - 22:04:03 - [0] ----D C:\Program Files (x86)\CommViewWiFi O43 - CFD: 19/03/2011 - 19:16:20 - [1201,746] ----D C:\Program Files (x86)\Corel O43 - CFD: 31/07/2012 - 00:18:22 - [2,556] ----D C:\Program Files (x86)\DOOM 3 O43 - CFD: 01/01/2011 - 23:12:23 - [0,484] ----D C:\Program Files (x86)\Driver Checker O43 - CFD: 11/08/2011 - 21:27:01 - [0,902] ----D C:\Program Files (x86)\DVD Decrypter O43 - CFD: 08/12/2010 - 21:17:56 - [0,926] ----D C:\Program Files (x86)\DVD Shrink O43 - CFD: 26/11/2010 - 23:34:29 - [2,038] ----D C:\Program Files (x86)\Elaborate Bytes O43 - CFD: 01/04/2011 - 22:44:02 - [111,381] ----D C:\Program Files (x86)\ESET O43 - CFD: 03/06/2012 - 12:04:57 - [29,602] ----D C:\Program Files (x86)\EVGA Precision O43 - CFD: 04/09/2012 - 19:50:58 - [29,271] ----D C:\Program Files (x86)\EVGA Precision X O43 - CFD: 02/09/2012 - 14:22:14 - [0,000] ----D C:\Program Files (x86)\EXErrorsFix O43 - CFD: 26/04/2011 - 22:18:42 - [2,390] ----D C:\Program Files (x86)\FileSaver O43 - CFD: 11/09/2011 - 21:39:20 - [0,202] ----D C:\Program Files (x86)\GameVicio O43 - CFD: 21/07/2012 - 15:00:55 - [2,277] ----D C:\Program Files (x86)\GbPlugin O43 - CFD: 05/10/2011 - 21:53:56 - [21,932] ----D C:\Program Files (x86)\Google O43 - CFD: 23/11/2010 - 23:41:53 - [0] ----D C:\Program Files (x86)\Hewlett-Packard O43 - CFD: 23/04/2011 - 18:36:26 - [0] ----D C:\Program Files (x86)\hkSFV O43 - CFD: 04/02/2012 - 11:03:55 - [248,337] ----D C:\Program Files (x86)\HP O43 - CFD: 16/10/2011 - 12:58:35 - [3,102] ----D C:\Program Files (x86)\ImgBurn O43 - CFD: 25/11/2010 - 20:54:29 - [26,494] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 12/06/2011 - 12:28:39 - [1,461] --H-D C:\Program Files (x86)\InstallJammer Registry O43 - CFD: 30/07/2012 - 23:39:03 - [127,953] --H-D C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 08/03/2011 - 16:14:12 - [0,091] ----D C:\Program Files (x86)\Intel O43 - CFD: 05/09/2012 - 20:40:34 - [12,343] ----D C:\Program Files (x86)\Internet Explorer O43 - CFD: 26/01/2011 - 23:20:24 - [1,920] ----D C:\Program Files (x86)\IObit O43 - CFD: 11/04/2011 - 09:48:36 - [84,269] ----D C:\Program Files (x86)\Java O43 - CFD: 20/03/2011 - 22:21:48 - [47,172] ----D C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 31/12/2011 - 00:15:11 - [131,537] ----D C:\Program Files (x86)\Kaspersky Lab O43 - CFD: 08/03/2011 - 15:16:57 - [6,172] ----D C:\Program Files (x86)\Keyboard Driver O43 - CFD: 14/04/2011 - 22:49:19 - [15,944] ----D C:\Program Files (x86)\Lavalys O43 - CFD: 07/09/2012 - 15:41:12 - [11,719] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD: 08/03/2011 - 16:42:59 - [19,687] ----D C:\Program Files (x86)\Microsoft O43 - CFD: 20/12/2010 - 22:07:35 - [37,956] ----D C:\Program Files (x86)\Microsoft Analysis Services O43 - CFD: 20/12/2010 - 22:12:03 - [820,372] ----D C:\Program Files (x86)\Microsoft Office O43 - CFD: 17/03/2011 - 18:42:42 - [0,183] ----D C:\Program Files (x86)\Microsoft SDKs O43 - CFD: 09/05/2012 - 00:25:40 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 20/12/2010 - 22:12:01 - [3,467] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition O43 - CFD: 20/12/2010 - 22:12:01 - [0,757] ----D C:\Program Files (x86)\Microsoft Sync Framework O43 - CFD: 20/12/2010 - 22:12:54 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services O43 - CFD: 20/12/2010 - 22:09:24 - [1,200] ----D C:\Program Files (x86)\Microsoft Visual Studio 8 O43 - CFD: 17/03/2011 - 18:43:10 - [66,765] ----D C:\Program Files (x86)\Microsoft Visual Studio 9.0 O43 - CFD: 14/01/2011 - 01:08:35 - [7,824] ----D C:\Program Files (x86)\Microsoft.NET O43 - CFD: 03/11/2011 - 22:42:09 - [0,021] ----D C:\Program Files (x86)\MOBILedit! O43 - CFD: 09/05/2012 - 00:06:19 - [0] ----D C:\Program Files (x86)\Moo0 O43 - CFD: 19/08/2011 - 15:58:32 - [0] ----D C:\Program Files (x86)\Moozy O43 - CFD: 23/11/2010 - 21:53:17 - [6,172] ----D C:\Program Files (x86)\Mouse Driver O43 - CFD: 08/09/2012 - 16:41:19 - [39,210] ----D C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 08/09/2012 - 16:46:33 - [0,211] ----D C:\Program Files (x86)\Mozilla Maintenance Service O43 - CFD: 20/12/2010 - 22:13:41 - [0,025] ----D C:\Program Files (x86)\MSBuild O43 - CFD: 26/11/2010 - 00:13:43 - [0] ----D C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 22/07/2012 - 10:38:00 - [0,000] ----D C:\Program Files (x86)\MyRouter O43 - CFD: 14/07/2012 - 20:22:05 - [73,798] ----D C:\Program Files (x86)\Nitro PDF O43 - CFD: 04/09/2011 - 17:20:39 - [0] ----D C:\Program Files (x86)\Nobilis O43 - CFD: 25/05/2012 - 20:06:01 - [121,455] ----D C:\Program Files (x86)\NVIDIA Corporation O43 - CFD: 25/05/2012 - 00:09:16 - [6,211] ----D C:\Program Files (x86)\Oi O43 - CFD: 09/07/2011 - 18:27:38 - [0,000] ----D C:\Program Files (x86)\Opera O43 - CFD: 29/09/2011 - 23:15:05 - [15,027] ----D C:\Program Files (x86)\PCSX2 0.9.8 O43 - CFD: 28/11/2010 - 23:45:36 - [18,054] ----D C:\Program Files (x86)\Philips O43 - CFD: 26/05/2012 - 19:10:22 - [2,630] ----D C:\Program Files (x86)\Photo Notifier and Animation Creator O43 - CFD: 09/07/2011 - 18:19:16 - [0,006] ----D C:\Program Files (x86)\PowerDataRecovery O43 - CFD: 12/06/2011 - 12:31:59 - [0] ----D C:\Program Files (x86)\Programas RFB O43 - CFD: 14/04/2011 - 12:25:26 - [5,588] ----D C:\Program Files (x86)\Realtek O43 - CFD: 05/01/2011 - 22:20:58 - [40,006] ----D C:\Program Files (x86)\Realtek AC97 O43 - CFD: 05/01/2011 - 22:21:03 - [0] ----D C:\Program Files (x86)\Realtek Sound Manager O43 - CFD: 14/07/2009 - 02:32:38 - [106,401] ----D C:\Program Files (x86)\Reference Assemblies O43 - CFD: 01/01/2011 - 23:35:09 - [0] ----D C:\Program Files (x86)\Searchster.Net O43 - CFD: 24/08/2012 - 19:30:01 - [16,855] R---D C:\Program Files (x86)\Skype O43 - CFD: 01/01/2011 - 22:54:37 - [0] ----D C:\Program Files (x86)\SM O43 - CFD: 10/07/2011 - 18:06:50 - [0] ----D C:\Program Files (x86)\Sony Ericsson O43 - CFD: 08/03/2011 - 16:07:27 - [0] --H-D C:\Program Files (x86)\Temp O43 - CFD: 01/05/2012 - 12:54:16 - [0,602] ----D C:\Program Files (x86)\Trine O43 - CFD: 02/09/2012 - 12:03:19 - [4,236] ----D C:\Program Files (x86)\Tuto_4pc O43 - CFD: 13/07/2012 - 23:09:12 - [0,141] ----D C:\Program Files (x86)\Twin USB Vibration Gamepad O43 - CFD: 20/05/2011 - 23:15:31 - [0] ----D C:\Program Files (x86)\UEBBI.com O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information O43 - CFD: 29/04/2012 - 22:45:57 - [0,839] ----D C:\Program Files (x86)\uTorrent O43 - CFD: 20/06/2011 - 00:20:08 - [0,013] ----D C:\Program Files (x86)\VDownloader O43 - CFD: 26/11/2010 - 23:30:30 - [2,432] ----D C:\Program Files (x86)\Visual Clipboard O43 - CFD: 02/01/2012 - 21:08:53 - [12,352] ----D C:\Program Files (x86)\VMware O43 - CFD: 29/12/2010 - 23:07:46 - [64,974] ----D C:\Program Files (x86)\VSO O43 - CFD: 20/03/2011 - 21:37:53 - [0] ----D C:\Program Files (x86)\Win7codecs O43 - CFD: 01/09/2012 - 03:28:05 - [2,016] ----D C:\Program Files (x86)\Windows Defender O43 - CFD: 23/06/2012 - 11:48:39 - [176,175] ----D C:\Program Files (x86)\Windows Live O43 - CFD: 01/09/2012 - 03:28:07 - [23,116] ----D C:\Program Files (x86)\Windows Mail O43 - CFD: 01/09/2012 - 03:28:07 - [7,741] ----D C:\Program Files (x86)\Windows Media Player O43 - CFD: 14/07/2009 - 02:32:38 - [16,805] ----D C:\Program Files (x86)\Windows NT O43 - CFD: 01/09/2012 - 03:28:07 - [6,047] ----D C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 25/02/2011 - 23:47:39 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 01/09/2012 - 03:28:08 - [35,948] ----D C:\Program Files (x86)\Windows Sidebar O43 - CFD: 20/05/2011 - 22:58:19 - [0] ----D C:\Program Files (x86)\Yitsoft Software O43 - CFD: 08/09/2012 - 17:02:34 - [13,194] ----D C:\Program Files (x86)\ZHPDiag O43 - CFD: 28/08/2011 - 21:23:54 - [22,639] ----D C:\Program Files (x86)\Common Files\ArcSoft O43 - CFD: 11/06/2011 - 11:50:21 - [2,967] ----D C:\Program Files (x86)\Common Files\Corel O43 - CFD: 20/12/2010 - 22:12:51 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD: 23/11/2010 - 23:41:48 - [0,448] ----D C:\Program Files (x86)\Common Files\Hewlett-Packard O43 - CFD: 23/11/2010 - 23:42:00 - [5,425] ----D C:\Program Files (x86)\Common Files\HP O43 - CFD: 07/01/2012 - 01:50:18 - [10,228] ----D C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 11/04/2011 - 09:49:11 - [1,189] ----D C:\Program Files (x86)\Common Files\Java O43 - CFD: 19/11/2011 - 20:09:17 - [298,072] ----D C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 14/07/2012 - 20:22:05 - [15,292] ----D C:\Program Files (x86)\Common Files\Nitro PDF O43 - CFD: 19/03/2011 - 19:19:04 - [1,620] ----D C:\Program Files (x86)\Common Files\Protexis O43 - CFD: 14/07/2009 - 00:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services O43 - CFD: 24/08/2012 - 19:29:59 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype O43 - CFD: 14/07/2009 - 00:20:08 - [87,659] ----D C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 01/09/2012 - 03:28:05 - [25,305] ----D C:\Program Files (x86)\Common Files\System O43 - CFD: 24/11/2010 - 22:32:42 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live ~ Scan Program Folder in 00mn 35s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.E04B26ABDDB05C81871233ABE438D217] - 08/09/2012 - 16:55:05 ---A- . (...) -- C:\Windows\WindowsUpdate.log [2024978] O44 - LFC:[MD5.98AB80FA70CC18747D332B71093B0835] - 08/09/2012 - 16:53:42 ---A- . (...) -- C:\Windows\SysNative\AutoKMS.log [203475] O44 - LFC:[MD5.B0EC8C6756A84C17ADB89B58786DD8E4] - 08/09/2012 - 16:46:51 ---A- . (...) -- C:\Windows\setupact.log [280] O44 - LFC:[MD5.630ECA67FC78564F3208BF7E49BA3940] - 08/09/2012 - 16:46:41 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.7BC3E871011E5FACC9044193EC8D36A4] - 08/09/2012 - 16:44:56 ---A- . (...) -- C:\AdwCleaner[s1].txt [29699] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/09/2012 - 22:29:54 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.123F9A5D2F6B4F8F7780FAC6CFDE1D64] - 07/09/2012 - 22:29:29 ---A- . (...) -- C:\Windows\PFRO.log [386] O44 - LFC:[MD5.779D63B268EA50AAA6CEAD0EF60E312B] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc012.dat [120296] O44 - LFC:[MD5.AD48C0A8C54F0724CC38AB0271528971] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc013.dat [152730] O44 - LFC:[MD5.3FE2F9ABDEDB9AD5B5261D895BE2EF3B] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc014.dat [95096] O44 - LFC:[MD5.25287A8A16A906966AC86B3A40066643] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc015.dat [155414] O44 - LFC:[MD5.0507F7940C8D0EBDC66A2FB73DC27C54] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc019.dat [150294] O44 - LFC:[MD5.4662FB752ED864040D2818F5F8AE7BB3] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc01D.dat [142288] O44 - LFC:[MD5.6B93B750A09B913E65715534BB54619B] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc01F.dat [139692] O44 - LFC:[MD5.E7E21ACB7E2675AADFD8156D7EFC6B44] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh011.dat [410570] O44 - LFC:[MD5.A760DD213114EEAD59C2E06B1779C257] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh012.dat [422164] O44 - LFC:[MD5.723D231A43EE70AE10723638C894512C] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh013.dat [735958] O44 - LFC:[MD5.DF0DD284FC764A5AE09E83E2F298F2D2] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh014.dat [487362] O44 - LFC:[MD5.6FA73A15E85455892E374D7668626456] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh015.dat [732782] O44 - LFC:[MD5.4D4AF5FDEA4317E9266D89D53C729EAF] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh019.dat [717312] O44 - LFC:[MD5.CDD027DD271685DE68C995F9DAE33EF4] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh01D.dat [656528] O44 - LFC:[MD5.8479FC75C19894B5F49358F7A6D7CD0D] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh01F.dat [649542] O44 - LFC:[MD5.50C7BAD3E03D5B5CF834EEECD8C41F5F] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0404.dat [114954] O44 - LFC:[MD5.37A4A7EB6FA41AA2CBF42F7DD4A5642E] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [40648] O44 - LFC:[MD5.9CF7A87A75919CB85B3DD0DFB101FA92] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0804.dat [119868] O44 - LFC:[MD5.DB344EDBB7307DE50339F6C5CC3C0E86] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0816.dat [152702] O44 - LFC:[MD5.BDB0AE0943BF83C64AD10D9DA5E1B5AA] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0404.dat [394996] O44 - LFC:[MD5.7DA30047CC1E4096A060228AD30E3F9F] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [143122] O44 - LFC:[MD5.027645AD989E2C968FA19C00F606918A] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0804.dat [377894] O44 - LFC:[MD5.66D1EDA5929B992BB42CD9C80067D662] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0816.dat [721780] O44 - LFC:[MD5.9ED49ADBA0959D2948E3FFBB9C774ED2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [16183068] O44 - LFC:[MD5.27A19C1A5302F0D97C6364538F1E1745] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc001.dat [94604] O44 - LFC:[MD5.D6F7BFC51E6C8BE90253B514B6086663] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc005.dat [140910] O44 - LFC:[MD5.0BAAA608E005A512D274E68C52FB4581] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc006.dat [98286] O44 - LFC:[MD5.078A21C130A694130CD6EC0CFE69594D] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc007.dat [148596] O44 - LFC:[MD5.7915D498A955638ABA9D78CE74812EE2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc008.dat [110806] O44 - LFC:[MD5.2BDAE4312D3AE9E93A2A88C95B4C93CA] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [36744] O44 - LFC:[MD5.B054E269681CF8AA0C64216984F4F0BE] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00A.dat [158138] O44 - LFC:[MD5.37B56F918CF908F05809B47C4232C2F2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00B.dat [100946] O44 - LFC:[MD5.F31BE6173847B3DB528D34794BEBD203] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [149106] O44 - LFC:[MD5.3767CF3A37F3A9A8C950EBF2300A3E33] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00D.dat [84714] O44 - LFC:[MD5.6E96AFFEA542B21F55DFCF7C36B57F1D] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00E.dat [170798] O44 - LFC:[MD5.8E59DBF678FD92DC8E55701A8C2F33E8] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc010.dat [146602] O44 - LFC:[MD5.049F6C9DE49B06DD6F8A6D5C4DCBEE61] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc011.dat [122008] O44 - LFC:[MD5.5178B380531A8903832209E6F8F76CCF] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh001.dat [472006] O44 - LFC:[MD5.C7E78F847DA2D1200D8DAC019A55F9B7] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh005.dat [661284] O44 - LFC:[MD5.93D19E38842A1D6B67A46EEF5ADA1532] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh006.dat [502086] O44 - LFC:[MD5.01515AFC75C791254182007EE2B36C2C] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh007.dat [689528] O44 - LFC:[MD5.06C8760352A37413AAE44153C685EDAB] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh008.dat [599464] O44 - LFC:[MD5.AD896E33B2273699F3590A6D0BC97BBC] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [138202] O44 - LFC:[MD5.917F08958D605726A973F4916D693D00] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00A.dat [738088] O44 - LFC:[MD5.A24AA2BA4D7076EDB72FECFB49290FE0] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00B.dat [474226] O44 - LFC:[MD5.97435D229617C16D02C146FC5CD548E5] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [738244] O44 - LFC:[MD5.F4D309AF5EC5C6DD9A5C8DB703DF3835] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00D.dat [385572] O44 - LFC:[MD5.05ABB64B34C8E3D7EDFEBBB2CA0CC0A8] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00E.dat [676266] O44 - LFC:[MD5.FFA37F84C9392E61AE7FB7968A2A405D] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh010.dat [732780] O44 - LFC:[MD5.9ED49ADBA0959D2948E3FFBB9C774ED2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [16183068] O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 05/09/2012 - 15:07:57 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [72822] O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 05/09/2012 - 15:07:57 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822] O44 - LFC:[MD5.B7A532B9148BB6EB01AD8B25549BD8CB] - 02/09/2012 - 12:02:32 ---A- . (...) -- C:\ChromeHPLog.txt [26] O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 31/08/2012 - 23:52:30 ---A- . (...) -- C:\Windows\SysNative\prfd0804.dat [31548] O44 - LFC:[MD5.3A6AE335F598733BA114414BACF8B163] - 31/08/2012 - 23:52:30 ---A- . (...) -- C:\Windows\SysNative\prfi0804.dat [111310] O44 - LFC:[MD5.123AE03AE3801D7CF2E7C25A4F36E20F] - 31/08/2012 - 22:04:12 ---A- . (...) -- C:\Windows\SysNative\perfd007.dat [38104] O44 - LFC:[MD5.7D57D289C5F93908319DEA1080CC111D] - 31/08/2012 - 22:04:11 ---A- . (...) -- C:\Windows\SysNative\perfi007.dat [295922] O44 - LFC:[MD5.E51BCA624E6F4807328075361FC88E8D] - 31/08/2012 - 20:57:23 ---A- . (.Oracle Corporation - No comment.) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [108008] O44 - LFC:[MD5.9D75AE1E0CF50FC15354DD5B8E7E8FB4] - 31/08/2012 - 20:57:18 ---A- . (.Oracle Corporation - Java Platform SE binary.) -- C:\Windows\SysNative\javaw.exe [189416] O44 - LFC:[MD5.25DAC5D3C1F220AC79D0B00D7927B24F] - 31/08/2012 - 20:57:18 ---A- . (.Oracle Corporation - Java Web Start Launcher.) -- C:\Windows\SysNative\javaws.exe [289768] O44 - LFC:[MD5.9D75AE1E0CF50FC15354DD5B8E7E8FB4] - 31/08/2012 - 20:57:18 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\javaw.exe [189416] O44 - LFC:[MD5.25DAC5D3C1F220AC79D0B00D7927B24F] - 31/08/2012 - 20:57:18 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\Windows\System32\javaws.exe [289768] O44 - LFC:[MD5.139BBF3E294D0E142252F0FF8E859B4C] - 31/08/2012 - 20:57:16 ---A- . (.Oracle Corporation - Java Platform SE binary.) -- C:\Windows\SysNative\java.exe [188904] O44 - LFC:[MD5.139BBF3E294D0E142252F0FF8E859B4C] - 31/08/2012 - 20:57:16 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\java.exe [188904] O44 - LFC:[MD5.5AE843246FD8E5E80C71C14E8C1B3E61] - 31/08/2012 - 20:57:15 ---A- . (.Oracle Corporation - Java Platform SE binary.) -- C:\Windows\SysNative\deployJava1.dll [916456] O44 - LFC:[MD5.D7377FC952CAFC87DF46CEA3E3B33F3F] - 31/08/2012 - 20:57:15 ---A- . (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(T.) -- C:\Windows\SysNative\npDeployJava1.dll [1034216] O44 - LFC:[MD5.5AE843246FD8E5E80C71C14E8C1B3E61] - 31/08/2012 - 20:57:15 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\deployJava1.dll [916456] O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 01/09/2012 - 03:23:45 ---A- . (...) -- C:\Windows\SysNative\perfd011.dat [31548] O44 - LFC:[MD5.662686A55F1CCF3E9031CD70CDAABAA1] - 01/09/2012 - 03:23:45 ---A- . (...) -- C:\Windows\SysNative\perfi011.dat [141988] O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 01/09/2012 - 00:51:02 ---A- . (...) -- C:\Windows\SysNative\prfd0404.dat [31548] O44 - LFC:[MD5.7EA6238ADEB79DF41A31283D7847FE5E] - 01/09/2012 - 00:51:02 ---A- . (...) -- C:\Windows\SysNative\prfi0404.dat [117840] O44 - LFC:[MD5.4B614CB456DE641C43AA6501292B9FA2] - 16/08/2012 - 14:50:56 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [437880] ~ Scan Files in 00mn 09s ---\\ Operations and functions at Windows Explorer startup (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL ~ Scan ShellExecuteHooks in 00mn 00s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll ~ Scan Keys in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ Scan CSB in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) (None) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe O53 - SMSR:HKLM\...\startupreg\bywifi [Key] . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files (x86)\Bywifi\bywifi.exe O53 - SMSR:HKLM\...\startupreg\CCLite [Key] . (.ms - No comment.) -- C:\Windows\system32\Event Agent\ea.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Eraser [Key] . (...) -- C:\Program Files (x86)\Eraser\Eraser.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Google Installer.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Update\GoogleUpdate.exe O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O53 - SMSR:HKLM\...\startupreg\Lingoes [Key] . (...) -- C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\mylbx [Key] . (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe O53 - SMSR:HKLM\...\startupreg\OfficeSyncProcess [Key] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O53 - SMSR:HKLM\...\startupreg\SnowWallpaper [Key] . (...) -- C:\Program Files (x86)\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\SPC230NC_Monitor [Key] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\Philips\SPC230NC\Monitor.exe O53 - SMSR:HKLM\...\startupreg\SPC_Monitor [Key] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\Philips\SPC230NC\Monitor.exe O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O53 - SMSR:HKLM\...\startupreg\Tutorials [Key] . (...) -- C:\Program Files (x86)\Tuto_4pc\tutoriaisslimba.exe O53 - SMSR:HKLM\...\startupreg\UpdateTutoriaisSlimbaHP.exe [Key] . (.pctuto - updatepctutoHP.) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe O53 - SMSR:HKLM\...\startupreg\vmware-tray [Key] . (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Windows Mobile-based device management [Key] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdcBase.exe ~ Scan SMSR Keys in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0 O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0 O55 - MWPS:[HKCU\...\Policies\System] - "NoDispCPL"=0 ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowRun"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoNetworkConnections"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAddPrinter"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDeletePrinter"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSetFolders"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoPropertiesMyComputer"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoViewContextMenu"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoTrayContextMenu"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWinKeys"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRun"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=60 ~ Scan Keys in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.6CCD1135320109D6B219F1A6E04AD9F6] - 14/11/2006 - 11:31:00 ---A- . (.Arcsoft, Inc. - Arcsoft® ASPI Shell.) -- C:\Windows\SysWOW64\drivers\afc.sys [22784] ~ Scan Drivers in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <Opera.HTML>[HKLM\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\Windows\SysWow64\CScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\Windows\SysWow64\CScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.) ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com ~ Scan Keys in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [853504] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [679424] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [99328] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [64512] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [316928] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [680960] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2428952] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2428952] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [30720] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70656] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [121856] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [193536] ~ Scan Services in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.2424936423657E4DF33A07F9AED8897C] [sPRF][18/01/2011] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.6D9E5361414A404F62DC249F2AADC327] [sPRF][31/01/2008] (.Unknown owner - 7-zip32.) -- C:\Users\PAULOROBERTO\AppData\Local\Temp\7-zip32.dll [506880] [MD5.02961D44C635A12BD6E39793D36C06A9] [sPRF][08/09/2012] (...) -- C:\Users\PAULOROBERTO\Desktop\adwcleaner.exe [511265] [MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][08/09/2012] (...) -- C:\Users\PAULOROBERTO\Desktop\ZHPDiag_silent.exe [794216] [MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Users\PAULOROBERTO\Desktop\ZHP_uninstall.exe [344187] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [sPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [417792] ~ Scan Files in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{060C4A80-3D9B-42B2-97BD-2D81F2304FFC}" | In - None - P17 - TRUE | .(.Hewlett-Packard - HP Update Client.) -- C:\Program Files (x86)\HP\hp software update\hpwucli.exe O87 - FAEL: "{50A9F65B-55A8-4C40-963F-664F72DD740C}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{8C350460-52A6-48AB-A88D-BD5DE8DC7833}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{323F6C4C-E736-4E60-B8B2-38F7410189DC}" |Out - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{4027D939-1502-4862-A70D-A9DFDA9BFA3D}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.) O87 - FAEL: "{D3073D82-59EE-4FA7-9862-3065C9C316EB}" | In - Private - P6 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe O87 - FAEL: "{89A3D4C2-AD57-4323-9D79-2AC711F2323C}" | In - Private - P17 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe O87 - FAEL: "{67973313-4C1A-49DC-91FC-0F8E2C804F06}" | In - Private - P6 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe O87 - FAEL: "{D00FDBEF-BD44-402C-82DC-9C0A5826CC98}" | In - Private - P17 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe O87 - FAEL: "{7ADEC054-760E-4208-AC85-911EF7E0E7EF}" | In - Private - P6 - TRUE | .(.Event Agent - Local Security Authority Agent.) -- C:\Windows\SysWOW64\Event Agent\lite.exe O87 - FAEL: "{5A2576E0-1D99-4A9B-ACDE-6D6225A385F1}" | In - Private - P17 - TRUE | .(.Event Agent - Local Security Authority Agent.) -- C:\Windows\SysWOW64\Event Agent\lite.exe O87 - FAEL: "{E36D5C6E-06B0-426C-8BC9-115DD50DF237}" | In - Private - P6 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe O87 - FAEL: "{D7511860-62FA-4C7B-B329-B29586428484}" | In - Private - P17 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe O87 - FAEL: "{6205D596-1BF6-4E18-AFE2-F74283F07AF5}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\Event Agent\Bin\EventAgentRegistry.exe O87 - FAEL: "{D5992585-76B7-46D5-BBB0-C5A5D5E9A6D4}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Event Agent\Bin\EventAgentRegistry.exe O87 - FAEL: "{F25B8C7B-104E-4E79-B44D-3BB2ED97F587}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O87 - FAEL: "{2A0C7D2E-EFA4-43CE-83FA-47DFB1CA4AD2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O87 - FAEL: "{67CFF14A-9DD7-4258-BF49-C56A6C882D10}" | In - Public - P6 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe O87 - FAEL: "{81C07B84-28C9-4079-8C4C-7BD0813C9BC0}" | In - Public - P17 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe O87 - FAEL: "{4CC8C1CE-6C63-48E5-ACF1-AD53BEEC2FBA}" | In - Private - P6 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe O87 - FAEL: "{22B3512F-A0F4-4D5B-8D25-B96869A96D80}" | In - Private - P17 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe O87 - FAEL: "{A4486819-7862-4F54-B3D1-A9BBF571BE27}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O87 - FAEL: "{5FB3341B-0583-4387-84B2-3702A036DF59}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O87 - FAEL: "{553AFB82-8D02-4823-BADF-B98E0CCA8F81}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O87 - FAEL: "{8883E8F6-CDA2-49C3-8FEA-9E387BF1401E}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\PAULOROBERTO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe O87 - FAEL: "{308D246C-1D38-46F5-8211-06DB768599B6}" | In - Public - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{E665D9BC-63EC-40E5-8EDA-E26BE6E6BF59}" | In - Public - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O87 - FAEL: "{3D6855D7-76A7-42A4-A2FC-2038BD5C0BBD}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{01B906B5-112E-4A06-839C-959E2C8E7E04}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{CE9452B6-C37D-4513-8E78-F0FA965AC822}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{083E5BF8-0F2B-4690-84C6-70DA9A858737}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{EA762CE7-9F01-4F28-80A3-192B7DAD15FC}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{9CA18194-DF55-4ABD-BE9C-9545798E58D7}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{02662005-3F39-4515-BF3F-2E5052835644}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{63D2521D-71D4-49B8-A6EE-C5C99EFF717C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{B0F78EF4-9A7B-41A7-8E73-688109198FA1}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{FDDD53EE-7DFD-4D05-A2DD-11027B82D22E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{F4B5D5E7-065A-429A-9B9F-A9243D90B00D}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{858E25DF-AFB0-4D46-82CD-8723399497A6}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{EBD0934D-4C81-46EC-876F-FCCB8F5CE5A7}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{C72A9C7D-AE83-4AF3-95B8-4B3089A4B879}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{93D618D0-4F54-4EBE-8357-028106B604D6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) O87 - FAEL: "{9627CE69-A86F-4A8E-A9CE-9B23904AC2EB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) ~ Scan Firewall in 00mn 01s ---\\ Additionnal Scan (O88) Database Version : 9170 - (25/06/2012) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\WOW6432Node\Trymedia Systems] =>Adware.Trymedia [HKCU\Software\Tutorials] =>Toolbar.Agent ~ Scan Additionnel in 00mn 05s ---\\ Router Hijack DNS (O89) (None) ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 08/09/2012 250568 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 24/04/2011 202296 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe SS - | Demand 28/02/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe SS - | Auto 211888 | (GbpSv) . (...) - C:\Program Files (x86)\GbPlugin\gbpsv.exe SS - | Auto 211888 | (gpsvc) . (...) - C:\Program Files (x86)\GbPlugin\gbpsv.exe SS - | Auto 28/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 28/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 05/10/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe SS - | Auto 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe SR - | Auto 31/08/2009 1821184 | (KMWDSERVICE) . (.UASSOFT.COM.) - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe SS - | Demand 08/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 25/06/2012 216080 | (NitroReaderDriverReadSpool2) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe SR - | Auto 15/05/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 15/05/2012 1262400 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 15/05/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Auto 0 | (System Event Agent) . (...) - C:\Windows\system32\Event Agent\bin\spoolsv .exe SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Scan Services in 00mn 03s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ Scan MBR in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by PAULOROBERTO at 08/09/2012 17:03:45 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s End of the scan (1721 lines in 01mn 52s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 9, 2012 Boa Noite! prrsilva |- Feche programas/pastas que estejam abertas. |- Feche,também,o navegador! |- Para Windows Vista,desabilite a UAC. |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador. |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas". R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankO4 - HKLM\..\Wow6432Node\Run: [CCLite] C:\Windows\system32\Event Agent\ea.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\Moo0\FileShredder 1.17\FileShredder.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{1E1958F2-72FA-4297-8943-F06E0AFA129E}] (...) -- C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{884A3003-179D-4C41-849F-4B5889A22200}] (...) -- C:\Users\PAULOROBERTO\Desktop\Johnny Castaway Vista.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{AAD3343B-61CF-410C-BBF1-1EF41EFA888A}] (...) -- F:\VisualizadorNFeCTe_v50e.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{C7279582-ED02-4131-9AA6-19E554EE7756}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D2865EF1-7A6C-41EB-B50A-4F0F61F98F7C}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D85C16D1-2301-4ED8-AEE0-2F203D40C854}] (...) -- C:\Users\PAULOROBERTO\Desktop\ReceitanetJava2010.02d_setup_win32.exe (.not file.) [MD5.F26AB739E1554156BC4040009ECE24B3] - (.IDEVFH - Memory Fox Version Beta 7.4.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [647168] [PID.44 [MD5.83605CA0BB3FCE6B45BE12148AD8B3C9] [APT] [AutoKMS] (.Microsoft.) -- C:\Windows\AutoKMS.exe => Infection Diverse (Trojan.Keygen) SS - | Auto 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe => Infection Diverse (Trojan.Keygen) SS - | Auto 0 | (System Event Agent) . (...) - C:\Windows\system32\Event Agent\bin\spoolsv .exe => Infection Vundo O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe => Infection Diverse (Trojan.Keygen) O23 - Service: System Event Agent (System Event Agent) . (.Unknown owner - Event Agent Startup.) - C:\Windows\SysWOW64\Event Agent\bin\spoolsv .exe O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} => Infection PUP (Adware.IMBooster) O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Histórico O43 - CFD: 17/03/2012 - 21:41:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\WinISO Computing O43 - CFD: 20/08/2011 - 22:12:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{00F4F231-F954-4B9C-B23C-6A5CC67EC444} O43 - CFD: 15/06/2011 - 16:58:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0210C146-0236-4C1F-BC2D-4B7D2704D259} O43 - CFD: 03/08/2012 - 14:58:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{02A26541-0209-433A-B549-6D6436CE17EC} O43 - CFD: 20/03/2012 - 10:10:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{03317A69-A0AD-4BD9-B478-594D0989C33D} O43 - CFD: 17/04/2012 - 11:24:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{039A5CD6-6BC4-41E4-92CC-347D4314D7EB} O43 - CFD: 25/05/2012 - 18:22:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{046F5414-3B69-4D88-9B0D-0C7A31D19AE4} O43 - CFD: 27/03/2012 - 11:44:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{053C9CB3-C583-498E-B5F3-27878A76E5AE} O43 - CFD: 19/11/2011 - 19:59:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{070D0DC1-4B1D-4921-9BFC-FD6692FFDB05} O43 - CFD: 14/01/2012 - 13:25:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{088F2EB2-A08A-4B16-BB75-0D0B36DC8057} O43 - CFD: 17/02/2012 - 09:36:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{08A5DE3B-9DB0-471F-AA5D-3F2C42476419} O43 - CFD: 16/07/2011 - 11:36:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{09BF84FC-20B0-4F8E-A34C-5BC3EABD97AB} O43 - CFD: 05/05/2012 - 11:35:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0C0371F1-91FE-457E-8498-E7570238F398} O43 - CFD: 19/06/2012 - 16:01:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{103BCF28-C2AF-45E0-A228-A7079622D0BA} O43 - CFD: 28/10/2011 - 11:43:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1220C7CD-BCB8-4AD5-B7C0-4B5AC49E8B71} O43 - CFD: 08/05/2012 - 20:00:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{12925EE2-2FB9-4247-8AEE-EDB9968DAECD} O43 - CFD: 11/08/2012 - 11:35:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{13F50FCF-9AE6-4281-8F35-CA81AEB6B740} O43 - CFD: 05/07/2011 - 20:22:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{14683B31-094E-42FC-9623-505B09AFBC31} O43 - CFD: 09/07/2011 - 12:07:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15033920-076E-48B6-98C0-759684E792FC} O43 - CFD: 08/06/2012 - 18:30:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15372CE0-3A5A-4415-AFC7-553D97631373} O43 - CFD: 24/05/2011 - 23:20:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15FC2A6A-4503-4ECA-9810-2692B586C9B9} O43 - CFD: 16/05/2012 - 21:35:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1606896D-1092-42F4-BEDB-7C87B7E6C20C} O43 - CFD: 20/01/2012 - 16:32:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{16C19A8E-5DAB-4794-A260-9C418945EFB2} O43 - CFD: 18/01/2012 - 09:54:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{179FCAFA-6F4E-44FC-890E-108B1F0C771C} O43 - CFD: 26/06/2012 - 09:11:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1945E11C-15B5-44C1-9E65-CE3D01D0B818} O43 - CFD: 25/05/2012 - 18:22:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1AF167D6-57A1-4069-B6BA-65FF16859E63} O43 - CFD: 28/06/2012 - 11:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C31741C-0431-4008-9FBC-DEF185CC4612} O43 - CFD: 06/05/2011 - 11:44:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C83A534-5153-46B1-B561-B1BE7BB967C1} O43 - CFD: 08/07/2011 - 20:03:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1D717EC7-97AF-4BED-9820-EDB472174D4C} O43 - CFD: 26/04/2011 - 09:32:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1E0B28A5-A9C2-4FA2-87D0-CB0A54A4A7C8} O43 - CFD: 28/06/2011 - 19:29:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1F798B63-D942-4EF4-B528-156800586070} O43 - CFD: 30/04/2011 - 13:34:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2315F420-3E42-473D-A47D-FFC1EB4F4DB3} O43 - CFD: 04/02/2012 - 21:59:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2491BE60-7ECC-4A86-8248-C42F39F736B2} O43 - CFD: 06/02/2012 - 19:55:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2565103F-8291-402B-8E81-42C820F12140} O43 - CFD: 03/09/2011 - 12:46:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2567346A-EE13-44EA-B598-C39B5C555D09} O43 - CFD: 05/09/2012 - 21:09:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{281ECC3C-CF64-47F9-B45D-85CD82091750} O43 - CFD: 26/05/2012 - 19:27:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{28DAE245-9622-4A7F-8AFB-2F46FE87269A} O43 - CFD: 03/08/2012 - 14:58:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{29E24AC7-F034-4E6D-837D-F5CC3553DB6D} O43 - CFD: 09/06/2012 - 10:49:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2D691E10-50A9-45C0-9268-3E41CB483DC0} O43 - CFD: 01/05/2012 - 11:02:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E2743A6-2260-4A01-83AD-F37EDBD06206} O43 - CFD: 27/01/2012 - 11:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E60D613-16B6-4B62-91C5-006FA4CDD04D} O43 - CFD: 16/05/2012 - 21:35:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30301572-A4AE-4095-A160-2B83F49D3165} O43 - CFD: 23/06/2012 - 11:31:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{305BBF4F-2DC9-499C-96F9-0F9E1E2B2E65} O43 - CFD: 18/04/2012 - 20:10:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30DEAC39-31E0-4326-A1F1-423220D3BCDB} O43 - CFD: 31/12/2011 - 20:44:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{327D5FAA-9700-40D9-9BC8-FF1FED6E270F} O43 - CFD: 18/10/2011 - 14:37:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3389890D-7AC8-4D34-9272-B3AC449CD717} O43 - CFD: 12/06/2012 - 22:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{34329794-ADBD-4A36-AEBD-922831D8416B} O43 - CFD: 25/01/2012 - 18:27:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{357F54F6-B589-42FF-A37D-2EE81B03F34E} O43 - CFD: 10/06/2011 - 11:03:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3854C9F3-815F-4A3A-9E91-E3FED88C1915} O43 - CFD: 17/06/2012 - 17:19:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{38783BBD-2E89-4807-ADA1-6ADFD6986E76} O43 - CFD: 10/08/2011 - 11:19:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{389FE628-295D-4C70-AD1C-430F8A0617D1} O43 - CFD: 03/06/2011 - 11:36:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{397AD953-6D8E-4F49-B352-A9D6A15E591B} O43 - CFD: 24/01/2012 - 17:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B0A9B4A-6724-4F18-9F09-0C991E4ABA45} O43 - CFD: 07/03/2012 - 16:29:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B49AB33-10A7-463D-939A-AE56F728DD4B} O43 - CFD: 03/05/2012 - 20:34:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C141791-0E9D-453B-BC93-CA12846F4419} O43 - CFD: 24/12/2011 - 19:26:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C56C4B7-3D39-4EBF-B003-BC54EF534B0A} O43 - CFD: 10/05/2012 - 20:15:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D5630E4-59DB-43A1-AF3B-3C86E815BC2D} O43 - CFD: 10/01/2012 - 15:25:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D9EC2A4-E3E6-496B-AA4D-11CDB03D28F7} O43 - CFD: 22/04/2012 - 19:28:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3E424CF5-F89F-4A40-90CB-650D2353C14F} O43 - CFD: 19/11/2011 - 20:26:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3F674C72-1571-4B12-A353-971FAD8FC21C} O43 - CFD: 05/11/2011 - 11:01:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{41FFFD4B-3C3E-4A00-9ACB-CFD1F834541A} O43 - CFD: 22/05/2012 - 18:44:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{420E1D61-AA19-49A3-9978-A2A974FAFE6B} O43 - CFD: 04/02/2012 - 22:00:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42A98A64-EE96-42CE-A024-56120C545EBB} O43 - CFD: 02/12/2011 - 21:12:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42AF04B9-8714-491B-ADDE-4181F322B20D} O43 - CFD: 02/08/2012 - 16:44:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42D314FE-8E2F-4A55-8C22-5161C71FD9FB} O43 - CFD: 05/06/2012 - 14:59:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{44A81291-DE7A-48B4-B41B-19C4659D7D00} O43 - CFD: 02/08/2011 - 11:05:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{458D9B96-CD88-41AF-BB56-F6B20CC129F0} O43 - CFD: 18/04/2012 - 20:28:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{46974A91-7060-486A-8448-17CDC69C5508} O43 - CFD: 29/07/2011 - 18:00:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{47C9C047-8724-4651-8A84-3F263B0A6FB6} O43 - CFD: 02/06/2012 - 12:02:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{48DDE63C-6421-4595-850A-9A450361C2F9} O43 - CFD: 17/02/2012 - 09:36:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49236BB4-FB73-4D80-A766-A146B05D8605} O43 - CFD: 02/06/2012 - 17:34:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49A00D90-5B4D-4021-B03E-CAA9796FACDC} O43 - CFD: 17/01/2012 - 18:24:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4C22B66A-8AC2-4228-9DFE-B3E6AEE276D4} O43 - CFD: 12/06/2012 - 22:05:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4D18B8A4-B385-46BE-825A-1ADFF7984E67} O43 - CFD: 25/01/2012 - 18:27:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{50039014-CE9F-41D9-862E-A7B4D855724B} O43 - CFD: 15/07/2011 - 17:15:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5034EC67-0970-4691-ACAA-25B6B72A9DCA} O43 - CFD: 19/07/2011 - 16:18:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{503E0967-EEE1-4695-8C91-AD1CA10CE117} O43 - CFD: 14/10/2011 - 10:38:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5113999F-4E24-468F-A760-7416268C3C10} O43 - CFD: 28/02/2012 - 19:13:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{511827F5-DCFF-43A1-8CB8-B3A0C78D4A06} O43 - CFD: 19/04/2012 - 10:04:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{51338AC8-2C1A-489E-A173-9960F478C4F5} O43 - CFD: 18/07/2011 - 11:48:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{53C6C867-539A-45FA-A114-F86EA8D2047E} O43 - CFD: 08/03/2012 - 11:29:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{545E30D5-A125-465E-86DD-435729270AA3} O43 - CFD: 05/03/2012 - 20:47:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{54BE11AC-1483-4C89-ABFB-8D77629E4B87} O43 - CFD: 02/12/2011 - 21:12:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{55E5FCB6-C810-44D4-9B1C-E34C16D487EF} O43 - CFD: 08/10/2011 - 12:29:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564C0A73-34E0-4925-B45C-74DB66FA6E0C} O43 - CFD: 23/05/2011 - 22:34:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564FB850-B5FB-4565-80F3-7F1AD406F53E} O43 - CFD: 20/08/2011 - 22:12:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58F8D357-2B1D-4094-AEB5-457D98D9E24A} O43 - CFD: 31/12/2011 - 20:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58FF5309-4F25-43DE-80FC-C7243F7CA3E9} O43 - CFD: 09/08/2011 - 11:34:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C1E817A-6C3A-4E17-BC0C-54C1902A3A44} O43 - CFD: 27/03/2012 - 11:45:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C35D4C3-442D-4780-8580-3AC1A1FEB512} O43 - CFD: 08/10/2011 - 12:29:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C9B252A-36C5-4FFB-82B3-3457D57FC021} O43 - CFD: 26/05/2012 - 18:53:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5D91F207-4FB4-4F08-8AC6-9D6352D37727} O43 - CFD: 13/08/2012 - 21:31:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FAE381B-0AB2-4977-ACC5-368FA7F26AF9} O43 - CFD: 28/02/2012 - 19:13:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FFBC631-BF06-413A-A19D-0F20E321C0B8} O43 - CFD: 27/08/2011 - 12:21:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6005DCC3-970F-4E46-B9C5-9B47D755ADED} O43 - CFD: 03/12/2011 - 22:08:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{604F1250-4B3E-4DE1-9397-4620D69B08FA} O43 - CFD: 04/07/2011 - 20:03:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{60E6B64F-3ABC-4C10-AAD6-A6BD6CF00EA5} O43 - CFD: 09/06/2012 - 10:50:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{611EABBA-A411-4D54-BB73-292F35DD3007} O43 - CFD: 13/08/2012 - 21:31:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6168A489-162C-4090-B2A2-CD911247C61B} O43 - CFD: 10/08/2012 - 18:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61756327-F48E-4D16-B495-CAEF3A5ABF9E} O43 - CFD: 07/08/2011 - 21:47:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61A76CF7-160D-456D-9909-76C01C9E5E7A} O43 - CFD: 21/08/2012 - 16:01:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{659AD626-9E34-49DC-B8D5-E0A76A98E839} O43 - CFD: 17/03/2012 - 11:50:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{65DA37D5-CDD0-46BE-BBD2-16A476F06A82} O43 - CFD: 13/08/2011 - 14:14:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{669B8C0F-77DC-4DF1-90B5-B16E71B2669A} O43 - CFD: 31/03/2012 - 17:20:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6778FB08-5801-4FD6-B042-DC6972B882A5} O43 - CFD: 29/05/2011 - 19:14:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{69A71769-B405-4606-A0F1-422E5C509616} O43 - CFD: 22/05/2012 - 18:44:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6C700B60-EAA5-4F8E-B485-AC5AB801251D} O43 - CFD: 21/05/2011 - 19:10:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6CEA190A-3ED5-4DE8-B3BF-B573C68118E3} O43 - CFD: 01/08/2011 - 18:01:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6DE24520-D463-4C95-8B3A-4F1BBB4DE42B} O43 - CFD: 19/06/2012 - 16:00:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{702B4399-D61F-4C6F-AF16-B8C9D2A622A8} O43 - CFD: 26/05/2012 - 18:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{705842A0-B883-4973-B85E-E7D3DBFE312B} O43 - CFD: 27/04/2012 - 20:37:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{718FA3C9-FC4F-4173-B32E-6205BE4A1AED} O43 - CFD: 29/08/2012 - 20:35:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72A11FD4-707A-4723-B6FC-C9B0B3DED641} O43 - CFD: 22/04/2011 - 11:27:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72C6B4D2-F792-4F31-85C0-416859499A5C} O43 - CFD: 26/05/2011 - 20:06:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{738C7055-E9BE-45B4-90BD-5E0D1D1FBB1B} O43 - CFD: 27/07/2011 - 15:25:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7391A456-9FBD-4606-A9BD-29FD95FEF01B} O43 - CFD: 20/03/2012 - 10:10:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7404F573-FE84-4F76-ABC0-033A4E5E5660} O43 - CFD: 09/05/2012 - 20:38:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7433F93E-1789-49EA-B305-C54A469B99C4} O43 - CFD: 30/07/2012 - 11:49:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743AD8E5-3F83-4F15-B294-36CC42CA2080} O43 - CFD: 01/08/2012 - 17:05:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743C7856-84B2-42EB-A159-CDAC7BA47846} O43 - CFD: 25/05/2011 - 20:16:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{75130D14-6848-4FFD-A845-96A980A8D551} O43 - CFD: 18/04/2012 - 20:10:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{76ADC5BC-D1E0-4A71-8E7D-11EEB0AC1C4E} O43 - CFD: 18/04/2012 - 20:28:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{776AE50F-955C-41DF-A933-D5C50273E2C8} O43 - CFD: 27/01/2012 - 11:36:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{780C4E29-E245-459D-B32B-7DC9BA277BA1} O43 - CFD: 24/12/2011 - 19:26:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{78997733-15DC-4674-8914-CC72F9FC22FB} O43 - CFD: 31/01/2012 - 12:05:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{790DFAB7-0C64-4B6E-8DD5-A902FCEE0EC7} O43 - CFD: 14/07/2011 - 12:11:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{793A43ED-A608-4B30-A2FA-106D930B7812} O43 - CFD: 24/04/2011 - 14:44:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7C2A4677-9B42-4FC9-99CD-50272695B56A} O43 - CFD: 15/05/2011 - 18:30:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7F206D8C-400A-4AB6-8C6F-E18363DF104F} O43 - CFD: 27/06/2011 - 21:09:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{80452835-7547-4B9C-8D43-DC34F39BD83A} O43 - CFD: 11/07/2012 - 11:51:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{81FF45F1-B25D-4ABE-8521-355B13BF3834} O43 - CFD: 14/01/2012 - 13:25:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{862D16C9-39F3-427F-9A51-40E66AE6CF1F} O43 - CFD: 23/06/2012 - 16:56:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{867D7B11-70EB-4597-A3EC-31DE654ABD0B} O43 - CFD: 28/07/2012 - 10:40:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{86A70624-24FE-4848-A23F-F28333E00AB4} O43 - CFD: 14/06/2012 - 17:28:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{87D9215E-5397-4249-A253-2374B8BF42FB} O43 - CFD: 24/01/2012 - 17:38:02 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8C57852B-8FDC-49A1-9E51-5272F02BF160} O43 - CFD: 25/06/2012 - 12:03:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8CF2C62F-CFD3-482A-B4E2-F41A5A23CDF8} O43 - CFD: 25/07/2011 - 16:27:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8D7386BB-F175-4F30-9AF8-427530D444E2} O43 - CFD: 24/06/2011 - 17:01:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8FF6CE42-D751-4A0C-A371-7097DF017844} O43 - CFD: 14/10/2011 - 17:04:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{90C20204-EB26-4845-A4A8-EA4A3B6600CA} O43 - CFD: 14/06/2011 - 22:00:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94153A08-1E2A-4276-83A6-8147CCED3F7B} O43 - CFD: 18/07/2012 - 19:21:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94649819-5806-437F-BF32-18844A133222} O43 - CFD: 06/02/2012 - 19:55:57 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9486F1D9-3607-4478-A006-51F270BDFF79} O43 - CFD: 19/08/2011 - 15:44:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{954F3661-1395-4058-93AD-7B74CA563450} O43 - CFD: 13/07/2011 - 11:38:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9576FC1F-A2FE-44B7-B74A-87E6D72B3F8B} O43 - CFD: 10/05/2012 - 20:15:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{964CA773-8677-446B-B884-F9587A6FF166} O43 - CFD: 19/08/2011 - 15:44:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{978F37DC-1569-45ED-9797-9E17FE99892C} O43 - CFD: 19/11/2011 - 20:26:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{97CD1FCC-8F1C-4080-87D1-2963F31D843C} O43 - CFD: 20/07/2012 - 14:38:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{990DE35F-42AA-4FB9-8F42-FB59A2F787E3} O43 - CFD: 05/02/2012 - 23:08:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{99BAF654-C18B-4842-8367-BA6B5CE032B6} O43 - CFD: 28/10/2011 - 11:43:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9A78FFAF-3DEB-44F2-A3E3-E41251588BF2} O43 - CFD: 30/07/2012 - 11:49:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9BBD54C9-DF22-47ED-BE9D-17AE6D636CBD} O43 - CFD: 25/04/2012 - 15:21:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C46E3DF-782F-41F7-A76A-44ABB3C3A08F} O43 - CFD: 16/01/2012 - 09:54:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C83854E-CDB8-4C61-B148-AC9E18359EDD} O43 - CFD: 18/06/2012 - 09:03:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EA1F630-8856-4206-A18B-20A5D64CEC1F} O43 - CFD: 25/08/2011 - 11:53:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EB71E41-148B-4786-9595-C9ECBFD1CDB2} O43 - CFD: 13/08/2011 - 14:14:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9F2B9ECF-384F-4D99-9AED-3929D6AD1A27} O43 - CFD: 20/01/2012 - 16:32:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FC6CEED-3836-4ECE-B881-F66A00B1CDD6} O43 - CFD: 11/06/2011 - 11:33:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FE426F4-23F8-4F17-85A2-65F0E46816AE} O43 - CFD: 16/06/2012 - 22:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A05204A7-0B4C-43A0-BDF4-591D39F115BC} O43 - CFD: 03/12/2011 - 22:08:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A51353F0-FBDF-42FD-8A6F-1AA5C4E569D6} O43 - CFD: 30/05/2011 - 11:19:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6069280-F3D7-4C8F-AD41-D069D0C928C3} O43 - CFD: 02/08/2012 - 16:45:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6697EFE-96D3-4A51-ACA7-9C60314C477B} O43 - CFD: 11/07/2011 - 11:50:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A67911B2-F3D8-4D21-BB4B-AD3FC530C8F5} O43 - CFD: 28/07/2012 - 10:40:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A88407FF-C140-4EAB-9DA8-1B2C09FBCA5A} O43 - CFD: 03/05/2012 - 20:33:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A8D460ED-536F-4AE9-866F-AA35CAA133A4} O43 - CFD: 09/01/2012 - 09:28:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A94291AE-8B84-4316-9487-918356D26567} O43 - CFD: 25/01/2012 - 18:26:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A976A775-C01E-49C0-8BC7-12E0B23EBAFF} O43 - CFD: 23/03/2012 - 10:49:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AAC8A007-37BE-45B9-9682-13B1ABB26FD1} O43 - CFD: 17/08/2012 - 18:59:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AB484D35-B0C7-4FCC-B5F9-604A314B50F2} O43 - CFD: 27/04/2012 - 20:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ADDD8BBF-6EBB-4423-8505-BC3205ED8C54} O43 - CFD: 05/08/2011 - 11:42:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AF6B0C98-DADC-44E3-B80C-63166D2188F6} O43 - CFD: 26/06/2012 - 09:11:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AFD56E1F-1D25-4554-9995-878FF0C20852} O43 - CFD: 08/06/2012 - 18:29:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0757281-6178-46ED-B005-26C890395C59} O43 - CFD: 28/05/2011 - 19:11:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0E2C766-628B-416D-98E9-1379EF6BA11F} O43 - CFD: 19/11/2011 - 20:00:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B14FE2E9-057B-42FF-986C-87AA8069B31F} O43 - CFD: 05/06/2011 - 21:47:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B17F6F67-62E9-4323-8DAA-957E83DC95FA} O43 - CFD: 14/10/2011 - 10:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B1F6D0A6-D807-4DA7-8592-E3FE49319C37} O43 - CFD: 14/10/2011 - 17:04:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B412A248-F8D1-40A9-8014-3FF9139F01B9} O43 - CFD: 25/08/2011 - 11:53:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B5012B5B-941F-44BE-AF08-FB863D4C92DD} O43 - CFD: 10/08/2012 - 18:36:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B50C87FE-0E7E-4815-A63B-88D91B5D57D3} O43 - CFD: 18/07/2012 - 19:21:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B63B020C-75F6-434F-952D-6DE9C5B2D5D6} O43 - CFD: 25/04/2012 - 15:21:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B728BCD8-7509-43AF-80D3-34CA3C4FD57E} O43 - CFD: 08/03/2012 - 11:29:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8492EF9-5686-4B2D-AF7F-560021889466} O43 - CFD: 28/01/2012 - 12:04:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B891C550-76C2-45E5-9913-E8479EC0AD0C} O43 - CFD: 01/05/2012 - 11:02:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8A23A85-B9D8-46F0-8E82-402FF363914B} O43 - CFD: 15/11/2011 - 09:57:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B9E7CD25-9C80-432E-A7DA-E19A688A4DDB} O43 - CFD: 08/06/2011 - 11:07:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BA151CC2-9A4D-43C7-9310-182811590608} O43 - CFD: 23/06/2012 - 16:57:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BAE247B5-055D-4B44-A574-1402C94F8E36} O43 - CFD: 11/08/2011 - 12:13:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BE89D8F9-D4BE-4546-80EA-D28A1FAC0D11} O43 - CFD: 05/06/2012 - 15:00:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF331A2F-BBA9-49BA-A7A7-573CB78AE922} O43 - CFD: 01/06/2011 - 12:07:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF345FDF-0548-4DCF-952B-10E3368E9EF1} O43 - CFD: 02/07/2011 - 21:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF6DABF9-E8C1-4103-BBAB-92BCE9B29833} O43 - CFD: 11/07/2012 - 11:51:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BFD8B59D-A8B0-4449-9701-1B8063A6F7F3} O43 - CFD: 10/08/2011 - 11:19:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C1C6C418-C210-41EE-90EC-E093EFC21D53} O43 - CFD: 09/05/2012 - 20:38:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C28F0782-E6ED-481B-82E1-A7213E1AB326} O43 - CFD: 02/06/2012 - 12:02:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C6D9FA07-953C-4228-BFB4-59599411096C} O43 - CFD: 03/07/2011 - 20:45:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C790E081-A8C0-4D14-96C8-458FCC852D26} O43 - CFD: 12/01/2012 - 14:58:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C796DAD4-5755-4CA7-BBD0-099EEC92C540} O43 - CFD: 19/06/2011 - 22:05:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7A4A3D6-1783-4FF0-B582-883AE0320CE8} O43 - CFD: 12/07/2011 - 12:06:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7E5416E-64DD-4B8E-A070-A2F02D631BC8} O43 - CFD: 17/03/2012 - 11:51:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C8EE61C1-1B6B-4CC5-84F7-0AA98D37D49B} O43 - CFD: 09/08/2011 - 11:35:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C932BA6C-DE16-43BF-BA9B-2638698D0987} O43 - CFD: 22/06/2011 - 21:21:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C9D7A54E-A566-48A1-AA9E-FE21BC0336BC} O43 - CFD: 20/07/2012 - 14:37:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CB660A7C-1BE9-415B-B1C3-CF3D627347DF} O43 - CFD: 20/07/2011 - 10:36:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CBDEBCDE-17FF-4C29-953E-CC81278478BE} O43 - CFD: 23/07/2011 - 11:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CD709A6C-C6E2-4D69-B343-EECD32A53296} O43 - CFD: 22/04/2012 - 19:29:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D2B547C8-F9C6-485B-94A9-40BF0D2A3604} O43 - CFD: 11/05/2011 - 22:27:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D48D9CB6-5347-4593-8BDC-2A15739FCBC7} O43 - CFD: 12/01/2012 - 14:58:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D54EA7D7-DE8B-4C11-8B15-5E4E5FC589EB} O43 - CFD: 25/01/2012 - 18:26:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D58D7AFA-1E06-4662-B38E-912FB29E652E} O43 - CFD: 16/01/2012 - 09:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D6A6B481-28A5-4CFF-9FEA-B0174C9F25C5} O43 - CFD: 18/02/2012 - 19:50:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D756CD04-BBC3-4FB6-8357-2834799BBC1F} O43 - CFD: 03/09/2011 - 12:46:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D7A83F02-B072-4759-B381-93D3C90FDDEB} O43 - CFD: 05/03/2012 - 20:47:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D82F233D-5260-4FFF-94CF-AE7E8601FCDD} O43 - CFD: 28/01/2012 - 12:04:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D99E055F-1B5D-4ACA-BB35-924E8C84467F} O43 - CFD: 01/08/2012 - 17:05:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DA6A6F03-B454-40D4-8CD3-4640C4329579} O43 - CFD: 04/08/2011 - 20:39:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DC309D7D-1107-461B-9121-2C88F0E3E8BD} O43 - CFD: 30/07/2011 - 13:37:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DD37E408-2AB7-4E53-A0AF-E2B78328FD03} O43 - CFD: 20/04/2011 - 23:06:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DDE3FEEB-AF94-4D7F-9EE2-6F6DE8244818} O43 - CFD: 15/11/2011 - 09:57:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DE52219A-A478-4D6B-8216-399C771A3B4D} O43 - CFD: 23/03/2012 - 10:49:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0231D41-BD0C-4DE5-B093-118D59BCC734} O43 - CFD: 11/08/2012 - 11:35:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0D36E16-FEC4-412D-A2D0-01ACC560E6D5} O43 - CFD: 28/08/2012 - 19:05:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1609A45-54E8-4658-9FF0-5D5B169D7499} O43 - CFD: 07/03/2012 - 16:29:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1705C6F-CF3F-4FB4-A9C7-E59E6178AA1A} O43 - CFD: 07/08/2011 - 21:47:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E23E874F-275B-4719-8DB2-D038DFF195E7} O43 - CFD: 18/02/2012 - 19:50:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E3114627-B157-4CB9-A8BC-CC1F504E33C3} O43 - CFD: 11/08/2011 - 12:13:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E62C9541-8A76-4BC5-8CEB-5EC33428D916} O43 - CFD: 20/08/2012 - 19:20:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E63F7EB3-FAB2-473C-9998-43B63A26F8D7} O43 - CFD: 17/01/2012 - 18:25:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E7F24925-8B06-40FC-BED0-019FC4E98671} O43 - CFD: 09/01/2012 - 09:29:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E83A8FF6-8227-4BED-B562-8B1AC5DE13DB} O43 - CFD: 18/10/2011 - 14:37:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E8442A36-D776-4870-A151-91588A918973} O43 - CFD: 31/01/2012 - 12:05:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E99A4590-AE91-4144-B500-BE2B0243F4EA} O43 - CFD: 12/06/2011 - 20:26:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E9CBC65D-F19F-4F37-BAD0-7FC30623C7FA} O43 - CFD: 06/07/2011 - 19:52:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EB69F983-5E5C-41EC-B953-A2FC0AE71D62} O43 - CFD: 19/04/2012 - 10:04:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EBF874DA-34EC-4F32-A1ED-A98FBD2255B6} O43 - CFD: 02/06/2012 - 17:34:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ECB187EF-E069-4F0E-A21F-F01F0959AF8A} O43 - CFD: 05/05/2011 - 20:47:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDAF8BE7-29C1-4C13-B1A1-1CEB4C90BAA0} O43 - CFD: 05/11/2011 - 11:01:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDD66320-496C-4ED6-A460-B32EE4592E7A} O43 - CFD: 26/05/2012 - 19:27:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EE5CC157-73DA-44FA-9E0D-1810A04DD8CF} O43 - CFD: 27/11/2011 - 18:17:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EF05B9DF-7C3D-4B00-8D99-943E830F53AF} O43 - CFD: 05/02/2012 - 23:08:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F15D49E8-9E38-41B6-8187-1BD016D5824E} O43 - CFD: 10/01/2012 - 15:24:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1CA2C83-18E4-40FE-A3DD-49113865EB52} O43 - CFD: 14/06/2012 - 17:27:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1D2C45B-A842-4EC7-9041-268107451A6C} O43 - CFD: 03/07/2012 - 17:17:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F218BB45-85A4-4F8D-93F4-D0B1977B015B} O43 - CFD: 28/06/2012 - 11:43:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4170A31-57A4-4CD5-864F-2438F7895647} O43 - CFD: 27/08/2011 - 12:21:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4F3E800-7C51-4960-ABD0-5A5E40B2E263} O43 - CFD: 18/01/2012 - 09:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5541822-771F-4AD7-9A42-E79C555C385D} O43 - CFD: 25/06/2012 - 12:03:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5649858-DFB4-4ADB-AB8F-4AC54D9ECCA5} O43 - CFD: 03/07/2012 - 17:17:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F6DC0AF1-C8A6-492D-8E23-D295EEDC06E1} O43 - CFD: 15/06/2012 - 00:18:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7088F1D-8D61-4417-98D5-8973DA9C3877} O43 - CFD: 23/04/2011 - 15:48:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7635666-2AFE-40F5-8718-1A04DFC652B3} O43 - CFD: 14/05/2011 - 11:31:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7ED5527-BA39-496E-9F4E-D1D126A1488B} O43 - CFD: 10/04/2012 - 20:48:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F8D9A2E5-8109-48E5-B8CF-0C0B02362CC0} O43 - CFD: 08/08/2012 - 20:32:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F92FAC23-4B18-4D18-8B8D-A1C717FAF52E} O43 - CFD: 27/11/2011 - 18:17:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FAD752F5-2F6B-49CF-8077-6EF5D0BF623A} O43 - CFD: 23/06/2012 - 11:32:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FD680FEE-385A-43AC-8672-023D7AA7A9A5} O43 - CFD: 05/05/2012 - 11:35:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE24EABF-9543-4C38-A92B-F7FEBE61C38E} O43 - CFD: 08/08/2012 - 20:32:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE7E7F80-ABAF-4161-B351-8F6EC87078D5} O43 - CFD: 08/05/2012 - 20:00:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FEE0A23A-1D91-42B0-92D5-DD8C068778F5} O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.) O53 - SMSR:HKLM\...\startupreg\CCLite [Key] . (.ms - No comment.) -- C:\Windows\system32\Event Agent\ea.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\SnowWallpaper [Key] . (...) -- C:\Program Files (x86)\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon) O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster) O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster) O67 - Shell Spawning: <.html> <Opera.HTML>[HKLM\..\open\Command] (.Not Key.) O87 - FAEL: "{D3073D82-59EE-4FA7-9862-3065C9C316EB}" | In - Private - P6 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe => Infection Vundo O87 - FAEL: "{89A3D4C2-AD57-4323-9D79-2AC711F2323C}" | In - Private - P17 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe => Infection Vundo O87 - FAEL: "{67973313-4C1A-49DC-91FC-0F8E2C804F06}" | In - Private - P6 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe => Infection Vundo O87 - FAEL: "{D00FDBEF-BD44-402C-82DC-9C0A5826CC98}" | In - Private - P17 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe => Infection Vundo O87 - FAEL: "{E36D5C6E-06B0-426C-8BC9-115DD50DF237}" | In - Private - P6 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe => Infection Vundo O87 - FAEL: "{D7511860-62FA-4C7B-B329-B29586428484}" | In - Private - P17 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe => Infection Vundo O87 - FAEL: "{93D618D0-4F54-4EBE-8357-028106B604D6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster) O87 - FAEL: "{9627CE69-A86F-4A8E-A9CE-9B23904AC2EB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster) O87 - FAEL: "{3D6855D7-76A7-42A4-A2FC-2038BD5C0BBD}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{01B906B5-112E-4A06-839C-959E2C8E7E04}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{CE9452B6-C37D-4513-8E78-F0FA965AC822}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{083E5BF8-0F2B-4690-84C6-70DA9A858737}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{02662005-3F39-4515-BF3F-2E5052835644}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{63D2521D-71D4-49B8-A6EE-C5C99EFF717C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{B0F78EF4-9A7B-41A7-8E73-688109198FA1}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{FDDD53EE-7DFD-4D05-A2DD-11027B82D22E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{F4B5D5E7-065A-429A-9B9F-A9243D90B00D}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{858E25DF-AFB0-4D46-82CD-8723399497A6}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified => Infection BT (Hijacker.Application) [HKCU\Software\Tutorials] => Toolbar.Agent [HKLM\Software\Trymedia Systems] => Infection BT (Adware.Trymedia) [HKLM\Software\WOW6432Node\Trymedia Systems] => Infection BT (Adware.Trymedia) proxyfix emptytemp emptyflash firewallraz sysrestore |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C" |- Minimize o Bloco de Notas. |- Clique no menu,"Paste ClipBoard". |- Clique em "GO" -> Oui. |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 9, 2012 boa noite, Dgram segue o relatório Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012 Fichier d'export Registre : Run by PAULOROBERTO at 09/09/2012 00:42:04 Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Software ========== NOT FOUND Software Key: {A6E71E28-43CB-423E-B415-B7C00D77902E} ========== Memory Process ========== DELETED Memory Process: C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe DELETED Memory Process: C:\Windows\AutoKMS.exe ========== Registry Key ========== DELETED Key*: Service: KMService DELETED Key*: Service: System Event Agent NOT FOUND Key: Service: KMService NOT FOUND Key: Service: System Event Agent DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.) DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.) DELETED Key: StartupReg: CCLite DELETED Key: StartupReg: SnowWallpaper DELETED Key: StartupReg: BabylonToolbar DELETED Key: StartupReg: Iminent DELETED Key: StartupReg: IminentMessenger DELETED Key*: HKCU\Software\Tutorials NOT FOUND Key: HKLM\Software\Trymedia Systems DELETED Key*: HKLM\Software\WOW6432Node\Trymedia Systems ========== Registry Value ========== DELETED RunValue: CCLite DELETED {D3073D82-59EE-4FA7-9862-3065C9C316EB} DELETED {89A3D4C2-AD57-4323-9D79-2AC711F2323C} DELETED {67973313-4C1A-49DC-91FC-0F8E2C804F06} DELETED {D00FDBEF-BD44-402C-82DC-9C0A5826CC98} DELETED {E36D5C6E-06B0-426C-8BC9-115DD50DF237} DELETED {D7511860-62FA-4C7B-B329-B29586428484} DELETED {93D618D0-4F54-4EBE-8357-028106B604D6} DELETED {9627CE69-A86F-4A8E-A9CE-9B23904AC2EB} DELETED {3D6855D7-76A7-42A4-A2FC-2038BD5C0BBD} DELETED {01B906B5-112E-4A06-839C-959E2C8E7E04} DELETED {CE9452B6-C37D-4513-8E78-F0FA965AC822} DELETED {083E5BF8-0F2B-4690-84C6-70DA9A858737} DELETED {02662005-3F39-4515-BF3F-2E5052835644} DELETED {63D2521D-71D4-49B8-A6EE-C5C99EFF717C} DELETED {B0F78EF4-9A7B-41A7-8E73-688109198FA1} DELETED {FDDD53EE-7DFD-4D05-A2DD-11027B82D22E} DELETED {F4B5D5E7-065A-429A-9B9F-A9243D90B00D} DELETED {858E25DF-AFB0-4D46-82CD-8723399497A6} ProxyFix : Proxy killed successfully DELETED ProxyServer Value DELETED ProxyEnable Value DELETED EnableHttp1_1 Value DELETED ProxyHttp1.1 Value DELETED ProxyOverride Value No Value in Standard Profile Register Key FirewallRaz : No Value in Domain Profile Register Key FirewallRaz : DELETED FirewallRaz (None) : {4E93A75C-47CA-427E-8006-895E83BF4E43} DELETED FirewallRaz (None) : {AFF9AC96-E165-4DDE-94BC-2794A8C6BB26} ========== Registry Data Items ========== REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVED Explorer Association Data Application: http://www.filefacts.net/redirect.php?ext=%s ========== Repertory ========== NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Histórico DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\WinISO Computing DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{00F4F231-F954-4B9C-B23C-6A5CC67EC444} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{0210C146-0236-4C1F-BC2D-4B7D2704D259} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{02A26541-0209-433A-B549-6D6436CE17EC} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{03317A69-A0AD-4BD9-B478-594D0989C33D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{039A5CD6-6BC4-41E4-92CC-347D4314D7EB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{046F5414-3B69-4D88-9B0D-0C7A31D19AE4} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{053C9CB3-C583-498E-B5F3-27878A76E5AE} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{070D0DC1-4B1D-4921-9BFC-FD6692FFDB05} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{088F2EB2-A08A-4B16-BB75-0D0B36DC8057} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{08A5DE3B-9DB0-471F-AA5D-3F2C42476419} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{09BF84FC-20B0-4F8E-A34C-5BC3EABD97AB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{0C0371F1-91FE-457E-8498-E7570238F398} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{103BCF28-C2AF-45E0-A228-A7079622D0BA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1220C7CD-BCB8-4AD5-B7C0-4B5AC49E8B71} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{12925EE2-2FB9-4247-8AEE-EDB9968DAECD} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{13F50FCF-9AE6-4281-8F35-CA81AEB6B740} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{14683B31-094E-42FC-9623-505B09AFBC31} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{15033920-076E-48B6-98C0-759684E792FC} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{15372CE0-3A5A-4415-AFC7-553D97631373} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{15FC2A6A-4503-4ECA-9810-2692B586C9B9} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1606896D-1092-42F4-BEDB-7C87B7E6C20C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{16C19A8E-5DAB-4794-A260-9C418945EFB2} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{179FCAFA-6F4E-44FC-890E-108B1F0C771C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1945E11C-15B5-44C1-9E65-CE3D01D0B818} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1AF167D6-57A1-4069-B6BA-65FF16859E63} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1C31741C-0431-4008-9FBC-DEF185CC4612} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1C83A534-5153-46B1-B561-B1BE7BB967C1} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1D717EC7-97AF-4BED-9820-EDB472174D4C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1E0B28A5-A9C2-4FA2-87D0-CB0A54A4A7C8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1F798B63-D942-4EF4-B528-156800586070} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2315F420-3E42-473D-A47D-FFC1EB4F4DB3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2491BE60-7ECC-4A86-8248-C42F39F736B2} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2565103F-8291-402B-8E81-42C820F12140} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2567346A-EE13-44EA-B598-C39B5C555D09} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{281ECC3C-CF64-47F9-B45D-85CD82091750} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{28DAE245-9622-4A7F-8AFB-2F46FE87269A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{29E24AC7-F034-4E6D-837D-F5CC3553DB6D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2D691E10-50A9-45C0-9268-3E41CB483DC0} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2E2743A6-2260-4A01-83AD-F37EDBD06206} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2E60D613-16B6-4B62-91C5-006FA4CDD04D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{30301572-A4AE-4095-A160-2B83F49D3165} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{305BBF4F-2DC9-499C-96F9-0F9E1E2B2E65} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{30DEAC39-31E0-4326-A1F1-423220D3BCDB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{327D5FAA-9700-40D9-9BC8-FF1FED6E270F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3389890D-7AC8-4D34-9272-B3AC449CD717} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{34329794-ADBD-4A36-AEBD-922831D8416B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{357F54F6-B589-42FF-A37D-2EE81B03F34E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3854C9F3-815F-4A3A-9E91-E3FED88C1915} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{38783BBD-2E89-4807-ADA1-6ADFD6986E76} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{389FE628-295D-4C70-AD1C-430F8A0617D1} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{397AD953-6D8E-4F49-B352-A9D6A15E591B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3B0A9B4A-6724-4F18-9F09-0C991E4ABA45} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3B49AB33-10A7-463D-939A-AE56F728DD4B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3C141791-0E9D-453B-BC93-CA12846F4419} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3C56C4B7-3D39-4EBF-B003-BC54EF534B0A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3D5630E4-59DB-43A1-AF3B-3C86E815BC2D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3D9EC2A4-E3E6-496B-AA4D-11CDB03D28F7} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3E424CF5-F89F-4A40-90CB-650D2353C14F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3F674C72-1571-4B12-A353-971FAD8FC21C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{41FFFD4B-3C3E-4A00-9ACB-CFD1F834541A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{420E1D61-AA19-49A3-9978-A2A974FAFE6B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{42A98A64-EE96-42CE-A024-56120C545EBB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{42AF04B9-8714-491B-ADDE-4181F322B20D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{42D314FE-8E2F-4A55-8C22-5161C71FD9FB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{44A81291-DE7A-48B4-B41B-19C4659D7D00} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{458D9B96-CD88-41AF-BB56-F6B20CC129F0} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{46974A91-7060-486A-8448-17CDC69C5508} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{47C9C047-8724-4651-8A84-3F263B0A6FB6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{48DDE63C-6421-4595-850A-9A450361C2F9} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{49236BB4-FB73-4D80-A766-A146B05D8605} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{49A00D90-5B4D-4021-B03E-CAA9796FACDC} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{4C22B66A-8AC2-4228-9DFE-B3E6AEE276D4} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{4D18B8A4-B385-46BE-825A-1ADFF7984E67} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{50039014-CE9F-41D9-862E-A7B4D855724B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5034EC67-0970-4691-ACAA-25B6B72A9DCA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{503E0967-EEE1-4695-8C91-AD1CA10CE117} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5113999F-4E24-468F-A760-7416268C3C10} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{511827F5-DCFF-43A1-8CB8-B3A0C78D4A06} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{51338AC8-2C1A-489E-A173-9960F478C4F5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{53C6C867-539A-45FA-A114-F86EA8D2047E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{545E30D5-A125-465E-86DD-435729270AA3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{54BE11AC-1483-4C89-ABFB-8D77629E4B87} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{55E5FCB6-C810-44D4-9B1C-E34C16D487EF} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{564C0A73-34E0-4925-B45C-74DB66FA6E0C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{564FB850-B5FB-4565-80F3-7F1AD406F53E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{58F8D357-2B1D-4094-AEB5-457D98D9E24A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{58FF5309-4F25-43DE-80FC-C7243F7CA3E9} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5C1E817A-6C3A-4E17-BC0C-54C1902A3A44} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5C35D4C3-442D-4780-8580-3AC1A1FEB512} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5C9B252A-36C5-4FFB-82B3-3457D57FC021} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5D91F207-4FB4-4F08-8AC6-9D6352D37727} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5FAE381B-0AB2-4977-ACC5-368FA7F26AF9} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5FFBC631-BF06-413A-A19D-0F20E321C0B8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6005DCC3-970F-4E46-B9C5-9B47D755ADED} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{604F1250-4B3E-4DE1-9397-4620D69B08FA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{60E6B64F-3ABC-4C10-AAD6-A6BD6CF00EA5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{611EABBA-A411-4D54-BB73-292F35DD3007} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6168A489-162C-4090-B2A2-CD911247C61B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{61756327-F48E-4D16-B495-CAEF3A5ABF9E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{61A76CF7-160D-456D-9909-76C01C9E5E7A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{659AD626-9E34-49DC-B8D5-E0A76A98E839} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{65DA37D5-CDD0-46BE-BBD2-16A476F06A82} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{669B8C0F-77DC-4DF1-90B5-B16E71B2669A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6778FB08-5801-4FD6-B042-DC6972B882A5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{69A71769-B405-4606-A0F1-422E5C509616} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6C700B60-EAA5-4F8E-B485-AC5AB801251D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6CEA190A-3ED5-4DE8-B3BF-B573C68118E3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6DE24520-D463-4C95-8B3A-4F1BBB4DE42B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{702B4399-D61F-4C6F-AF16-B8C9D2A622A8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{705842A0-B883-4973-B85E-E7D3DBFE312B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{718FA3C9-FC4F-4173-B32E-6205BE4A1AED} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{72A11FD4-707A-4723-B6FC-C9B0B3DED641} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{72C6B4D2-F792-4F31-85C0-416859499A5C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{738C7055-E9BE-45B4-90BD-5E0D1D1FBB1B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7391A456-9FBD-4606-A9BD-29FD95FEF01B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7404F573-FE84-4F76-ABC0-033A4E5E5660} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7433F93E-1789-49EA-B305-C54A469B99C4} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{743AD8E5-3F83-4F15-B294-36CC42CA2080} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{743C7856-84B2-42EB-A159-CDAC7BA47846} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{75130D14-6848-4FFD-A845-96A980A8D551} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{76ADC5BC-D1E0-4A71-8E7D-11EEB0AC1C4E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{776AE50F-955C-41DF-A933-D5C50273E2C8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{780C4E29-E245-459D-B32B-7DC9BA277BA1} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{78997733-15DC-4674-8914-CC72F9FC22FB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{790DFAB7-0C64-4B6E-8DD5-A902FCEE0EC7} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{793A43ED-A608-4B30-A2FA-106D930B7812} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7C2A4677-9B42-4FC9-99CD-50272695B56A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7F206D8C-400A-4AB6-8C6F-E18363DF104F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{80452835-7547-4B9C-8D43-DC34F39BD83A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{81FF45F1-B25D-4ABE-8521-355B13BF3834} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{862D16C9-39F3-427F-9A51-40E66AE6CF1F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{867D7B11-70EB-4597-A3EC-31DE654ABD0B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{86A70624-24FE-4848-A23F-F28333E00AB4} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{87D9215E-5397-4249-A253-2374B8BF42FB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8C57852B-8FDC-49A1-9E51-5272F02BF160} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8CF2C62F-CFD3-482A-B4E2-F41A5A23CDF8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8D7386BB-F175-4F30-9AF8-427530D444E2} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8FF6CE42-D751-4A0C-A371-7097DF017844} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{90C20204-EB26-4845-A4A8-EA4A3B6600CA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{94153A08-1E2A-4276-83A6-8147CCED3F7B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{94649819-5806-437F-BF32-18844A133222} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9486F1D9-3607-4478-A006-51F270BDFF79} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{954F3661-1395-4058-93AD-7B74CA563450} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9576FC1F-A2FE-44B7-B74A-87E6D72B3F8B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{964CA773-8677-446B-B884-F9587A6FF166} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{978F37DC-1569-45ED-9797-9E17FE99892C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{97CD1FCC-8F1C-4080-87D1-2963F31D843C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{990DE35F-42AA-4FB9-8F42-FB59A2F787E3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{99BAF654-C18B-4842-8367-BA6B5CE032B6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9A78FFAF-3DEB-44F2-A3E3-E41251588BF2} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9BBD54C9-DF22-47ED-BE9D-17AE6D636CBD} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9C46E3DF-782F-41F7-A76A-44ABB3C3A08F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9C83854E-CDB8-4C61-B148-AC9E18359EDD} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9EA1F630-8856-4206-A18B-20A5D64CEC1F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9EB71E41-148B-4786-9595-C9ECBFD1CDB2} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9F2B9ECF-384F-4D99-9AED-3929D6AD1A27} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9FC6CEED-3836-4ECE-B881-F66A00B1CDD6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9FE426F4-23F8-4F17-85A2-65F0E46816AE} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A05204A7-0B4C-43A0-BDF4-591D39F115BC} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A51353F0-FBDF-42FD-8A6F-1AA5C4E569D6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A6069280-F3D7-4C8F-AD41-D069D0C928C3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A6697EFE-96D3-4A51-ACA7-9C60314C477B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A67911B2-F3D8-4D21-BB4B-AD3FC530C8F5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A88407FF-C140-4EAB-9DA8-1B2C09FBCA5A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A8D460ED-536F-4AE9-866F-AA35CAA133A4} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A94291AE-8B84-4316-9487-918356D26567} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A976A775-C01E-49C0-8BC7-12E0B23EBAFF} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AAC8A007-37BE-45B9-9682-13B1ABB26FD1} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AB484D35-B0C7-4FCC-B5F9-604A314B50F2} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{ADDD8BBF-6EBB-4423-8505-BC3205ED8C54} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AF6B0C98-DADC-44E3-B80C-63166D2188F6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AFD56E1F-1D25-4554-9995-878FF0C20852} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B0757281-6178-46ED-B005-26C890395C59} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B0E2C766-628B-416D-98E9-1379EF6BA11F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B14FE2E9-057B-42FF-986C-87AA8069B31F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B17F6F67-62E9-4323-8DAA-957E83DC95FA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B1F6D0A6-D807-4DA7-8592-E3FE49319C37} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B412A248-F8D1-40A9-8014-3FF9139F01B9} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B5012B5B-941F-44BE-AF08-FB863D4C92DD} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B50C87FE-0E7E-4815-A63B-88D91B5D57D3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B63B020C-75F6-434F-952D-6DE9C5B2D5D6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B728BCD8-7509-43AF-80D3-34CA3C4FD57E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B8492EF9-5686-4B2D-AF7F-560021889466} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B891C550-76C2-45E5-9913-E8479EC0AD0C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B8A23A85-B9D8-46F0-8E82-402FF363914B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B9E7CD25-9C80-432E-A7DA-E19A688A4DDB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BA151CC2-9A4D-43C7-9310-182811590608} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BAE247B5-055D-4B44-A574-1402C94F8E36} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BE89D8F9-D4BE-4546-80EA-D28A1FAC0D11} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BF331A2F-BBA9-49BA-A7A7-573CB78AE922} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BF345FDF-0548-4DCF-952B-10E3368E9EF1} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BF6DABF9-E8C1-4103-BBAB-92BCE9B29833} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BFD8B59D-A8B0-4449-9701-1B8063A6F7F3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C1C6C418-C210-41EE-90EC-E093EFC21D53} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C28F0782-E6ED-481B-82E1-A7213E1AB326} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C6D9FA07-953C-4228-BFB4-59599411096C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C790E081-A8C0-4D14-96C8-458FCC852D26} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C796DAD4-5755-4CA7-BBD0-099EEC92C540} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C7A4A3D6-1783-4FF0-B582-883AE0320CE8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C7E5416E-64DD-4B8E-A070-A2F02D631BC8} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C8EE61C1-1B6B-4CC5-84F7-0AA98D37D49B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C932BA6C-DE16-43BF-BA9B-2638698D0987} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C9D7A54E-A566-48A1-AA9E-FE21BC0336BC} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{CB660A7C-1BE9-415B-B1C3-CF3D627347DF} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{CBDEBCDE-17FF-4C29-953E-CC81278478BE} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{CD709A6C-C6E2-4D69-B343-EECD32A53296} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D2B547C8-F9C6-485B-94A9-40BF0D2A3604} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D48D9CB6-5347-4593-8BDC-2A15739FCBC7} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D54EA7D7-DE8B-4C11-8B15-5E4E5FC589EB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D58D7AFA-1E06-4662-B38E-912FB29E652E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D6A6B481-28A5-4CFF-9FEA-B0174C9F25C5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D756CD04-BBC3-4FB6-8357-2834799BBC1F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D7A83F02-B072-4759-B381-93D3C90FDDEB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D82F233D-5260-4FFF-94CF-AE7E8601FCDD} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D99E055F-1B5D-4ACA-BB35-924E8C84467F} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DA6A6F03-B454-40D4-8CD3-4640C4329579} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DC309D7D-1107-461B-9121-2C88F0E3E8BD} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DD37E408-2AB7-4E53-A0AF-E2B78328FD03} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DDE3FEEB-AF94-4D7F-9EE2-6F6DE8244818} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DE52219A-A478-4D6B-8216-399C771A3B4D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E0231D41-BD0C-4DE5-B093-118D59BCC734} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E0D36E16-FEC4-412D-A2D0-01ACC560E6D5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E1609A45-54E8-4658-9FF0-5D5B169D7499} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E1705C6F-CF3F-4FB4-A9C7-E59E6178AA1A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E23E874F-275B-4719-8DB2-D038DFF195E7} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E3114627-B157-4CB9-A8BC-CC1F504E33C3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E62C9541-8A76-4BC5-8CEB-5EC33428D916} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E63F7EB3-FAB2-473C-9998-43B63A26F8D7} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E7F24925-8B06-40FC-BED0-019FC4E98671} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E83A8FF6-8227-4BED-B562-8B1AC5DE13DB} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E8442A36-D776-4870-A151-91588A918973} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E99A4590-AE91-4144-B500-BE2B0243F4EA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E9CBC65D-F19F-4F37-BAD0-7FC30623C7FA} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EB69F983-5E5C-41EC-B953-A2FC0AE71D62} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EBF874DA-34EC-4F32-A1ED-A98FBD2255B6} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{ECB187EF-E069-4F0E-A21F-F01F0959AF8A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EDAF8BE7-29C1-4C13-B1A1-1CEB4C90BAA0} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EDD66320-496C-4ED6-A460-B32EE4592E7A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EE5CC157-73DA-44FA-9E0D-1810A04DD8CF} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EF05B9DF-7C3D-4B00-8D99-943E830F53AF} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F15D49E8-9E38-41B6-8187-1BD016D5824E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F1CA2C83-18E4-40FE-A3DD-49113865EB52} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F1D2C45B-A842-4EC7-9041-268107451A6C} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F218BB45-85A4-4F8D-93F4-D0B1977B015B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F4170A31-57A4-4CD5-864F-2438F7895647} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F4F3E800-7C51-4960-ABD0-5A5E40B2E263} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F5541822-771F-4AD7-9A42-E79C555C385D} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F5649858-DFB4-4ADB-AB8F-4AC54D9ECCA5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F6DC0AF1-C8A6-492D-8E23-D295EEDC06E1} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F7088F1D-8D61-4417-98D5-8973DA9C3877} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F7635666-2AFE-40F5-8718-1A04DFC652B3} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F7ED5527-BA39-496E-9F4E-D1D126A1488B} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F8D9A2E5-8109-48E5-B8CF-0C0B02362CC0} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F92FAC23-4B18-4D18-8B8D-A1C717FAF52E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FAD752F5-2F6B-49CF-8077-6EF5D0BF623A} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FD680FEE-385A-43AC-8672-023D7AA7A9A5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FE24EABF-9543-4C38-A92B-F7FEBE61C38E} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FE7E7F80-ABAF-4161-B351-8F6EC87078D5} DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FEE0A23A-1D91-42B0-92D5-DD8C068778F5} DELETED Window Temporary: DELETED Flash Cookies: ========== File ========== NOT FOUND File: c:\windows\system32\event agent\ea.exe DELETED File*: c:\users\pauloroberto\appdata\roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{e173b749-db5b-4fd2-ba0e-94ecea0ca55b}\components\afom.exe DELETED File: c:\windows\autokms.exe NOT FOUND File: c:\windows\system32\srvany.exe NOT FOUND File: c:\windows\system32\event agent\bin\spoolsv .exe DELETED File: c:\windows\syswow64\srvany.exe DELETED File: c:\windows\syswow64\event agent\bin\spoolsv .exe NOT FOUND File: c:\windows\system32\drivers\50407690.sys NOT FOUND File: c:\program files (x86)\artdocks software\animated snow desktop wallpaper\snowwallpaper.exe DELETED Window Temporary: DELETED Flash Cookies: ========== Task ========== DELETED Task: RunAsStdUser Task DELETED Task: {1E1958F2-72FA-4297-8943-F06E0AFA129E} DELETED Task: {884A3003-179D-4C41-849F-4B5889A22200} DELETED Task: {AAD3343B-61CF-410C-BBF1-1EF41EFA888A} DELETED Task: {C7279582-ED02-4131-9AA6-19E554EE7756} DELETED Task: {D2865EF1-7A6C-41EB-B50A-4F0F61F98F7C} DELETED Task: {D85C16D1-2301-4ED8-AEE0-2F203D40C854} DELETED Task: AutoKMS ========== Restoration ========== Restore System Point created succefully ========== Summary ========== 2 : Memory Process 14 : Registry Key 29 : Registry Value 2 : Registry Data Items 264 : Repertory 11 : File 1 : Software 8 : Task 1 : Restoration End of clean in 04mn 50s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 09/09/2012 00:42:04 [28644] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 10, 2012 Bom Dia! prrsilva |- Baixe: < > ( ... by OldTimer Tools ) |- Clique em Salvar! |- Salve-o no desktop! |- Duplo clique em OTL.exe >> Executar. >> |- Configure "Verificação de Arquivos",segundo a screenshot! |- Ps: Faça o mesmo para estes! |- Em "Exame Extra do Registro",assinale "Nenhum". *crack* /s *keygen* /s *serial* /s *AutoKMS* /s *loader* /s %APPDATA%\Local\*. %APPDATA%\*.exe /s %APPDATA%\*. %USERPROFILE%\AppData\Local\*.* %USERPROFILE%\AppData\Roaming\*.* %systemroot%\assembly\tmp\*.* /S /MD5 %systemroot%\assembly\temp\*.* /S /MD5 %systemroot%\assembly\GAC\*.* /S /MD5 %systemroot%\assembly\GAC_32\*.* /S /MD5 %systemroot%\assembly\GAC_64\*.* /S /MD5 %systemroot%\system32\config\systemprofile\AppData\Local\*.* %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.* %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes /md5start services.exe /md5stop %USERPROFILE%\Desktop\registrybackup.reg /c regedit /e c:\registrybackup.reg /c type c:\boot.ini >> test.txt /c %systemroot%\system32\tasks\*.* /s /64 %systemroot%\system32\Tasks\*.* /s %windir%\tasks\*.* /s |- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções". |- Clique em Verificar: |- Concluindo,poste o relatório: OTL.txt |- Para grandes relatórios,acesse: < > |- Maiores informações: < |Link| > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 12, 2012 boa noite, Dijram começo a fazer a verificação com otl.exe e chega um determinado ponto que apareçe um x vermelho e o seguinte: cannot create file c:\users\pauloroberto\desktop\cmd.bat dai para frente fica um tempão e não acontece nada embaixo no otl fica: manual file scan looking in folder: c:\zhp\quarantine\winisocomputing.dir\winiso\... acho que tem algo errado. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 12, 2012 boa noite, Dijram começo a fazer a verificação com otl.exe e chega um determinado ponto que apareçe um x vermelho e o seguinte: cannot create file c:\users\pauloroberto\desktop\cmd.bat dai para frente fica um tempão e não acontece nada embaixo no otl fica: manual file scan looking in folder: c:\zhp\quarantine\winisocomputing.dir\winiso\... acho que tem algo errado. Olá! |- Execute "ZHP_uninstall" e repita o scan com a OTL. |- Cole,novamente,o script que editei na remoção de algumas linhas. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 13, 2012 boa noite, Digram coloquei de novo o otl p/scanear apos os procedimentos que me pediu. Outra vez chegou num determinado ponto e apresentou um xis vermelho e a mensagem: cannot create file c:\users\pauloroberto\desktop\cmd.bat dei ok p/continuar so que no otl fica: manual file scanlooking in folder: c:\windows\zh-tw\... Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 13, 2012 boa noite, Digram coloquei de novo o otl p/scanear apos os procedimentos que me pediu. Outra vez chegou num determinado ponto e apresentou um xis vermelho e a mensagem: cannot create file c:\users\pauloroberto\desktop\cmd.bat dei ok p/continuar so que no otl fica: manual file scanlooking in folder: c:\windows\zh-tw\... Olá! |- Curiosa essa ocorrência,pois ZHPDiag não costuma disponibilizar essa pasta ( zh-tw ),no diretório Windows. |- Faça o seguinte! Delete a pasta zh-tw e rode,novamente,a OTL. |- Ps: Verifique,nas propriedades,se pertence à ferramenta ZHPDiag. |- Caso não obtenha êxito,utilizaremos a OTS. Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 14, 2012 boa noite, Dijram segue relatório OTL logfile created on: 13/09/2012 20:59:49 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\PAULOROBERTO\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,40% Memory free 8,00 Gb Paging File | 6,18 Gb Available in Paging File | 77,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 322,51 Gb Total Space | 207,06 Gb Free Space | 64,20% Space Free | Partition Type: NTFS Computer Name: PAULOROBERTO | User Name: PAULOROBERTO | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/10 22:47:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PAULOROBERTO\Desktop\OTL.exe PRC - [2012/09/08 16:41:16 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/09/08 08:57:01 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe PRC - [2012/08/09 11:10:34 | 000,691,048 | ---- | M] (pctuto) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe PRC - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/05/19 15:35:34 | 000,028,672 | ---- | M] (Microsoft) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/08/31 22:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe ========== Modules (No Company Name) ========== MOD - [2012/09/08 16:41:15 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/09/08 08:57:00 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll MOD - [2012/06/27 15:27:14 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012/06/25 00:16:20 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012/06/25 00:16:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012/06/25 00:14:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012/06/25 00:14:44 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll MOD - [2012/06/25 00:14:22 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll MOD - [2012/06/25 00:14:05 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll MOD - [2012/06/25 00:13:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012/06/25 00:13:08 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012/06/25 00:13:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/09/08 16:41:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/08 08:57:01 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2012/05/15 07:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011/06/13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/08/31 22:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2012/05/12 00:13:55 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/31 00:14:41 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011/04/19 15:32:31 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/07/22 16:13:26 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter) DRV:64bit: - [2010/07/20 16:00:28 | 000,911,360 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2010/07/14 11:39:38 | 000,654,848 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009/12/17 19:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/09 18:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS) DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/04/29 23:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008/01/03 17:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC) DRV:64bit: - [2007/11/02 11:47:32 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916mdm.sys -- (s916mdm) DRV:64bit: - [2007/11/02 11:47:32 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916mgmt.sys -- (s916mgmt) DRV:64bit: - [2007/11/02 11:47:32 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916obex.sys -- (s916obex) DRV:64bit: - [2007/11/02 11:47:32 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916bus.sys -- (s916bus) DRV:64bit: - [2007/11/02 11:47:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916mdfl.sys -- (s916mdfl) DRV:64bit: - [2007/09/26 13:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys) DRV:64bit: - [1999/12/31 21:00:00 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012/06/29 17:41:52 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64) DRV - [2012/06/05 09:50:36 | 000,044,208 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 IE - HKLM\..\SearchScopes\{157FCE1E-6D75-5378-756B-618BACC3EDE6}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes\{157FCE1E-6D75-5378-756B-618BACC3EDE6}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_pt-BR IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.com.br" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com.br" FF - prefs.js..extensions.enabledAddons: bandwidthmeter@gotomyhelp.com:1.2.5 FF - prefs.js..extensions.enabledAddons: desprotetordelinks@claudio-silva.com:1.2.9.2 FF - prefs.js..extensions.enabledAddons: savesession@noasobi.net:1.3.1.6 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.9 FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886D}:2.6.3.10 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4 FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.6 FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxVRRKqy1&search=" FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\PAULOROBERTO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/24 00:35:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/03 11:35:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/03 11:35:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/03 11:35:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 16:41:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/18 16:46:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/24 00:35:36 | 000,000,000 | ---D | M] [2011/06/09 22:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Extensions [2011/02/11 22:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/09/13 18:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions [2012/05/04 20:07:24 | 000,000,000 | ---D | M] (Adicional de Seguranca CAIXA) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} [2012/03/29 22:57:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/12/18 19:12:34 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2012/09/11 23:58:10 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} [2012/09/13 18:11:42 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\ffxtlbr@funmoods.com [2012/03/11 14:54:23 | 000,013,874 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\bandwidthmeter@gotomyhelp.com.xpi [2012/07/23 09:02:43 | 000,127,820 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\desprotetordelinks@claudio-silva.com.xpi [2012/03/11 14:58:54 | 000,013,039 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\savesession@noasobi.net.xpi [2012/08/01 22:50:07 | 000,085,715 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012/08/26 20:01:49 | 000,084,682 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012/07/25 09:38:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/11/16 20:11:45 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi [2011/11/11 20:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/09/08 16:41:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/04/11 09:48:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/07/19 20:47:34 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml [2012/07/19 20:47:34 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml [2012/08/28 19:57:01 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [2012/07/19 20:47:34 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml [2012/07/19 20:47:34 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2012/05/04 20:00:39 | 000,001,465 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 wat.microsoft.com O1 - Hosts: 127.0.0.1 mpa.microsoft.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (BywifiBHO Class) - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll (bywifi.com) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found O3 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\Toolbar\WebBrowser: (no name) - {12FC3D37-2A42-4FE3-8489-81296878CBA5} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Deskmedia] "C:\Positivo\Deskmedia\Downloader.exe" File not found O4:64bit: - HKLM..\Run: [Deskmedia2] C:\Positivo\Deskmedia\InstaladorLite.exe () O4:64bit: - HKLM..\Run: [Deskmedia3] "C:\Positivo\Deskmedia\GerenciadorLocal.exe" File not found O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Deskmedia] C:\Positivo\Deskmedia\Downloader.exe File not found O4 - HKLM..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000..\Run: [Office2010Tips_Notifier] C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe (Microsoft) O4 - HKLM..\RunOnce: [updateTutoriaisSlimbaHP.exe] C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe (pctuto) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\limpartemporarios.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: cmd.exe = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: command.com = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: msconfig.exe = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: procexp.exe = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: kilbox.exe = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: procmgr.exe = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: systemexplorer.exe = O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O8:64bit: - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found O9 - Extra Button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe File not found O9 - Extra 'Tools' menuitem : Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe File not found O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal) O20 - Winlogon\Notify\Event Agent: DllName - (CustomEvents.dll) - C:\Windows\SysWow64\CustomEvents.dll () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2010/12/30 23:22:56 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sasnative64) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/13 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Roaming\Positivo [2012/09/13 14:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2012/09/13 14:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul [2012/09/13 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul [2012/09/13 14:20:28 | 000,000,000 | ---D | C] -- C:\Positivo [2012/09/13 14:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 Wheels of Steel American Long Haul [2012/09/13 14:12:32 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\PSafe [2012/09/13 14:11:44 | 000,289,952 | R--- | C] (360.cn) -- C:\Windows\SysNative\drivers\360FltOEM.sys [2012/09/12 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Local\Temp [2012/09/12 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\Documents\18 WoS American Long Haul [2012/09/11 23:36:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/11 23:36:33 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/11 21:18:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/11 21:18:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/10 22:47:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\PAULOROBERTO\Desktop\OTL.exe [2012/09/07 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/07 15:41:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/09/07 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/09/05 15:07:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012/09/05 15:07:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/05 15:07:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/05 15:07:58 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012/09/05 15:07:58 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012/09/05 15:07:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/05 15:07:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012/09/05 15:07:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/05 15:07:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012/09/05 15:07:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012/09/05 15:07:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012/09/05 15:07:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012/09/05 15:07:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/05 15:07:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012/09/05 15:07:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012/09/05 15:07:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012/09/05 15:07:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012/09/05 15:07:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012/09/05 15:07:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012/09/05 15:07:58 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012/09/05 15:07:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012/09/05 15:07:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012/09/05 15:07:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012/09/05 15:07:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012/09/05 15:07:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/05 15:07:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012/09/05 15:07:58 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012/09/05 15:07:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012/09/05 15:07:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012/09/05 15:07:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012/09/05 15:07:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012/09/05 15:07:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012/09/05 15:07:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012/09/05 15:07:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/05 15:07:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/05 15:07:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/05 15:07:57 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/05 15:07:57 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/05 15:07:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012/09/05 15:07:57 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012/09/05 15:07:57 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012/09/05 15:07:57 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012/09/05 15:07:57 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012/09/05 15:07:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/05 15:07:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/05 15:07:57 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012/09/05 15:07:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012/09/05 15:07:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/05 15:07:57 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012/09/05 15:07:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012/09/05 15:07:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012/09/05 15:07:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012/09/05 15:07:57 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012/09/05 15:07:57 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012/09/05 15:07:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012/09/05 15:07:57 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012/09/05 15:07:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012/09/05 15:07:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012/09/05 15:07:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/05 15:07:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012/09/05 15:07:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012/09/05 15:07:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012/09/05 15:07:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012/09/05 15:07:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012/09/05 15:07:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012/09/05 15:07:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012/09/05 15:07:57 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012/09/05 15:07:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012/09/05 15:07:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012/09/05 15:07:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012/09/05 15:07:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012/09/05 15:07:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012/09/05 00:02:23 | 036,941,104 | ---- | C] (Microsoft Corporation) -- C:\IE9-Windows7-x64-ptb.exe [2012/09/02 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Local\tuto4pc_br_3 [2012/09/02 12:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EXErrorsFix [2012/09/02 12:02:30 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba [2012/09/02 12:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuto_4pc [2012/09/01 03:27:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP [2012/09/01 03:27:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja [2012/09/01 03:27:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411 [2012/09/01 03:25:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja [2012/09/01 03:25:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2012/09/01 03:25:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP [2012/09/01 01:51:49 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP [2012/09/01 01:07:17 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lzhfldr2.dll [2012/09/01 01:07:16 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lzhfldr2.dll [2012/09/01 01:07:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbport.sys.mui [2012/09/01 01:07:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tunnel.sys.mui [2012/09/01 01:07:15 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tsusbhub.sys.mui [2012/09/01 01:07:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tsusbflt.sys.mui [2012/09/01 01:07:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\pacer.sys.mui [2012/09/01 01:07:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pacer.sys.mui [2012/09/01 01:07:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdpwd.sys.mui [2012/09/01 01:07:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdvgkmd.sys.mui [2012/09/01 01:06:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\battc.sys.mui [2012/09/01 01:05:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\tcpip.sys.mui [2012/09/01 01:05:22 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\bfe.dll.mui [2012/09/01 01:05:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\scfilter.sys.mui [2012/09/01 01:05:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\qwavedrv.sys.mui [2012/09/01 01:04:17 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\ndiscap.sys.mui [2012/09/01 01:04:06 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\portcls.sys.mui [2012/09/01 01:04:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wd.sys.mui [2012/09/01 01:04:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\volsnap.sys.mui [2012/09/01 01:04:05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbhub.sys.mui [2012/09/01 01:04:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vhdmp.sys.mui [2012/09/01 01:04:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\umbus.sys.mui [2012/09/01 01:04:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tpm.sys.mui [2012/09/01 01:04:04 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui [2012/09/01 01:04:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\serscan.sys.mui [2012/09/01 01:03:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mpio.sys.mui [2012/09/01 01:03:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\serial.sys.mui [2012/09/01 01:03:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\msdsm.sys.mui [2012/09/01 01:03:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\i8042prt.sys.mui [2012/09/01 01:03:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\sermouse.sys.mui [2012/09/01 01:03:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mouclass.sys.mui [2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\scsiport.sys.mui [2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rndismpx.sys.mui [2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rndismp6.sys.mui [2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pcmcia.sys.mui [2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\parport.sys.mui [2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ataport.sys.mui [2012/09/01 01:03:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\MTConfig.sys.mui [2012/09/01 01:03:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mouhid.sys.mui [2012/09/01 01:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vwifibus.sys.mui [2012/09/01 01:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdide.sys.mui [2012/09/01 01:03:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\afd.sys.mui [2012/09/01 01:03:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bfe.dll.mui [2012/09/01 01:03:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ws2ifsl.sys.mui [2012/09/01 01:03:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wdf01000.sys.mui [2012/09/01 01:03:32 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\modem.sys.mui [2012/09/01 01:03:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbrpm.sys.mui [2012/09/01 01:03:31 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tcpip.sys.mui [2012/09/01 01:03:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\srv.sys.mui [2012/09/01 01:03:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\fvevol.sys.mui [2012/09/01 01:03:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\scfilter.sys.mui [2012/09/01 01:03:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdbss.sys.mui [2012/09/01 01:03:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\RNDISMP.sys.mui [2012/09/01 01:03:01 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\qwavedrv.sys.mui [2012/09/01 01:02:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\partmgr.sys.mui [2012/09/01 01:02:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ntfs.sys.mui [2012/09/01 01:02:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\nwifi.sys.mui [2012/09/01 01:02:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndis.sys.mui [2012/09/01 01:02:57 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndisuio.sys.mui [2012/09/01 01:02:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndiscap.sys.mui [2012/09/01 01:02:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mountmgr.sys.mui [2012/09/01 01:02:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\luafv.sys.mui [2012/09/01 01:02:34 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ipnat.sys.mui [2012/09/01 01:02:24 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\http.sys.mui [2012/09/01 01:02:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\fltmgr.sys.mui [2012/09/01 01:02:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\volmgrx.sys.mui [2012/09/01 01:01:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pnpmem.sys.mui [2012/09/01 01:01:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pci.sys.mui [2012/09/01 01:01:52 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui [2012/09/01 01:01:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\IPMIDrv.sys.mui [2012/09/01 01:01:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vdrvroot.sys.mui [2012/09/01 01:01:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\kbdclass.sys.mui [2012/09/01 01:01:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mssmbios.sys.mui [2012/09/01 01:01:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\isapnp.sys.mui [2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ULIAGPKX.SYS.mui [2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\NV_AGP.SYS.mui [2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\kbdhid.sys.mui [2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\AGP440.sys.mui [2012/09/01 01:01:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wacompen.sys.mui [2012/09/01 01:01:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\HdAudio.sys.mui [2012/09/01 01:01:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\hidbth.sys.mui [2012/09/01 01:01:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\hdaudbus.sys.mui [2012/09/01 01:01:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\Dot4usb.sys.mui [2012/09/01 01:01:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\processr.sys.mui [2012/09/01 01:01:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\intelppm.sys.mui [2012/09/01 01:01:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdppm.sys.mui [2012/09/01 01:01:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\disk.sys.mui [2012/09/01 01:01:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdk8.sys.mui [2012/09/01 01:01:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthport.sys.mui [2012/09/01 01:01:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthpan.sys.mui [2012/09/01 01:01:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\cdrom.sys.mui [2012/09/01 01:01:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\BTHUSB.SYS.mui [2012/09/01 01:01:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthenum.sys.mui [2012/09/01 01:01:40 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui [2012/09/01 01:01:40 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui [2012/09/01 01:01:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ohci1394.sys.mui [2012/09/01 01:01:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\1394ohci.sys.mui [2012/09/01 01:01:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\acpi.sys.mui [2012/09/01 01:01:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\UAGP35.SYS.mui [2012/09/01 01:01:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\GAGP30KX.SYS.mui [2012/09/01 00:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHT [2012/09/01 00:53:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-TW [2012/09/01 00:52:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHT [2012/09/01 00:52:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW [2012/09/01 00:52:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-HK [2012/09/01 00:11:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbhub.sys.mui [2012/09/01 00:11:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tunnel.sys.mui [2012/09/01 00:11:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tsusbhub.sys.mui [2012/09/01 00:11:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbport.sys.mui [2012/09/01 00:11:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tsusbflt.sys.mui [2012/09/01 00:11:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdvgkmd.sys.mui [2012/09/01 00:11:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdpwd.sys.mui [2012/09/01 00:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\battc.sys.mui [2012/09/01 00:09:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\bfe.dll.mui [2012/09/01 00:09:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\tcpip.sys.mui [2012/09/01 00:09:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\scfilter.sys.mui [2012/09/01 00:09:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\qwavedrv.sys.mui [2012/09/01 00:08:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\pacer.sys.mui [2012/09/01 00:08:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\ndiscap.sys.mui [2012/09/01 00:08:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\portcls.sys.mui [2012/09/01 00:08:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\volsnap.sys.mui [2012/09/01 00:08:27 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vhdmp.sys.mui [2012/09/01 00:08:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wd.sys.mui [2012/09/01 00:08:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\umbus.sys.mui [2012/09/01 00:08:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tpm.sys.mui [2012/09/01 00:08:25 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-TW\pscr.sys.mui [2012/09/01 00:08:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\serscan.sys.mui [2012/09/01 00:07:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pcmcia.sys.mui [2012/09/01 00:07:42 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rndismpx.sys.mui [2012/09/01 00:07:42 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rndismp6.sys.mui [2012/09/01 00:07:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vwifibus.sys.mui [2012/09/01 00:07:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\serial.sys.mui [2012/09/01 00:07:41 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\sermouse.sys.mui [2012/09/01 00:07:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mouclass.sys.mui [2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\parport.sys.mui [2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\MTConfig.sys.mui [2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mouhid.sys.mui [2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ataport.sys.mui [2012/09/01 00:07:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mpio.sys.mui [2012/09/01 00:07:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\msdsm.sys.mui [2012/09/01 00:07:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdide.sys.mui [2012/09/01 00:07:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\afd.sys.mui [2012/09/01 00:07:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\bfe.dll.mui [2012/09/01 00:07:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ws2ifsl.sys.mui [2012/09/01 00:07:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wdf01000.sys.mui [2012/09/01 00:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbrpm.sys.mui [2012/09/01 00:07:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\modem.sys.mui [2012/09/01 00:07:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tcpip.sys.mui [2012/09/01 00:06:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\fvevol.sys.mui [2012/09/01 00:06:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\scfilter.sys.mui [2012/09/01 00:06:07 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdbss.sys.mui [2012/09/01 00:05:58 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pacer.sys.mui [2012/09/01 00:05:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\qwavedrv.sys.mui [2012/09/01 00:05:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\partmgr.sys.mui [2012/09/01 00:05:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ntfs.sys.mui [2012/09/01 00:05:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\nwifi.sys.mui [2012/09/01 00:05:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndis.sys.mui [2012/09/01 00:05:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndisuio.sys.mui [2012/09/01 00:05:29 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndiscap.sys.mui [2012/09/01 00:05:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mountmgr.sys.mui [2012/09/01 00:05:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\luafv.sys.mui [2012/09/01 00:05:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\http.sys.mui [2012/09/01 00:05:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\fltmgr.sys.mui [2012/09/01 00:04:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\volmgrx.sys.mui [2012/09/01 00:04:41 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerIb.sys.mui [2012/09/01 00:04:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pnpmem.sys.mui [2012/09/01 00:04:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pci.sys.mui [2012/09/01 00:04:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vdrvroot.sys.mui [2012/09/01 00:04:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mssmbios.sys.mui [2012/09/01 00:04:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\isapnp.sys.mui [2012/09/01 00:04:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ULIAGPKX.SYS.mui [2012/09/01 00:04:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\NV_AGP.SYS.mui [2012/09/01 00:04:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\i8042prt.sys.mui [2012/09/01 00:04:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\IPMIDrv.sys.mui [2012/09/01 00:04:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\kbdclass.sys.mui [2012/09/01 00:04:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\kbdhid.sys.mui [2012/09/01 00:04:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\AGP440.sys.mui [2012/09/01 00:04:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wacompen.sys.mui [2012/09/01 00:04:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\HdAudio.sys.mui [2012/09/01 00:04:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\hidbth.sys.mui [2012/09/01 00:04:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\hdaudbus.sys.mui [2012/09/01 00:04:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\Dot4usb.sys.mui [2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\processr.sys.mui [2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\intelppm.sys.mui [2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdppm.sys.mui [2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdk8.sys.mui [2012/09/01 00:04:33 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\bthport.sys.mui [2012/09/01 00:04:33 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\bthpan.sys.mui [2012/09/01 00:04:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\disk.sys.mui [2012/09/01 00:04:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\cdrom.sys.mui [2012/09/01 00:04:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\BTHUSB.SYS.mui [2012/09/01 00:04:32 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerId.sys.mui [2012/09/01 00:04:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\bthenum.sys.mui [2012/09/01 00:04:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ohci1394.sys.mui [2012/09/01 00:04:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\1394ohci.sys.mui [2012/09/01 00:04:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\acpi.sys.mui [2012/09/01 00:04:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\GAGP30KX.SYS.mui [2012/09/01 00:04:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\UAGP35.SYS.mui [2012/09/01 00:04:31 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrParwdm.sys.mui [2012/08/31 23:55:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHS [2012/08/31 23:54:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-CN [2012/08/31 23:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHS [2012/08/31 23:54:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN [2012/08/31 23:53:13 | 000,000,000 | ---D | C] -- C:\Windows\zh-CN [2012/08/31 23:12:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbport.sys.mui [2012/08/31 23:12:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbhub.sys.mui [2012/08/31 23:12:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tunnel.sys.mui [2012/08/31 23:12:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndis.sys.mui [2012/08/31 23:12:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdvgkmd.sys.mui [2012/08/31 23:12:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdpwd.sys.mui [2012/08/31 23:12:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mouclass.sys.mui [2012/08/31 23:12:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mouhid.sys.mui [2012/08/31 23:12:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tsusbhub.sys.mui [2012/08/31 23:12:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tsusbflt.sys.mui [2012/08/31 23:12:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\sermouse.sys.mui [2012/08/31 23:12:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\battc.sys.mui [2012/08/31 23:11:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\bfe.dll.mui [2012/08/31 23:11:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\tcpip.sys.mui [2012/08/31 23:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\scfilter.sys.mui [2012/08/31 23:10:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\qwavedrv.sys.mui [2012/08/31 23:10:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\pacer.sys.mui [2012/08/31 23:10:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\ndiscap.sys.mui [2012/08/31 23:09:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\volsnap.sys.mui [2012/08/31 23:09:47 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\portcls.sys.mui [2012/08/31 23:09:47 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vhdmp.sys.mui [2012/08/31 23:09:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wd.sys.mui [2012/08/31 23:09:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\umbus.sys.mui [2012/08/31 23:09:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tpm.sys.mui [2012/08/31 23:09:40 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-CN\pscr.sys.mui [2012/08/31 23:09:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\serscan.sys.mui [2012/08/31 23:09:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rndismpx.sys.mui [2012/08/31 23:09:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rndismp6.sys.mui [2012/08/31 23:09:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pcmcia.sys.mui [2012/08/31 23:09:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vwifibus.sys.mui [2012/08/31 23:09:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\msdsm.sys.mui [2012/08/31 23:09:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\serial.sys.mui [2012/08/31 23:09:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\parport.sys.mui [2012/08/31 23:09:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\MTConfig.sys.mui [2012/08/31 23:09:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ataport.sys.mui [2012/08/31 23:09:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdide.sys.mui [2012/08/31 23:09:36 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mpio.sys.mui [2012/08/31 23:09:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\afd.sys.mui [2012/08/31 23:09:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bfe.dll.mui [2012/08/31 23:09:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ws2ifsl.sys.mui [2012/08/31 23:09:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wdf01000.sys.mui [2012/08/31 23:09:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tcpip.sys.mui [2012/08/31 23:09:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\modem.sys.mui [2012/08/31 23:09:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbrpm.sys.mui [2012/08/31 23:09:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\fvevol.sys.mui [2012/08/31 23:09:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\scfilter.sys.mui [2012/08/31 23:09:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdbss.sys.mui [2012/08/31 23:08:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\qwavedrv.sys.mui [2012/08/31 23:08:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pacer.sys.mui [2012/08/31 23:08:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\partmgr.sys.mui [2012/08/31 23:08:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ntfs.sys.mui [2012/08/31 23:08:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\nwifi.sys.mui [2012/08/31 23:08:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndisuio.sys.mui [2012/08/31 23:08:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndiscap.sys.mui [2012/08/31 23:08:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mountmgr.sys.mui [2012/08/31 23:08:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\luafv.sys.mui [2012/08/31 23:08:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\http.sys.mui [2012/08/31 23:07:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\fltmgr.sys.mui [2012/08/31 23:07:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\volmgrx.sys.mui [2012/08/31 23:07:35 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerIb.sys.mui [2012/08/31 23:07:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pnpmem.sys.mui [2012/08/31 23:07:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pci.sys.mui [2012/08/31 23:07:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vdrvroot.sys.mui [2012/08/31 23:07:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mssmbios.sys.mui [2012/08/31 23:07:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ULIAGPKX.SYS.mui [2012/08/31 23:07:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\isapnp.sys.mui [2012/08/31 23:07:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\NV_AGP.SYS.mui [2012/08/31 23:07:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\i8042prt.sys.mui [2012/08/31 23:07:32 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\kbdclass.sys.mui [2012/08/31 23:07:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\kbdhid.sys.mui [2012/08/31 23:07:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\AGP440.sys.mui [2012/08/31 23:07:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\IPMIDrv.sys.mui [2012/08/31 23:07:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wacompen.sys.mui [2012/08/31 23:07:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\HdAudio.sys.mui [2012/08/31 23:07:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\hidbth.sys.mui [2012/08/31 23:07:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\hdaudbus.sys.mui [2012/08/31 23:07:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\Dot4usb.sys.mui [2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\processr.sys.mui [2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\intelppm.sys.mui [2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdppm.sys.mui [2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdk8.sys.mui [2012/08/31 23:07:27 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerId.sys.mui [2012/08/31 23:07:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthport.sys.mui [2012/08/31 23:07:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthpan.sys.mui [2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\disk.sys.mui [2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\cdrom.sys.mui [2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\BTHUSB.SYS.mui [2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthenum.sys.mui [2012/08/31 23:07:26 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrParwdm.sys.mui [2012/08/31 23:07:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ohci1394.sys.mui [2012/08/31 23:07:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\1394ohci.sys.mui [2012/08/31 23:07:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\acpi.sys.mui [2012/08/31 23:07:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\GAGP30KX.SYS.mui [2012/08/31 23:07:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\UAGP35.SYS.mui [2012/08/31 22:08:07 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2012/08/31 22:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2012/08/31 22:07:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2012/08/31 22:07:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2012/08/31 22:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2012/08/31 22:06:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2012/08/31 22:05:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2012/08/31 21:22:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdvgkmd.sys.mui [2012/08/31 21:22:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdpwd.sys.mui [2012/08/31 21:22:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui [2012/08/31 21:22:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui [2012/08/31 21:22:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui [2012/08/31 21:22:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui [2012/08/31 21:22:23 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tsusbhub.sys.mui [2012/08/31 21:22:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tsusbflt.sys.mui [2012/08/31 21:22:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui [2012/08/31 21:22:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui [2012/08/31 21:22:20 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui [2012/08/31 21:22:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui [2012/08/31 21:22:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui [2012/08/31 21:22:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui [2012/08/31 21:22:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui [2012/08/31 21:22:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui [2012/08/31 21:22:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui [2012/08/31 21:20:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui [2012/08/31 21:20:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui [2012/08/31 21:20:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui [2012/08/31 21:20:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui [2012/08/31 21:19:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui [2012/08/31 21:19:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui [2012/08/31 21:19:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui [2012/08/31 21:19:23 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2012/08/31 21:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui [2012/08/31 21:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui [2012/08/31 21:19:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui [2012/08/31 21:19:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui [2012/08/31 21:19:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui [2012/08/31 21:19:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui [2012/08/31 21:19:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui [2012/08/31 21:19:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui [2012/08/31 21:19:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui [2012/08/31 21:19:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui [2012/08/31 21:19:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui [2012/08/31 21:19:01 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui [2012/08/31 21:18:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui [2012/08/31 21:18:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui [2012/08/31 21:18:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui [2012/08/31 21:18:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui [2012/08/31 21:18:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui [2012/08/31 21:18:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui [2012/08/31 21:18:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui [2012/08/31 21:18:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui [2012/08/31 21:18:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui [2012/08/31 21:18:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui [2012/08/31 21:18:54 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui [2012/08/31 21:18:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui [2012/08/31 21:18:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui [2012/08/31 21:18:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui [2012/08/31 21:18:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui [2012/08/31 21:18:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui [2012/08/31 21:18:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui [2012/08/31 21:18:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui [2012/08/31 21:18:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui [2012/08/31 21:18:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui [2012/08/31 21:18:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui [2012/08/31 21:18:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui [2012/08/31 21:18:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui [2012/08/31 21:18:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui [2012/08/31 21:18:12 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui [2012/08/31 21:18:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui [2012/08/31 21:18:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui [2012/08/31 21:18:12 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui [2012/08/31 21:18:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui [2012/08/31 21:18:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui [2012/08/31 21:18:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui [2012/08/31 21:18:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui [2012/08/31 21:18:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui [2012/08/31 21:17:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui [2012/08/31 21:17:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui [2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui [2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui [2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui [2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui [2012/08/31 21:17:24 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2012/08/31 21:17:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui [2012/08/31 21:17:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui [2012/08/31 21:17:24 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui [2012/08/31 21:17:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui [2012/08/31 21:17:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui [2012/08/31 21:17:24 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui [2012/08/31 21:17:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui [2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui [2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui [2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui [2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui [2012/08/31 21:17:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui [2012/08/31 21:17:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui [2012/08/31 21:17:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui [2012/08/31 21:17:20 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2012/08/31 21:17:18 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2012/08/31 21:17:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui [2012/08/31 21:17:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui [2012/08/31 21:17:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui [2012/08/31 21:17:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui [2012/08/31 21:17:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui [2012/08/24 19:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/08/24 19:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/08/24 19:29:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/08/16 14:38:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012/08/16 14:38:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012/08/16 14:38:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012/08/16 14:38:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012/08/15 13:38:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012/08/15 13:38:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012/08/15 13:38:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012/08/15 13:36:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/09/13 20:42:16 | 000,735,958 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012/09/13 20:42:16 | 000,732,782 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012/09/13 20:42:16 | 000,721,780 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012/09/13 20:42:16 | 000,717,312 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat [2012/09/13 20:42:16 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2012/09/13 20:42:16 | 000,649,542 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2012/09/13 20:42:16 | 000,487,362 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2012/09/13 20:42:16 | 000,394,996 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2012/09/13 20:42:16 | 000,377,894 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat [2012/09/13 20:42:16 | 000,155,414 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012/09/13 20:42:16 | 000,152,730 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012/09/13 20:42:16 | 000,152,702 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012/09/13 20:42:16 | 000,150,294 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat [2012/09/13 20:42:16 | 000,143,122 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2012/09/13 20:42:16 | 000,142,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2012/09/13 20:42:16 | 000,139,692 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2012/09/13 20:42:16 | 000,119,868 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat [2012/09/13 20:42:16 | 000,114,954 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2012/09/13 20:42:16 | 000,095,096 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2012/09/13 20:42:16 | 000,040,648 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2012/09/13 20:42:15 | 016,183,068 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/13 20:42:15 | 000,738,244 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012/09/13 20:42:15 | 000,738,088 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012/09/13 20:42:15 | 000,732,780 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/09/13 20:42:15 | 000,689,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/09/13 20:42:15 | 000,676,266 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2012/09/13 20:42:15 | 000,661,284 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat [2012/09/13 20:42:15 | 000,599,464 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2012/09/13 20:42:15 | 000,502,086 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2012/09/13 20:42:15 | 000,474,226 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat [2012/09/13 20:42:15 | 000,472,006 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2012/09/13 20:42:15 | 000,422,164 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat [2012/09/13 20:42:15 | 000,410,570 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat [2012/09/13 20:42:15 | 000,385,572 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2012/09/13 20:42:15 | 000,170,798 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2012/09/13 20:42:15 | 000,158,138 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012/09/13 20:42:15 | 000,149,106 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012/09/13 20:42:15 | 000,148,596 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/09/13 20:42:15 | 000,146,602 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/09/13 20:42:15 | 000,140,910 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat [2012/09/13 20:42:15 | 000,138,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/13 20:42:15 | 000,122,008 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat [2012/09/13 20:42:15 | 000,120,296 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat [2012/09/13 20:42:15 | 000,110,806 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2012/09/13 20:42:15 | 000,100,946 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat [2012/09/13 20:42:15 | 000,098,286 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2012/09/13 20:42:15 | 000,094,604 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2012/09/13 20:42:15 | 000,084,714 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2012/09/13 20:42:15 | 000,036,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/09/13 20:42:11 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/13 20:42:10 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/13 20:31:24 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/09/13 20:31:20 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job [2012/09/13 20:30:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/13 14:10:51 | 000,384,844 | ---- | M] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx [2012/09/13 14:10:51 | 000,031,465 | ---- | M] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx [2012/09/10 22:47:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PAULOROBERTO\Desktop\OTL.exe [2012/09/08 09:11:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/07 15:41:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/06 16:22:00 | 000,327,680 | ---- | M] () -- C:\Users\PAULOROBERTO\Documents\TESTEMALA.mdb [2012/09/05 15:07:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012/09/05 15:07:58 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/05 15:07:58 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/05 15:07:58 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012/09/05 15:07:58 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012/09/05 15:07:58 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/05 15:07:58 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012/09/05 15:07:58 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/05 15:07:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012/09/05 15:07:58 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012/09/05 15:07:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012/09/05 15:07:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012/09/05 15:07:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/05 15:07:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012/09/05 15:07:58 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012/09/05 15:07:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012/09/05 15:07:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012/09/05 15:07:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012/09/05 15:07:58 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012/09/05 15:07:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012/09/05 15:07:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012/09/05 15:07:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012/09/05 15:07:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012/09/05 15:07:58 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012/09/05 15:07:58 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/05 15:07:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012/09/05 15:07:58 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012/09/05 15:07:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012/09/05 15:07:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012/09/05 15:07:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012/09/05 15:07:58 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012/09/05 15:07:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012/09/05 15:07:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012/09/05 15:07:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012/09/05 15:07:57 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/05 15:07:57 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/05 15:07:57 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/05 15:07:57 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/05 15:07:57 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/05 15:07:57 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012/09/05 15:07:57 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012/09/05 15:07:57 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012/09/05 15:07:57 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012/09/05 15:07:57 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012/09/05 15:07:57 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/05 15:07:57 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/05 15:07:57 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012/09/05 15:07:57 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012/09/05 15:07:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/05 15:07:57 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012/09/05 15:07:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012/09/05 15:07:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012/09/05 15:07:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012/09/05 15:07:57 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012/09/05 15:07:57 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012/09/05 15:07:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012/09/05 15:07:57 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012/09/05 15:07:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012/09/05 15:07:57 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012/09/05 15:07:57 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/05 15:07:57 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012/09/05 15:07:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012/09/05 15:07:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012/09/05 15:07:57 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012/09/05 15:07:57 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012/09/05 15:07:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012/09/05 15:07:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012/09/05 15:07:57 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012/09/05 15:07:57 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012/09/05 15:07:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012/09/05 15:07:57 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012/09/05 15:07:57 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012/09/05 15:07:57 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012/09/05 15:07:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012/09/05 00:02:38 | 036,941,104 | ---- | M] (Microsoft Corporation) -- C:\IE9-Windows7-x64-ptb.exe [2012/09/02 14:14:39 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\EXErrorsFix Schedule.job [2012/09/02 12:03:22 | 000,000,677 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012/09/01 03:23:45 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat [2012/09/01 03:23:45 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat [2012/09/01 00:51:02 | 000,117,840 | ---- | M] () -- C:\Windows\SysNative\prfi0404.dat [2012/09/01 00:51:02 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0404.dat [2012/08/31 23:52:30 | 000,111,310 | ---- | M] () -- C:\Windows\SysNative\prfi0804.dat [2012/08/31 23:52:30 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0804.dat [2012/08/31 22:04:12 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2012/08/31 22:04:11 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2012/08/30 21:42:29 | 000,001,057 | ---- | M] () -- C:\Users\PAULOROBERTO\AppData\Roaming\vso_ts_preview.xml [2012/08/30 12:02:37 | 000,055,957 | ---- | M] () -- C:\Users\PAULOROBERTO\Documents\.PDF (Adauto).pdf [2012/08/24 19:30:01 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/08/22 15:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/08/22 15:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/08/16 14:50:56 | 000,437,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/09/13 14:11:21 | 000,384,844 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx [2012/09/13 14:11:08 | 000,031,465 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx [2012/09/07 22:08:51 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/07 15:41:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/09/05 15:07:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012/09/05 15:07:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012/09/02 12:03:50 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\EXErrorsFix Schedule.job [2012/09/02 12:03:14 | 000,000,677 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012/09/01 03:32:17 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat [2012/09/01 03:32:14 | 000,410,570 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat [2012/09/01 03:32:14 | 000,122,008 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat [2012/09/01 03:32:14 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat [2012/09/01 00:56:52 | 000,117,840 | ---- | C] () -- C:\Windows\SysNative\prfi0404.dat [2012/09/01 00:56:48 | 000,394,996 | ---- | C] () -- C:\Windows\SysNative\prfh0404.dat [2012/09/01 00:56:48 | 000,114,954 | ---- | C] () -- C:\Windows\SysNative\prfc0404.dat [2012/09/01 00:56:48 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0404.dat [2012/08/31 23:59:00 | 000,111,310 | ---- | C] () -- C:\Windows\SysNative\prfi0804.dat [2012/08/31 23:58:58 | 000,377,894 | ---- | C] () -- C:\Windows\SysNative\prfh0804.dat [2012/08/31 23:58:58 | 000,119,868 | ---- | C] () -- C:\Windows\SysNative\prfc0804.dat [2012/08/31 23:58:58 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0804.dat [2012/08/31 22:12:23 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2012/08/31 22:12:22 | 000,689,528 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2012/08/31 22:12:22 | 000,148,596 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2012/08/31 22:12:22 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2012/08/30 12:02:37 | 000,055,957 | ---- | C] () -- C:\Users\PAULOROBERTO\Documents\.PDF (Adauto).pdf [2012/08/24 19:30:01 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/12/23 21:52:04 | 000,017,408 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\WebpageIcons.db [2011/12/18 23:08:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011/06/26 16:06:41 | 013,478,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/06/12 17:14:49 | 000,001,410 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2011/06/09 22:46:34 | 000,451,072 | ---- | C] () -- C:\Windows\emunist.exe [2011/06/09 22:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/04/28 09:01:17 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll [2011/04/22 21:10:10 | 000,000,512 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Roaming\proxyvampire.ini [2011/04/14 18:03:38 | 000,003,612 | ---- | C] () -- C:\Windows\SysWow64\RDDlg.dat [2011/03/20 22:27:40 | 000,035,332 | ---- | C] () -- C:\Windows\SysWow64\uninst.exe [2011/03/20 22:21:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/03/20 22:21:35 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/03/20 22:21:35 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/03/20 22:21:35 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/03/20 20:24:21 | 000,007,618 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\resmon.resmoncfg [2011/01/20 00:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2011/01/18 20:04:46 | 000,019,572 | ---- | C] () -- C:\Windows\hpqins13.dat [2011/01/17 17:00:35 | 000,008,192 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/05 22:22:41 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll [2011/01/05 22:22:41 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe [2011/01/05 22:22:40 | 000,037,376 | ---- | C] () -- C:\Windows\CPLUtl64.exe [2011/01/05 22:21:03 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini [2010/12/29 23:08:33 | 000,001,057 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Roaming\vso_ts_preview.xml [2010/11/28 23:44:02 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI [2010/11/24 00:35:10 | 000,023,234 | ---- | C] () -- C:\Windows\hpqins15.dat [2010/11/23 23:37:58 | 000,176,753 | ---- | C] () -- C:\Windows\hpoins29.dat ========== LOP Check ========== [2010/11/26 22:53:11 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\7plus [2011/07/09 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Abelssoft [2010/11/27 09:25:19 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Alzex [2011/01/02 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Ashampoo [2011/08/21 16:18:55 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\DAEMON Tools Lite [2012/07/14 19:43:16 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Downloaded Installations [2011/01/01 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Easeware [2012/04/29 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\GetRightToGo [2011/10/16 13:08:59 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\ImgBurn [2011/05/01 11:53:06 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\InterSoft Common [2011/01/26 23:20:24 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\IObit [2011/12/18 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Kutawaves Games [2012/03/11 23:22:50 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Launchy [2010/12/07 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Lingoes [2011/11/03 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\MOBILedit [2012/05/29 20:42:51 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Movier [2012/08/07 20:39:50 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Nitro PDF [2011/12/04 19:53:29 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\OfficeRecovery [2011/07/09 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Opera [2012/09/13 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Positivo [2010/12/27 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Systweak [2011/02/11 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Thunderbird [2012/05/12 00:18:11 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\TrueCrypt [2012/08/06 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\uTorrent [2012/09/01 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Vso [2012/03/17 21:41:15 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\WinISO Computing [2012/09/13 20:31:20 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job [2011/05/08 12:32:34 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job [2012/09/02 14:14:39 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\EXErrorsFix Schedule.job [2012/01/22 23:23:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000Core.job [2012/01/22 23:23:00 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000UA.job [2011/05/10 22:17:02 | 000,000,120 | ---- | M] () -- C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job [2012/07/30 08:48:50 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 212 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 14, 2012 Boa Noite! prrsilva |- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme! |- Ps: O computador irá reiniciar! |- Baixe: < > |- Salve-o no desktop ou C:\. |- Duplo-clique em OTS.exe. |- Ps: Para Windows Vista ou 7,execute OTS.exe e escolha a opção administrador. |- Marque as caixinhas: [] Reg - NetSvcs [] File - Lop Check |- Para SO 64 bit,marque a caixinha! |- Em "Basic Scans",marque as caixinhas: [] Use Company Name Whitelist [] Skip Microsoft Files |- Verifique: & |- À seguir,clique em |- Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt ) |- Poste-o em sua resposta! |- Acesse para isso! ( cjoint.com ou myfile.tk ) Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 14, 2012 segue relatório ots. http://myfile.tk/3/3747OTS.Txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 14, 2012 Bom Dia! prrsilva |- Estabeleça backups do registro,com ERUNT. |- Baixe: < ERUNT > |- Descompacte-o para o disco local e instale-o aí mesmo. |- Para maiores detalhes,leia o Tutorial: < WinXPTutor's XP Resources. -/- |- O script da OTS está muito 'carregado',onde softwares e/ou entradas,podem ser removidas já que encontram-se vazias. |- Verifique as linhas dispostas,e me diga o que não quer remover,para que edite o script e fique ao seu gosto. |- Em todo caso,o utilitário ERUNT irá estabelecer backups para restaurar o registro. -/- |- Abra a OTS.exe,com um duplo-clique. [unregister Dlls] [Registry - Safe List] < 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692 < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\] > -> YN -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\: Main\\"Backup.Old.Start Page" -> http://www.google.com.br/ < FireFox Settings [Prefs.js] > -> C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\FireFox\Profiles\0mfi9aev.default\prefs.js YN -> keyword.URL -> "http://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxVRRKqy1&search=" YN -> network.proxy.autoconfig_url -> "http://localhost:9000/proxy.pac" < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YN -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [HKLM] -> [Funmoods Helper Object] YY -> {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} [HKLM] -> C:\Program Files (x86)\Bywifi\bywifiie.dll [bywifiBHO Class] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar YN -> "{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}" [HKLM] -> [Funmoods Toolbar] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\"{12FC3D37-2A42-4FE3-8489-81296878CBA5}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] YN -> WebBrowser\\"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] < 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "Deskmedia" -> ["C:\Positivo\Deskmedia\Downloader.exe"] YN -> "Deskmedia3" -> ["C:\Positivo\Deskmedia\GerenciadorLocal.exe"] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "Deskmedia" -> [C:\Positivo\Deskmedia\Downloader.exe] < RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce YN -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] < RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce YN -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] < RunOnce [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1020\] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce YN -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe] < Software Policy Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Policies\Microsoft\Internet Explorer YN -> \Control Panel\\"SecurityTab" -> [0] YN -> \Control Panel\\"History" -> [0] YN -> \Control Panel\\"DisableDeleteBrowsingHistory" -> [0] YN -> \Restrictions\\"NoBrowserOptions" -> [0] YN -> \Restrictions\\"NoBrowserContextMenu" -> [0] < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \\"NoActiveDesktop" -> [1] YN -> \\"NoActiveDesktopChanges" -> [1] YN -> \\"NoDriveTypeAutoRun" -> [60] < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System YN -> \\"ConsentPromptBehaviorUser" -> [3] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer YN -> \\"DisallowRun" -> [1] YN -> \\"NoNetworkConnections" -> [0] YN -> \\"NoAddPrinter" -> [0] YN -> \\"NoDeletePrinter" -> [0] YN -> \\"NoSetFolders" -> [0] YN -> \\"NoPropertiesMyComputer" -> [0] YN -> \\"NoControlPanel" -> [0] YN -> \\"NoViewContextMenu" -> [0] YN -> \\"NoTrayContextMenu" -> [0] YN -> \\"NoWinKeys" -> [0] YN -> \\"NoDriveTypeAutoRun" -> [145] YN -> \DisallowRun\\"cmd.exe" -> [] YN -> \DisallowRun\\"command.com" -> [] YN -> \DisallowRun\\"msconfig.exe" -> [] YN -> \DisallowRun\\"procexp.exe" -> [] YN -> \DisallowRun\\"kilbox.exe" -> [] YN -> \DisallowRun\\"procmgr.exe" -> [] YN -> \DisallowRun\\"systemexplorer.exe" -> [] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System YN -> \\"NoDispCPL" -> [0] < 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ YN -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:Exec [HKLM] -> Reg Error: Value error. [button: Enviar para o OneNote] YN -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: &Enviar para o OneNote] YN -> {4248FE82-7FCB-46AC-B270-339F08212110}:Exec [HKLM] -> Reg Error: Value error. [button: &Teclado Virtual] YN -> {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:Exec [HKLM] -> Reg Error: Value error. [button: &Anotações Vinculadas do OneNote] YN -> {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: &Anotações Vinculadas do OneNote] YN -> {CCF151D8-D089-449F-A5A4-D9909053F20F}:Exec [HKLM] -> Reg Error: Value error. [button: Veri&ficação de URLs] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}:Exec [HKLM] -> [button: Bywifi: Vídeo Downloader] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}:Exec [HKLM] -> [Menu: Bywifi: Vídeo Downloader] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Internet Explorer\Extensions\ YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Exec" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Exec" [HKLM] -> [Reg Error: Key error.] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Icon" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Icon" [HKLM] -> [Reg Error: Key error.] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"MenuText" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"MenuText" [HKLM] -> [Reg Error: Key error.] YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ToolTip" [HKLM] -> [Reg Error: Key error.] YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ToolTip" [HKLM] -> [Reg Error: Key error.] < 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] [Files/Folders - Created Within 30 Days] NY -> Trymedia -> C:\ProgramData\Trymedia NY -> PSafe -> C:\Users\PAULOROBERTO\PSafe NY -> 6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp NY -> 6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp NY -> 1 C:\*.tmp files -> C:\*.tmp [Files/Folders - Modified Within 30 Days] NY -> funmoods-speeddial.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx NY -> funmoods.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx NY -> 6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp NY -> 6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp NY -> 2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp NY -> 1 C:\*.tmp files -> C:\*.tmp [Files - No Company Name] NY -> funmoods-speeddial.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx NY -> funmoods.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx NY -> proxyvampire.ini -> C:\Users\PAULOROBERTO\AppData\Roaming\proxyvampire.ini NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\PAULOROBERTO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [File - Lop Check] NY -> MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job -> C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job [Alternate Data Streams] NY -> @Alternate Data Stream - 212 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst [Custom Items] :reg [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "Deskmedia" =- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Deskmedia"=- :end [CreateRestorePoint] |- Cole estas informações que estão no Code,para o campo: "Paste Fix Here" |- Clique em Run Fix -> Aguarde! |- Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 15, 2012 boa noite, Dijram segue relatório http://myfile.tk/3/09142012_234946.log Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 15, 2012 boa noite, Dijram segue relatório http://myfile.tk/3/09142012_234946.log Bom Dia! prrsilva |- Execute,novamente,ZHPDiag_silent. |- Poste o link ao relatório! Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 15, 2012 boa tarde, Dijram segue relatórios http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120915_d5j6u9o7x9 http://myfile.tk/3/563ZHPDiag.txt Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 16, 2012 Boa Noite! prrsilva |- Feche programas/pastas que estejam abertos. |- Feche,também,o navegador! |- Para Windows Vista,desabilite a UAC. |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador. |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas". O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\zsnesw - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Downloads\zsnesw.exe (.not file.)O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} => Infection PUP (Adware.IMBooster) O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Histórico O43 - CFD: 15/09/2012 - 14:12:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{27DCEF58-B909-48C2-8F23-74235E42851E} O53 - SMSR:HKLM\...\startupreg\CCLite [Key] . (.ms - No comment.) -- C:\Windows\system32\Event Agent\ea.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\SnowWallpaper [Key] . (...) -- C:\Program Files (x86)\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon) O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster) O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster) [HKCU\Software\Tutorials] => Toolbar.Agent [HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj) [HKLM\Software\Trymedia Systems] => Infection BT (Adware.Trymedia) [HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection BT (Adware.Agent) [HKLM\Software\WOW6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Toolbar.Babylon) [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Toolbar.Babylon) [HKLM\Software\WOW6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection BT (Toolbar.Babylon) [HKLM\Software\WOW6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection BT (Toolbar.Babylon) [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection BT (Toolbar.Babylon) [HKLM\Software\WOW6432Node\Trymedia Systems] => Infection BT (Adware.Trymedia) hostfix proxyfix emptytemp emptyflash firewallraz |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C" |- Minimize o Bloco de Notas. |- Clique no menu,"Paste ClipBoard". |- Clique em "GO" -> Oui. |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
prrsilva 0 Denunciar post Postado Setembro 16, 2012 boa noite, Dijram segue relatório Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012 Fichier d'export Registre : Run by PAULOROBERTO at 16/09/2012 00:37:20 Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Software ========== NOT FOUND Software Key: {A6E71E28-43CB-423E-B415-B7C00D77902E} ========== Registry Key ========== DELETED Key: StartupReg: CCLite DELETED Key: StartupReg: SnowWallpaper DELETED Key: StartupReg: BabylonToolbar DELETED Key: StartupReg: Iminent DELETED Key: StartupReg: IminentMessenger DELETED Key*: HKCU\Software\Tutorials NOT FOUND Key: HKLM\Software\360Safe NOT FOUND Key: HKLM\Software\Trymedia Systems DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} DELETED Key*: HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} DELETED Key*: HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} DELETED Key*: HKLM\Software\WOW6432Node\Trymedia Systems ========== Registry Value ========== ProxyFix : Proxy killed successfully DELETED ProxyServer Value DELETED ProxyEnable Value DELETED EnableHttp1_1 Value DELETED ProxyHttp1.1 Value DELETED ProxyOverride Value No Value in Standard Profile Register Key FirewallRaz : No Value in Domain Profile Register Key FirewallRaz : ========== Repertory ========== NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Histórico DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{27DCEF58-B909-48C2-8F23-74235E42851E} DELETED Window Temporary: DELETED Flash Cookies: ========== File ========== DELETED File: c:\users\pauloroberto\appdata\roaming\microsoft\internet explorer\quick launch\zsnesw - atalho.lnk NOT FOUND File: c:\users\pauloroberto\downloads\zsnesw.exe NOT FOUND File: c:\windows\system32\event agent\ea.exe NOT FOUND File: c:\program files (x86)\artdocks software\animated snow desktop wallpaper\snowwallpaper.exe DELETED Window Temporary: DELETED Flash Cookies: ========== Summary ========== 15 : Registry Key 8 : Registry Value 5 : Repertory 6 : File 1 : Software End of clean in 00mn 03s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 16/09/2012 00:37:20 [2615] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 16, 2012 Bom Dia! prrsilva |- Abra a OTS -> Clique em CleanUp. <- Confirme! |- Ps: O computador irá reiniciar! |- Nada mais à realizar! |- Seus logs estão limpos! |- Tudo Ok? Abs! Compartilhar este post Link para o post Compartilhar em outros sites
