Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

prrsilva

[Resolvido] &nbspie 9 abre aba por conta propria

Recommended Posts

olá, pessoal gostaria se possivel analizassem o log. do hijackthis pois acho que estou com algum tipo de virus ou spyware pois o meu ie 9 do nada abre uma aba com propaganda e qdo fecho o mesmo ele reinicia e fica conectado novamente.Segue abaixo o log.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:53:19, on 07/09/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

 

Running processes:

C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe

C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\HIJAKTHIS\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\PAULOROBERTO\AppData\Roaming\Complitly\AutocompletePro.dll

O2 - BHO: IncrediMail MediaBar Portugues 2 - {140afdc9-061f-4b86-8c58-42994309768f} - C:\Program Files (x86)\IncrediMail_MediaBar_Portugues_2\prxtbIncr.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: IncrediMail MediaBar Portugues 2 Toolbar - {140afdc9-061f-4b86-8c58-42994309768f} - C:\Program Files (x86)\IncrediMail_MediaBar_Portugues_2\prxtbIncr.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

O4 - HKLM\..\Run: [OiVelox] C:\Program Files (x86)\Oi\Programmer\OiVeloxCheck.exe

O4 - HKLM\..\Run: [CCLite] C:\Windows\system32\Event Agent\ea.exe

O4 - HKLM\..\RunOnce: [updateTutoriaisSlimbaHP.exe] C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe -runonce

O4 - HKCU\..\Run: [Office2010Tips_Notifier] C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-2415253309-3379223506-2882669795-1020\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2415253309-3379223506-2882669795-1020\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: limpartemporarios.bat

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)

O9 - Extra 'Tools' menuitem: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: Event Agent - CustomEvents.dll (file missing)

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: System Event Agent - Unknown owner - C:\Windows\system32\Event Agent\bin\spoolsv .exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 14220 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! prrsilva

 

|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".

 

AdwCleaner_Delete.jpg

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

 

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

 

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Caso utilize o Avast,estabeleça esta configuração à SandBox.

|- Para Windows Vista ou 7,clique direito e execute o arquivo como administrador.

|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

 

ZHPDiag_4cones.jpg

 

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

|- Poste e/ou cole aqui,o link que foi gerado!

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

olá, Digram segue relatório AdwCleaner.

 

# AdwCleaner v2.000 - Logfile created 09/08/2012 at 16:44:48

# Updated 30/08/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : PAULOROBERTO - PAULOROBERTO

# Boot Mode : Normal

# Running from : C:\Users\PAULOROBERTO\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

Stopped & Deleted : Web Assistant Updater

 

***** [Files / Folders] *****

 

File Deleted : C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\searchplugins\Conduit.xml

File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

Folder Deleted : C:\Program Files (x86)\Complitly

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\ConduitEngine

Folder Deleted : C:\Program Files (x86)\Iminent

Folder Deleted : C:\Program Files (x86)\IncrediMail_MediaBar_Portugues_2

Folder Deleted : C:\Program Files\Web Assistant

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Iminent

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Users\PAULOROBERTO\AppData\Local\Babylon

Folder Deleted : C:\Users\PAULOROBERTO\AppData\Local\Conduit

Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\ConduitEngine

Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\IncrediMail_MediaBar_2

Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\IncrediMail_MediaBar_Portugues_2

Folder Deleted : C:\Users\PAULOROBERTO\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Babylon

Folder Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Complitly

Folder Deleted : C:\Users\PAULOROBERTO\AppData\Roaming\Iminent

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine

Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2

Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Portugues_2

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\Iminent

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{140AFDC9-061F-4B86-8C58-42994309768F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{140AFDC9-061F-4B86-8C58-42994309768F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Iminent

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri

Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler

Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2727622

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\conduitEngine

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\Software\ImInstaller

Key Deleted : HKLM\Software\IncrediMail_MediaBar_Portugues_2

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{146122B3-5C62-4808-98F1-4FE63A58576D}

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{140AFDC9-061F-4B86-8C58-42994309768F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{146122B3-5C62-4808-98F1-4FE63A58576D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E4051AC-F22A-47B8-A537-5B948A6B9245}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE031F62-BB72-4654-89B3-534ABDE39EF2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C993F299-4A81-4CC0-BA57-AE485E42AD0F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{140AFDC9-061F-4B86-8C58-42994309768F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{140AFDC9-061F-4B86-8C58-42994309768F}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{140AFDC9-061F-4B86-8C58-42994309768F}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-21-2415253309-3379223506-2882669795-1020\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

 

-\\ Mozilla Firefox v15.0.1 (pt-BR)

 

Profile name : default

File : C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\prefs.js

 

C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\user.js ... Deleted !

 

Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 28);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");

Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "D52E08589301B1160FDC6D103AA38AE3");

Deleted : user_pref("extensions.BabylonToolbar.id", "c7af23e47989435eb6eff07e2af03489");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15154");

Deleted : user_pref("extensions.BabylonToolbar.lastActv", "28");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 28);

Deleted : user_pref("extensions.BabylonToolbar.sid", "c7af23e47989435eb6eff07e2af03489");

Deleted : user_pref("extensions.facemoods.aflt", "_#gppc");

Deleted : user_pref("extensions.facemoods.firstRun", false);

Deleted : user_pref("extensions.facemoods.lastActv", "26");

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

 

*************************

 

AdwCleaner[s1].txt - [29688 octets] - [08/09/2012 16:44:48]

 

########## EOF - C:\AdwCleaner[s1].txt - [29749 octets] ##########

 

olá, segue link ZHPDIAG

 

http://pjjoint.malekal.com/files.php?read=ZHPDiag_20120908_t8o7s9k11c11

 

Segue Relatório

 

Rapport de ZHPDiag v1.31.105 par Nicolas Coolman, Update du 25/06/2012

Run by PAULOROBERTO at 08/09/2012 17:01:53

Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Web site : http://nicolascoolman.skyrock.com/

State :

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

MFIE: Mozilla Firefox 15.0.1 v15.0.1

 

---\\ Windows Product Information

~ Langage: Anglais

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

Software Protection Service (Protection logicielle) : OK

Key Management Service client information : KO

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Information

~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 4095 MB (65% free)

System Restore: Activé (Enable)

System drive C: has 206 GB (64%) free of 323 GB

 

---\\ Logged in mode

~ Computer Name: PAULOROBERTO

~ User Name: PAULOROBERTO

~ All Users Names: UpdatusUser, PAULOROBERTO, HomeGroupUser$, Convidado, Administrador,

~ Unselected Option: O45,O61,O62,O65,O82

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\PAULOROBERTO\AppData\Roaming\

~ %Desktop% : C:\Users\PAULOROBERTO\Desktop\

~ %Favorites% : C:\Users\PAULOROBERTO\Favorites\

~ %LocalAppData% : C:\Users\PAULOROBERTO\AppData\Local\

~ %StartMenu% : C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 206 Go of 323 Go)

E:\ CD-ROM drive (Not Inserted)

F:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Search Generic System Files

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.8EA68FD3780DDDD5072F8CB830B3CB3D] - (.Microsoft Corporation - Internet Extensions para Win32.) (.05/09/2012 - 15:07:57.) -- C:\Windows\System32\wininet.dll [1392128]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 05:25:32.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 05:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 01:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 01:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 02:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 01:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.11/03/2011 - 03:41:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1659776]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 02:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 03:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 01:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 05:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Hidden files state (Hidden/Total)

~ Mes images (My Pictures) : 2/1464

~ Mes musiques (My Musics) : 40/1355

~ Mes Videos (My Videos) : 2/150

~ Mes Favoris (My Favorites) : 1/38

~ Mes Documents (My Documents) : 2/676

~ Mon Bureau (My Desktop) : 1/19

~ Menu demarrer (Programs) : 1/61

~ Scan Hidden Files in 00mn 07s

 

 

 

---\\ Running Processes

[MD5.C5D8219BD558A153371E1931134B94A7] - (.pctuto - updatepctutoHP.) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe [691048] [PID.3288]

[MD5.618AAD350B96592F453DEA37B8794352] - (.Microsoft - Notifier.) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe [28672] [PID.3616]

[MD5.F26AB739E1554156BC4040009ECE24B3] - (.IDEVFH - Memory Fox Version Beta 7.4.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [647168] [PID.44

[MD5.9C376F42BDE37F18D0A39AF7415D9BE6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917984] [PID.5028]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] - (...) -- C:\Users\PAULOROBERTO\Desktop\ZHPDiag_silent.exe [794216] [PID.4024]

[MD5.BE955BAB4EFC2A28BE2692D102FFC85A] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3838464] [PID.2568]

[MD5.C354621B6B94E10AE7F5CDBE745FEB86] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272] [PID.]

[MD5.3F533397532AADF1E8C957BD4E18260F] - (.Unknown owner - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [211888] [PID.]

[MD5.C845BAD94BB9AB52806E1402FC04AD89] - (.UASSOFT.COM - Keyboard And Mouse Communication Service.) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [1821184] [PID.]

[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)

C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\prefs.js

M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\buscape.xml

M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mercadolivre.xml

M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\twitter.xml

M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-br.xml

M3 - MFPP: Plugins - [PAULOROBERTO] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-br.xml

P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\np-mswmp.dll

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll

P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.7.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Windows\system32\npDeployJava1.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (...) -- C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (.not file.)

P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.7.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.7.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

P2 - FPN: [HKLM] [@microsoft.com/GENUINE] - (.Microsoft Corporation - Windows Activation Technologies Plugin for Mozilla.) -- C:\Windows\system32\Wat\npWatWeb.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.10411.0.) -- c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll

P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

P2 - FPN: [HKCU] [@talk.google.com/GoogleTalkPlugin] - (.Google - Version 2.5.8.4958.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

P2 - FPN: [HKCU] [@talk.google.com/O3DPlugin] - (.Unknown owner - Google Talk Plugin Video Accelerator version:0.1.44.14.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

~ Scan Firefox Browser in 00mn 01s

 

 

 

---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Changed inifile Value, Mapped to Registry (F2)

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Hosts file redirection (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 42

 

 

 

---\\ Browser Helper Objects (O2)

O2 - BHO: HP Print Enhancer [64Bits] - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: IEVkbdBHO [64Bits] - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll

O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: BywifiBHO [64Bits] - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} . (.bywifi.com - Bywifi: Video Streaming Helper.) -- C:\Program Files (x86)\Bywifi\bywifiie.dll

O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (...) -- "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (.not file.)

O2 - BHO: Java Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho [64Bits] - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O2 - BHO: HP Smart BHO Class [64Bits] - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer toolbars (O3)

O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

~ Scan Toolbar in 00mn 00s

 

 

---\\ Auto loading programs from Registry and folders (O4)

O4 - HKCU\..\Run: [Office2010Tips_Notifier] . (.Microsoft - Notifier.) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe

O4 - HKLM\..\Wow6432Node\Run: [avp] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O4 - HKLM\..\Wow6432Node\Run: [OiVelox] . (...) -- C:\Program Files (x86)\Oi\Programmer\OiVeloxCheck.exe

O4 - HKLM\..\Wow6432Node\Run: [CCLite] C:\Windows\system32\Event Agent\ea.exe (.not file.)

O4 - HKLM\..\Wow6432Node\RunOnce: [updateTutoriaisSlimbaHP.exe] . (.pctuto - updatepctutoHP.) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-2415253309-3379223506-2882669795-1020-2415253309-3379223506-2882669795-1000\..\Run: [Office2010Tips_Notifier] . (.Microsoft - Notifier.) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Other User Links (O4)

O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Acelerador de Vídeo Bywifi.lnk . (.bywifi.com.) -- C:\Program Files (x86)\Bywifi\bywifi.exe

O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Bywifi FLV Merger.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe

O4 - Global Startup: C:\Users\UpdatusUser\Desktop\Transcodificador de Mídia Bywifi.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe

O4 - Global Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Acelerador de Vídeo Bywifi.lnk . (.bywifi.com.) -- C:\Program Files (x86)\Bywifi\bywifi.exe

O4 - Global Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Transcodificador de Mídia Bywifi.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\DVD Shrink 3.2.lnk . (.DVD Shrink.) -- C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\EVEREST Ultimate Edition.lnk . (.Lavalys, Inc..) -- C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\EVGA Precision X.lnk . (...) -- C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\FreeUndelete.lnk . (...) -- C:\Users\PAULOROBERTO\AppData\Local\Apps\OfficeRecovery\fru\fru.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\JoyToKey - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Documents\Downloads\jtk374en\JoyToKey.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\madotate.exe - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Documents\outros\madotate.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Microsoft Excel 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Microsoft PowerPoint 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\My Lockbox.lnk . (.FSPro Labs.) -- C:\Program Files\My Lockbox\mylbx.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\ZHPDiag.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiags.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\Desktop\ZHPFix.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\ZHPFix.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Acelerador de Vídeo Bywifi.lnk . (.bywifi.com.) -- C:\Program Files (x86)\Bywifi\bywifi.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 2010 Advanced.lnk . (...) -- C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2010 Advanced\burningstudio2010adv.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk . (.VSO Software SARL.) -- C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CorelDRAW X5.lnk . (.Acresso Software Inc..) -- c:\Windows\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Decrypter.lnk . (.LIGHTNING UK!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk . (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Transcodificador de Mídia Bywifi.lnk . (...) -- C:\Program Files (x86)\Bywifi\bywifidl.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Webcam Video Viewer.lnk . (.ArcSoft, Inc..) -- C:\Program Files (x86)\ArcSoft\Webcam Video Viewer\Webcam Video Viewer.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk . (.Microsoft Corporation.) -- C:\Windows\explorer.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\zsnesw - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Downloads\zsnesw.exe

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)

O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)

O9 - Extra button: &Enviar para o OneNote [64Bits] - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)

O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ Lop.com/Domain Hijackers (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpDomain = lan

O17 - HKLM\System\CCS\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpDomain = lan

O17 - HKLM\System\CS1\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpDomain = lan

O17 - HKLM\System\CS1\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpDomain = lan

O17 - HKLM\System\CS2\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpDomain = lan

O17 - HKLM\System\CS2\Services\Tcpip\..\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpDomain = lan

~ Scan Domain in 00mn 00s

 

 

 

---\\ Extra protocols (O18)

O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --

O18 - Handler: dvd [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --

O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: its [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: mhtml [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) --

O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (...) --

O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (...) --

O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ AppInit_DLLs Registry value Autorun (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\Windows\System32\klogon.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ ShellServiceObjectDelayLoad (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

 

 

 

---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: Gbp Service (GbpSv) . (.Unknown owner - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) . (.UASSOFT.COM - Keyboard And Mouse Communication Service.) - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe

O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) . (.Nitro PDF Software - Nitro PDF Spool Service.) - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 301.4.) - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: System Event Agent (System Event Agent) . (.Unknown owner - Event Agent Startup.) - C:\Windows\SysWOW64\Event Agent\bin\spoolsv .exe

O23 - Service: (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

~ Scan Services in 00mn 00s

 

 

 

---\\ Windows Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sasnative64) - File not found

~ Scan Keys in 00mn 00s

 

 

 

---\\ Task Planned Automatically(039)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AWC AutoSweep.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AWC Update.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\EXErrorsFix Schedule.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000UA.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000UA.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job

[MD5.B2B64AF436FACCFA854DD397027C5360] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[MD5.83605CA0BB3FCE6B45BE12148AD8B3C9] [APT] [AutoKMS] (.Microsoft.) -- C:\Windows\AutoKMS.exe

[MD5.00000000000000000000000000000000] [APT] [AWC AutoSweep] (...) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AutoSweep.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [AWC Update] (...) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe (.not file.)

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\Moo0\FileShredder 1.17\FileShredder.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{1E1958F2-72FA-4297-8943-F06E0AFA129E}] (...) -- C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{884A3003-179D-4C41-849F-4B5889A22200}] (...) -- C:\Users\PAULOROBERTO\Desktop\Johnny+Castaway+Vista.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{AAD3343B-61CF-410C-BBF1-1EF41EFA888A}] (...) -- F:\VisualizadorNFeCTe_v50e.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{C7279582-ED02-4131-9AA6-19E554EE7756}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{D2865EF1-7A6C-41EB-B50A-4F0F61F98F7C}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{D85C16D1-2301-4ED8-AEE0-2F203D40C854}] (...) -- C:\Users\PAULOROBERTO\Desktop\ReceitanetJava2010.02d_setup_win32.exe (.not file.)

[MD5.561E0C22ADDBB4714F473781168EA9CE] [APT] [{D9FDE37E-3E92-4A18-8147-885880EF567A}] (.Hewlett-Packard.) -- C:\Program Files (x86)\HP\Digital Imaging\{86732AE7-CB91-4f15-B091-FBA3D3926CD6}\HPZstub.exe

~ Scan Scheduled Task in 00mn 04s

 

 

 

---\\ ActiveSetup Installed Components (O40)

O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Identidade visual IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Java (Sun) [64Bits] - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (...) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API de tema do Windows.) -- C:\Windows\System32\themeui.dll

O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe

O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\Windows\System32\msieftp.dll

O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Recursos do Windows Media Player.) -- C:\Windows\System32\wmploc.dll

O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\Windows\System32\shell32.dll

O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitário de Inicialização por Usuário do Internet Explorer.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

~ Scan Active Setup in 00mn 00s

 

 

 

---\\ Drivers launched at startup (O41)

O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\System32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys

O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows x64 I/O driver.) - C:\Windows\System32\Drivers\ElbyCDIO.sys

O41 - Driver: (kl2) . (.Kaspersky Lab ZAO - Kaspersky Unified Driver.) - C:\Windows\System32\DRIVERS\kl2.sys

O41 - Driver: (KLIF) . (.Kaspersky Lab - Klif Mini-Filter [fre_wlh_AMD64].) - C:\Windows\System32\DRIVERS\klif.sys

O41 - Driver: (KLIM6) . (.Kaspersky Lab ZAO - Kaspersky Lab Intermediate Network Driver.) - C:\Windows\System32\DRIVERS\klim6.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Agendador de pacotes de serviço.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Driver do Subsistema de Buffer da Unidade R.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\Windows\System32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys

O41 - Driver: (truecrypt) . (.TrueCrypt Foundation - TrueCrypt Driver.) - C:\Windows\System32\drivers\truecrypt.sys

O41 - Driver: (TrustedInstaller) . (.TrueCrypt Foundation - TrueCrypt Driver.) - C:\Windows\System32\drivers\truecrypt.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Software installed (O42)

O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Shockwave Player 11.6 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Bywifi 2.8.1 - (.bywifi.com.) [HKLM] -- Bywifi

O42 - Logiciel: EVGA Precision X 3.0.3 - (.EVGA Corporation.) [HKLM] -- PrecisionX

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {A6E71E28-43CB-423E-B415-B7C00D77902E}

O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM] -- {32603085-C839-4226-A1FD-BF8FAE0185CB}

O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM] -- IncrediMail

O42 - Logiciel: Malwarebytes Anti-Malware versão 1.62.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}

O42 - Logiciel: Messenger Companion - (.Microsoft Corporation.) [HKLM] -- {3889988F-762B-4B85-AB17-71C9CC3AE445}

O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM] -- {91140000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

O42 - Logiciel: Mozilla Firefox 15.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 15.0.1 (x86 pt-BR)

O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService

O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo

O42 - Logiciel: Office 2010 Screensaver - (.Microsoft Corporation.) [HKLM] -- {43492EDB-25B6-4788-B0CD-89627419DBDB}

O42 - Logiciel: Oi Velox - (.LightComm Tecnologia.) [HKLM] -- programmeroi_is1

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2487367) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351

O42 - Logiciel: Skype™ 5.10 - (.Skype Technologies S.A..) [HKLM] -- {EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

O42 - Logiciel: Tuto_4pc - (.Tuto_4pc.) [HKLM] -- Tuto_4pc_is1

O42 - Logiciel: Twin USB Vibration Gamepad - (.Unknown owner.) [HKLM] -- {BA12FD6D-169A-11D7-A6A9-00C026281E5A}

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217

O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871

O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523

O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {43B43577-2514-4CE0-B14A-7E85C17C0453}

O42 - Logiciel: Windows Live Galeria de Fotos - (.Microsoft Corporation.) [HKLM] -- {F7A46527-DF1F-4B0F-9637-98547E189442}

O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9D56775A-93F3-44A3-8092-840E3826DE30}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {9DA3F03B-2CEE-4344-838E-117861E61FAF}

O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {644063FA-ABA3-42AC-A8AC-3EDC0706018B}

O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {C9E1343D-E21E-4508-A1BE-04A089EC137D}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11}

O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {92EA4134-10D1-418A-91E1-5A0453131A38}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}

O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {B33B61FE-701F-425F-98AB-2B85725CBF68}

O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}

O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}

O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {DF71ABBB-B834-41C0-BB58-80B0545D754C}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {B3BE54A4-8DFE-4593-8E66-56AB7133B812}

O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AppDataLow\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Macromedia]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software\Softonic_Brasil]

[HKCU\Software\AppDataLow\Software\ThinPrint]

[HKCU\Software\AppDataLow\Software]

[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]

[HKLM\Software\AGEIA Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\AdwCleaner]

[HKLM\Software\AppDataLow]

[HKLM\Software\ArcSoft]

[HKLM\Software\Ashampoo]

[HKLM\Software\BVRP Software]

[HKLM\Software\Bitstream]

[HKLM\Software\Bunndle]

[HKLM\Software\CAPCOM]

[HKLM\Software\CBS Interactive]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Codec Tweak Tool]

[HKLM\Software\Compelson]

[HKLM\Software\Connectix]

[HKLM\Software\Corel]

[HKLM\Software\DT Soft]

[HKLM\Software\EVGA]

[HKLM\Software\Elaborate Bytes]

[HKLM\Software\Eset]

[HKLM\Software\FSPro Labs]

[HKLM\Software\GNU]

[HKLM\Software\Gabest]

[HKLM\Software\GameVicio]

[HKLM\Software\Google]

[HKLM\Software\HDTune]

[HKLM\Software\HP]

[HKLM\Software\HaaliMkx]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\I.R.I.S.]

[HKLM\Software\ICE]

[HKLM\Software\IObit]

[HKLM\Software\ImgBurn]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\InterVideo]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\KLCodecPack]

[HKLM\Software\KWorld MultiMedia]

[HKLM\Software\KasperskyLab]

[HKLM\Software\Khronos]

[HKLM\Software\Licenses]

[HKLM\Software\Loader]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\McAfee.com]

[HKLM\Software\MimarSinan]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Mpath]

[HKLM\Software\NVIDIA Corporation]

[HKLM\Software\Netscape]

[HKLM\Software\Nitro PDF]

[HKLM\Software\ODBC]

[HKLM\Software\Philips]

[HKLM\Software\Photo Notifier and Animation Creator]

[HKLM\Software\Policies]

[HKLM\Software\Protexis]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\RssScreenSaver]

[HKLM\Software\Safer Networking Limited]

[HKLM\Software\Skype]

[HKLM\Software\Symantec]

[HKLM\Software\ThinPrint]

[HKLM\Software\TrendMicro]

[HKLM\Software\Trymedia Systems]

[HKLM\Software\Tuto_4pc]

[HKLM\Software\USB2800]

[HKLM\Software\Uniblue]

[HKLM\Software\VDownloader]

[HKLM\Software\VMware, Inc.]

[HKLM\Software\VSO]

[HKLM\Software\Volatile]

[HKLM\Software\WinPcap]

[HKLM\Software\Windows]

[HKLM\Software\Zemana]

[HKLM\Software\mozilla.org]

[HKLM\Software\p2plog]

[HKLM\Software\uebbi.com]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contents of the Common Files folders (O43)

O43 - CFD: 28/08/2011 - 21:23:55 - [7,408] ----D C:\Program Files (x86)\ArcSoft

O43 - CFD: 01/01/2011 - 18:50:09 - [77,973] ----D C:\Program Files (x86)\Ashampoo

O43 - CFD: 26/06/2011 - 18:04:07 - [2,746] ----D C:\Program Files (x86)\Avanquest update

O43 - CFD: 05/01/2011 - 22:21:03 - [5,228] ----D C:\Program Files (x86)\AvRack

O43 - CFD: 01/05/2012 - 13:19:33 - [0] ----D C:\Program Files (x86)\BlueStacks

O43 - CFD: 03/07/2012 - 19:46:41 - [20,628] ----D C:\Program Files (x86)\Bywifi

O43 - CFD: 28/08/2011 - 21:28:50 - [0,657] ----D C:\Program Files (x86)\C3 Tech Multimedia

O43 - CFD: 11/12/2011 - 12:14:48 - [533,222] ----D C:\Program Files (x86)\CAPCOM

O43 - CFD: 03/08/2012 - 22:30:45 - [9,924] ----D C:\Program Files (x86)\CCleaner

O43 - CFD: 24/08/2012 - 19:29:59 - [472,998] ----D C:\Program Files (x86)\Common Files

O43 - CFD: 29/05/2012 - 22:04:03 - [0] ----D C:\Program Files (x86)\CommViewWiFi

O43 - CFD: 19/03/2011 - 19:16:20 - [1201,746] ----D C:\Program Files (x86)\Corel

O43 - CFD: 31/07/2012 - 00:18:22 - [2,556] ----D C:\Program Files (x86)\DOOM 3

O43 - CFD: 01/01/2011 - 23:12:23 - [0,484] ----D C:\Program Files (x86)\Driver Checker

O43 - CFD: 11/08/2011 - 21:27:01 - [0,902] ----D C:\Program Files (x86)\DVD Decrypter

O43 - CFD: 08/12/2010 - 21:17:56 - [0,926] ----D C:\Program Files (x86)\DVD Shrink

O43 - CFD: 26/11/2010 - 23:34:29 - [2,038] ----D C:\Program Files (x86)\Elaborate Bytes

O43 - CFD: 01/04/2011 - 22:44:02 - [111,381] ----D C:\Program Files (x86)\ESET

O43 - CFD: 03/06/2012 - 12:04:57 - [29,602] ----D C:\Program Files (x86)\EVGA Precision

O43 - CFD: 04/09/2012 - 19:50:58 - [29,271] ----D C:\Program Files (x86)\EVGA Precision X

O43 - CFD: 02/09/2012 - 14:22:14 - [0,000] ----D C:\Program Files (x86)\EXErrorsFix

O43 - CFD: 26/04/2011 - 22:18:42 - [2,390] ----D C:\Program Files (x86)\FileSaver

O43 - CFD: 11/09/2011 - 21:39:20 - [0,202] ----D C:\Program Files (x86)\GameVicio

O43 - CFD: 21/07/2012 - 15:00:55 - [2,277] ----D C:\Program Files (x86)\GbPlugin

O43 - CFD: 05/10/2011 - 21:53:56 - [21,932] ----D C:\Program Files (x86)\Google

O43 - CFD: 23/11/2010 - 23:41:53 - [0] ----D C:\Program Files (x86)\Hewlett-Packard

O43 - CFD: 23/04/2011 - 18:36:26 - [0] ----D C:\Program Files (x86)\hkSFV

O43 - CFD: 04/02/2012 - 11:03:55 - [248,337] ----D C:\Program Files (x86)\HP

O43 - CFD: 16/10/2011 - 12:58:35 - [3,102] ----D C:\Program Files (x86)\ImgBurn

O43 - CFD: 25/11/2010 - 20:54:29 - [26,494] ----D C:\Program Files (x86)\IncrediMail

O43 - CFD: 12/06/2011 - 12:28:39 - [1,461] --H-D C:\Program Files (x86)\InstallJammer Registry

O43 - CFD: 30/07/2012 - 23:39:03 - [127,953] --H-D C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 08/03/2011 - 16:14:12 - [0,091] ----D C:\Program Files (x86)\Intel

O43 - CFD: 05/09/2012 - 20:40:34 - [12,343] ----D C:\Program Files (x86)\Internet Explorer

O43 - CFD: 26/01/2011 - 23:20:24 - [1,920] ----D C:\Program Files (x86)\IObit

O43 - CFD: 11/04/2011 - 09:48:36 - [84,269] ----D C:\Program Files (x86)\Java

O43 - CFD: 20/03/2011 - 22:21:48 - [47,172] ----D C:\Program Files (x86)\K-Lite Codec Pack

O43 - CFD: 31/12/2011 - 00:15:11 - [131,537] ----D C:\Program Files (x86)\Kaspersky Lab

O43 - CFD: 08/03/2011 - 15:16:57 - [6,172] ----D C:\Program Files (x86)\Keyboard Driver

O43 - CFD: 14/04/2011 - 22:49:19 - [15,944] ----D C:\Program Files (x86)\Lavalys

O43 - CFD: 07/09/2012 - 15:41:12 - [11,719] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 08/03/2011 - 16:42:59 - [19,687] ----D C:\Program Files (x86)\Microsoft

O43 - CFD: 20/12/2010 - 22:07:35 - [37,956] ----D C:\Program Files (x86)\Microsoft Analysis Services

O43 - CFD: 20/12/2010 - 22:12:03 - [820,372] ----D C:\Program Files (x86)\Microsoft Office

O43 - CFD: 17/03/2011 - 18:42:42 - [0,183] ----D C:\Program Files (x86)\Microsoft SDKs

O43 - CFD: 09/05/2012 - 00:25:40 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 20/12/2010 - 22:12:01 - [3,467] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD: 20/12/2010 - 22:12:01 - [0,757] ----D C:\Program Files (x86)\Microsoft Sync Framework

O43 - CFD: 20/12/2010 - 22:12:54 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services

O43 - CFD: 20/12/2010 - 22:09:24 - [1,200] ----D C:\Program Files (x86)\Microsoft Visual Studio 8

O43 - CFD: 17/03/2011 - 18:43:10 - [66,765] ----D C:\Program Files (x86)\Microsoft Visual Studio 9.0

O43 - CFD: 14/01/2011 - 01:08:35 - [7,824] ----D C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 03/11/2011 - 22:42:09 - [0,021] ----D C:\Program Files (x86)\MOBILedit!

O43 - CFD: 09/05/2012 - 00:06:19 - [0] ----D C:\Program Files (x86)\Moo0

O43 - CFD: 19/08/2011 - 15:58:32 - [0] ----D C:\Program Files (x86)\Moozy

O43 - CFD: 23/11/2010 - 21:53:17 - [6,172] ----D C:\Program Files (x86)\Mouse Driver

O43 - CFD: 08/09/2012 - 16:41:19 - [39,210] ----D C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 08/09/2012 - 16:46:33 - [0,211] ----D C:\Program Files (x86)\Mozilla Maintenance Service

O43 - CFD: 20/12/2010 - 22:13:41 - [0,025] ----D C:\Program Files (x86)\MSBuild

O43 - CFD: 26/11/2010 - 00:13:43 - [0] ----D C:\Program Files (x86)\MSXML 4.0

O43 - CFD: 22/07/2012 - 10:38:00 - [0,000] ----D C:\Program Files (x86)\MyRouter

O43 - CFD: 14/07/2012 - 20:22:05 - [73,798] ----D C:\Program Files (x86)\Nitro PDF

O43 - CFD: 04/09/2011 - 17:20:39 - [0] ----D C:\Program Files (x86)\Nobilis

O43 - CFD: 25/05/2012 - 20:06:01 - [121,455] ----D C:\Program Files (x86)\NVIDIA Corporation

O43 - CFD: 25/05/2012 - 00:09:16 - [6,211] ----D C:\Program Files (x86)\Oi

O43 - CFD: 09/07/2011 - 18:27:38 - [0,000] ----D C:\Program Files (x86)\Opera

O43 - CFD: 29/09/2011 - 23:15:05 - [15,027] ----D C:\Program Files (x86)\PCSX2 0.9.8

O43 - CFD: 28/11/2010 - 23:45:36 - [18,054] ----D C:\Program Files (x86)\Philips

O43 - CFD: 26/05/2012 - 19:10:22 - [2,630] ----D C:\Program Files (x86)\Photo Notifier and Animation Creator

O43 - CFD: 09/07/2011 - 18:19:16 - [0,006] ----D C:\Program Files (x86)\PowerDataRecovery

O43 - CFD: 12/06/2011 - 12:31:59 - [0] ----D C:\Program Files (x86)\Programas RFB

O43 - CFD: 14/04/2011 - 12:25:26 - [5,588] ----D C:\Program Files (x86)\Realtek

O43 - CFD: 05/01/2011 - 22:20:58 - [40,006] ----D C:\Program Files (x86)\Realtek AC97

O43 - CFD: 05/01/2011 - 22:21:03 - [0] ----D C:\Program Files (x86)\Realtek Sound Manager

O43 - CFD: 14/07/2009 - 02:32:38 - [106,401] ----D C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 01/01/2011 - 23:35:09 - [0] ----D C:\Program Files (x86)\Searchster.Net

O43 - CFD: 24/08/2012 - 19:30:01 - [16,855] R---D C:\Program Files (x86)\Skype

O43 - CFD: 01/01/2011 - 22:54:37 - [0] ----D C:\Program Files (x86)\SM

O43 - CFD: 10/07/2011 - 18:06:50 - [0] ----D C:\Program Files (x86)\Sony Ericsson

O43 - CFD: 08/03/2011 - 16:07:27 - [0] --H-D C:\Program Files (x86)\Temp

O43 - CFD: 01/05/2012 - 12:54:16 - [0,602] ----D C:\Program Files (x86)\Trine

O43 - CFD: 02/09/2012 - 12:03:19 - [4,236] ----D C:\Program Files (x86)\Tuto_4pc

O43 - CFD: 13/07/2012 - 23:09:12 - [0,141] ----D C:\Program Files (x86)\Twin USB Vibration Gamepad

O43 - CFD: 20/05/2011 - 23:15:31 - [0] ----D C:\Program Files (x86)\UEBBI.com

O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information

O43 - CFD: 29/04/2012 - 22:45:57 - [0,839] ----D C:\Program Files (x86)\uTorrent

O43 - CFD: 20/06/2011 - 00:20:08 - [0,013] ----D C:\Program Files (x86)\VDownloader

O43 - CFD: 26/11/2010 - 23:30:30 - [2,432] ----D C:\Program Files (x86)\Visual Clipboard

O43 - CFD: 02/01/2012 - 21:08:53 - [12,352] ----D C:\Program Files (x86)\VMware

O43 - CFD: 29/12/2010 - 23:07:46 - [64,974] ----D C:\Program Files (x86)\VSO

O43 - CFD: 20/03/2011 - 21:37:53 - [0] ----D C:\Program Files (x86)\Win7codecs

O43 - CFD: 01/09/2012 - 03:28:05 - [2,016] ----D C:\Program Files (x86)\Windows Defender

O43 - CFD: 23/06/2012 - 11:48:39 - [176,175] ----D C:\Program Files (x86)\Windows Live

O43 - CFD: 01/09/2012 - 03:28:07 - [23,116] ----D C:\Program Files (x86)\Windows Mail

O43 - CFD: 01/09/2012 - 03:28:07 - [7,741] ----D C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 02:32:38 - [16,805] ----D C:\Program Files (x86)\Windows NT

O43 - CFD: 01/09/2012 - 03:28:07 - [6,047] ----D C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 25/02/2011 - 23:47:39 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 01/09/2012 - 03:28:08 - [35,948] ----D C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 20/05/2011 - 22:58:19 - [0] ----D C:\Program Files (x86)\Yitsoft Software

O43 - CFD: 08/09/2012 - 17:02:34 - [13,194] ----D C:\Program Files (x86)\ZHPDiag

O43 - CFD: 28/08/2011 - 21:23:54 - [22,639] ----D C:\Program Files (x86)\Common Files\ArcSoft

O43 - CFD: 11/06/2011 - 11:50:21 - [2,967] ----D C:\Program Files (x86)\Common Files\Corel

O43 - CFD: 20/12/2010 - 22:12:51 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 23/11/2010 - 23:41:48 - [0,448] ----D C:\Program Files (x86)\Common Files\Hewlett-Packard

O43 - CFD: 23/11/2010 - 23:42:00 - [5,425] ----D C:\Program Files (x86)\Common Files\HP

O43 - CFD: 07/01/2012 - 01:50:18 - [10,228] ----D C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 11/04/2011 - 09:49:11 - [1,189] ----D C:\Program Files (x86)\Common Files\Java

O43 - CFD: 19/11/2011 - 20:09:17 - [298,072] ----D C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 14/07/2012 - 20:22:05 - [15,292] ----D C:\Program Files (x86)\Common Files\Nitro PDF

O43 - CFD: 19/03/2011 - 19:19:04 - [1,620] ----D C:\Program Files (x86)\Common Files\Protexis

O43 - CFD: 14/07/2009 - 00:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services

O43 - CFD: 24/08/2012 - 19:29:59 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype

O43 - CFD: 14/07/2009 - 00:20:08 - [87,659] ----D C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 01/09/2012 - 03:28:05 - [25,305] ----D C:\Program Files (x86)\Common Files\System

O43 - CFD: 24/11/2010 - 22:32:42 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live

O43 - CFD: 08/09/2012 - 08:57:20 - [0] ----D C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Application Data

O43 - CFD: 24/06/2011 - 12:07:38 - [0,010] ----D C:\ProgramData\ArcSoft

O43 - CFD: 31/12/2010 - 19:38:57 - [0,343] ----D C:\ProgramData\ashampoo

O43 - CFD: 26/06/2011 - 18:04:06 - [0] ----D C:\ProgramData\Avanquest

O43 - CFD: 23/12/2011 - 21:31:36 - [0,152] ----D C:\ProgramData\Avira

O43 - CFD: 26/06/2011 - 18:03:03 - [0] ----D C:\ProgramData\BVRP Software

O43 - CFD: 01/05/2011 - 17:08:43 - [274,589] ----D C:\ProgramData\Corel

O43 - CFD: 11/06/2011 - 11:58:23 - [0] ----D C:\ProgramData\CorelDRAW Graphics Suite X5

O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Dados de aplicativos

O43 - CFD: 21/08/2011 - 16:12:08 - [0,001] ----D C:\ProgramData\DAEMON Tools Lite

O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Desktop

O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Documentos

O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Documents

O43 - CFD: 24/05/2011 - 21:54:08 - [10,702] ----D C:\ProgramData\Downloaded Installations

O43 - CFD: 05/08/2012 - 20:55:15 - [0,036] ----D C:\ProgramData\DVD Shrink

O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Favorites

O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Favoritos

O43 - CFD: 04/05/2012 - 20:08:13 - [0,053] ----D C:\ProgramData\gas

O43 - CFD: 21/07/2012 - 15:01:10 - [0,009] ----D C:\ProgramData\GbPlugin

O43 - CFD: 05/10/2011 - 21:54:03 - [0,514] ----D C:\ProgramData\Google

O43 - CFD: 23/11/2010 - 23:53:52 - [0,520] ----D C:\ProgramData\Hewlett-Packard

O43 - CFD: 20/12/2010 - 11:34:58 - [12,037] ----D C:\ProgramData\HP

O43 - CFD: 10/06/2011 - 21:21:30 - [0,009] ----D C:\ProgramData\HP Product Assistant

O43 - CFD: 25/11/2010 - 20:55:38 - [0,000] ----D C:\ProgramData\IM

O43 - CFD: 25/11/2010 - 20:54:29 - [12,495] ----D C:\ProgramData\IncrediMail

O43 - CFD: 07/01/2012 - 01:58:37 - [0,001] ----D C:\ProgramData\InstallShield

O43 - CFD: 17/04/2011 - 17:13:28 - [0] ----D C:\ProgramData\IObit

O43 - CFD: 08/09/2012 - 16:50:40 - [788,510] ----D C:\ProgramData\Kaspersky Lab

O43 - CFD: 05/06/2012 - 19:45:35 - [0,000] ----D C:\ProgramData\Lightcomm

O43 - CFD: 07/12/2010 - 21:48:15 - [0,000] ----D C:\ProgramData\Lingoes

O43 - CFD: 16/06/2012 - 21:53:06 - [6,664] ----D C:\ProgramData\Malwarebytes

O43 - CFD: 18/04/2011 - 11:59:07 - [0,007] ----D C:\ProgramData\McAfee

O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Menu Iniciar

O43 - CFD: 18/12/2011 - 19:00:26 - [575,454] -S--D C:\ProgramData\Microsoft

O43 - CFD: 16/08/2012 - 13:37:19 - [0,292] ----D C:\ProgramData\Microsoft Help

O43 - CFD: 23/11/2010 - 21:39:05 - [0] --H-D C:\ProgramData\Modelos

O43 - CFD: 25/04/2012 - 23:57:21 - [0,010] ----D C:\ProgramData\Mozilla

O43 - CFD: 24/11/2010 - 23:51:38 - [0,000] ----D C:\ProgramData\Nitro PDF

O43 - CFD: 08/09/2012 - 16:46:42 - [3,850] ----D C:\ProgramData\NVIDIA

O43 - CFD: 16/01/2012 - 23:57:17 - [3,128] ----D C:\ProgramData\NVIDIA Corporation

O43 - CFD: 13/04/2012 - 21:02:34 - [0,708] ----D C:\ProgramData\Oi

O43 - CFD: 28/11/2010 - 23:45:36 - [0,031] ----D C:\ProgramData\Philips

O43 - CFD: 01/02/2011 - 19:55:32 - [0,982] ----D C:\ProgramData\Photo Notifier and Animation Creator

O43 - CFD: 17/03/2011 - 19:24:41 - [0,003] ----D C:\ProgramData\Protexis

O43 - CFD: 24/08/2012 - 19:30:18 - [36,511] ----D C:\ProgramData\Skype

O43 - CFD: 21/01/2011 - 12:48:32 - [56,450] ----D C:\ProgramData\Soluto

O43 - CFD: 10/07/2011 - 18:06:50 - [0,427] ----D C:\ProgramData\Sony Ericsson

O43 - CFD: 15/12/2011 - 20:14:20 - [0,975] ----D C:\ProgramData\Spybot - Search & Destroy

O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Start Menu

O43 - CFD: 03/12/2010 - 23:09:22 - [0,000] ----D C:\ProgramData\Sun

O43 - CFD: 27/12/2010 - 23:10:48 - [0] ----D C:\ProgramData\Systweak

O43 - CFD: 29/05/2012 - 21:57:57 - [0,000] ----D C:\ProgramData\TamoSoft

O43 - CFD: 18/12/2011 - 23:08:03 - [0] ----D C:\ProgramData\TEMP

O43 - CFD: 14/07/2009 - 02:08:56 - [0] --H-D C:\ProgramData\Templates

O43 - CFD: 07/07/2012 - 19:00:58 - [0] ----D C:\ProgramData\Ubisoft

O43 - CFD: 02/01/2012 - 21:10:04 - [0,064] ----D C:\ProgramData\VMware

O43 - CFD: 13/02/2011 - 20:14:09 - [0,000] ----D C:\ProgramData\vsosdk

O43 - CFD: 23/11/2010 - 23:54:59 - [0,000] ----D C:\ProgramData\WEBREG

O43 - CFD: 20/03/2011 - 21:37:53 - [27,700] ----D C:\ProgramData\Win7codecs

O43 - CFD: 14/06/2011 - 22:59:05 - [0,002] ----D C:\ProgramData\Windows Genuine Advantage

O43 - CFD: 26/11/2010 - 22:53:11 - [0,104] ----D C:\Users\PAULOROBERTO\AppData\Roaming\7plus

O43 - CFD: 09/07/2011 - 20:14:51 - [2,379] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Abelssoft

O43 - CFD: 23/11/2010 - 23:56:42 - [4,102] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Adobe

O43 - CFD: 27/11/2010 - 09:25:19 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Alzex

O43 - CFD: 12/06/2011 - 14:09:57 - [0,525] ----D C:\Users\PAULOROBERTO\AppData\Roaming\ArcSoft

O43 - CFD: 02/01/2011 - 16:08:41 - [0,879] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Ashampoo

O43 - CFD: 17/03/2011 - 18:48:47 - [20,184] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Corel

O43 - CFD: 21/08/2011 - 16:18:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\DAEMON Tools Lite

O43 - CFD: 14/07/2012 - 19:43:16 - [693,343] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Downloaded Installations

O43 - CFD: 01/01/2011 - 21:00:58 - [0,007] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Easeware

O43 - CFD: 29/04/2012 - 21:08:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\GetRightToGo

O43 - CFD: 28/11/2010 - 23:40:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Google

O43 - CFD: 20/12/2010 - 11:34:01 - [0,095] ----D C:\Users\PAULOROBERTO\AppData\Roaming\HP

O43 - CFD: 02/09/2012 - 16:17:26 - [0,002] ----D C:\Users\PAULOROBERTO\AppData\Roaming\HPAppData

O43 - CFD: 14/05/2012 - 09:53:52 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\HpUpdate

O43 - CFD: 23/11/2010 - 21:39:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Identities

O43 - CFD: 16/10/2011 - 13:08:59 - [0,325] ----D C:\Users\PAULOROBERTO\AppData\Roaming\ImgBurn

O43 - CFD: 28/11/2010 - 23:42:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\InstallShield

O43 - CFD: 01/05/2011 - 11:53:06 - [0,028] ----D C:\Users\PAULOROBERTO\AppData\Roaming\InterSoft Common

O43 - CFD: 26/01/2011 - 23:20:24 - [5,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\IObit

O43 - CFD: 18/12/2011 - 23:10:00 - [0,016] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Kutawaves Games

O43 - CFD: 11/03/2012 - 23:22:50 - [0,211] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Launchy

O43 - CFD: 07/12/2010 - 21:48:21 - [0,181] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Lingoes

O43 - CFD: 24/11/2010 - 00:37:03 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Macromedia

O43 - CFD: 21/12/2010 - 20:57:16 - [0,574] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 15:11:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Media Center Programs

O43 - CFD: 01/09/2012 - 19:00:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Media Player Classic

O43 - CFD: 07/09/2012 - 14:43:37 - [16,267] -S--D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft

O43 - CFD: 03/11/2011 - 21:43:28 - [0,008] ----D C:\Users\PAULOROBERTO\AppData\Roaming\MOBILedit

O43 - CFD: 29/05/2012 - 20:42:51 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Movier

O43 - CFD: 12/12/2011 - 20:23:05 - [41,290] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla

O43 - CFD: 07/08/2012 - 20:39:50 - [0,008] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Nitro PDF

O43 - CFD: 28/01/2012 - 22:05:36 - [0,027] ----D C:\Users\PAULOROBERTO\AppData\Roaming\NVIDIA

O43 - CFD: 04/12/2011 - 19:53:29 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\OfficeRecovery

O43 - CFD: 09/07/2011 - 18:27:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Opera

O43 - CFD: 24/08/2012 - 19:31:06 - [1,984] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Skype

O43 - CFD: 27/12/2010 - 23:12:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Systweak

O43 - CFD: 11/02/2011 - 22:04:28 - [17,011] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Thunderbird

O43 - CFD: 12/05/2012 - 00:18:11 - [0,002] ----D C:\Users\PAULOROBERTO\AppData\Roaming\TrueCrypt

O43 - CFD: 06/08/2012 - 21:28:34 - [3,936] ----D C:\Users\PAULOROBERTO\AppData\Roaming\uTorrent

O43 - CFD: 02/01/2012 - 21:05:39 - [0,007] ----D C:\Users\PAULOROBERTO\AppData\Roaming\VMware

O43 - CFD: 01/09/2012 - 19:00:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Vso

O43 - CFD: 17/03/2012 - 21:41:15 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\WinISO Computing

O43 - CFD: 29/04/2011 - 10:23:34 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\WinRAR

O43 - CFD: 09/07/2011 - 20:14:52 - [0,014] ----D C:\Users\PAULOROBERTO\AppData\Local\Abelssoft

O43 - CFD: 04/12/2011 - 19:53:08 - [0,729] ----D C:\Users\PAULOROBERTO\AppData\Local\Apps

O43 - CFD: 10/06/2011 - 21:50:43 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\ArcSoft

O43 - CFD: 31/12/2010 - 20:57:34 - [0,343] ----D C:\Users\PAULOROBERTO\AppData\Local\ashampoo

O43 - CFD: 01/05/2012 - 13:10:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\BlueStacks

O43 - CFD: 29/04/2012 - 23:04:28 - [99,954] ----D C:\Users\PAULOROBERTO\AppData\Local\BlueStacksSetup

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos

O43 - CFD: 05/06/2011 - 22:23:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Deployment

O43 - CFD: 22/04/2011 - 20:38:51 - [2,007] ----D C:\Users\PAULOROBERTO\AppData\Local\Diagnostics

O43 - CFD: 24/06/2012 - 21:50:38 - [69,431] ----D C:\Users\PAULOROBERTO\AppData\Local\Downloaded Installations

O43 - CFD: 16/01/2012 - 22:42:43 - [5,847] ----D C:\Users\PAULOROBERTO\AppData\Local\ElevatedDiagnostics

O43 - CFD: 29/05/2012 - 22:02:32 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\Eraser 6

O43 - CFD: 22/01/2012 - 23:19:11 - [7,372] ----D C:\Users\PAULOROBERTO\AppData\Local\Facebook

O43 - CFD: 10/07/2011 - 18:10:20 - [13,085] ----D C:\Users\PAULOROBERTO\AppData\Local\FixItCenter

O43 - CFD: 12/12/2011 - 20:23:05 - [21,483] ----D C:\Users\PAULOROBERTO\AppData\Local\Google

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Histórico

O43 - CFD: 27/11/2010 - 09:23:22 - [1,763] ----D C:\Users\PAULOROBERTO\AppData\Local\HP

O43 - CFD: 06/02/2011 - 00:25:10 - [308,624] ----D C:\Users\PAULOROBERTO\AppData\Local\IM

O43 - CFD: 02/04/2011 - 00:08:17 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Local\Inverse_Karma

O43 - CFD: 07/12/2010 - 21:48:21 - [0,009] ----D C:\Users\PAULOROBERTO\AppData\Local\Lingoes

O43 - CFD: 15/06/2012 - 00:16:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Macromedia

O43 - CFD: 15/06/2012 - 00:16:04 - [871,654] ----D C:\Users\PAULOROBERTO\AppData\Local\Microsoft

O43 - CFD: 13/12/2010 - 12:42:51 - [1,543] ----D C:\Users\PAULOROBERTO\AppData\Local\Microsoft Games

O43 - CFD: 23/11/2010 - 22:07:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Microsoft Help

O43 - CFD: 05/12/2010 - 09:53:36 - [68,015] ----D C:\Users\PAULOROBERTO\AppData\Local\Mozilla

O43 - CFD: 22/07/2012 - 10:26:18 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\MyRouter

O43 - CFD: 09/07/2011 - 18:27:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Opera

O43 - CFD: 08/03/2011 - 15:37:53 - [573,098] ----D C:\Users\PAULOROBERTO\AppData\Local\SlimWare Utilities Inc

O43 - CFD: 26/06/2011 - 18:03:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Sony Ericsson

O43 - CFD: 08/09/2012 - 16:50:59 - [0,661] ----D C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba

O43 - CFD: 08/09/2012 - 17:02:32 - [0,483] ----D C:\Users\PAULOROBERTO\AppData\Local\Temp

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Temporary Internet Files

O43 - CFD: 11/02/2011 - 22:04:28 - [4,343] ----D C:\Users\PAULOROBERTO\AppData\Local\Thunderbird

O43 - CFD: 02/09/2012 - 12:03:46 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Local\tuto4pc_br_3

O43 - CFD: 19/08/2011 - 22:40:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\uTorrent

O43 - CFD: 05/01/2011 - 22:30:07 - [1,722] ----D C:\Users\PAULOROBERTO\AppData\Local\VirtualStore

O43 - CFD: 20/11/2011 - 20:24:59 - [0,005] ----D C:\Users\PAULOROBERTO\AppData\Local\VMware

O43 - CFD: 13/08/2012 - 21:31:11 - [0,137] ----D C:\Users\PAULOROBERTO\AppData\Local\Windows Live

O43 - CFD: 17/03/2012 - 21:41:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\WinISO Computing

O43 - CFD: 20/08/2011 - 22:12:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{00F4F231-F954-4B9C-B23C-6A5CC67EC444}

O43 - CFD: 15/06/2011 - 16:58:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0210C146-0236-4C1F-BC2D-4B7D2704D259}

O43 - CFD: 03/08/2012 - 14:58:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{02A26541-0209-433A-B549-6D6436CE17EC}

O43 - CFD: 20/03/2012 - 10:10:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{03317A69-A0AD-4BD9-B478-594D0989C33D}

O43 - CFD: 17/04/2012 - 11:24:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{039A5CD6-6BC4-41E4-92CC-347D4314D7EB}

O43 - CFD: 25/05/2012 - 18:22:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{046F5414-3B69-4D88-9B0D-0C7A31D19AE4}

O43 - CFD: 27/03/2012 - 11:44:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{053C9CB3-C583-498E-B5F3-27878A76E5AE}

O43 - CFD: 19/11/2011 - 19:59:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{070D0DC1-4B1D-4921-9BFC-FD6692FFDB05}

O43 - CFD: 14/01/2012 - 13:25:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{088F2EB2-A08A-4B16-BB75-0D0B36DC8057}

O43 - CFD: 17/02/2012 - 09:36:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{08A5DE3B-9DB0-471F-AA5D-3F2C42476419}

O43 - CFD: 16/07/2011 - 11:36:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{09BF84FC-20B0-4F8E-A34C-5BC3EABD97AB}

O43 - CFD: 05/05/2012 - 11:35:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0C0371F1-91FE-457E-8498-E7570238F398}

O43 - CFD: 19/06/2012 - 16:01:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{103BCF28-C2AF-45E0-A228-A7079622D0BA}

O43 - CFD: 28/10/2011 - 11:43:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1220C7CD-BCB8-4AD5-B7C0-4B5AC49E8B71}

O43 - CFD: 08/05/2012 - 20:00:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{12925EE2-2FB9-4247-8AEE-EDB9968DAECD}

O43 - CFD: 11/08/2012 - 11:35:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{13F50FCF-9AE6-4281-8F35-CA81AEB6B740}

O43 - CFD: 05/07/2011 - 20:22:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{14683B31-094E-42FC-9623-505B09AFBC31}

O43 - CFD: 09/07/2011 - 12:07:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15033920-076E-48B6-98C0-759684E792FC}

O43 - CFD: 08/06/2012 - 18:30:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15372CE0-3A5A-4415-AFC7-553D97631373}

O43 - CFD: 24/05/2011 - 23:20:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15FC2A6A-4503-4ECA-9810-2692B586C9B9}

O43 - CFD: 16/05/2012 - 21:35:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1606896D-1092-42F4-BEDB-7C87B7E6C20C}

O43 - CFD: 20/01/2012 - 16:32:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{16C19A8E-5DAB-4794-A260-9C418945EFB2}

O43 - CFD: 18/01/2012 - 09:54:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{179FCAFA-6F4E-44FC-890E-108B1F0C771C}

O43 - CFD: 26/06/2012 - 09:11:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1945E11C-15B5-44C1-9E65-CE3D01D0B818}

O43 - CFD: 25/05/2012 - 18:22:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1AF167D6-57A1-4069-B6BA-65FF16859E63}

O43 - CFD: 28/06/2012 - 11:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C31741C-0431-4008-9FBC-DEF185CC4612}

O43 - CFD: 06/05/2011 - 11:44:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C83A534-5153-46B1-B561-B1BE7BB967C1}

O43 - CFD: 08/07/2011 - 20:03:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1D717EC7-97AF-4BED-9820-EDB472174D4C}

O43 - CFD: 26/04/2011 - 09:32:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1E0B28A5-A9C2-4FA2-87D0-CB0A54A4A7C8}

O43 - CFD: 28/06/2011 - 19:29:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1F798B63-D942-4EF4-B528-156800586070}

O43 - CFD: 30/04/2011 - 13:34:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2315F420-3E42-473D-A47D-FFC1EB4F4DB3}

O43 - CFD: 04/02/2012 - 21:59:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2491BE60-7ECC-4A86-8248-C42F39F736B2}

O43 - CFD: 06/02/2012 - 19:55:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2565103F-8291-402B-8E81-42C820F12140}

O43 - CFD: 03/09/2011 - 12:46:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2567346A-EE13-44EA-B598-C39B5C555D09}

O43 - CFD: 05/09/2012 - 21:09:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{281ECC3C-CF64-47F9-B45D-85CD82091750}

O43 - CFD: 26/05/2012 - 19:27:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{28DAE245-9622-4A7F-8AFB-2F46FE87269A}

O43 - CFD: 03/08/2012 - 14:58:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{29E24AC7-F034-4E6D-837D-F5CC3553DB6D}

O43 - CFD: 09/06/2012 - 10:49:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2D691E10-50A9-45C0-9268-3E41CB483DC0}

O43 - CFD: 01/05/2012 - 11:02:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E2743A6-2260-4A01-83AD-F37EDBD06206}

O43 - CFD: 27/01/2012 - 11:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E60D613-16B6-4B62-91C5-006FA4CDD04D}

O43 - CFD: 16/05/2012 - 21:35:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30301572-A4AE-4095-A160-2B83F49D3165}

O43 - CFD: 23/06/2012 - 11:31:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{305BBF4F-2DC9-499C-96F9-0F9E1E2B2E65}

O43 - CFD: 18/04/2012 - 20:10:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30DEAC39-31E0-4326-A1F1-423220D3BCDB}

O43 - CFD: 31/12/2011 - 20:44:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{327D5FAA-9700-40D9-9BC8-FF1FED6E270F}

O43 - CFD: 18/10/2011 - 14:37:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3389890D-7AC8-4D34-9272-B3AC449CD717}

O43 - CFD: 12/06/2012 - 22:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{34329794-ADBD-4A36-AEBD-922831D8416B}

O43 - CFD: 25/01/2012 - 18:27:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{357F54F6-B589-42FF-A37D-2EE81B03F34E}

O43 - CFD: 10/06/2011 - 11:03:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3854C9F3-815F-4A3A-9E91-E3FED88C1915}

O43 - CFD: 17/06/2012 - 17:19:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{38783BBD-2E89-4807-ADA1-6ADFD6986E76}

O43 - CFD: 10/08/2011 - 11:19:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{389FE628-295D-4C70-AD1C-430F8A0617D1}

O43 - CFD: 03/06/2011 - 11:36:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{397AD953-6D8E-4F49-B352-A9D6A15E591B}

O43 - CFD: 24/01/2012 - 17:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B0A9B4A-6724-4F18-9F09-0C991E4ABA45}

O43 - CFD: 07/03/2012 - 16:29:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B49AB33-10A7-463D-939A-AE56F728DD4B}

O43 - CFD: 03/05/2012 - 20:34:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C141791-0E9D-453B-BC93-CA12846F4419}

O43 - CFD: 24/12/2011 - 19:26:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C56C4B7-3D39-4EBF-B003-BC54EF534B0A}

O43 - CFD: 10/05/2012 - 20:15:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D5630E4-59DB-43A1-AF3B-3C86E815BC2D}

O43 - CFD: 10/01/2012 - 15:25:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D9EC2A4-E3E6-496B-AA4D-11CDB03D28F7}

O43 - CFD: 22/04/2012 - 19:28:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3E424CF5-F89F-4A40-90CB-650D2353C14F}

O43 - CFD: 19/11/2011 - 20:26:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3F674C72-1571-4B12-A353-971FAD8FC21C}

O43 - CFD: 05/11/2011 - 11:01:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{41FFFD4B-3C3E-4A00-9ACB-CFD1F834541A}

O43 - CFD: 22/05/2012 - 18:44:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{420E1D61-AA19-49A3-9978-A2A974FAFE6B}

O43 - CFD: 04/02/2012 - 22:00:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42A98A64-EE96-42CE-A024-56120C545EBB}

O43 - CFD: 02/12/2011 - 21:12:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42AF04B9-8714-491B-ADDE-4181F322B20D}

O43 - CFD: 02/08/2012 - 16:44:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42D314FE-8E2F-4A55-8C22-5161C71FD9FB}

O43 - CFD: 05/06/2012 - 14:59:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{44A81291-DE7A-48B4-B41B-19C4659D7D00}

O43 - CFD: 02/08/2011 - 11:05:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{458D9B96-CD88-41AF-BB56-F6B20CC129F0}

O43 - CFD: 18/04/2012 - 20:28:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{46974A91-7060-486A-8448-17CDC69C5508}

O43 - CFD: 29/07/2011 - 18:00:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{47C9C047-8724-4651-8A84-3F263B0A6FB6}

O43 - CFD: 02/06/2012 - 12:02:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{48DDE63C-6421-4595-850A-9A450361C2F9}

O43 - CFD: 17/02/2012 - 09:36:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49236BB4-FB73-4D80-A766-A146B05D8605}

O43 - CFD: 02/06/2012 - 17:34:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49A00D90-5B4D-4021-B03E-CAA9796FACDC}

O43 - CFD: 17/01/2012 - 18:24:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4C22B66A-8AC2-4228-9DFE-B3E6AEE276D4}

O43 - CFD: 12/06/2012 - 22:05:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4D18B8A4-B385-46BE-825A-1ADFF7984E67}

O43 - CFD: 25/01/2012 - 18:27:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{50039014-CE9F-41D9-862E-A7B4D855724B}

O43 - CFD: 15/07/2011 - 17:15:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5034EC67-0970-4691-ACAA-25B6B72A9DCA}

O43 - CFD: 19/07/2011 - 16:18:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{503E0967-EEE1-4695-8C91-AD1CA10CE117}

O43 - CFD: 14/10/2011 - 10:38:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5113999F-4E24-468F-A760-7416268C3C10}

O43 - CFD: 28/02/2012 - 19:13:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{511827F5-DCFF-43A1-8CB8-B3A0C78D4A06}

O43 - CFD: 19/04/2012 - 10:04:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{51338AC8-2C1A-489E-A173-9960F478C4F5}

O43 - CFD: 18/07/2011 - 11:48:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{53C6C867-539A-45FA-A114-F86EA8D2047E}

O43 - CFD: 08/03/2012 - 11:29:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{545E30D5-A125-465E-86DD-435729270AA3}

O43 - CFD: 05/03/2012 - 20:47:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{54BE11AC-1483-4C89-ABFB-8D77629E4B87}

O43 - CFD: 02/12/2011 - 21:12:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{55E5FCB6-C810-44D4-9B1C-E34C16D487EF}

O43 - CFD: 08/10/2011 - 12:29:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564C0A73-34E0-4925-B45C-74DB66FA6E0C}

O43 - CFD: 23/05/2011 - 22:34:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564FB850-B5FB-4565-80F3-7F1AD406F53E}

O43 - CFD: 20/08/2011 - 22:12:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58F8D357-2B1D-4094-AEB5-457D98D9E24A}

O43 - CFD: 31/12/2011 - 20:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58FF5309-4F25-43DE-80FC-C7243F7CA3E9}

O43 - CFD: 09/08/2011 - 11:34:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C1E817A-6C3A-4E17-BC0C-54C1902A3A44}

O43 - CFD: 27/03/2012 - 11:45:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C35D4C3-442D-4780-8580-3AC1A1FEB512}

O43 - CFD: 08/10/2011 - 12:29:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C9B252A-36C5-4FFB-82B3-3457D57FC021}

O43 - CFD: 26/05/2012 - 18:53:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5D91F207-4FB4-4F08-8AC6-9D6352D37727}

O43 - CFD: 13/08/2012 - 21:31:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FAE381B-0AB2-4977-ACC5-368FA7F26AF9}

O43 - CFD: 28/02/2012 - 19:13:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FFBC631-BF06-413A-A19D-0F20E321C0B8}

O43 - CFD: 27/08/2011 - 12:21:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6005DCC3-970F-4E46-B9C5-9B47D755ADED}

O43 - CFD: 03/12/2011 - 22:08:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{604F1250-4B3E-4DE1-9397-4620D69B08FA}

O43 - CFD: 04/07/2011 - 20:03:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{60E6B64F-3ABC-4C10-AAD6-A6BD6CF00EA5}

O43 - CFD: 09/06/2012 - 10:50:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{611EABBA-A411-4D54-BB73-292F35DD3007}

O43 - CFD: 13/08/2012 - 21:31:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6168A489-162C-4090-B2A2-CD911247C61B}

O43 - CFD: 10/08/2012 - 18:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61756327-F48E-4D16-B495-CAEF3A5ABF9E}

O43 - CFD: 07/08/2011 - 21:47:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61A76CF7-160D-456D-9909-76C01C9E5E7A}

O43 - CFD: 21/08/2012 - 16:01:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{659AD626-9E34-49DC-B8D5-E0A76A98E839}

O43 - CFD: 17/03/2012 - 11:50:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{65DA37D5-CDD0-46BE-BBD2-16A476F06A82}

O43 - CFD: 13/08/2011 - 14:14:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{669B8C0F-77DC-4DF1-90B5-B16E71B2669A}

O43 - CFD: 31/03/2012 - 17:20:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6778FB08-5801-4FD6-B042-DC6972B882A5}

O43 - CFD: 29/05/2011 - 19:14:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{69A71769-B405-4606-A0F1-422E5C509616}

O43 - CFD: 22/05/2012 - 18:44:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6C700B60-EAA5-4F8E-B485-AC5AB801251D}

O43 - CFD: 21/05/2011 - 19:10:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6CEA190A-3ED5-4DE8-B3BF-B573C68118E3}

O43 - CFD: 01/08/2011 - 18:01:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6DE24520-D463-4C95-8B3A-4F1BBB4DE42B}

O43 - CFD: 19/06/2012 - 16:00:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{702B4399-D61F-4C6F-AF16-B8C9D2A622A8}

O43 - CFD: 26/05/2012 - 18:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{705842A0-B883-4973-B85E-E7D3DBFE312B}

O43 - CFD: 27/04/2012 - 20:37:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{718FA3C9-FC4F-4173-B32E-6205BE4A1AED}

O43 - CFD: 29/08/2012 - 20:35:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72A11FD4-707A-4723-B6FC-C9B0B3DED641}

O43 - CFD: 22/04/2011 - 11:27:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72C6B4D2-F792-4F31-85C0-416859499A5C}

O43 - CFD: 26/05/2011 - 20:06:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{738C7055-E9BE-45B4-90BD-5E0D1D1FBB1B}

O43 - CFD: 27/07/2011 - 15:25:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7391A456-9FBD-4606-A9BD-29FD95FEF01B}

O43 - CFD: 20/03/2012 - 10:10:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7404F573-FE84-4F76-ABC0-033A4E5E5660}

O43 - CFD: 09/05/2012 - 20:38:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7433F93E-1789-49EA-B305-C54A469B99C4}

O43 - CFD: 30/07/2012 - 11:49:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743AD8E5-3F83-4F15-B294-36CC42CA2080}

O43 - CFD: 01/08/2012 - 17:05:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743C7856-84B2-42EB-A159-CDAC7BA47846}

O43 - CFD: 25/05/2011 - 20:16:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{75130D14-6848-4FFD-A845-96A980A8D551}

O43 - CFD: 18/04/2012 - 20:10:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{76ADC5BC-D1E0-4A71-8E7D-11EEB0AC1C4E}

O43 - CFD: 18/04/2012 - 20:28:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{776AE50F-955C-41DF-A933-D5C50273E2C8}

O43 - CFD: 27/01/2012 - 11:36:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{780C4E29-E245-459D-B32B-7DC9BA277BA1}

O43 - CFD: 24/12/2011 - 19:26:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{78997733-15DC-4674-8914-CC72F9FC22FB}

O43 - CFD: 31/01/2012 - 12:05:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{790DFAB7-0C64-4B6E-8DD5-A902FCEE0EC7}

O43 - CFD: 14/07/2011 - 12:11:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{793A43ED-A608-4B30-A2FA-106D930B7812}

O43 - CFD: 24/04/2011 - 14:44:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7C2A4677-9B42-4FC9-99CD-50272695B56A}

O43 - CFD: 15/05/2011 - 18:30:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7F206D8C-400A-4AB6-8C6F-E18363DF104F}

O43 - CFD: 27/06/2011 - 21:09:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{80452835-7547-4B9C-8D43-DC34F39BD83A}

O43 - CFD: 11/07/2012 - 11:51:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{81FF45F1-B25D-4ABE-8521-355B13BF3834}

O43 - CFD: 14/01/2012 - 13:25:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{862D16C9-39F3-427F-9A51-40E66AE6CF1F}

O43 - CFD: 23/06/2012 - 16:56:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{867D7B11-70EB-4597-A3EC-31DE654ABD0B}

O43 - CFD: 28/07/2012 - 10:40:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{86A70624-24FE-4848-A23F-F28333E00AB4}

O43 - CFD: 14/06/2012 - 17:28:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{87D9215E-5397-4249-A253-2374B8BF42FB}

O43 - CFD: 24/01/2012 - 17:38:02 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8C57852B-8FDC-49A1-9E51-5272F02BF160}

O43 - CFD: 25/06/2012 - 12:03:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8CF2C62F-CFD3-482A-B4E2-F41A5A23CDF8}

O43 - CFD: 25/07/2011 - 16:27:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8D7386BB-F175-4F30-9AF8-427530D444E2}

O43 - CFD: 24/06/2011 - 17:01:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8FF6CE42-D751-4A0C-A371-7097DF017844}

O43 - CFD: 14/10/2011 - 17:04:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{90C20204-EB26-4845-A4A8-EA4A3B6600CA}

O43 - CFD: 14/06/2011 - 22:00:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94153A08-1E2A-4276-83A6-8147CCED3F7B}

O43 - CFD: 18/07/2012 - 19:21:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94649819-5806-437F-BF32-18844A133222}

O43 - CFD: 06/02/2012 - 19:55:57 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9486F1D9-3607-4478-A006-51F270BDFF79}

O43 - CFD: 19/08/2011 - 15:44:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{954F3661-1395-4058-93AD-7B74CA563450}O43 - CFD: 13/07/2011 - 11:38:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9576FC1F-A2FE-44B7-B74A-87E6D72B3F8B}

O43 - CFD: 10/05/2012 - 20:15:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{964CA773-8677-446B-B884-F9587A6FF166}

O43 - CFD: 19/08/2011 - 15:44:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{978F37DC-1569-45ED-9797-9E17FE99892C}

O43 - CFD: 19/11/2011 - 20:26:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{97CD1FCC-8F1C-4080-87D1-2963F31D843C}

O43 - CFD: 20/07/2012 - 14:38:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{990DE35F-42AA-4FB9-8F42-FB59A2F787E3}

O43 - CFD: 05/02/2012 - 23:08:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{99BAF654-C18B-4842-8367-BA6B5CE032B6}

O43 - CFD: 28/10/2011 - 11:43:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9A78FFAF-3DEB-44F2-A3E3-E41251588BF2}

O43 - CFD: 30/07/2012 - 11:49:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9BBD54C9-DF22-47ED-BE9D-17AE6D636CBD}

O43 - CFD: 25/04/2012 - 15:21:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C46E3DF-782F-41F7-A76A-44ABB3C3A08F}

O43 - CFD: 16/01/2012 - 09:54:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C83854E-CDB8-4C61-B148-AC9E18359EDD}

O43 - CFD: 18/06/2012 - 09:03:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EA1F630-8856-4206-A18B-20A5D64CEC1F}

O43 - CFD: 25/08/2011 - 11:53:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EB71E41-148B-4786-9595-C9ECBFD1CDB2}

O43 - CFD: 13/08/2011 - 14:14:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9F2B9ECF-384F-4D99-9AED-3929D6AD1A27}

O43 - CFD: 20/01/2012 - 16:32:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FC6CEED-3836-4ECE-B881-F66A00B1CDD6}

O43 - CFD: 11/06/2011 - 11:33:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FE426F4-23F8-4F17-85A2-65F0E46816AE}

O43 - CFD: 16/06/2012 - 22:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A05204A7-0B4C-43A0-BDF4-591D39F115BC}

O43 - CFD: 03/12/2011 - 22:08:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A51353F0-FBDF-42FD-8A6F-1AA5C4E569D6}

O43 - CFD: 30/05/2011 - 11:19:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6069280-F3D7-4C8F-AD41-D069D0C928C3}

O43 - CFD: 02/08/2012 - 16:45:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6697EFE-96D3-4A51-ACA7-9C60314C477B}

O43 - CFD: 11/07/2011 - 11:50:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A67911B2-F3D8-4D21-BB4B-AD3FC530C8F5}

O43 - CFD: 28/07/2012 - 10:40:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A88407FF-C140-4EAB-9DA8-1B2C09FBCA5A}

O43 - CFD: 03/05/2012 - 20:33:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A8D460ED-536F-4AE9-866F-AA35CAA133A4}

O43 - CFD: 09/01/2012 - 09:28:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A94291AE-8B84-4316-9487-918356D26567}

O43 - CFD: 25/01/2012 - 18:26:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A976A775-C01E-49C0-8BC7-12E0B23EBAFF}

O43 - CFD: 23/03/2012 - 10:49:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AAC8A007-37BE-45B9-9682-13B1ABB26FD1}

O43 - CFD: 17/08/2012 - 18:59:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AB484D35-B0C7-4FCC-B5F9-604A314B50F2}

O43 - CFD: 27/04/2012 - 20:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ADDD8BBF-6EBB-4423-8505-BC3205ED8C54}

O43 - CFD: 05/08/2011 - 11:42:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AF6B0C98-DADC-44E3-B80C-63166D2188F6}

O43 - CFD: 26/06/2012 - 09:11:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AFD56E1F-1D25-4554-9995-878FF0C20852}

O43 - CFD: 08/06/2012 - 18:29:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0757281-6178-46ED-B005-26C890395C59}

O43 - CFD: 28/05/2011 - 19:11:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0E2C766-628B-416D-98E9-1379EF6BA11F}

O43 - CFD: 19/11/2011 - 20:00:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B14FE2E9-057B-42FF-986C-87AA8069B31F}

O43 - CFD: 05/06/2011 - 21:47:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B17F6F67-62E9-4323-8DAA-957E83DC95FA}

O43 - CFD: 14/10/2011 - 10:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B1F6D0A6-D807-4DA7-8592-E3FE49319C37}

O43 - CFD: 14/10/2011 - 17:04:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B412A248-F8D1-40A9-8014-3FF9139F01B9}

O43 - CFD: 25/08/2011 - 11:53:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B5012B5B-941F-44BE-AF08-FB863D4C92DD}

O43 - CFD: 10/08/2012 - 18:36:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B50C87FE-0E7E-4815-A63B-88D91B5D57D3}

O43 - CFD: 18/07/2012 - 19:21:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B63B020C-75F6-434F-952D-6DE9C5B2D5D6}

O43 - CFD: 25/04/2012 - 15:21:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B728BCD8-7509-43AF-80D3-34CA3C4FD57E}

O43 - CFD: 08/03/2012 - 11:29:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8492EF9-5686-4B2D-AF7F-560021889466}

O43 - CFD: 28/01/2012 - 12:04:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B891C550-76C2-45E5-9913-E8479EC0AD0C}

O43 - CFD: 01/05/2012 - 11:02:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8A23A85-B9D8-46F0-8E82-402FF363914B}

O43 - CFD: 15/11/2011 - 09:57:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B9E7CD25-9C80-432E-A7DA-E19A688A4DDB}

O43 - CFD: 08/06/2011 - 11:07:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BA151CC2-9A4D-43C7-9310-182811590608}

O43 - CFD: 23/06/2012 - 16:57:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BAE247B5-055D-4B44-A574-1402C94F8E36}

O43 - CFD: 11/08/2011 - 12:13:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BE89D8F9-D4BE-4546-80EA-D28A1FAC0D11}

O43 - CFD: 05/06/2012 - 15:00:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF331A2F-BBA9-49BA-A7A7-573CB78AE922}

O43 - CFD: 01/06/2011 - 12:07:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF345FDF-0548-4DCF-952B-10E3368E9EF1}

O43 - CFD: 02/07/2011 - 21:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF6DABF9-E8C1-4103-BBAB-92BCE9B29833}

O43 - CFD: 11/07/2012 - 11:51:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BFD8B59D-A8B0-4449-9701-1B8063A6F7F3}

O43 - CFD: 10/08/2011 - 11:19:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C1C6C418-C210-41EE-90EC-E093EFC21D53}

O43 - CFD: 09/05/2012 - 20:38:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C28F0782-E6ED-481B-82E1-A7213E1AB326}

O43 - CFD: 02/06/2012 - 12:02:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C6D9FA07-953C-4228-BFB4-59599411096C}

O43 - CFD: 03/07/2011 - 20:45:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C790E081-A8C0-4D14-96C8-458FCC852D26}

O43 - CFD: 12/01/2012 - 14:58:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C796DAD4-5755-4CA7-BBD0-099EEC92C540}

O43 - CFD: 19/06/2011 - 22:05:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7A4A3D6-1783-4FF0-B582-883AE0320CE8}

O43 - CFD: 12/07/2011 - 12:06:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7E5416E-64DD-4B8E-A070-A2F02D631BC8}

O43 - CFD: 17/03/2012 - 11:51:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C8EE61C1-1B6B-4CC5-84F7-0AA98D37D49B}

O43 - CFD: 09/08/2011 - 11:35:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C932BA6C-DE16-43BF-BA9B-2638698D0987}

O43 - CFD: 22/06/2011 - 21:21:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C9D7A54E-A566-48A1-AA9E-FE21BC0336BC}

O43 - CFD: 20/07/2012 - 14:37:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CB660A7C-1BE9-415B-B1C3-CF3D627347DF}

O43 - CFD: 20/07/2011 - 10:36:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CBDEBCDE-17FF-4C29-953E-CC81278478BE}

O43 - CFD: 23/07/2011 - 11:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CD709A6C-C6E2-4D69-B343-EECD32A53296}

O43 - CFD: 22/04/2012 - 19:29:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D2B547C8-F9C6-485B-94A9-40BF0D2A3604}

O43 - CFD: 11/05/2011 - 22:27:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D48D9CB6-5347-4593-8BDC-2A15739FCBC7}

O43 - CFD: 12/01/2012 - 14:58:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D54EA7D7-DE8B-4C11-8B15-5E4E5FC589EB}

O43 - CFD: 25/01/2012 - 18:26:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D58D7AFA-1E06-4662-B38E-912FB29E652E}

O43 - CFD: 16/01/2012 - 09:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D6A6B481-28A5-4CFF-9FEA-B0174C9F25C5}

O43 - CFD: 18/02/2012 - 19:50:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D756CD04-BBC3-4FB6-8357-2834799BBC1F}

O43 - CFD: 03/09/2011 - 12:46:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D7A83F02-B072-4759-B381-93D3C90FDDEB}

O43 - CFD: 05/03/2012 - 20:47:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D82F233D-5260-4FFF-94CF-AE7E8601FCDD}

O43 - CFD: 28/01/2012 - 12:04:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D99E055F-1B5D-4ACA-BB35-924E8C84467F}

O43 - CFD: 01/08/2012 - 17:05:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DA6A6F03-B454-40D4-8CD3-4640C4329579}

O43 - CFD: 04/08/2011 - 20:39:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DC309D7D-1107-461B-9121-2C88F0E3E8BD}

O43 - CFD: 30/07/2011 - 13:37:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DD37E408-2AB7-4E53-A0AF-E2B78328FD03}

O43 - CFD: 20/04/2011 - 23:06:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DDE3FEEB-AF94-4D7F-9EE2-6F6DE8244818}

O43 - CFD: 15/11/2011 - 09:57:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DE52219A-A478-4D6B-8216-399C771A3B4D}

O43 - CFD: 23/03/2012 - 10:49:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0231D41-BD0C-4DE5-B093-118D59BCC734}

O43 - CFD: 11/08/2012 - 11:35:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0D36E16-FEC4-412D-A2D0-01ACC560E6D5}

O43 - CFD: 28/08/2012 - 19:05:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1609A45-54E8-4658-9FF0-5D5B169D7499}

O43 - CFD: 07/03/2012 - 16:29:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1705C6F-CF3F-4FB4-A9C7-E59E6178AA1A}

O43 - CFD: 07/08/2011 - 21:47:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E23E874F-275B-4719-8DB2-D038DFF195E7}

O43 - CFD: 18/02/2012 - 19:50:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E3114627-B157-4CB9-A8BC-CC1F504E33C3}

O43 - CFD: 11/08/2011 - 12:13:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E62C9541-8A76-4BC5-8CEB-5EC33428D916}

O43 - CFD: 20/08/2012 - 19:20:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E63F7EB3-FAB2-473C-9998-43B63A26F8D7}

O43 - CFD: 17/01/2012 - 18:25:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E7F24925-8B06-40FC-BED0-019FC4E98671}

O43 - CFD: 09/01/2012 - 09:29:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E83A8FF6-8227-4BED-B562-8B1AC5DE13DB}

O43 - CFD: 18/10/2011 - 14:37:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E8442A36-D776-4870-A151-91588A918973}

O43 - CFD: 31/01/2012 - 12:05:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E99A4590-AE91-4144-B500-BE2B0243F4EA}

O43 - CFD: 12/06/2011 - 20:26:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E9CBC65D-F19F-4F37-BAD0-7FC30623C7FA}

O43 - CFD: 06/07/2011 - 19:52:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EB69F983-5E5C-41EC-B953-A2FC0AE71D62}

O43 - CFD: 19/04/2012 - 10:04:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EBF874DA-34EC-4F32-A1ED-A98FBD2255B6}

O43 - CFD: 02/06/2012 - 17:34:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ECB187EF-E069-4F0E-A21F-F01F0959AF8A}

O43 - CFD: 05/05/2011 - 20:47:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDAF8BE7-29C1-4C13-B1A1-1CEB4C90BAA0}

O43 - CFD: 05/11/2011 - 11:01:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDD66320-496C-4ED6-A460-B32EE4592E7A}

O43 - CFD: 26/05/2012 - 19:27:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EE5CC157-73DA-44FA-9E0D-1810A04DD8CF}

O43 - CFD: 27/11/2011 - 18:17:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EF05B9DF-7C3D-4B00-8D99-943E830F53AF}

O43 - CFD: 05/02/2012 - 23:08:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F15D49E8-9E38-41B6-8187-1BD016D5824E}

O43 - CFD: 10/01/2012 - 15:24:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1CA2C83-18E4-40FE-A3DD-49113865EB52}

O43 - CFD: 14/06/2012 - 17:27:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1D2C45B-A842-4EC7-9041-268107451A6C}

O43 - CFD: 03/07/2012 - 17:17:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F218BB45-85A4-4F8D-93F4-D0B1977B015B}

O43 - CFD: 28/06/2012 - 11:43:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4170A31-57A4-4CD5-864F-2438F7895647}

O43 - CFD: 27/08/2011 - 12:21:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4F3E800-7C51-4960-ABD0-5A5E40B2E263}

O43 - CFD: 18/01/2012 - 09:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5541822-771F-4AD7-9A42-E79C555C385D}

O43 - CFD: 25/06/2012 - 12:03:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5649858-DFB4-4ADB-AB8F-4AC54D9ECCA5}

O43 - CFD: 03/07/2012 - 17:17:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F6DC0AF1-C8A6-492D-8E23-D295EEDC06E1}

O43 - CFD: 15/06/2012 - 00:18:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7088F1D-8D61-4417-98D5-8973DA9C3877}

O43 - CFD: 23/04/2011 - 15:48:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7635666-2AFE-40F5-8718-1A04DFC652B3}

O43 - CFD: 14/05/2011 - 11:31:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7ED5527-BA39-496E-9F4E-D1D126A1488B}

O43 - CFD: 10/04/2012 - 20:48:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F8D9A2E5-8109-48E5-B8CF-0C0B02362CC0}

O43 - CFD: 08/08/2012 - 20:32:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F92FAC23-4B18-4D18-8B8D-A1C717FAF52E}

O43 - CFD: 27/11/2011 - 18:17:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FAD752F5-2F6B-49CF-8077-6EF5D0BF623A}

O43 - CFD: 23/06/2012 - 11:32:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FD680FEE-385A-43AC-8672-023D7AA7A9A5}

O43 - CFD: 05/05/2012 - 11:35:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE24EABF-9543-4C38-A92B-F7FEBE61C38E}

O43 - CFD: 08/08/2012 - 20:32:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE7E7F80-ABAF-4161-B351-8F6EC87078D5}

O43 - CFD: 08/05/2012 - 20:00:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FEE0A23A-1D91-42B0-92D5-DD8C068778F5}

O43 - CFD: 14/07/2009 - 01:54:32 - [0,014] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

O43 - CFD: 11/07/2012 - 23:52:09 - [0,000] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

O43 - CFD: 29/05/2012 - 21:15:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bywifi

O43 - CFD: 24/11/2010 - 00:42:40 - [0,002] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

O43 - CFD: 11/08/2011 - 21:26:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter

O43 - CFD: 27/11/2011 - 17:51:53 - [0,010] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision

O43 - CFD: 03/06/2012 - 12:06:11 - [0,010] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X

O43 - CFD: 04/12/2011 - 19:53:08 - [0,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeUndelete

O43 - CFD: 30/07/2012 - 23:47:00 - [0,001] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

O43 - CFD: 11/09/2011 - 21:39:20 - [0,007] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio

O43 - CFD: 14/07/2009 - 01:49:38 - [0,001] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

O43 - CFD: 29/05/2012 - 20:47:00 - [0,000] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0

O43 - CFD: 15/01/2011 - 21:16:57 - [0,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox

O43 - CFD: 24/07/2012 - 21:22:56 - [0,000] R---D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

O43 - CFD: 29/04/2011 - 10:23:15 - [0,003] ----D C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

O43 - CFD: 28/08/2011 - 21:23:55 - [7,408] ----D C:\Program Files (x86)\ArcSoft

O43 - CFD: 01/01/2011 - 18:50:09 - [77,973] ----D C:\Program Files (x86)\Ashampoo

O43 - CFD: 26/06/2011 - 18:04:07 - [2,746] ----D C:\Program Files (x86)\Avanquest update

O43 - CFD: 05/01/2011 - 22:21:03 - [5,228] ----D C:\Program Files (x86)\AvRack

O43 - CFD: 01/05/2012 - 13:19:33 - [0] ----D C:\Program Files (x86)\BlueStacks

O43 - CFD: 03/07/2012 - 19:46:41 - [20,628] ----D C:\Program Files (x86)\Bywifi

O43 - CFD: 28/08/2011 - 21:28:50 - [0,657] ----D C:\Program Files (x86)\C3 Tech Multimedia

O43 - CFD: 11/12/2011 - 12:14:48 - [533,222] ----D C:\Program Files (x86)\CAPCOM

O43 - CFD: 03/08/2012 - 22:30:45 - [9,924] ----D C:\Program Files (x86)\CCleaner

O43 - CFD: 24/08/2012 - 19:29:59 - [472,998] ----D C:\Program Files (x86)\Common Files

O43 - CFD: 29/05/2012 - 22:04:03 - [0] ----D C:\Program Files (x86)\CommViewWiFi

O43 - CFD: 19/03/2011 - 19:16:20 - [1201,746] ----D C:\Program Files (x86)\Corel

O43 - CFD: 31/07/2012 - 00:18:22 - [2,556] ----D C:\Program Files (x86)\DOOM 3

O43 - CFD: 01/01/2011 - 23:12:23 - [0,484] ----D C:\Program Files (x86)\Driver Checker

O43 - CFD: 11/08/2011 - 21:27:01 - [0,902] ----D C:\Program Files (x86)\DVD Decrypter

O43 - CFD: 08/12/2010 - 21:17:56 - [0,926] ----D C:\Program Files (x86)\DVD Shrink

O43 - CFD: 26/11/2010 - 23:34:29 - [2,038] ----D C:\Program Files (x86)\Elaborate Bytes

O43 - CFD: 01/04/2011 - 22:44:02 - [111,381] ----D C:\Program Files (x86)\ESET

O43 - CFD: 03/06/2012 - 12:04:57 - [29,602] ----D C:\Program Files (x86)\EVGA Precision

O43 - CFD: 04/09/2012 - 19:50:58 - [29,271] ----D C:\Program Files (x86)\EVGA Precision X

O43 - CFD: 02/09/2012 - 14:22:14 - [0,000] ----D C:\Program Files (x86)\EXErrorsFix

O43 - CFD: 26/04/2011 - 22:18:42 - [2,390] ----D C:\Program Files (x86)\FileSaver

O43 - CFD: 11/09/2011 - 21:39:20 - [0,202] ----D C:\Program Files (x86)\GameVicio

O43 - CFD: 21/07/2012 - 15:00:55 - [2,277] ----D C:\Program Files (x86)\GbPlugin

O43 - CFD: 05/10/2011 - 21:53:56 - [21,932] ----D C:\Program Files (x86)\Google

O43 - CFD: 23/11/2010 - 23:41:53 - [0] ----D C:\Program Files (x86)\Hewlett-Packard

O43 - CFD: 23/04/2011 - 18:36:26 - [0] ----D C:\Program Files (x86)\hkSFV

O43 - CFD: 04/02/2012 - 11:03:55 - [248,337] ----D C:\Program Files (x86)\HP

O43 - CFD: 16/10/2011 - 12:58:35 - [3,102] ----D C:\Program Files (x86)\ImgBurn

O43 - CFD: 25/11/2010 - 20:54:29 - [26,494] ----D C:\Program Files (x86)\IncrediMail

O43 - CFD: 12/06/2011 - 12:28:39 - [1,461] --H-D C:\Program Files (x86)\InstallJammer Registry

O43 - CFD: 30/07/2012 - 23:39:03 - [127,953] --H-D C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 08/03/2011 - 16:14:12 - [0,091] ----D C:\Program Files (x86)\Intel

O43 - CFD: 05/09/2012 - 20:40:34 - [12,343] ----D C:\Program Files (x86)\Internet Explorer

O43 - CFD: 26/01/2011 - 23:20:24 - [1,920] ----D C:\Program Files (x86)\IObit

O43 - CFD: 11/04/2011 - 09:48:36 - [84,269] ----D C:\Program Files (x86)\Java

O43 - CFD: 20/03/2011 - 22:21:48 - [47,172] ----D C:\Program Files (x86)\K-Lite Codec Pack

O43 - CFD: 31/12/2011 - 00:15:11 - [131,537] ----D C:\Program Files (x86)\Kaspersky Lab

O43 - CFD: 08/03/2011 - 15:16:57 - [6,172] ----D C:\Program Files (x86)\Keyboard Driver

O43 - CFD: 14/04/2011 - 22:49:19 - [15,944] ----D C:\Program Files (x86)\Lavalys

O43 - CFD: 07/09/2012 - 15:41:12 - [11,719] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 08/03/2011 - 16:42:59 - [19,687] ----D C:\Program Files (x86)\Microsoft

O43 - CFD: 20/12/2010 - 22:07:35 - [37,956] ----D C:\Program Files (x86)\Microsoft Analysis Services

O43 - CFD: 20/12/2010 - 22:12:03 - [820,372] ----D C:\Program Files (x86)\Microsoft Office

O43 - CFD: 17/03/2011 - 18:42:42 - [0,183] ----D C:\Program Files (x86)\Microsoft SDKs

O43 - CFD: 09/05/2012 - 00:25:40 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 20/12/2010 - 22:12:01 - [3,467] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD: 20/12/2010 - 22:12:01 - [0,757] ----D C:\Program Files (x86)\Microsoft Sync Framework

O43 - CFD: 20/12/2010 - 22:12:54 - [0,312] ----D C:\Program Files (x86)\Microsoft Synchronization Services

O43 - CFD: 20/12/2010 - 22:09:24 - [1,200] ----D C:\Program Files (x86)\Microsoft Visual Studio 8

O43 - CFD: 17/03/2011 - 18:43:10 - [66,765] ----D C:\Program Files (x86)\Microsoft Visual Studio 9.0

O43 - CFD: 14/01/2011 - 01:08:35 - [7,824] ----D C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 03/11/2011 - 22:42:09 - [0,021] ----D C:\Program Files (x86)\MOBILedit!

O43 - CFD: 09/05/2012 - 00:06:19 - [0] ----D C:\Program Files (x86)\Moo0

O43 - CFD: 19/08/2011 - 15:58:32 - [0] ----D C:\Program Files (x86)\Moozy

O43 - CFD: 23/11/2010 - 21:53:17 - [6,172] ----D C:\Program Files (x86)\Mouse Driver

O43 - CFD: 08/09/2012 - 16:41:19 - [39,210] ----D C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 08/09/2012 - 16:46:33 - [0,211] ----D C:\Program Files (x86)\Mozilla Maintenance Service

O43 - CFD: 20/12/2010 - 22:13:41 - [0,025] ----D C:\Program Files (x86)\MSBuild

O43 - CFD: 26/11/2010 - 00:13:43 - [0] ----D C:\Program Files (x86)\MSXML 4.0

O43 - CFD: 22/07/2012 - 10:38:00 - [0,000] ----D C:\Program Files (x86)\MyRouter

O43 - CFD: 14/07/2012 - 20:22:05 - [73,798] ----D C:\Program Files (x86)\Nitro PDF

O43 - CFD: 04/09/2011 - 17:20:39 - [0] ----D C:\Program Files (x86)\Nobilis

O43 - CFD: 25/05/2012 - 20:06:01 - [121,455] ----D C:\Program Files (x86)\NVIDIA Corporation

O43 - CFD: 25/05/2012 - 00:09:16 - [6,211] ----D C:\Program Files (x86)\Oi

O43 - CFD: 09/07/2011 - 18:27:38 - [0,000] ----D C:\Program Files (x86)\Opera

O43 - CFD: 29/09/2011 - 23:15:05 - [15,027] ----D C:\Program Files (x86)\PCSX2 0.9.8

O43 - CFD: 28/11/2010 - 23:45:36 - [18,054] ----D C:\Program Files (x86)\Philips

O43 - CFD: 26/05/2012 - 19:10:22 - [2,630] ----D C:\Program Files (x86)\Photo Notifier and Animation Creator

O43 - CFD: 09/07/2011 - 18:19:16 - [0,006] ----D C:\Program Files (x86)\PowerDataRecovery

O43 - CFD: 12/06/2011 - 12:31:59 - [0] ----D C:\Program Files (x86)\Programas RFB

O43 - CFD: 14/04/2011 - 12:25:26 - [5,588] ----D C:\Program Files (x86)\Realtek

O43 - CFD: 05/01/2011 - 22:20:58 - [40,006] ----D C:\Program Files (x86)\Realtek AC97

O43 - CFD: 05/01/2011 - 22:21:03 - [0] ----D C:\Program Files (x86)\Realtek Sound Manager

O43 - CFD: 14/07/2009 - 02:32:38 - [106,401] ----D C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 01/01/2011 - 23:35:09 - [0] ----D C:\Program Files (x86)\Searchster.Net

O43 - CFD: 24/08/2012 - 19:30:01 - [16,855] R---D C:\Program Files (x86)\Skype

O43 - CFD: 01/01/2011 - 22:54:37 - [0] ----D C:\Program Files (x86)\SM

O43 - CFD: 10/07/2011 - 18:06:50 - [0] ----D C:\Program Files (x86)\Sony Ericsson

O43 - CFD: 08/03/2011 - 16:07:27 - [0] --H-D C:\Program Files (x86)\Temp

O43 - CFD: 01/05/2012 - 12:54:16 - [0,602] ----D C:\Program Files (x86)\Trine

O43 - CFD: 02/09/2012 - 12:03:19 - [4,236] ----D C:\Program Files (x86)\Tuto_4pc

O43 - CFD: 13/07/2012 - 23:09:12 - [0,141] ----D C:\Program Files (x86)\Twin USB Vibration Gamepad

O43 - CFD: 20/05/2011 - 23:15:31 - [0] ----D C:\Program Files (x86)\UEBBI.com

O43 - CFD: 14/07/2009 - 01:57:06 - [0] --H-D C:\Program Files (x86)\Uninstall Information

O43 - CFD: 29/04/2012 - 22:45:57 - [0,839] ----D C:\Program Files (x86)\uTorrent

O43 - CFD: 20/06/2011 - 00:20:08 - [0,013] ----D C:\Program Files (x86)\VDownloader

O43 - CFD: 26/11/2010 - 23:30:30 - [2,432] ----D C:\Program Files (x86)\Visual Clipboard

O43 - CFD: 02/01/2012 - 21:08:53 - [12,352] ----D C:\Program Files (x86)\VMware

O43 - CFD: 29/12/2010 - 23:07:46 - [64,974] ----D C:\Program Files (x86)\VSO

O43 - CFD: 20/03/2011 - 21:37:53 - [0] ----D C:\Program Files (x86)\Win7codecs

O43 - CFD: 01/09/2012 - 03:28:05 - [2,016] ----D C:\Program Files (x86)\Windows Defender

O43 - CFD: 23/06/2012 - 11:48:39 - [176,175] ----D C:\Program Files (x86)\Windows Live

O43 - CFD: 01/09/2012 - 03:28:07 - [23,116] ----D C:\Program Files (x86)\Windows Mail

O43 - CFD: 01/09/2012 - 03:28:07 - [7,741] ----D C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 02:32:38 - [16,805] ----D C:\Program Files (x86)\Windows NT

O43 - CFD: 01/09/2012 - 03:28:07 - [6,047] ----D C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 25/02/2011 - 23:47:39 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 01/09/2012 - 03:28:08 - [35,948] ----D C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 20/05/2011 - 22:58:19 - [0] ----D C:\Program Files (x86)\Yitsoft Software

O43 - CFD: 08/09/2012 - 17:02:34 - [13,194] ----D C:\Program Files (x86)\ZHPDiag

O43 - CFD: 28/08/2011 - 21:23:54 - [22,639] ----D C:\Program Files (x86)\Common Files\ArcSoft

O43 - CFD: 11/06/2011 - 11:50:21 - [2,967] ----D C:\Program Files (x86)\Common Files\Corel

O43 - CFD: 20/12/2010 - 22:12:51 - [0,095] ----D C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 23/11/2010 - 23:41:48 - [0,448] ----D C:\Program Files (x86)\Common Files\Hewlett-Packard

O43 - CFD: 23/11/2010 - 23:42:00 - [5,425] ----D C:\Program Files (x86)\Common Files\HP

O43 - CFD: 07/01/2012 - 01:50:18 - [10,228] ----D C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 11/04/2011 - 09:49:11 - [1,189] ----D C:\Program Files (x86)\Common Files\Java

O43 - CFD: 19/11/2011 - 20:09:17 - [298,072] ----D C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 14/07/2012 - 20:22:05 - [15,292] ----D C:\Program Files (x86)\Common Files\Nitro PDF

O43 - CFD: 19/03/2011 - 19:19:04 - [1,620] ----D C:\Program Files (x86)\Common Files\Protexis

O43 - CFD: 14/07/2009 - 00:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services

O43 - CFD: 24/08/2012 - 19:29:59 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype

O43 - CFD: 14/07/2009 - 00:20:08 - [87,659] ----D C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 01/09/2012 - 03:28:05 - [25,305] ----D C:\Program Files (x86)\Common Files\System

O43 - CFD: 24/11/2010 - 22:32:42 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live

~ Scan Program Folder in 00mn 35s

 

 

 

---\\ Last modified or created files under Windows and System32 (O44)

O44 - LFC:[MD5.E04B26ABDDB05C81871233ABE438D217] - 08/09/2012 - 16:55:05 ---A- . (...) -- C:\Windows\WindowsUpdate.log [2024978]

O44 - LFC:[MD5.98AB80FA70CC18747D332B71093B0835] - 08/09/2012 - 16:53:42 ---A- . (...) -- C:\Windows\SysNative\AutoKMS.log [203475]

O44 - LFC:[MD5.B0EC8C6756A84C17ADB89B58786DD8E4] - 08/09/2012 - 16:46:51 ---A- . (...) -- C:\Windows\setupact.log [280]

O44 - LFC:[MD5.630ECA67FC78564F3208BF7E49BA3940] - 08/09/2012 - 16:46:41 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.7BC3E871011E5FACC9044193EC8D36A4] - 08/09/2012 - 16:44:56 ---A- . (...) -- C:\AdwCleaner[s1].txt [29699]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/09/2012 - 22:29:54 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.123F9A5D2F6B4F8F7780FAC6CFDE1D64] - 07/09/2012 - 22:29:29 ---A- . (...) -- C:\Windows\PFRO.log [386]

O44 - LFC:[MD5.779D63B268EA50AAA6CEAD0EF60E312B] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc012.dat [120296]

O44 - LFC:[MD5.AD48C0A8C54F0724CC38AB0271528971] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc013.dat [152730]

O44 - LFC:[MD5.3FE2F9ABDEDB9AD5B5261D895BE2EF3B] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc014.dat [95096]

O44 - LFC:[MD5.25287A8A16A906966AC86B3A40066643] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc015.dat [155414]

O44 - LFC:[MD5.0507F7940C8D0EBDC66A2FB73DC27C54] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc019.dat [150294]

O44 - LFC:[MD5.4662FB752ED864040D2818F5F8AE7BB3] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc01D.dat [142288]

O44 - LFC:[MD5.6B93B750A09B913E65715534BB54619B] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfc01F.dat [139692]

O44 - LFC:[MD5.E7E21ACB7E2675AADFD8156D7EFC6B44] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh011.dat [410570]

O44 - LFC:[MD5.A760DD213114EEAD59C2E06B1779C257] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh012.dat [422164]

O44 - LFC:[MD5.723D231A43EE70AE10723638C894512C] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh013.dat [735958]

O44 - LFC:[MD5.DF0DD284FC764A5AE09E83E2F298F2D2] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh014.dat [487362]

O44 - LFC:[MD5.6FA73A15E85455892E374D7668626456] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh015.dat [732782]

O44 - LFC:[MD5.4D4AF5FDEA4317E9266D89D53C729EAF] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh019.dat [717312]

O44 - LFC:[MD5.CDD027DD271685DE68C995F9DAE33EF4] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh01D.dat [656528]

O44 - LFC:[MD5.8479FC75C19894B5F49358F7A6D7CD0D] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\perfh01F.dat [649542]

O44 - LFC:[MD5.50C7BAD3E03D5B5CF834EEECD8C41F5F] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0404.dat [114954]

O44 - LFC:[MD5.37A4A7EB6FA41AA2CBF42F7DD4A5642E] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [40648]

O44 - LFC:[MD5.9CF7A87A75919CB85B3DD0DFB101FA92] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0804.dat [119868]

O44 - LFC:[MD5.DB344EDBB7307DE50339F6C5CC3C0E86] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfc0816.dat [152702]

O44 - LFC:[MD5.BDB0AE0943BF83C64AD10D9DA5E1B5AA] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0404.dat [394996]

O44 - LFC:[MD5.7DA30047CC1E4096A060228AD30E3F9F] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [143122]

O44 - LFC:[MD5.027645AD989E2C968FA19C00F606918A] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0804.dat [377894]

O44 - LFC:[MD5.66D1EDA5929B992BB42CD9C80067D662] - 07/09/2012 - 14:52:02 ---A- . (...) -- C:\Windows\SysNative\prfh0816.dat [721780]

O44 - LFC:[MD5.9ED49ADBA0959D2948E3FFBB9C774ED2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [16183068]

O44 - LFC:[MD5.27A19C1A5302F0D97C6364538F1E1745] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc001.dat [94604]

O44 - LFC:[MD5.D6F7BFC51E6C8BE90253B514B6086663] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc005.dat [140910]

O44 - LFC:[MD5.0BAAA608E005A512D274E68C52FB4581] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc006.dat [98286]

O44 - LFC:[MD5.078A21C130A694130CD6EC0CFE69594D] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc007.dat [148596]

O44 - LFC:[MD5.7915D498A955638ABA9D78CE74812EE2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc008.dat [110806]

O44 - LFC:[MD5.2BDAE4312D3AE9E93A2A88C95B4C93CA] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [36744]

O44 - LFC:[MD5.B054E269681CF8AA0C64216984F4F0BE] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00A.dat [158138]

O44 - LFC:[MD5.37B56F918CF908F05809B47C4232C2F2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00B.dat [100946]

O44 - LFC:[MD5.F31BE6173847B3DB528D34794BEBD203] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [149106]

O44 - LFC:[MD5.3767CF3A37F3A9A8C950EBF2300A3E33] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00D.dat [84714]

O44 - LFC:[MD5.6E96AFFEA542B21F55DFCF7C36B57F1D] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc00E.dat [170798]

O44 - LFC:[MD5.8E59DBF678FD92DC8E55701A8C2F33E8] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc010.dat [146602]

O44 - LFC:[MD5.049F6C9DE49B06DD6F8A6D5C4DCBEE61] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfc011.dat [122008]

O44 - LFC:[MD5.5178B380531A8903832209E6F8F76CCF] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh001.dat [472006]

O44 - LFC:[MD5.C7E78F847DA2D1200D8DAC019A55F9B7] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh005.dat [661284]

O44 - LFC:[MD5.93D19E38842A1D6B67A46EEF5ADA1532] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh006.dat [502086]

O44 - LFC:[MD5.01515AFC75C791254182007EE2B36C2C] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh007.dat [689528]

O44 - LFC:[MD5.06C8760352A37413AAE44153C685EDAB] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh008.dat [599464]

O44 - LFC:[MD5.AD896E33B2273699F3590A6D0BC97BBC] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [138202]

O44 - LFC:[MD5.917F08958D605726A973F4916D693D00] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00A.dat [738088]

O44 - LFC:[MD5.A24AA2BA4D7076EDB72FECFB49290FE0] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00B.dat [474226]

O44 - LFC:[MD5.97435D229617C16D02C146FC5CD548E5] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [738244]

O44 - LFC:[MD5.F4D309AF5EC5C6DD9A5C8DB703DF3835] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00D.dat [385572]

O44 - LFC:[MD5.05ABB64B34C8E3D7EDFEBBB2CA0CC0A8] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh00E.dat [676266]

O44 - LFC:[MD5.FFA37F84C9392E61AE7FB7968A2A405D] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\SysNative\perfh010.dat [732780]

O44 - LFC:[MD5.9ED49ADBA0959D2948E3FFBB9C774ED2] - 07/09/2012 - 14:52:01 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [16183068]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 05/09/2012 - 15:07:57 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [72822]

O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 05/09/2012 - 15:07:57 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [72822]

O44 - LFC:[MD5.B7A532B9148BB6EB01AD8B25549BD8CB] - 02/09/2012 - 12:02:32 ---A- . (...) -- C:\ChromeHPLog.txt [26]

O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 31/08/2012 - 23:52:30 ---A- . (...) -- C:\Windows\SysNative\prfd0804.dat [31548]

O44 - LFC:[MD5.3A6AE335F598733BA114414BACF8B163] - 31/08/2012 - 23:52:30 ---A- . (...) -- C:\Windows\SysNative\prfi0804.dat [111310]

O44 - LFC:[MD5.123AE03AE3801D7CF2E7C25A4F36E20F] - 31/08/2012 - 22:04:12 ---A- . (...) -- C:\Windows\SysNative\perfd007.dat [38104]

O44 - LFC:[MD5.7D57D289C5F93908319DEA1080CC111D] - 31/08/2012 - 22:04:11 ---A- . (...) -- C:\Windows\SysNative\perfi007.dat [295922]

O44 - LFC:[MD5.E51BCA624E6F4807328075361FC88E8D] - 31/08/2012 - 20:57:23 ---A- . (.Oracle Corporation - No comment.) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [108008]

O44 - LFC:[MD5.9D75AE1E0CF50FC15354DD5B8E7E8FB4] - 31/08/2012 - 20:57:18 ---A- . (.Oracle Corporation - Java Platform SE binary.) -- C:\Windows\SysNative\javaw.exe [189416]

O44 - LFC:[MD5.25DAC5D3C1F220AC79D0B00D7927B24F] - 31/08/2012 - 20:57:18 ---A- . (.Oracle Corporation - Java Web Start Launcher.) -- C:\Windows\SysNative\javaws.exe [289768]

O44 - LFC:[MD5.9D75AE1E0CF50FC15354DD5B8E7E8FB4] - 31/08/2012 - 20:57:18 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\javaw.exe [189416]

O44 - LFC:[MD5.25DAC5D3C1F220AC79D0B00D7927B24F] - 31/08/2012 - 20:57:18 ---A- . (.Sun Microsystems, Inc. - Java Web Start Launcher.) -- C:\Windows\System32\javaws.exe [289768]

O44 - LFC:[MD5.139BBF3E294D0E142252F0FF8E859B4C] - 31/08/2012 - 20:57:16 ---A- . (.Oracle Corporation - Java Platform SE binary.) -- C:\Windows\SysNative\java.exe [188904]

O44 - LFC:[MD5.139BBF3E294D0E142252F0FF8E859B4C] - 31/08/2012 - 20:57:16 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\java.exe [188904]

O44 - LFC:[MD5.5AE843246FD8E5E80C71C14E8C1B3E61] - 31/08/2012 - 20:57:15 ---A- . (.Oracle Corporation - Java Platform SE binary.) -- C:\Windows\SysNative\deployJava1.dll [916456]

O44 - LFC:[MD5.D7377FC952CAFC87DF46CEA3E3B33F3F] - 31/08/2012 - 20:57:15 ---A- . (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(T.) -- C:\Windows\SysNative\npDeployJava1.dll [1034216]

O44 - LFC:[MD5.5AE843246FD8E5E80C71C14E8C1B3E61] - 31/08/2012 - 20:57:15 ---A- . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Windows\System32\deployJava1.dll [916456]

O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 01/09/2012 - 03:23:45 ---A- . (...) -- C:\Windows\SysNative\perfd011.dat [31548]

O44 - LFC:[MD5.662686A55F1CCF3E9031CD70CDAABAA1] - 01/09/2012 - 03:23:45 ---A- . (...) -- C:\Windows\SysNative\perfi011.dat [141988]

O44 - LFC:[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - 01/09/2012 - 00:51:02 ---A- . (...) -- C:\Windows\SysNative\prfd0404.dat [31548]

O44 - LFC:[MD5.7EA6238ADEB79DF41A31283D7847FE5E] - 01/09/2012 - 00:51:02 ---A- . (...) -- C:\Windows\SysNative\prfi0404.dat [117840]

O44 - LFC:[MD5.4B614CB456DE641C43AA6501292B9FA2] - 16/08/2012 - 14:50:56 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [437880]

~ Scan Files in 00mn 09s

 

 

 

---\\ Operations and functions at Windows Explorer startup (O46)

O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

~ Scan ShellExecuteHooks in 00mn 00s

 

 

 

---\\ Local Security Authority-LSA Deny (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pacote de Segurança Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Safe Boot Control (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Driver de porta de mouse serial.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Driver de Extensão do Gerenciador de Volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\BCSSync [Key] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

O53 - SMSR:HKLM\...\startupreg\bywifi [Key] . (.bywifi.com - Bywifi: Video Streaming Accelerator.) -- C:\Program Files (x86)\Bywifi\bywifi.exe

O53 - SMSR:HKLM\...\startupreg\CCLite [Key] . (.ms - No comment.) -- C:\Windows\system32\Event Agent\ea.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Eraser [Key] . (...) -- C:\Program Files (x86)\Eraser\Eraser.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Google Update [Key] . (.Google Inc. - Google Installer.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Update\GoogleUpdate.exe

O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O53 - SMSR:HKLM\...\startupreg\hpqSRMon [Key] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\IncrediMail [Key] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe

O53 - SMSR:HKLM\...\startupreg\Lingoes [Key] . (...) -- C:\Program Files (x86)\Lingoes\Translator2\Lingoes.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\mylbx [Key] . (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe

O53 - SMSR:HKLM\...\startupreg\OfficeSyncProcess [Key] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe

O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O53 - SMSR:HKLM\...\startupreg\SnowWallpaper [Key] . (...) -- C:\Program Files (x86)\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\SPC230NC_Monitor [Key] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\Philips\SPC230NC\Monitor.exe

O53 - SMSR:HKLM\...\startupreg\SPC_Monitor [Key] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\Philips\SPC230NC\Monitor.exe

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O53 - SMSR:HKLM\...\startupreg\Tutorials [Key] . (...) -- C:\Program Files (x86)\Tuto_4pc\tutoriaisslimba.exe

O53 - SMSR:HKLM\...\startupreg\UpdateTutoriaisSlimbaHP.exe [Key] . (.pctuto - updatepctutoHP.) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe

O53 - SMSR:HKLM\...\startupreg\vmware-tray [Key] . (...) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\Windows Mobile-based device management [Key] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdcBase.exe

~ Scan SMSR Keys in 00mn 00s

 

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableTaskMgr"=0

O55 - MWPS:[HKCU\...\Policies\System] - "DisableRegistryTools"=0

O55 - MWPS:[HKCU\...\Policies\System] - "NoDispCPL"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowRun"=1

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoFolderOptions"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoNetworkConnections"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAddPrinter"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDeletePrinter"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSetFolders"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoPropertiesMyComputer"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoControlPanel"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoViewContextMenu"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoTrayContextMenu"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWinKeys"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRun"=0

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=60

~ Scan Keys in 00mn 00s

 

 

 

---\\ System Drivers List (SDL) (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 13/07/2009 - 22:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]

O58 - SDL:[MD5.6CCD1135320109D6B219F1A6E04AD9F6] - 14/11/2006 - 11:31:00 ---A- . (.Arcsoft, Inc. - Arcsoft® ASPI Shell.) -- C:\Windows\SysWOW64\drivers\afc.sys [22784]

~ Scan Drivers in 00mn 00s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <Opera.HTML>[HKLM\..\open\Command] (.Not Key.)

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\Windows\SysWow64\CScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\System32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Console Based Script Host.) -- C:\Windows\SysWow64\CScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Svchost Services (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Serviço de Experiência com Aplicativo.) -- C:\Windows\System32\aelupsvc.dll [72192]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Serviço de Propagação de Certificado de Cartão Inteligente da Microsof.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - DLL de Serviço do Servidor.) -- C:\Windows\System32\srvsvc.dll [236032]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extensão IKE.) -- C:\Windows\System32\ikeext.dll [853504]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Serviço de Áudio do Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gerenciador de Discagem Automática de Acesso Remoto.) -- C:\Windows\System32\rasauto.dll [99328]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gerenciador de conexão de acesso remoto.) -- C:\Windows\System32\rasmans.dll [344064]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gerenciador de Interface Dinâmica.) -- C:\Windows\System32\mprdim.dll [97792]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Serviço de Notificação de Eventos do Sistema (SENS).) -- C:\Windows\System32\sens.dll [64512]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\Windows\System32\ipnathlp.dll [359424]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [316928]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gerenciador de Conexões Remotas do Servidor Host da Sessão da Área de.) -- C:\Windows\System32\termsrv.dll [680960]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2428952]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2428952]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\Windows\System32\shsvcs.dll [370688]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Serviço que oferece conectividade IPv6 em uma rede IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\Windows\system32\seclogon.dll [30720]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Serviço de Informações de Aplicativos.) -- C:\Windows\System32\appinfo.dll [70656]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Serviço de Descoberta iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Serviço Agendador de Classes de Multimídia.) -- C:\Windows\System32\mmcss.dll [67584]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Serviço de Configuração da Área de Trabalho Remota.) -- C:\Windows\System32\sessenv.dll [121856]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - DLL de Serviço Pesquisador de Computadores.) -- C:\Windows\System32\browser.dll [136704]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Serviço Agendador de Tarefas.) -- C:\Windows\System32\schedsvc.dll [1110016]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Relatórios de Problemas e Soluções.) -- C:\Windows\System32\wercplsupport.dll [84480]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - DLL do Serviço de Tema do Shell do Windows.) -- C:\Windows\System32\themeservice.dll [44544]

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\Windows\System32\appmgmts.dll [193536]

~ Scan Services in 00mn 00s

 

 

 

---\\ Search Particular Root Folder (SPRF) (O84)

[MD5.2424936423657E4DF33A07F9AED8897C] [sPRF][18/01/2011] (...) -- C:\ProgramData\ntuser.dat [262144]

[MD5.6D9E5361414A404F62DC249F2AADC327] [sPRF][31/01/2008] (.Unknown owner - 7-zip32.) -- C:\Users\PAULOROBERTO\AppData\Local\Temp\7-zip32.dll [506880]

[MD5.02961D44C635A12BD6E39793D36C06A9] [sPRF][08/09/2012] (...) -- C:\Users\PAULOROBERTO\Desktop\adwcleaner.exe [511265]

[MD5.E897110EE5E67FABB83B154DF9C68D6A] [sPRF][08/09/2012] (...) -- C:\Users\PAULOROBERTO\Desktop\ZHPDiag_silent.exe [794216]

[MD5.AE326A97F634217CAC29739D376DF934] [sPRF][15/08/2011] (...) -- C:\Users\PAULOROBERTO\Desktop\ZHP_uninstall.exe [344187]

[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]

[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]

[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [sPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [417792]

~ Scan Files in 00mn 00s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{060C4A80-3D9B-42B2-97BD-2D81F2304FFC}" | In - None - P17 - TRUE | .(.Hewlett-Packard - HP Update Client.) -- C:\Program Files (x86)\HP\hp software update\hpwucli.exe

O87 - FAEL: "{50A9F65B-55A8-4C40-963F-664F72DD740C}" |Out - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{8C350460-52A6-48AB-A88D-BD5DE8DC7833}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{323F6C4C-E736-4E60-B8B2-38F7410189DC}" |Out - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{4027D939-1502-4862-A70D-A9DFDA9BFA3D}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)

O87 - FAEL: "{D3073D82-59EE-4FA7-9862-3065C9C316EB}" | In - Private - P6 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe

O87 - FAEL: "{89A3D4C2-AD57-4323-9D79-2AC711F2323C}" | In - Private - P17 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe

O87 - FAEL: "{67973313-4C1A-49DC-91FC-0F8E2C804F06}" | In - Private - P6 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe

O87 - FAEL: "{D00FDBEF-BD44-402C-82DC-9C0A5826CC98}" | In - Private - P17 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe

O87 - FAEL: "{7ADEC054-760E-4208-AC85-911EF7E0E7EF}" | In - Private - P6 - TRUE | .(.Event Agent - Local Security Authority Agent.) -- C:\Windows\SysWOW64\Event Agent\lite.exe

O87 - FAEL: "{5A2576E0-1D99-4A9B-ACDE-6D6225A385F1}" | In - Private - P17 - TRUE | .(.Event Agent - Local Security Authority Agent.) -- C:\Windows\SysWOW64\Event Agent\lite.exe

O87 - FAEL: "{E36D5C6E-06B0-426C-8BC9-115DD50DF237}" | In - Private - P6 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe

O87 - FAEL: "{D7511860-62FA-4C7B-B329-B29586428484}" | In - Private - P17 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe

O87 - FAEL: "{6205D596-1BF6-4E18-AFE2-F74283F07AF5}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\Event Agent\Bin\EventAgentRegistry.exe

O87 - FAEL: "{D5992585-76B7-46D5-BBB0-C5A5D5E9A6D4}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Event Agent\Bin\EventAgentRegistry.exe

O87 - FAEL: "{F25B8C7B-104E-4E79-B44D-3BB2ED97F587}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

O87 - FAEL: "{2A0C7D2E-EFA4-43CE-83FA-47DFB1CA4AD2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

O87 - FAEL: "{67CFF14A-9DD7-4258-BF49-C56A6C882D10}" | In - Public - P6 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

O87 - FAEL: "{81C07B84-28C9-4079-8C4C-7BD0813C9BC0}" | In - Public - P17 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

O87 - FAEL: "{4CC8C1CE-6C63-48E5-ACF1-AD53BEEC2FBA}" | In - Private - P6 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

O87 - FAEL: "{22B3512F-A0F4-4D5B-8D25-B96869A96D80}" | In - Private - P17 - TRUE | .(.Google - Google Talk Plugin.) -- C:\Users\PAULOROBERTO\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

O87 - FAEL: "{A4486819-7862-4F54-B3D1-A9BBF571BE27}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O87 - FAEL: "{5FB3341B-0583-4387-84B2-3702A036DF59}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O87 - FAEL: "{553AFB82-8D02-4823-BADF-B98E0CCA8F81}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

O87 - FAEL: "{8883E8F6-CDA2-49C3-8FEA-9E387BF1401E}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\PAULOROBERTO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

O87 - FAEL: "{308D246C-1D38-46F5-8211-06DB768599B6}" | In - Public - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O87 - FAEL: "{E665D9BC-63EC-40E5-8EDA-E26BE6E6BF59}" | In - Public - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O87 - FAEL: "{3D6855D7-76A7-42A4-A2FC-2038BD5C0BBD}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{01B906B5-112E-4A06-839C-959E2C8E7E04}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{CE9452B6-C37D-4513-8E78-F0FA965AC822}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{083E5BF8-0F2B-4690-84C6-70DA9A858737}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{EA762CE7-9F01-4F28-80A3-192B7DAD15FC}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O87 - FAEL: "{9CA18194-DF55-4ABD-BE9C-9545798E58D7}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O87 - FAEL: "{02662005-3F39-4515-BF3F-2E5052835644}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{63D2521D-71D4-49B8-A6EE-C5C99EFF717C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{B0F78EF4-9A7B-41A7-8E73-688109198FA1}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{FDDD53EE-7DFD-4D05-A2DD-11027B82D22E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{F4B5D5E7-065A-429A-9B9F-A9243D90B00D}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{858E25DF-AFB0-4D46-82CD-8723399497A6}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{EBD0934D-4C81-46EC-876F-FCCB8F5CE5A7}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O87 - FAEL: "{C72A9C7D-AE83-4AF3-95B8-4B3089A4B879}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O87 - FAEL: "{93D618D0-4F54-4EBE-8357-028106B604D6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.)

O87 - FAEL: "{9627CE69-A86F-4A8E-A9CE-9B23904AC2EB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.)

~ Scan Firewall in 00mn 01s

 

 

 

---\\ Additionnal Scan (O88)

Database Version : 9170 - (25/06/2012)

Clés trouvées (Keys found) : 2

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

 

[HKLM\Software\WOW6432Node\Trymedia Systems] =>Adware.Trymedia

[HKCU\Software\Tutorials] =>Toolbar.Agent

~ Scan Additionnel in 00mn 05s

 

 

 

---\\ Router Hijack DNS (O89) (None)

 

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)

SS - | Demand 08/09/2012 250568 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SS - | Auto 24/04/2011 202296 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

SS - | Demand 28/02/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe

SS - | Auto 211888 | (GbpSv) . (...) - C:\Program Files (x86)\GbPlugin\gbpsv.exe

SS - | Auto 211888 | (gpsvc) . (...) - C:\Program Files (x86)\GbPlugin\gbpsv.exe

SS - | Auto 28/11/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 28/11/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SS - | Demand 05/10/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe

SS - | Auto 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe

SR - | Auto 31/08/2009 1821184 | (KMWDSERVICE) . (.UASSOFT.COM.) - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe

SS - | Demand 08/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 25/06/2012 216080 | (NitroReaderDriverReadSpool2) . (.Nitro PDF Software.) - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

SR - | Auto 15/05/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe

SS - | Auto 15/05/2012 1262400 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe

SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

SR - | Auto 25/02/2011 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe

SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 15/05/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SS - | Auto 0 | (System Event Agent) . (...) - C:\Windows\system32\Event Agent\bin\spoolsv .exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Scan Services in 00mn 03s

 

 

 

---\\ Search Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

~ Scan MBR in 00mn 02s

 

 

 

---\\ Search Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by PAULOROBERTO at 08/09/2012 17:03:45

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

 

 

 

End of the scan (1721 lines in 01mn 52s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! prrsilva

 

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_Logo.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKLM\..\Wow6432Node\Run: [CCLite] C:\Windows\system32\Event Agent\ea.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [RunAsStdUser Task] (...) -- C:\Program Files (x86)\Moo0\FileShredder 1.17\FileShredder.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{1E1958F2-72FA-4297-8943-F06E0AFA129E}] (...) -- C:\Program Files (x86)\Maxthon3\Bin\Mx3Uninstall.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{884A3003-179D-4C41-849F-4B5889A22200}] (...) -- C:\Users\PAULOROBERTO\Desktop\Johnny Castaway Vista.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{AAD3343B-61CF-410C-BBF1-1EF41EFA888A}] (...) -- F:\VisualizadorNFeCTe_v50e.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{C7279582-ED02-4131-9AA6-19E554EE7756}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{D2865EF1-7A6C-41EB-B50A-4F0F61F98F7C}] (...) -- C:\Users\PAULOROBERTO\Documents\VisualizadorNFeCTe_v50e.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{D85C16D1-2301-4ED8-AEE0-2F203D40C854}] (...) -- C:\Users\PAULOROBERTO\Desktop\ReceitanetJava2010.02d_setup_win32.exe (.not file.)

[MD5.F26AB739E1554156BC4040009ECE24B3] - (.IDEVFH - Memory Fox Version Beta 7.4.) -- C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe [647168] [PID.44

[MD5.83605CA0BB3FCE6B45BE12148AD8B3C9] [APT] [AutoKMS] (.Microsoft.) -- C:\Windows\AutoKMS.exe => Infection Diverse (Trojan.Keygen)

SS - | Auto 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe => Infection Diverse (Trojan.Keygen)

SS - | Auto 0 | (System Event Agent) . (...) - C:\Windows\system32\Event Agent\bin\spoolsv .exe => Infection Vundo

O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe => Infection Diverse (Trojan.Keygen)

O23 - Service: System Event Agent (System Event Agent) . (.Unknown owner - Event Agent Startup.) - C:\Windows\SysWOW64\Event Agent\bin\spoolsv .exe

O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} => Infection PUP (Adware.IMBooster)

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Histórico

O43 - CFD: 17/03/2012 - 21:41:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\WinISO Computing

O43 - CFD: 20/08/2011 - 22:12:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{00F4F231-F954-4B9C-B23C-6A5CC67EC444}

O43 - CFD: 15/06/2011 - 16:58:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0210C146-0236-4C1F-BC2D-4B7D2704D259}

O43 - CFD: 03/08/2012 - 14:58:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{02A26541-0209-433A-B549-6D6436CE17EC}

O43 - CFD: 20/03/2012 - 10:10:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{03317A69-A0AD-4BD9-B478-594D0989C33D}

O43 - CFD: 17/04/2012 - 11:24:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{039A5CD6-6BC4-41E4-92CC-347D4314D7EB}

O43 - CFD: 25/05/2012 - 18:22:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{046F5414-3B69-4D88-9B0D-0C7A31D19AE4}

O43 - CFD: 27/03/2012 - 11:44:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{053C9CB3-C583-498E-B5F3-27878A76E5AE}

O43 - CFD: 19/11/2011 - 19:59:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{070D0DC1-4B1D-4921-9BFC-FD6692FFDB05}

O43 - CFD: 14/01/2012 - 13:25:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{088F2EB2-A08A-4B16-BB75-0D0B36DC8057}

O43 - CFD: 17/02/2012 - 09:36:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{08A5DE3B-9DB0-471F-AA5D-3F2C42476419}

O43 - CFD: 16/07/2011 - 11:36:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{09BF84FC-20B0-4F8E-A34C-5BC3EABD97AB}

O43 - CFD: 05/05/2012 - 11:35:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{0C0371F1-91FE-457E-8498-E7570238F398}

O43 - CFD: 19/06/2012 - 16:01:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{103BCF28-C2AF-45E0-A228-A7079622D0BA}

O43 - CFD: 28/10/2011 - 11:43:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1220C7CD-BCB8-4AD5-B7C0-4B5AC49E8B71}

O43 - CFD: 08/05/2012 - 20:00:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{12925EE2-2FB9-4247-8AEE-EDB9968DAECD}

O43 - CFD: 11/08/2012 - 11:35:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{13F50FCF-9AE6-4281-8F35-CA81AEB6B740}

O43 - CFD: 05/07/2011 - 20:22:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{14683B31-094E-42FC-9623-505B09AFBC31}

O43 - CFD: 09/07/2011 - 12:07:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15033920-076E-48B6-98C0-759684E792FC}

O43 - CFD: 08/06/2012 - 18:30:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15372CE0-3A5A-4415-AFC7-553D97631373}

O43 - CFD: 24/05/2011 - 23:20:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{15FC2A6A-4503-4ECA-9810-2692B586C9B9}

O43 - CFD: 16/05/2012 - 21:35:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1606896D-1092-42F4-BEDB-7C87B7E6C20C}

O43 - CFD: 20/01/2012 - 16:32:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{16C19A8E-5DAB-4794-A260-9C418945EFB2}

O43 - CFD: 18/01/2012 - 09:54:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{179FCAFA-6F4E-44FC-890E-108B1F0C771C}

O43 - CFD: 26/06/2012 - 09:11:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1945E11C-15B5-44C1-9E65-CE3D01D0B818}

O43 - CFD: 25/05/2012 - 18:22:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1AF167D6-57A1-4069-B6BA-65FF16859E63}

O43 - CFD: 28/06/2012 - 11:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C31741C-0431-4008-9FBC-DEF185CC4612}

O43 - CFD: 06/05/2011 - 11:44:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1C83A534-5153-46B1-B561-B1BE7BB967C1}

O43 - CFD: 08/07/2011 - 20:03:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1D717EC7-97AF-4BED-9820-EDB472174D4C}

O43 - CFD: 26/04/2011 - 09:32:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1E0B28A5-A9C2-4FA2-87D0-CB0A54A4A7C8}

O43 - CFD: 28/06/2011 - 19:29:24 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{1F798B63-D942-4EF4-B528-156800586070}

O43 - CFD: 30/04/2011 - 13:34:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2315F420-3E42-473D-A47D-FFC1EB4F4DB3}

O43 - CFD: 04/02/2012 - 21:59:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2491BE60-7ECC-4A86-8248-C42F39F736B2}

O43 - CFD: 06/02/2012 - 19:55:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2565103F-8291-402B-8E81-42C820F12140}

O43 - CFD: 03/09/2011 - 12:46:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2567346A-EE13-44EA-B598-C39B5C555D09}

O43 - CFD: 05/09/2012 - 21:09:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{281ECC3C-CF64-47F9-B45D-85CD82091750}

O43 - CFD: 26/05/2012 - 19:27:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{28DAE245-9622-4A7F-8AFB-2F46FE87269A}

O43 - CFD: 03/08/2012 - 14:58:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{29E24AC7-F034-4E6D-837D-F5CC3553DB6D}

O43 - CFD: 09/06/2012 - 10:49:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2D691E10-50A9-45C0-9268-3E41CB483DC0}

O43 - CFD: 01/05/2012 - 11:02:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E2743A6-2260-4A01-83AD-F37EDBD06206}

O43 - CFD: 27/01/2012 - 11:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{2E60D613-16B6-4B62-91C5-006FA4CDD04D}

O43 - CFD: 16/05/2012 - 21:35:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30301572-A4AE-4095-A160-2B83F49D3165}

O43 - CFD: 23/06/2012 - 11:31:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{305BBF4F-2DC9-499C-96F9-0F9E1E2B2E65}

O43 - CFD: 18/04/2012 - 20:10:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{30DEAC39-31E0-4326-A1F1-423220D3BCDB}

O43 - CFD: 31/12/2011 - 20:44:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{327D5FAA-9700-40D9-9BC8-FF1FED6E270F}

O43 - CFD: 18/10/2011 - 14:37:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3389890D-7AC8-4D34-9272-B3AC449CD717}

O43 - CFD: 12/06/2012 - 22:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{34329794-ADBD-4A36-AEBD-922831D8416B}

O43 - CFD: 25/01/2012 - 18:27:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{357F54F6-B589-42FF-A37D-2EE81B03F34E}

O43 - CFD: 10/06/2011 - 11:03:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3854C9F3-815F-4A3A-9E91-E3FED88C1915}

O43 - CFD: 17/06/2012 - 17:19:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{38783BBD-2E89-4807-ADA1-6ADFD6986E76}

O43 - CFD: 10/08/2011 - 11:19:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{389FE628-295D-4C70-AD1C-430F8A0617D1}

O43 - CFD: 03/06/2011 - 11:36:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{397AD953-6D8E-4F49-B352-A9D6A15E591B}

O43 - CFD: 24/01/2012 - 17:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B0A9B4A-6724-4F18-9F09-0C991E4ABA45}

O43 - CFD: 07/03/2012 - 16:29:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3B49AB33-10A7-463D-939A-AE56F728DD4B}

O43 - CFD: 03/05/2012 - 20:34:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C141791-0E9D-453B-BC93-CA12846F4419}

O43 - CFD: 24/12/2011 - 19:26:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3C56C4B7-3D39-4EBF-B003-BC54EF534B0A}

O43 - CFD: 10/05/2012 - 20:15:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D5630E4-59DB-43A1-AF3B-3C86E815BC2D}

O43 - CFD: 10/01/2012 - 15:25:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3D9EC2A4-E3E6-496B-AA4D-11CDB03D28F7}

O43 - CFD: 22/04/2012 - 19:28:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3E424CF5-F89F-4A40-90CB-650D2353C14F}

O43 - CFD: 19/11/2011 - 20:26:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{3F674C72-1571-4B12-A353-971FAD8FC21C}

O43 - CFD: 05/11/2011 - 11:01:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{41FFFD4B-3C3E-4A00-9ACB-CFD1F834541A}

O43 - CFD: 22/05/2012 - 18:44:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{420E1D61-AA19-49A3-9978-A2A974FAFE6B}

O43 - CFD: 04/02/2012 - 22:00:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42A98A64-EE96-42CE-A024-56120C545EBB}

O43 - CFD: 02/12/2011 - 21:12:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42AF04B9-8714-491B-ADDE-4181F322B20D}

O43 - CFD: 02/08/2012 - 16:44:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{42D314FE-8E2F-4A55-8C22-5161C71FD9FB}

O43 - CFD: 05/06/2012 - 14:59:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{44A81291-DE7A-48B4-B41B-19C4659D7D00}

O43 - CFD: 02/08/2011 - 11:05:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{458D9B96-CD88-41AF-BB56-F6B20CC129F0}

O43 - CFD: 18/04/2012 - 20:28:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{46974A91-7060-486A-8448-17CDC69C5508}

O43 - CFD: 29/07/2011 - 18:00:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{47C9C047-8724-4651-8A84-3F263B0A6FB6}

O43 - CFD: 02/06/2012 - 12:02:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{48DDE63C-6421-4595-850A-9A450361C2F9}

O43 - CFD: 17/02/2012 - 09:36:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49236BB4-FB73-4D80-A766-A146B05D8605}

O43 - CFD: 02/06/2012 - 17:34:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{49A00D90-5B4D-4021-B03E-CAA9796FACDC}

O43 - CFD: 17/01/2012 - 18:24:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4C22B66A-8AC2-4228-9DFE-B3E6AEE276D4}

O43 - CFD: 12/06/2012 - 22:05:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{4D18B8A4-B385-46BE-825A-1ADFF7984E67}

O43 - CFD: 25/01/2012 - 18:27:06 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{50039014-CE9F-41D9-862E-A7B4D855724B}

O43 - CFD: 15/07/2011 - 17:15:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5034EC67-0970-4691-ACAA-25B6B72A9DCA}

O43 - CFD: 19/07/2011 - 16:18:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{503E0967-EEE1-4695-8C91-AD1CA10CE117}

O43 - CFD: 14/10/2011 - 10:38:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5113999F-4E24-468F-A760-7416268C3C10}

O43 - CFD: 28/02/2012 - 19:13:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{511827F5-DCFF-43A1-8CB8-B3A0C78D4A06}

O43 - CFD: 19/04/2012 - 10:04:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{51338AC8-2C1A-489E-A173-9960F478C4F5}

O43 - CFD: 18/07/2011 - 11:48:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{53C6C867-539A-45FA-A114-F86EA8D2047E}

O43 - CFD: 08/03/2012 - 11:29:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{545E30D5-A125-465E-86DD-435729270AA3}

O43 - CFD: 05/03/2012 - 20:47:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{54BE11AC-1483-4C89-ABFB-8D77629E4B87}

O43 - CFD: 02/12/2011 - 21:12:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{55E5FCB6-C810-44D4-9B1C-E34C16D487EF}

O43 - CFD: 08/10/2011 - 12:29:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564C0A73-34E0-4925-B45C-74DB66FA6E0C}

O43 - CFD: 23/05/2011 - 22:34:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{564FB850-B5FB-4565-80F3-7F1AD406F53E}

O43 - CFD: 20/08/2011 - 22:12:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58F8D357-2B1D-4094-AEB5-457D98D9E24A}

O43 - CFD: 31/12/2011 - 20:44:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{58FF5309-4F25-43DE-80FC-C7243F7CA3E9}

O43 - CFD: 09/08/2011 - 11:34:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C1E817A-6C3A-4E17-BC0C-54C1902A3A44}

O43 - CFD: 27/03/2012 - 11:45:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C35D4C3-442D-4780-8580-3AC1A1FEB512}

O43 - CFD: 08/10/2011 - 12:29:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5C9B252A-36C5-4FFB-82B3-3457D57FC021}

O43 - CFD: 26/05/2012 - 18:53:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5D91F207-4FB4-4F08-8AC6-9D6352D37727}

O43 - CFD: 13/08/2012 - 21:31:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FAE381B-0AB2-4977-ACC5-368FA7F26AF9}

O43 - CFD: 28/02/2012 - 19:13:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{5FFBC631-BF06-413A-A19D-0F20E321C0B8}

O43 - CFD: 27/08/2011 - 12:21:34 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6005DCC3-970F-4E46-B9C5-9B47D755ADED}

O43 - CFD: 03/12/2011 - 22:08:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{604F1250-4B3E-4DE1-9397-4620D69B08FA}

O43 - CFD: 04/07/2011 - 20:03:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{60E6B64F-3ABC-4C10-AAD6-A6BD6CF00EA5}

O43 - CFD: 09/06/2012 - 10:50:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{611EABBA-A411-4D54-BB73-292F35DD3007}

O43 - CFD: 13/08/2012 - 21:31:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6168A489-162C-4090-B2A2-CD911247C61B}

O43 - CFD: 10/08/2012 - 18:36:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61756327-F48E-4D16-B495-CAEF3A5ABF9E}

O43 - CFD: 07/08/2011 - 21:47:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{61A76CF7-160D-456D-9909-76C01C9E5E7A}

O43 - CFD: 21/08/2012 - 16:01:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{659AD626-9E34-49DC-B8D5-E0A76A98E839}

O43 - CFD: 17/03/2012 - 11:50:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{65DA37D5-CDD0-46BE-BBD2-16A476F06A82}

O43 - CFD: 13/08/2011 - 14:14:41 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{669B8C0F-77DC-4DF1-90B5-B16E71B2669A}

O43 - CFD: 31/03/2012 - 17:20:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6778FB08-5801-4FD6-B042-DC6972B882A5}

O43 - CFD: 29/05/2011 - 19:14:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{69A71769-B405-4606-A0F1-422E5C509616}

O43 - CFD: 22/05/2012 - 18:44:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6C700B60-EAA5-4F8E-B485-AC5AB801251D}

O43 - CFD: 21/05/2011 - 19:10:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6CEA190A-3ED5-4DE8-B3BF-B573C68118E3}

O43 - CFD: 01/08/2011 - 18:01:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{6DE24520-D463-4C95-8B3A-4F1BBB4DE42B}

O43 - CFD: 19/06/2012 - 16:00:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{702B4399-D61F-4C6F-AF16-B8C9D2A622A8}

O43 - CFD: 26/05/2012 - 18:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{705842A0-B883-4973-B85E-E7D3DBFE312B}

O43 - CFD: 27/04/2012 - 20:37:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{718FA3C9-FC4F-4173-B32E-6205BE4A1AED}

O43 - CFD: 29/08/2012 - 20:35:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72A11FD4-707A-4723-B6FC-C9B0B3DED641}

O43 - CFD: 22/04/2011 - 11:27:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{72C6B4D2-F792-4F31-85C0-416859499A5C}

O43 - CFD: 26/05/2011 - 20:06:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{738C7055-E9BE-45B4-90BD-5E0D1D1FBB1B}

O43 - CFD: 27/07/2011 - 15:25:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7391A456-9FBD-4606-A9BD-29FD95FEF01B}

O43 - CFD: 20/03/2012 - 10:10:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7404F573-FE84-4F76-ABC0-033A4E5E5660}

O43 - CFD: 09/05/2012 - 20:38:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7433F93E-1789-49EA-B305-C54A469B99C4}

O43 - CFD: 30/07/2012 - 11:49:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743AD8E5-3F83-4F15-B294-36CC42CA2080}

O43 - CFD: 01/08/2012 - 17:05:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{743C7856-84B2-42EB-A159-CDAC7BA47846}

O43 - CFD: 25/05/2011 - 20:16:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{75130D14-6848-4FFD-A845-96A980A8D551}

O43 - CFD: 18/04/2012 - 20:10:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{76ADC5BC-D1E0-4A71-8E7D-11EEB0AC1C4E}

O43 - CFD: 18/04/2012 - 20:28:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{776AE50F-955C-41DF-A933-D5C50273E2C8}

O43 - CFD: 27/01/2012 - 11:36:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{780C4E29-E245-459D-B32B-7DC9BA277BA1}

O43 - CFD: 24/12/2011 - 19:26:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{78997733-15DC-4674-8914-CC72F9FC22FB}

O43 - CFD: 31/01/2012 - 12:05:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{790DFAB7-0C64-4B6E-8DD5-A902FCEE0EC7}

O43 - CFD: 14/07/2011 - 12:11:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{793A43ED-A608-4B30-A2FA-106D930B7812}

O43 - CFD: 24/04/2011 - 14:44:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7C2A4677-9B42-4FC9-99CD-50272695B56A}

O43 - CFD: 15/05/2011 - 18:30:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{7F206D8C-400A-4AB6-8C6F-E18363DF104F}

O43 - CFD: 27/06/2011 - 21:09:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{80452835-7547-4B9C-8D43-DC34F39BD83A}

O43 - CFD: 11/07/2012 - 11:51:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{81FF45F1-B25D-4ABE-8521-355B13BF3834}

O43 - CFD: 14/01/2012 - 13:25:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{862D16C9-39F3-427F-9A51-40E66AE6CF1F}

O43 - CFD: 23/06/2012 - 16:56:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{867D7B11-70EB-4597-A3EC-31DE654ABD0B}

O43 - CFD: 28/07/2012 - 10:40:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{86A70624-24FE-4848-A23F-F28333E00AB4}

O43 - CFD: 14/06/2012 - 17:28:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{87D9215E-5397-4249-A253-2374B8BF42FB}

O43 - CFD: 24/01/2012 - 17:38:02 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8C57852B-8FDC-49A1-9E51-5272F02BF160}

O43 - CFD: 25/06/2012 - 12:03:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8CF2C62F-CFD3-482A-B4E2-F41A5A23CDF8}

O43 - CFD: 25/07/2011 - 16:27:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8D7386BB-F175-4F30-9AF8-427530D444E2}

O43 - CFD: 24/06/2011 - 17:01:49 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{8FF6CE42-D751-4A0C-A371-7097DF017844}

O43 - CFD: 14/10/2011 - 17:04:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{90C20204-EB26-4845-A4A8-EA4A3B6600CA}

O43 - CFD: 14/06/2011 - 22:00:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94153A08-1E2A-4276-83A6-8147CCED3F7B}

O43 - CFD: 18/07/2012 - 19:21:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{94649819-5806-437F-BF32-18844A133222}

O43 - CFD: 06/02/2012 - 19:55:57 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9486F1D9-3607-4478-A006-51F270BDFF79}

O43 - CFD: 19/08/2011 - 15:44:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{954F3661-1395-4058-93AD-7B74CA563450}

O43 - CFD: 13/07/2011 - 11:38:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9576FC1F-A2FE-44B7-B74A-87E6D72B3F8B}

O43 - CFD: 10/05/2012 - 20:15:47 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{964CA773-8677-446B-B884-F9587A6FF166}

O43 - CFD: 19/08/2011 - 15:44:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{978F37DC-1569-45ED-9797-9E17FE99892C}

O43 - CFD: 19/11/2011 - 20:26:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{97CD1FCC-8F1C-4080-87D1-2963F31D843C}

O43 - CFD: 20/07/2012 - 14:38:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{990DE35F-42AA-4FB9-8F42-FB59A2F787E3}

O43 - CFD: 05/02/2012 - 23:08:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{99BAF654-C18B-4842-8367-BA6B5CE032B6}

O43 - CFD: 28/10/2011 - 11:43:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9A78FFAF-3DEB-44F2-A3E3-E41251588BF2}

O43 - CFD: 30/07/2012 - 11:49:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9BBD54C9-DF22-47ED-BE9D-17AE6D636CBD}

O43 - CFD: 25/04/2012 - 15:21:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C46E3DF-782F-41F7-A76A-44ABB3C3A08F}

O43 - CFD: 16/01/2012 - 09:54:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9C83854E-CDB8-4C61-B148-AC9E18359EDD}

O43 - CFD: 18/06/2012 - 09:03:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EA1F630-8856-4206-A18B-20A5D64CEC1F}

O43 - CFD: 25/08/2011 - 11:53:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9EB71E41-148B-4786-9595-C9ECBFD1CDB2}

O43 - CFD: 13/08/2011 - 14:14:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9F2B9ECF-384F-4D99-9AED-3929D6AD1A27}

O43 - CFD: 20/01/2012 - 16:32:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FC6CEED-3836-4ECE-B881-F66A00B1CDD6}

O43 - CFD: 11/06/2011 - 11:33:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{9FE426F4-23F8-4F17-85A2-65F0E46816AE}

O43 - CFD: 16/06/2012 - 22:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A05204A7-0B4C-43A0-BDF4-591D39F115BC}

O43 - CFD: 03/12/2011 - 22:08:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A51353F0-FBDF-42FD-8A6F-1AA5C4E569D6}

O43 - CFD: 30/05/2011 - 11:19:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6069280-F3D7-4C8F-AD41-D069D0C928C3}

O43 - CFD: 02/08/2012 - 16:45:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A6697EFE-96D3-4A51-ACA7-9C60314C477B}

O43 - CFD: 11/07/2011 - 11:50:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A67911B2-F3D8-4D21-BB4B-AD3FC530C8F5}

O43 - CFD: 28/07/2012 - 10:40:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A88407FF-C140-4EAB-9DA8-1B2C09FBCA5A}

O43 - CFD: 03/05/2012 - 20:33:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A8D460ED-536F-4AE9-866F-AA35CAA133A4}

O43 - CFD: 09/01/2012 - 09:28:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A94291AE-8B84-4316-9487-918356D26567}

O43 - CFD: 25/01/2012 - 18:26:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{A976A775-C01E-49C0-8BC7-12E0B23EBAFF}

O43 - CFD: 23/03/2012 - 10:49:14 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AAC8A007-37BE-45B9-9682-13B1ABB26FD1}

O43 - CFD: 17/08/2012 - 18:59:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AB484D35-B0C7-4FCC-B5F9-604A314B50F2}

O43 - CFD: 27/04/2012 - 20:37:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ADDD8BBF-6EBB-4423-8505-BC3205ED8C54}

O43 - CFD: 05/08/2011 - 11:42:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AF6B0C98-DADC-44E3-B80C-63166D2188F6}

O43 - CFD: 26/06/2012 - 09:11:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{AFD56E1F-1D25-4554-9995-878FF0C20852}

O43 - CFD: 08/06/2012 - 18:29:36 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0757281-6178-46ED-B005-26C890395C59}

O43 - CFD: 28/05/2011 - 19:11:38 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B0E2C766-628B-416D-98E9-1379EF6BA11F}

O43 - CFD: 19/11/2011 - 20:00:03 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B14FE2E9-057B-42FF-986C-87AA8069B31F}

O43 - CFD: 05/06/2011 - 21:47:27 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B17F6F67-62E9-4323-8DAA-957E83DC95FA}

O43 - CFD: 14/10/2011 - 10:38:18 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B1F6D0A6-D807-4DA7-8592-E3FE49319C37}

O43 - CFD: 14/10/2011 - 17:04:45 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B412A248-F8D1-40A9-8014-3FF9139F01B9}

O43 - CFD: 25/08/2011 - 11:53:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B5012B5B-941F-44BE-AF08-FB863D4C92DD}

O43 - CFD: 10/08/2012 - 18:36:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B50C87FE-0E7E-4815-A63B-88D91B5D57D3}

O43 - CFD: 18/07/2012 - 19:21:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B63B020C-75F6-434F-952D-6DE9C5B2D5D6}

O43 - CFD: 25/04/2012 - 15:21:40 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B728BCD8-7509-43AF-80D3-34CA3C4FD57E}

O43 - CFD: 08/03/2012 - 11:29:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8492EF9-5686-4B2D-AF7F-560021889466}

O43 - CFD: 28/01/2012 - 12:04:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B891C550-76C2-45E5-9913-E8479EC0AD0C}

O43 - CFD: 01/05/2012 - 11:02:55 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B8A23A85-B9D8-46F0-8E82-402FF363914B}

O43 - CFD: 15/11/2011 - 09:57:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{B9E7CD25-9C80-432E-A7DA-E19A688A4DDB}

O43 - CFD: 08/06/2011 - 11:07:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BA151CC2-9A4D-43C7-9310-182811590608}

O43 - CFD: 23/06/2012 - 16:57:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BAE247B5-055D-4B44-A574-1402C94F8E36}

O43 - CFD: 11/08/2011 - 12:13:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BE89D8F9-D4BE-4546-80EA-D28A1FAC0D11}

O43 - CFD: 05/06/2012 - 15:00:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF331A2F-BBA9-49BA-A7A7-573CB78AE922}

O43 - CFD: 01/06/2011 - 12:07:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF345FDF-0548-4DCF-952B-10E3368E9EF1}

O43 - CFD: 02/07/2011 - 21:04:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BF6DABF9-E8C1-4103-BBAB-92BCE9B29833}

O43 - CFD: 11/07/2012 - 11:51:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{BFD8B59D-A8B0-4449-9701-1B8063A6F7F3}

O43 - CFD: 10/08/2011 - 11:19:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C1C6C418-C210-41EE-90EC-E093EFC21D53}

O43 - CFD: 09/05/2012 - 20:38:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C28F0782-E6ED-481B-82E1-A7213E1AB326}

O43 - CFD: 02/06/2012 - 12:02:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C6D9FA07-953C-4228-BFB4-59599411096C}

O43 - CFD: 03/07/2011 - 20:45:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C790E081-A8C0-4D14-96C8-458FCC852D26}

O43 - CFD: 12/01/2012 - 14:58:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C796DAD4-5755-4CA7-BBD0-099EEC92C540}

O43 - CFD: 19/06/2011 - 22:05:43 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7A4A3D6-1783-4FF0-B582-883AE0320CE8}

O43 - CFD: 12/07/2011 - 12:06:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C7E5416E-64DD-4B8E-A070-A2F02D631BC8}

O43 - CFD: 17/03/2012 - 11:51:12 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C8EE61C1-1B6B-4CC5-84F7-0AA98D37D49B}

O43 - CFD: 09/08/2011 - 11:35:08 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C932BA6C-DE16-43BF-BA9B-2638698D0987}

O43 - CFD: 22/06/2011 - 21:21:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{C9D7A54E-A566-48A1-AA9E-FE21BC0336BC}

O43 - CFD: 20/07/2012 - 14:37:51 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CB660A7C-1BE9-415B-B1C3-CF3D627347DF}

O43 - CFD: 20/07/2011 - 10:36:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CBDEBCDE-17FF-4C29-953E-CC81278478BE}

O43 - CFD: 23/07/2011 - 11:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{CD709A6C-C6E2-4D69-B343-EECD32A53296}

O43 - CFD: 22/04/2012 - 19:29:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D2B547C8-F9C6-485B-94A9-40BF0D2A3604}

O43 - CFD: 11/05/2011 - 22:27:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D48D9CB6-5347-4593-8BDC-2A15739FCBC7}

O43 - CFD: 12/01/2012 - 14:58:46 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D54EA7D7-DE8B-4C11-8B15-5E4E5FC589EB}

O43 - CFD: 25/01/2012 - 18:26:35 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D58D7AFA-1E06-4662-B38E-912FB29E652E}

O43 - CFD: 16/01/2012 - 09:54:04 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D6A6B481-28A5-4CFF-9FEA-B0174C9F25C5}

O43 - CFD: 18/02/2012 - 19:50:20 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D756CD04-BBC3-4FB6-8357-2834799BBC1F}

O43 - CFD: 03/09/2011 - 12:46:58 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D7A83F02-B072-4759-B381-93D3C90FDDEB}

O43 - CFD: 05/03/2012 - 20:47:31 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D82F233D-5260-4FFF-94CF-AE7E8601FCDD}

O43 - CFD: 28/01/2012 - 12:04:33 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{D99E055F-1B5D-4ACA-BB35-924E8C84467F}

O43 - CFD: 01/08/2012 - 17:05:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DA6A6F03-B454-40D4-8CD3-4640C4329579}

O43 - CFD: 04/08/2011 - 20:39:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DC309D7D-1107-461B-9121-2C88F0E3E8BD}

O43 - CFD: 30/07/2011 - 13:37:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DD37E408-2AB7-4E53-A0AF-E2B78328FD03}

O43 - CFD: 20/04/2011 - 23:06:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DDE3FEEB-AF94-4D7F-9EE2-6F6DE8244818}

O43 - CFD: 15/11/2011 - 09:57:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{DE52219A-A478-4D6B-8216-399C771A3B4D}

O43 - CFD: 23/03/2012 - 10:49:28 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0231D41-BD0C-4DE5-B093-118D59BCC734}

O43 - CFD: 11/08/2012 - 11:35:59 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E0D36E16-FEC4-412D-A2D0-01ACC560E6D5}

O43 - CFD: 28/08/2012 - 19:05:53 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1609A45-54E8-4658-9FF0-5D5B169D7499}

O43 - CFD: 07/03/2012 - 16:29:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E1705C6F-CF3F-4FB4-A9C7-E59E6178AA1A}

O43 - CFD: 07/08/2011 - 21:47:44 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E23E874F-275B-4719-8DB2-D038DFF195E7}

O43 - CFD: 18/02/2012 - 19:50:42 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E3114627-B157-4CB9-A8BC-CC1F504E33C3}

O43 - CFD: 11/08/2011 - 12:13:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E62C9541-8A76-4BC5-8CEB-5EC33428D916}

O43 - CFD: 20/08/2012 - 19:20:09 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E63F7EB3-FAB2-473C-9998-43B63A26F8D7}

O43 - CFD: 17/01/2012 - 18:25:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E7F24925-8B06-40FC-BED0-019FC4E98671}

O43 - CFD: 09/01/2012 - 09:29:05 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E83A8FF6-8227-4BED-B562-8B1AC5DE13DB}

O43 - CFD: 18/10/2011 - 14:37:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E8442A36-D776-4870-A151-91588A918973}

O43 - CFD: 31/01/2012 - 12:05:54 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E99A4590-AE91-4144-B500-BE2B0243F4EA}

O43 - CFD: 12/06/2011 - 20:26:26 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{E9CBC65D-F19F-4F37-BAD0-7FC30623C7FA}

O43 - CFD: 06/07/2011 - 19:52:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EB69F983-5E5C-41EC-B953-A2FC0AE71D62}

O43 - CFD: 19/04/2012 - 10:04:19 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EBF874DA-34EC-4F32-A1ED-A98FBD2255B6}

O43 - CFD: 02/06/2012 - 17:34:00 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{ECB187EF-E069-4F0E-A21F-F01F0959AF8A}

O43 - CFD: 05/05/2011 - 20:47:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDAF8BE7-29C1-4C13-B1A1-1CEB4C90BAA0}

O43 - CFD: 05/11/2011 - 11:01:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EDD66320-496C-4ED6-A460-B32EE4592E7A}

O43 - CFD: 26/05/2012 - 19:27:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EE5CC157-73DA-44FA-9E0D-1810A04DD8CF}

O43 - CFD: 27/11/2011 - 18:17:23 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{EF05B9DF-7C3D-4B00-8D99-943E830F53AF}

O43 - CFD: 05/02/2012 - 23:08:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F15D49E8-9E38-41B6-8187-1BD016D5824E}

O43 - CFD: 10/01/2012 - 15:24:56 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1CA2C83-18E4-40FE-A3DD-49113865EB52}

O43 - CFD: 14/06/2012 - 17:27:39 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F1D2C45B-A842-4EC7-9041-268107451A6C}

O43 - CFD: 03/07/2012 - 17:17:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F218BB45-85A4-4F8D-93F4-D0B1977B015B}

O43 - CFD: 28/06/2012 - 11:43:48 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4170A31-57A4-4CD5-864F-2438F7895647}

O43 - CFD: 27/08/2011 - 12:21:22 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F4F3E800-7C51-4960-ABD0-5A5E40B2E263}

O43 - CFD: 18/01/2012 - 09:54:11 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5541822-771F-4AD7-9A42-E79C555C385D}

O43 - CFD: 25/06/2012 - 12:03:52 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F5649858-DFB4-4ADB-AB8F-4AC54D9ECCA5}

O43 - CFD: 03/07/2012 - 17:17:30 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F6DC0AF1-C8A6-492D-8E23-D295EEDC06E1}

O43 - CFD: 15/06/2012 - 00:18:37 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7088F1D-8D61-4417-98D5-8973DA9C3877}

O43 - CFD: 23/04/2011 - 15:48:16 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7635666-2AFE-40F5-8718-1A04DFC652B3}

O43 - CFD: 14/05/2011 - 11:31:32 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F7ED5527-BA39-496E-9F4E-D1D126A1488B}

O43 - CFD: 10/04/2012 - 20:48:50 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F8D9A2E5-8109-48E5-B8CF-0C0B02362CC0}

O43 - CFD: 08/08/2012 - 20:32:29 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{F92FAC23-4B18-4D18-8B8D-A1C717FAF52E}

O43 - CFD: 27/11/2011 - 18:17:01 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FAD752F5-2F6B-49CF-8077-6EF5D0BF623A}

O43 - CFD: 23/06/2012 - 11:32:10 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FD680FEE-385A-43AC-8672-023D7AA7A9A5}

O43 - CFD: 05/05/2012 - 11:35:25 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE24EABF-9543-4C38-A92B-F7FEBE61C38E}

O43 - CFD: 08/08/2012 - 20:32:15 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FE7E7F80-ABAF-4161-B351-8F6EC87078D5}

O43 - CFD: 08/05/2012 - 20:00:07 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{FEE0A23A-1D91-42B0-92D5-DD8C068778F5}

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.)

O53 - SMSR:HKLM\...\startupreg\CCLite [Key] . (.ms - No comment.) -- C:\Windows\system32\Event Agent\ea.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\SnowWallpaper [Key] . (...) -- C:\Program Files (x86)\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon)

O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster)

O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster)

O67 - Shell Spawning: <.html> <Opera.HTML>[HKLM\..\open\Command] (.Not Key.)

O87 - FAEL: "{D3073D82-59EE-4FA7-9862-3065C9C316EB}" | In - Private - P6 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe => Infection Vundo

O87 - FAEL: "{89A3D4C2-AD57-4323-9D79-2AC711F2323C}" | In - Private - P17 - TRUE | .(.Event Agent, Inc. - Event Agent Scanner.) -- C:\Windows\SysWOW64\Event Agent\Bin\services .exe => Infection Vundo

O87 - FAEL: "{67973313-4C1A-49DC-91FC-0F8E2C804F06}" | In - Private - P6 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe => Infection Vundo

O87 - FAEL: "{D00FDBEF-BD44-402C-82DC-9C0A5826CC98}" | In - Private - P17 - TRUE | .(.Unknown owner - Event Agent Startup.) -- C:\Windows\SysWOW64\Event Agent\Bin\spoolsv .exe => Infection Vundo

O87 - FAEL: "{E36D5C6E-06B0-426C-8BC9-115DD50DF237}" | In - Private - P6 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe => Infection Vundo

O87 - FAEL: "{D7511860-62FA-4C7B-B329-B29586428484}" | In - Private - P17 - TRUE | .(.Unknown owner - smss.) -- C:\Windows\SysWOW64\Event Agent\Bin\smss .exe => Infection Vundo

O87 - FAEL: "{93D618D0-4F54-4EBE-8357-028106B604D6}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster)

O87 - FAEL: "{9627CE69-A86F-4A8E-A9CE-9B23904AC2EB}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster)

O87 - FAEL: "{3D6855D7-76A7-42A4-A2FC-2038BD5C0BBD}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{01B906B5-112E-4A06-839C-959E2C8E7E04}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{CE9452B6-C37D-4513-8E78-F0FA965AC822}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{083E5BF8-0F2B-4690-84C6-70DA9A858737}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{02662005-3F39-4515-BF3F-2E5052835644}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{63D2521D-71D4-49B8-A6EE-C5C99EFF717C}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{B0F78EF4-9A7B-41A7-8E73-688109198FA1}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{FDDD53EE-7DFD-4D05-A2DD-11027B82D22E}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{F4B5D5E7-065A-429A-9B9F-A9243D90B00D}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{858E25DF-AFB0-4D46-82CD-8723399497A6}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

 

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified => Infection BT (Hijacker.Application)

[HKCU\Software\Tutorials] => Toolbar.Agent

[HKLM\Software\Trymedia Systems] => Infection BT (Adware.Trymedia)

[HKLM\Software\WOW6432Node\Trymedia Systems] => Infection BT (Adware.Trymedia)

 

proxyfix

emptytemp

emptyflash

firewallraz

sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Dgram segue o relatório

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by PAULOROBERTO at 09/09/2012 00:42:04

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Software Key: {A6E71E28-43CB-423E-B415-B7C00D77902E}

 

========== Memory Process ==========

DELETED Memory Process: C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe

DELETED Memory Process: C:\Windows\AutoKMS.exe

 

========== Registry Key ==========

DELETED Key*: Service: KMService

DELETED Key*: Service: System Event Agent

NOT FOUND Key: Service: KMService

NOT FOUND Key: Service: System Event Agent

DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.)

DELETED O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\50407690.sys . (...) -- C:\Windows\System32\Drivers\50407690.sys (.not file.)

DELETED Key: StartupReg: CCLite

DELETED Key: StartupReg: SnowWallpaper

DELETED Key: StartupReg: BabylonToolbar

DELETED Key: StartupReg: Iminent

DELETED Key: StartupReg: IminentMessenger

DELETED Key*: HKCU\Software\Tutorials

NOT FOUND Key: HKLM\Software\Trymedia Systems

DELETED Key*: HKLM\Software\WOW6432Node\Trymedia Systems

 

========== Registry Value ==========

DELETED RunValue: CCLite

DELETED {D3073D82-59EE-4FA7-9862-3065C9C316EB}

DELETED {89A3D4C2-AD57-4323-9D79-2AC711F2323C}

DELETED {67973313-4C1A-49DC-91FC-0F8E2C804F06}

DELETED {D00FDBEF-BD44-402C-82DC-9C0A5826CC98}

DELETED {E36D5C6E-06B0-426C-8BC9-115DD50DF237}

DELETED {D7511860-62FA-4C7B-B329-B29586428484}

DELETED {93D618D0-4F54-4EBE-8357-028106B604D6}

DELETED {9627CE69-A86F-4A8E-A9CE-9B23904AC2EB}

DELETED {3D6855D7-76A7-42A4-A2FC-2038BD5C0BBD}

DELETED {01B906B5-112E-4A06-839C-959E2C8E7E04}

DELETED {CE9452B6-C37D-4513-8E78-F0FA965AC822}

DELETED {083E5BF8-0F2B-4690-84C6-70DA9A858737}

DELETED {02662005-3F39-4515-BF3F-2E5052835644}

DELETED {63D2521D-71D4-49B8-A6EE-C5C99EFF717C}

DELETED {B0F78EF4-9A7B-41A7-8E73-688109198FA1}

DELETED {FDDD53EE-7DFD-4D05-A2DD-11027B82D22E}

DELETED {F4B5D5E7-065A-429A-9B9F-A9243D90B00D}

DELETED {858E25DF-AFB0-4D46-82CD-8723399497A6}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

DELETED FirewallRaz (None) : {4E93A75C-47CA-427E-8006-895E83BF4E43}

DELETED FirewallRaz (None) : {AFF9AC96-E165-4DDE-94BC-2794A8C6BB26}

 

========== Registry Data Items ==========

REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

REMOVED Explorer Association Data Application: http://www.filefacts.net/redirect.php?ext=%s

 

========== Repertory ==========

NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Histórico

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\WinISO Computing

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{00F4F231-F954-4B9C-B23C-6A5CC67EC444}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{0210C146-0236-4C1F-BC2D-4B7D2704D259}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{02A26541-0209-433A-B549-6D6436CE17EC}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{03317A69-A0AD-4BD9-B478-594D0989C33D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{039A5CD6-6BC4-41E4-92CC-347D4314D7EB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{046F5414-3B69-4D88-9B0D-0C7A31D19AE4}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{053C9CB3-C583-498E-B5F3-27878A76E5AE}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{070D0DC1-4B1D-4921-9BFC-FD6692FFDB05}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{088F2EB2-A08A-4B16-BB75-0D0B36DC8057}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{08A5DE3B-9DB0-471F-AA5D-3F2C42476419}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{09BF84FC-20B0-4F8E-A34C-5BC3EABD97AB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{0C0371F1-91FE-457E-8498-E7570238F398}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{103BCF28-C2AF-45E0-A228-A7079622D0BA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1220C7CD-BCB8-4AD5-B7C0-4B5AC49E8B71}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{12925EE2-2FB9-4247-8AEE-EDB9968DAECD}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{13F50FCF-9AE6-4281-8F35-CA81AEB6B740}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{14683B31-094E-42FC-9623-505B09AFBC31}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{15033920-076E-48B6-98C0-759684E792FC}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{15372CE0-3A5A-4415-AFC7-553D97631373}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{15FC2A6A-4503-4ECA-9810-2692B586C9B9}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1606896D-1092-42F4-BEDB-7C87B7E6C20C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{16C19A8E-5DAB-4794-A260-9C418945EFB2}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{179FCAFA-6F4E-44FC-890E-108B1F0C771C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1945E11C-15B5-44C1-9E65-CE3D01D0B818}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1AF167D6-57A1-4069-B6BA-65FF16859E63}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1C31741C-0431-4008-9FBC-DEF185CC4612}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1C83A534-5153-46B1-B561-B1BE7BB967C1}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1D717EC7-97AF-4BED-9820-EDB472174D4C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1E0B28A5-A9C2-4FA2-87D0-CB0A54A4A7C8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{1F798B63-D942-4EF4-B528-156800586070}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2315F420-3E42-473D-A47D-FFC1EB4F4DB3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2491BE60-7ECC-4A86-8248-C42F39F736B2}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2565103F-8291-402B-8E81-42C820F12140}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2567346A-EE13-44EA-B598-C39B5C555D09}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{281ECC3C-CF64-47F9-B45D-85CD82091750}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{28DAE245-9622-4A7F-8AFB-2F46FE87269A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{29E24AC7-F034-4E6D-837D-F5CC3553DB6D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2D691E10-50A9-45C0-9268-3E41CB483DC0}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2E2743A6-2260-4A01-83AD-F37EDBD06206}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{2E60D613-16B6-4B62-91C5-006FA4CDD04D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{30301572-A4AE-4095-A160-2B83F49D3165}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{305BBF4F-2DC9-499C-96F9-0F9E1E2B2E65}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{30DEAC39-31E0-4326-A1F1-423220D3BCDB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{327D5FAA-9700-40D9-9BC8-FF1FED6E270F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3389890D-7AC8-4D34-9272-B3AC449CD717}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{34329794-ADBD-4A36-AEBD-922831D8416B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{357F54F6-B589-42FF-A37D-2EE81B03F34E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3854C9F3-815F-4A3A-9E91-E3FED88C1915}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{38783BBD-2E89-4807-ADA1-6ADFD6986E76}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{389FE628-295D-4C70-AD1C-430F8A0617D1}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{397AD953-6D8E-4F49-B352-A9D6A15E591B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3B0A9B4A-6724-4F18-9F09-0C991E4ABA45}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3B49AB33-10A7-463D-939A-AE56F728DD4B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3C141791-0E9D-453B-BC93-CA12846F4419}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3C56C4B7-3D39-4EBF-B003-BC54EF534B0A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3D5630E4-59DB-43A1-AF3B-3C86E815BC2D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3D9EC2A4-E3E6-496B-AA4D-11CDB03D28F7}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3E424CF5-F89F-4A40-90CB-650D2353C14F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{3F674C72-1571-4B12-A353-971FAD8FC21C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{41FFFD4B-3C3E-4A00-9ACB-CFD1F834541A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{420E1D61-AA19-49A3-9978-A2A974FAFE6B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{42A98A64-EE96-42CE-A024-56120C545EBB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{42AF04B9-8714-491B-ADDE-4181F322B20D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{42D314FE-8E2F-4A55-8C22-5161C71FD9FB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{44A81291-DE7A-48B4-B41B-19C4659D7D00}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{458D9B96-CD88-41AF-BB56-F6B20CC129F0}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{46974A91-7060-486A-8448-17CDC69C5508}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{47C9C047-8724-4651-8A84-3F263B0A6FB6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{48DDE63C-6421-4595-850A-9A450361C2F9}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{49236BB4-FB73-4D80-A766-A146B05D8605}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{49A00D90-5B4D-4021-B03E-CAA9796FACDC}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{4C22B66A-8AC2-4228-9DFE-B3E6AEE276D4}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{4D18B8A4-B385-46BE-825A-1ADFF7984E67}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{50039014-CE9F-41D9-862E-A7B4D855724B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5034EC67-0970-4691-ACAA-25B6B72A9DCA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{503E0967-EEE1-4695-8C91-AD1CA10CE117}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5113999F-4E24-468F-A760-7416268C3C10}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{511827F5-DCFF-43A1-8CB8-B3A0C78D4A06}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{51338AC8-2C1A-489E-A173-9960F478C4F5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{53C6C867-539A-45FA-A114-F86EA8D2047E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{545E30D5-A125-465E-86DD-435729270AA3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{54BE11AC-1483-4C89-ABFB-8D77629E4B87}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{55E5FCB6-C810-44D4-9B1C-E34C16D487EF}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{564C0A73-34E0-4925-B45C-74DB66FA6E0C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{564FB850-B5FB-4565-80F3-7F1AD406F53E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{58F8D357-2B1D-4094-AEB5-457D98D9E24A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{58FF5309-4F25-43DE-80FC-C7243F7CA3E9}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5C1E817A-6C3A-4E17-BC0C-54C1902A3A44}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5C35D4C3-442D-4780-8580-3AC1A1FEB512}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5C9B252A-36C5-4FFB-82B3-3457D57FC021}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5D91F207-4FB4-4F08-8AC6-9D6352D37727}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5FAE381B-0AB2-4977-ACC5-368FA7F26AF9}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{5FFBC631-BF06-413A-A19D-0F20E321C0B8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6005DCC3-970F-4E46-B9C5-9B47D755ADED}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{604F1250-4B3E-4DE1-9397-4620D69B08FA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{60E6B64F-3ABC-4C10-AAD6-A6BD6CF00EA5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{611EABBA-A411-4D54-BB73-292F35DD3007}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6168A489-162C-4090-B2A2-CD911247C61B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{61756327-F48E-4D16-B495-CAEF3A5ABF9E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{61A76CF7-160D-456D-9909-76C01C9E5E7A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{659AD626-9E34-49DC-B8D5-E0A76A98E839}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{65DA37D5-CDD0-46BE-BBD2-16A476F06A82}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{669B8C0F-77DC-4DF1-90B5-B16E71B2669A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6778FB08-5801-4FD6-B042-DC6972B882A5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{69A71769-B405-4606-A0F1-422E5C509616}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6C700B60-EAA5-4F8E-B485-AC5AB801251D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6CEA190A-3ED5-4DE8-B3BF-B573C68118E3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{6DE24520-D463-4C95-8B3A-4F1BBB4DE42B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{702B4399-D61F-4C6F-AF16-B8C9D2A622A8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{705842A0-B883-4973-B85E-E7D3DBFE312B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{718FA3C9-FC4F-4173-B32E-6205BE4A1AED}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{72A11FD4-707A-4723-B6FC-C9B0B3DED641}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{72C6B4D2-F792-4F31-85C0-416859499A5C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{738C7055-E9BE-45B4-90BD-5E0D1D1FBB1B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7391A456-9FBD-4606-A9BD-29FD95FEF01B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7404F573-FE84-4F76-ABC0-033A4E5E5660}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7433F93E-1789-49EA-B305-C54A469B99C4}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{743AD8E5-3F83-4F15-B294-36CC42CA2080}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{743C7856-84B2-42EB-A159-CDAC7BA47846}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{75130D14-6848-4FFD-A845-96A980A8D551}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{76ADC5BC-D1E0-4A71-8E7D-11EEB0AC1C4E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{776AE50F-955C-41DF-A933-D5C50273E2C8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{780C4E29-E245-459D-B32B-7DC9BA277BA1}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{78997733-15DC-4674-8914-CC72F9FC22FB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{790DFAB7-0C64-4B6E-8DD5-A902FCEE0EC7}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{793A43ED-A608-4B30-A2FA-106D930B7812}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7C2A4677-9B42-4FC9-99CD-50272695B56A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{7F206D8C-400A-4AB6-8C6F-E18363DF104F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{80452835-7547-4B9C-8D43-DC34F39BD83A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{81FF45F1-B25D-4ABE-8521-355B13BF3834}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{862D16C9-39F3-427F-9A51-40E66AE6CF1F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{867D7B11-70EB-4597-A3EC-31DE654ABD0B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{86A70624-24FE-4848-A23F-F28333E00AB4}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{87D9215E-5397-4249-A253-2374B8BF42FB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8C57852B-8FDC-49A1-9E51-5272F02BF160}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8CF2C62F-CFD3-482A-B4E2-F41A5A23CDF8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8D7386BB-F175-4F30-9AF8-427530D444E2}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{8FF6CE42-D751-4A0C-A371-7097DF017844}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{90C20204-EB26-4845-A4A8-EA4A3B6600CA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{94153A08-1E2A-4276-83A6-8147CCED3F7B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{94649819-5806-437F-BF32-18844A133222}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9486F1D9-3607-4478-A006-51F270BDFF79}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{954F3661-1395-4058-93AD-7B74CA563450}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9576FC1F-A2FE-44B7-B74A-87E6D72B3F8B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{964CA773-8677-446B-B884-F9587A6FF166}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{978F37DC-1569-45ED-9797-9E17FE99892C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{97CD1FCC-8F1C-4080-87D1-2963F31D843C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{990DE35F-42AA-4FB9-8F42-FB59A2F787E3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{99BAF654-C18B-4842-8367-BA6B5CE032B6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9A78FFAF-3DEB-44F2-A3E3-E41251588BF2}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9BBD54C9-DF22-47ED-BE9D-17AE6D636CBD}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9C46E3DF-782F-41F7-A76A-44ABB3C3A08F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9C83854E-CDB8-4C61-B148-AC9E18359EDD}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9EA1F630-8856-4206-A18B-20A5D64CEC1F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9EB71E41-148B-4786-9595-C9ECBFD1CDB2}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9F2B9ECF-384F-4D99-9AED-3929D6AD1A27}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9FC6CEED-3836-4ECE-B881-F66A00B1CDD6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{9FE426F4-23F8-4F17-85A2-65F0E46816AE}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A05204A7-0B4C-43A0-BDF4-591D39F115BC}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A51353F0-FBDF-42FD-8A6F-1AA5C4E569D6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A6069280-F3D7-4C8F-AD41-D069D0C928C3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A6697EFE-96D3-4A51-ACA7-9C60314C477B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A67911B2-F3D8-4D21-BB4B-AD3FC530C8F5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A88407FF-C140-4EAB-9DA8-1B2C09FBCA5A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A8D460ED-536F-4AE9-866F-AA35CAA133A4}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A94291AE-8B84-4316-9487-918356D26567}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{A976A775-C01E-49C0-8BC7-12E0B23EBAFF}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AAC8A007-37BE-45B9-9682-13B1ABB26FD1}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AB484D35-B0C7-4FCC-B5F9-604A314B50F2}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{ADDD8BBF-6EBB-4423-8505-BC3205ED8C54}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AF6B0C98-DADC-44E3-B80C-63166D2188F6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{AFD56E1F-1D25-4554-9995-878FF0C20852}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B0757281-6178-46ED-B005-26C890395C59}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B0E2C766-628B-416D-98E9-1379EF6BA11F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B14FE2E9-057B-42FF-986C-87AA8069B31F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B17F6F67-62E9-4323-8DAA-957E83DC95FA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B1F6D0A6-D807-4DA7-8592-E3FE49319C37}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B412A248-F8D1-40A9-8014-3FF9139F01B9}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B5012B5B-941F-44BE-AF08-FB863D4C92DD}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B50C87FE-0E7E-4815-A63B-88D91B5D57D3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B63B020C-75F6-434F-952D-6DE9C5B2D5D6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B728BCD8-7509-43AF-80D3-34CA3C4FD57E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B8492EF9-5686-4B2D-AF7F-560021889466}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B891C550-76C2-45E5-9913-E8479EC0AD0C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B8A23A85-B9D8-46F0-8E82-402FF363914B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{B9E7CD25-9C80-432E-A7DA-E19A688A4DDB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BA151CC2-9A4D-43C7-9310-182811590608}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BAE247B5-055D-4B44-A574-1402C94F8E36}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BE89D8F9-D4BE-4546-80EA-D28A1FAC0D11}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BF331A2F-BBA9-49BA-A7A7-573CB78AE922}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BF345FDF-0548-4DCF-952B-10E3368E9EF1}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BF6DABF9-E8C1-4103-BBAB-92BCE9B29833}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{BFD8B59D-A8B0-4449-9701-1B8063A6F7F3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C1C6C418-C210-41EE-90EC-E093EFC21D53}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C28F0782-E6ED-481B-82E1-A7213E1AB326}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C6D9FA07-953C-4228-BFB4-59599411096C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C790E081-A8C0-4D14-96C8-458FCC852D26}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C796DAD4-5755-4CA7-BBD0-099EEC92C540}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C7A4A3D6-1783-4FF0-B582-883AE0320CE8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C7E5416E-64DD-4B8E-A070-A2F02D631BC8}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C8EE61C1-1B6B-4CC5-84F7-0AA98D37D49B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C932BA6C-DE16-43BF-BA9B-2638698D0987}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{C9D7A54E-A566-48A1-AA9E-FE21BC0336BC}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{CB660A7C-1BE9-415B-B1C3-CF3D627347DF}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{CBDEBCDE-17FF-4C29-953E-CC81278478BE}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{CD709A6C-C6E2-4D69-B343-EECD32A53296}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D2B547C8-F9C6-485B-94A9-40BF0D2A3604}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D48D9CB6-5347-4593-8BDC-2A15739FCBC7}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D54EA7D7-DE8B-4C11-8B15-5E4E5FC589EB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D58D7AFA-1E06-4662-B38E-912FB29E652E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D6A6B481-28A5-4CFF-9FEA-B0174C9F25C5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D756CD04-BBC3-4FB6-8357-2834799BBC1F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D7A83F02-B072-4759-B381-93D3C90FDDEB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D82F233D-5260-4FFF-94CF-AE7E8601FCDD}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{D99E055F-1B5D-4ACA-BB35-924E8C84467F}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DA6A6F03-B454-40D4-8CD3-4640C4329579}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DC309D7D-1107-461B-9121-2C88F0E3E8BD}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DD37E408-2AB7-4E53-A0AF-E2B78328FD03}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DDE3FEEB-AF94-4D7F-9EE2-6F6DE8244818}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{DE52219A-A478-4D6B-8216-399C771A3B4D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E0231D41-BD0C-4DE5-B093-118D59BCC734}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E0D36E16-FEC4-412D-A2D0-01ACC560E6D5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E1609A45-54E8-4658-9FF0-5D5B169D7499}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E1705C6F-CF3F-4FB4-A9C7-E59E6178AA1A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E23E874F-275B-4719-8DB2-D038DFF195E7}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E3114627-B157-4CB9-A8BC-CC1F504E33C3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E62C9541-8A76-4BC5-8CEB-5EC33428D916}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E63F7EB3-FAB2-473C-9998-43B63A26F8D7}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E7F24925-8B06-40FC-BED0-019FC4E98671}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E83A8FF6-8227-4BED-B562-8B1AC5DE13DB}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E8442A36-D776-4870-A151-91588A918973}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E99A4590-AE91-4144-B500-BE2B0243F4EA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{E9CBC65D-F19F-4F37-BAD0-7FC30623C7FA}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EB69F983-5E5C-41EC-B953-A2FC0AE71D62}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EBF874DA-34EC-4F32-A1ED-A98FBD2255B6}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{ECB187EF-E069-4F0E-A21F-F01F0959AF8A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EDAF8BE7-29C1-4C13-B1A1-1CEB4C90BAA0}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EDD66320-496C-4ED6-A460-B32EE4592E7A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EE5CC157-73DA-44FA-9E0D-1810A04DD8CF}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{EF05B9DF-7C3D-4B00-8D99-943E830F53AF}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F15D49E8-9E38-41B6-8187-1BD016D5824E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F1CA2C83-18E4-40FE-A3DD-49113865EB52}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F1D2C45B-A842-4EC7-9041-268107451A6C}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F218BB45-85A4-4F8D-93F4-D0B1977B015B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F4170A31-57A4-4CD5-864F-2438F7895647}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F4F3E800-7C51-4960-ABD0-5A5E40B2E263}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F5541822-771F-4AD7-9A42-E79C555C385D}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F5649858-DFB4-4ADB-AB8F-4AC54D9ECCA5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F6DC0AF1-C8A6-492D-8E23-D295EEDC06E1}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F7088F1D-8D61-4417-98D5-8973DA9C3877}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F7635666-2AFE-40F5-8718-1A04DFC652B3}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F7ED5527-BA39-496E-9F4E-D1D126A1488B}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F8D9A2E5-8109-48E5-B8CF-0C0B02362CC0}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{F92FAC23-4B18-4D18-8B8D-A1C717FAF52E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FAD752F5-2F6B-49CF-8077-6EF5D0BF623A}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FD680FEE-385A-43AC-8672-023D7AA7A9A5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FE24EABF-9543-4C38-A92B-F7FEBE61C38E}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FE7E7F80-ABAF-4161-B351-8F6EC87078D5}

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{FEE0A23A-1D91-42B0-92D5-DD8C068778F5}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

NOT FOUND File: c:\windows\system32\event agent\ea.exe

DELETED File*: c:\users\pauloroberto\appdata\roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{e173b749-db5b-4fd2-ba0e-94ecea0ca55b}\components\afom.exe

DELETED File: c:\windows\autokms.exe

NOT FOUND File: c:\windows\system32\srvany.exe

NOT FOUND File: c:\windows\system32\event agent\bin\spoolsv .exe

DELETED File: c:\windows\syswow64\srvany.exe

DELETED File: c:\windows\syswow64\event agent\bin\spoolsv .exe

NOT FOUND File: c:\windows\system32\drivers\50407690.sys

NOT FOUND File: c:\program files (x86)\artdocks software\animated snow desktop wallpaper\snowwallpaper.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Task ==========

DELETED Task: RunAsStdUser Task

DELETED Task: {1E1958F2-72FA-4297-8943-F06E0AFA129E}

DELETED Task: {884A3003-179D-4C41-849F-4B5889A22200}

DELETED Task: {AAD3343B-61CF-410C-BBF1-1EF41EFA888A}

DELETED Task: {C7279582-ED02-4131-9AA6-19E554EE7756}

DELETED Task: {D2865EF1-7A6C-41EB-B50A-4F0F61F98F7C}

DELETED Task: {D85C16D1-2301-4ED8-AEE0-2F203D40C854}

DELETED Task: AutoKMS

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

2 : Memory Process

14 : Registry Key

29 : Registry Value

2 : Registry Data Items

264 : Repertory

11 : File

1 : Software

8 : Task

1 : Restoration

 

 

End of clean in 04mn 50s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 09/09/2012 00:42:04 [28644]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! prrsilva

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar!

 

abbLFX11.jpg

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

 

OTL_Configuracao.jpg >> OTL_Padrao.jpg

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

OTL_SemExt2.jpg

 

|- Ps: Faça o mesmo para estes!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s

*keygen* /s

*serial* /s

*AutoKMS* /s

*loader* /s

%APPDATA%\Local\*.

%APPDATA%\*.exe /s

%APPDATA%\*.

%USERPROFILE%\AppData\Local\*.*

%USERPROFILE%\AppData\Roaming\*.*

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\temp\*.* /S /MD5

%systemroot%\assembly\GAC\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_64\*.* /S /MD5

%systemroot%\system32\config\systemprofile\AppData\Local\*.*

%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*

%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes

/md5start

services.exe

/md5stop

%USERPROFILE%\Desktop\registrybackup.reg /c

regedit /e c:\registrybackup.reg /c

type c:\boot.ini >> test.txt /c

%systemroot%\system32\tasks\*.* /s /64

%systemroot%\system32\Tasks\*.* /s

%windir%\tasks\*.* /s

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

 

|- Cole estas informações,que estão em verde,para o campo "Exames Personalizados/Correções".

 

|- Clique em Verificar: OTL_Verificar.jpg

 

|- Concluindo,poste o relatório: OTL.txt

 

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Dijram começo a fazer a verificação com otl.exe e chega um determinado ponto que apareçe um x vermelho e o seguinte: cannot create file c:\users\pauloroberto\desktop\cmd.bat dai para frente fica um tempão e não acontece nada embaixo no otl fica: manual file scan looking in folder: c:\zhp\quarantine\winisocomputing.dir\winiso\... acho que tem algo errado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Dijram começo a fazer a verificação com otl.exe e chega um determinado ponto que apareçe um x vermelho e o seguinte: cannot create file c:\users\pauloroberto\desktop\cmd.bat dai para frente fica um tempão e não acontece nada embaixo no otl fica: manual file scan looking in folder: c:\zhp\quarantine\winisocomputing.dir\winiso\... acho que tem algo errado.

Olá!

 

|- Execute "ZHP_uninstall" e repita o scan com a OTL.

|- Cole,novamente,o script que editei na remoção de algumas linhas.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Digram coloquei de novo o otl p/scanear apos os procedimentos que me pediu. Outra vez chegou num determinado ponto e apresentou um xis vermelho e a mensagem: cannot create file c:\users\pauloroberto\desktop\cmd.bat dei ok p/continuar so que no otl fica: manual file scanlooking in folder: c:\windows\zh-tw\...

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Digram coloquei de novo o otl p/scanear apos os procedimentos que me pediu. Outra vez chegou num determinado ponto e apresentou um xis vermelho e a mensagem: cannot create file c:\users\pauloroberto\desktop\cmd.bat dei ok p/continuar so que no otl fica: manual file scanlooking in folder: c:\windows\zh-tw\...

 

Olá!

 

|- Curiosa essa ocorrência,pois ZHPDiag não costuma disponibilizar essa pasta ( zh-tw ),no diretório Windows.

|- Faça o seguinte! Delete a pasta zh-tw e rode,novamente,a OTL.

|- Ps: Verifique,nas propriedades,se pertence à ferramenta ZHPDiag.

|- Caso não obtenha êxito,utilizaremos a OTS.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Dijram segue relatório

 

OTL logfile created on: 13/09/2012 20:59:49 - Run 1

OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\PAULOROBERTO\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,40% Memory free

8,00 Gb Paging File | 6,18 Gb Available in Paging File | 77,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 322,51 Gb Total Space | 207,06 Gb Free Space | 64,20% Space Free | Partition Type: NTFS

 

Computer Name: PAULOROBERTO | User Name: PAULOROBERTO | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/09/10 22:47:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PAULOROBERTO\Desktop\OTL.exe

PRC - [2012/09/08 16:41:16 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/09/08 08:57:01 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

PRC - [2012/08/09 11:10:34 | 000,691,048 | ---- | M] (pctuto) -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe

PRC - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011/05/19 15:35:34 | 000,028,672 | ---- | M] (Microsoft) -- C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe

PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/08/31 22:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/09/08 16:41:15 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/09/08 08:57:00 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

MOD - [2012/06/27 15:27:14 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll

MOD - [2012/06/25 00:16:20 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll

MOD - [2012/06/25 00:16:02 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll

MOD - [2012/06/25 00:14:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll

MOD - [2012/06/25 00:14:44 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll

MOD - [2012/06/25 00:14:22 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll

MOD - [2012/06/25 00:14:05 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll

MOD - [2012/06/25 00:13:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll

MOD - [2012/06/25 00:13:08 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll

MOD - [2012/06/25 00:13:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll

MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll

MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll

MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll

MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll

MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll

MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll

MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/09/08 16:41:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/09/08 08:57:01 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)

SRV - [2012/06/05 09:50:04 | 000,211,888 | ---- | M] ( ) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2012/05/15 07:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011/06/13 22:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009/08/31 22:00:28 | 001,821,184 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe -- (KMWDSERVICE)

SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x64\Sandra.sys -- (SANDRA)

DRV:64bit: - [2012/05/12 00:13:55 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/31 00:14:41 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2011/04/19 15:32:31 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/07/22 16:13:26 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)

DRV:64bit: - [2010/07/20 16:00:28 | 000,911,360 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)

DRV:64bit: - [2010/07/14 11:39:38 | 000,654,848 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)

DRV:64bit: - [2010/01/26 23:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2009/12/17 19:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/09 18:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)

DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/29 23:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008/01/03 17:13:48 | 000,531,968 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC230NC.SYS -- (SPC230NC)

DRV:64bit: - [2007/11/02 11:47:32 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916mdm.sys -- (s916mdm)

DRV:64bit: - [2007/11/02 11:47:32 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916mgmt.sys -- (s916mgmt)

DRV:64bit: - [2007/11/02 11:47:32 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916obex.sys -- (s916obex)

DRV:64bit: - [2007/11/02 11:47:32 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916bus.sys -- (s916bus)

DRV:64bit: - [2007/11/02 11:47:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s916mdfl.sys -- (s916mdfl)

DRV:64bit: - [2007/09/26 13:32:52 | 000,009,472 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PAEAFLT.sys -- (PAEAFLT.sys)

DRV:64bit: - [1999/12/31 21:00:00 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV - [2012/06/29 17:41:52 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\EVGA Precision X\RTCore64.sys -- (RTCore64)

DRV - [2012/06/05 09:50:36 | 000,044,208 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692

IE - HKLM\..\SearchScopes\{157FCE1E-6D75-5378-756B-618BACC3EDE6}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes\{157FCE1E-6D75-5378-756B-618BACC3EDE6}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_pt-BR

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "www.google.com.br"

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com.br"

FF - prefs.js..extensions.enabledAddons: bandwidthmeter@gotomyhelp.com:1.2.5

FF - prefs.js..extensions.enabledAddons: desprotetordelinks@claudio-silva.com:1.2.9.2

FF - prefs.js..extensions.enabledAddons: savesession@noasobi.net:1.3.1.6

FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.9

FF - prefs.js..extensions.enabledAddons: {87F8774F-B485-47E2-A755-A40A8A5E886D}:2.6.3.10

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledAddons: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4

FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.6

FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxVRRKqy1&search="

FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"

FF - prefs.js..network.proxy.type: 2

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\PAULOROBERTO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PAULOROBERTO\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/24 00:35:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/09/03 11:35:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/09/03 11:35:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/09/03 11:35:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 16:41:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/18 16:46:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/24 00:35:36 | 000,000,000 | ---D | M]

 

[2011/06/09 22:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Extensions

[2011/02/11 22:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/09/13 18:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions

[2012/05/04 20:07:24 | 000,000,000 | ---D | M] (Adicional de Seguranca CAIXA) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

[2012/03/29 22:57:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/12/18 19:12:34 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

[2012/09/11 23:58:10 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2012/09/13 18:11:42 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\Firefox\Profiles\0mfi9aev.default\extensions\ffxtlbr@funmoods.com

[2012/03/11 14:54:23 | 000,013,874 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\bandwidthmeter@gotomyhelp.com.xpi

[2012/07/23 09:02:43 | 000,127,820 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\desprotetordelinks@claudio-silva.com.xpi

[2012/03/11 14:58:54 | 000,013,039 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\savesession@noasobi.net.xpi

[2012/08/01 22:50:07 | 000,085,715 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi

[2012/08/26 20:01:49 | 000,084,682 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi

[2012/07/25 09:38:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2011/11/16 20:11:45 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\PAULOROBERTO\AppData\Roaming\mozilla\firefox\profiles\0mfi9aev.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi

[2011/11/11 20:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/09/08 16:41:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/04/11 09:48:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/07/19 20:47:34 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml

[2012/07/19 20:47:34 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml

[2012/08/28 19:57:01 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/07/19 20:47:34 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml

[2012/07/19 20:47:34 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2012/05/04 20:00:39 | 000,001,465 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com

O1 - Hosts: 127.0.0.1 sls.microsoft.com

O1 - Hosts: 127.0.0.1 genuine.microsoft.com

O1 - Hosts: 127.0.0.1 wat.microsoft.com

O1 - Hosts: 127.0.0.1 mpa.microsoft.com

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll File not found

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (BywifiBHO Class) - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files (x86)\Bywifi\bywifiie.dll (bywifi.com)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll File not found

O3 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\Toolbar\WebBrowser: (no name) - {12FC3D37-2A42-4FE3-8489-81296878CBA5} - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [Deskmedia] "C:\Positivo\Deskmedia\Downloader.exe" File not found

O4:64bit: - HKLM..\Run: [Deskmedia2] C:\Positivo\Deskmedia\InstaladorLite.exe ()

O4:64bit: - HKLM..\Run: [Deskmedia3] "C:\Positivo\Deskmedia\GerenciadorLocal.exe" File not found

O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [Deskmedia] C:\Positivo\Deskmedia\Downloader.exe File not found

O4 - HKLM..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000..\Run: [Office2010Tips_Notifier] C:\Users\PAULOROBERTO\Documents\Microsoft Corporation\Office 2010 Screensaver\Notifier.exe (Microsoft)

O4 - HKLM..\RunOnce: [updateTutoriaisSlimbaHP.exe] C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba\UpdateTutoriaisSlimbaHP.exe (pctuto)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\limpartemporarios.bat ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: cmd.exe =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: command.com =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: msconfig.exe =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: procexp.exe =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: kilbox.exe =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: procmgr.exe =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: systemexplorer.exe =

O7 - HKU\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0

O8:64bit: - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found

O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found

O9 - Extra Button: Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe File not found

O9 - Extra 'Tools' menuitem : Bywifi: Vídeo Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe File not found

O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C830E95B-A6FB-4A0F-B8D9-8E5CB0323B37}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC1436F6-5809-4DC4-A14B-D866A70572E1}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\Event Agent: DllName - (CustomEvents.dll) - C:\Windows\SysWow64\CustomEvents.dll ()

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010/12/30 23:22:56 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sasnative64)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/09/13 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Roaming\Positivo

[2012/09/13 14:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia

[2012/09/13 14:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul

[2012/09/13 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\18 Wheels of Steel American Long Haul

[2012/09/13 14:20:28 | 000,000,000 | ---D | C] -- C:\Positivo

[2012/09/13 14:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\18 Wheels of Steel American Long Haul

[2012/09/13 14:12:32 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\PSafe

[2012/09/13 14:11:44 | 000,289,952 | R--- | C] (360.cn) -- C:\Windows\SysNative\drivers\360FltOEM.sys

[2012/09/12 19:05:02 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Local\Temp

[2012/09/12 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\Documents\18 WoS American Long Haul

[2012/09/11 23:36:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/09/11 23:36:33 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/09/11 21:18:02 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/09/11 21:18:02 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/09/10 22:47:40 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\PAULOROBERTO\Desktop\OTL.exe

[2012/09/07 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/09/07 15:41:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/09/07 15:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/09/05 15:07:58 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/09/05 15:07:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/05 15:07:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/05 15:07:58 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/09/05 15:07:58 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/09/05 15:07:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/05 15:07:58 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/09/05 15:07:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/05 15:07:58 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/09/05 15:07:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/09/05 15:07:58 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/09/05 15:07:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/09/05 15:07:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/05 15:07:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/09/05 15:07:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/09/05 15:07:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/09/05 15:07:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/09/05 15:07:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/09/05 15:07:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/09/05 15:07:58 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/09/05 15:07:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/09/05 15:07:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/09/05 15:07:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/09/05 15:07:58 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/09/05 15:07:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/05 15:07:58 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/09/05 15:07:58 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/09/05 15:07:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/09/05 15:07:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/09/05 15:07:58 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/09/05 15:07:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/09/05 15:07:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/09/05 15:07:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/09/05 15:07:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/05 15:07:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/05 15:07:57 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/05 15:07:57 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/05 15:07:57 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/05 15:07:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/09/05 15:07:57 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/09/05 15:07:57 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/09/05 15:07:57 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/09/05 15:07:57 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/09/05 15:07:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/05 15:07:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/05 15:07:57 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/09/05 15:07:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/09/05 15:07:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/05 15:07:57 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/09/05 15:07:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/09/05 15:07:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/09/05 15:07:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/09/05 15:07:57 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/09/05 15:07:57 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/09/05 15:07:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/09/05 15:07:57 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/09/05 15:07:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/09/05 15:07:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/09/05 15:07:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/05 15:07:57 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/09/05 15:07:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/09/05 15:07:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/09/05 15:07:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/09/05 15:07:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/09/05 15:07:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/09/05 15:07:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/09/05 15:07:57 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/09/05 15:07:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/09/05 15:07:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/09/05 15:07:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/09/05 15:07:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/09/05 15:07:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/09/05 00:02:23 | 036,941,104 | ---- | C] (Microsoft Corporation) -- C:\IE9-Windows7-x64-ptb.exe

[2012/09/02 12:03:46 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Local\tuto4pc_br_3

[2012/09/02 12:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EXErrorsFix

[2012/09/02 12:02:30 | 000,000,000 | ---D | C] -- C:\Users\PAULOROBERTO\AppData\Local\t4pc_br_slmba

[2012/09/02 12:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuto_4pc

[2012/09/01 03:27:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\ja-JP

[2012/09/01 03:27:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja

[2012/09/01 03:27:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0411

[2012/09/01 03:25:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja

[2012/09/01 03:25:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411

[2012/09/01 03:25:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP

[2012/09/01 01:51:49 | 000,000,000 | ---D | C] -- C:\Windows\ja-JP

[2012/09/01 01:07:17 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lzhfldr2.dll

[2012/09/01 01:07:16 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lzhfldr2.dll

[2012/09/01 01:07:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbport.sys.mui

[2012/09/01 01:07:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tunnel.sys.mui

[2012/09/01 01:07:15 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tsusbhub.sys.mui

[2012/09/01 01:07:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tsusbflt.sys.mui

[2012/09/01 01:07:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\pacer.sys.mui

[2012/09/01 01:07:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pacer.sys.mui

[2012/09/01 01:07:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdpwd.sys.mui

[2012/09/01 01:07:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdvgkmd.sys.mui

[2012/09/01 01:06:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\battc.sys.mui

[2012/09/01 01:05:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\tcpip.sys.mui

[2012/09/01 01:05:22 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\bfe.dll.mui

[2012/09/01 01:05:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\scfilter.sys.mui

[2012/09/01 01:05:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\qwavedrv.sys.mui

[2012/09/01 01:04:17 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\ja-JP\ndiscap.sys.mui

[2012/09/01 01:04:06 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\portcls.sys.mui

[2012/09/01 01:04:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wd.sys.mui

[2012/09/01 01:04:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\volsnap.sys.mui

[2012/09/01 01:04:05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbhub.sys.mui

[2012/09/01 01:04:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vhdmp.sys.mui

[2012/09/01 01:04:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\umbus.sys.mui

[2012/09/01 01:04:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tpm.sys.mui

[2012/09/01 01:04:04 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\ja-JP\pscr.sys.mui

[2012/09/01 01:04:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\serscan.sys.mui

[2012/09/01 01:03:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mpio.sys.mui

[2012/09/01 01:03:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\serial.sys.mui

[2012/09/01 01:03:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\msdsm.sys.mui

[2012/09/01 01:03:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\i8042prt.sys.mui

[2012/09/01 01:03:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\sermouse.sys.mui

[2012/09/01 01:03:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mouclass.sys.mui

[2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\scsiport.sys.mui

[2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rndismpx.sys.mui

[2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rndismp6.sys.mui

[2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pcmcia.sys.mui

[2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\parport.sys.mui

[2012/09/01 01:03:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ataport.sys.mui

[2012/09/01 01:03:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\MTConfig.sys.mui

[2012/09/01 01:03:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mouhid.sys.mui

[2012/09/01 01:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vwifibus.sys.mui

[2012/09/01 01:03:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdide.sys.mui

[2012/09/01 01:03:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\afd.sys.mui

[2012/09/01 01:03:34 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bfe.dll.mui

[2012/09/01 01:03:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ws2ifsl.sys.mui

[2012/09/01 01:03:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wdf01000.sys.mui

[2012/09/01 01:03:32 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\modem.sys.mui

[2012/09/01 01:03:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\usbrpm.sys.mui

[2012/09/01 01:03:31 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\tcpip.sys.mui

[2012/09/01 01:03:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\srv.sys.mui

[2012/09/01 01:03:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\fvevol.sys.mui

[2012/09/01 01:03:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\scfilter.sys.mui

[2012/09/01 01:03:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\rdbss.sys.mui

[2012/09/01 01:03:01 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\RNDISMP.sys.mui

[2012/09/01 01:03:01 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\qwavedrv.sys.mui

[2012/09/01 01:02:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\partmgr.sys.mui

[2012/09/01 01:02:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ntfs.sys.mui

[2012/09/01 01:02:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\nwifi.sys.mui

[2012/09/01 01:02:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndis.sys.mui

[2012/09/01 01:02:57 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndisuio.sys.mui

[2012/09/01 01:02:54 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ndiscap.sys.mui

[2012/09/01 01:02:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mountmgr.sys.mui

[2012/09/01 01:02:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\luafv.sys.mui

[2012/09/01 01:02:34 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ipnat.sys.mui

[2012/09/01 01:02:24 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\http.sys.mui

[2012/09/01 01:02:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\fltmgr.sys.mui

[2012/09/01 01:02:13 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\volmgrx.sys.mui

[2012/09/01 01:01:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pnpmem.sys.mui

[2012/09/01 01:01:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\pci.sys.mui

[2012/09/01 01:01:52 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerIb.sys.mui

[2012/09/01 01:01:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\IPMIDrv.sys.mui

[2012/09/01 01:01:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vdrvroot.sys.mui

[2012/09/01 01:01:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\kbdclass.sys.mui

[2012/09/01 01:01:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\mssmbios.sys.mui

[2012/09/01 01:01:52 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\isapnp.sys.mui

[2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ULIAGPKX.SYS.mui

[2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\NV_AGP.SYS.mui

[2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\kbdhid.sys.mui

[2012/09/01 01:01:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\AGP440.sys.mui

[2012/09/01 01:01:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\wacompen.sys.mui

[2012/09/01 01:01:49 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\HdAudio.sys.mui

[2012/09/01 01:01:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\hidbth.sys.mui

[2012/09/01 01:01:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\hdaudbus.sys.mui

[2012/09/01 01:01:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\Dot4usb.sys.mui

[2012/09/01 01:01:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\processr.sys.mui

[2012/09/01 01:01:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\intelppm.sys.mui

[2012/09/01 01:01:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdppm.sys.mui

[2012/09/01 01:01:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\disk.sys.mui

[2012/09/01 01:01:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\amdk8.sys.mui

[2012/09/01 01:01:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthport.sys.mui

[2012/09/01 01:01:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthpan.sys.mui

[2012/09/01 01:01:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\cdrom.sys.mui

[2012/09/01 01:01:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\BTHUSB.SYS.mui

[2012/09/01 01:01:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\bthenum.sys.mui

[2012/09/01 01:01:40 | 000,006,656 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrSerId.sys.mui

[2012/09/01 01:01:40 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\ja-JP\BrParwdm.sys.mui

[2012/09/01 01:01:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\ohci1394.sys.mui

[2012/09/01 01:01:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\1394ohci.sys.mui

[2012/09/01 01:01:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\acpi.sys.mui

[2012/09/01 01:01:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\UAGP35.SYS.mui

[2012/09/01 01:01:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\GAGP30KX.SYS.mui

[2012/09/01 00:53:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHT

[2012/09/01 00:53:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-TW

[2012/09/01 00:52:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHT

[2012/09/01 00:52:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW

[2012/09/01 00:52:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-HK

[2012/09/01 00:11:57 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbhub.sys.mui

[2012/09/01 00:11:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tunnel.sys.mui

[2012/09/01 00:11:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tsusbhub.sys.mui

[2012/09/01 00:11:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbport.sys.mui

[2012/09/01 00:11:56 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tsusbflt.sys.mui

[2012/09/01 00:11:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdvgkmd.sys.mui

[2012/09/01 00:11:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdpwd.sys.mui

[2012/09/01 00:11:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\battc.sys.mui

[2012/09/01 00:09:51 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\bfe.dll.mui

[2012/09/01 00:09:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\tcpip.sys.mui

[2012/09/01 00:09:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\scfilter.sys.mui

[2012/09/01 00:09:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\qwavedrv.sys.mui

[2012/09/01 00:08:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\pacer.sys.mui

[2012/09/01 00:08:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-TW\ndiscap.sys.mui

[2012/09/01 00:08:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\portcls.sys.mui

[2012/09/01 00:08:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\volsnap.sys.mui

[2012/09/01 00:08:27 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vhdmp.sys.mui

[2012/09/01 00:08:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wd.sys.mui

[2012/09/01 00:08:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\umbus.sys.mui

[2012/09/01 00:08:26 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tpm.sys.mui

[2012/09/01 00:08:25 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-TW\pscr.sys.mui

[2012/09/01 00:08:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\serscan.sys.mui

[2012/09/01 00:07:49 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pcmcia.sys.mui

[2012/09/01 00:07:42 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rndismpx.sys.mui

[2012/09/01 00:07:42 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rndismp6.sys.mui

[2012/09/01 00:07:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vwifibus.sys.mui

[2012/09/01 00:07:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\serial.sys.mui

[2012/09/01 00:07:41 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\sermouse.sys.mui

[2012/09/01 00:07:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mouclass.sys.mui

[2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\parport.sys.mui

[2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\MTConfig.sys.mui

[2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mouhid.sys.mui

[2012/09/01 00:07:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ataport.sys.mui

[2012/09/01 00:07:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mpio.sys.mui

[2012/09/01 00:07:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\msdsm.sys.mui

[2012/09/01 00:07:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdide.sys.mui

[2012/09/01 00:07:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\afd.sys.mui

[2012/09/01 00:07:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\bfe.dll.mui

[2012/09/01 00:07:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ws2ifsl.sys.mui

[2012/09/01 00:07:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wdf01000.sys.mui

[2012/09/01 00:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\usbrpm.sys.mui

[2012/09/01 00:07:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\modem.sys.mui

[2012/09/01 00:07:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\tcpip.sys.mui

[2012/09/01 00:06:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\fvevol.sys.mui

[2012/09/01 00:06:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\scfilter.sys.mui

[2012/09/01 00:06:07 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\rdbss.sys.mui

[2012/09/01 00:05:58 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pacer.sys.mui

[2012/09/01 00:05:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\qwavedrv.sys.mui

[2012/09/01 00:05:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\partmgr.sys.mui

[2012/09/01 00:05:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ntfs.sys.mui

[2012/09/01 00:05:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\nwifi.sys.mui

[2012/09/01 00:05:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndis.sys.mui

[2012/09/01 00:05:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndisuio.sys.mui

[2012/09/01 00:05:29 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ndiscap.sys.mui

[2012/09/01 00:05:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mountmgr.sys.mui

[2012/09/01 00:05:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\luafv.sys.mui

[2012/09/01 00:05:06 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\http.sys.mui

[2012/09/01 00:05:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\fltmgr.sys.mui

[2012/09/01 00:04:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\volmgrx.sys.mui

[2012/09/01 00:04:41 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerIb.sys.mui

[2012/09/01 00:04:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pnpmem.sys.mui

[2012/09/01 00:04:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\pci.sys.mui

[2012/09/01 00:04:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vdrvroot.sys.mui

[2012/09/01 00:04:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\mssmbios.sys.mui

[2012/09/01 00:04:39 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\isapnp.sys.mui

[2012/09/01 00:04:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ULIAGPKX.SYS.mui

[2012/09/01 00:04:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\NV_AGP.SYS.mui

[2012/09/01 00:04:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\i8042prt.sys.mui

[2012/09/01 00:04:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\IPMIDrv.sys.mui

[2012/09/01 00:04:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\kbdclass.sys.mui

[2012/09/01 00:04:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\kbdhid.sys.mui

[2012/09/01 00:04:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\AGP440.sys.mui

[2012/09/01 00:04:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\wacompen.sys.mui

[2012/09/01 00:04:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\HdAudio.sys.mui

[2012/09/01 00:04:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\hidbth.sys.mui

[2012/09/01 00:04:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\hdaudbus.sys.mui

[2012/09/01 00:04:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\Dot4usb.sys.mui

[2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\processr.sys.mui

[2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\intelppm.sys.mui

[2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdppm.sys.mui

[2012/09/01 00:04:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\amdk8.sys.mui

[2012/09/01 00:04:33 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\bthport.sys.mui

[2012/09/01 00:04:33 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\bthpan.sys.mui

[2012/09/01 00:04:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\disk.sys.mui

[2012/09/01 00:04:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\cdrom.sys.mui

[2012/09/01 00:04:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\BTHUSB.SYS.mui

[2012/09/01 00:04:32 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrSerId.sys.mui

[2012/09/01 00:04:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-HK\bthenum.sys.mui

[2012/09/01 00:04:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\ohci1394.sys.mui

[2012/09/01 00:04:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\1394ohci.sys.mui

[2012/09/01 00:04:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\acpi.sys.mui

[2012/09/01 00:04:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\GAGP30KX.SYS.mui

[2012/09/01 00:04:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\UAGP35.SYS.mui

[2012/09/01 00:04:31 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-TW\BrParwdm.sys.mui

[2012/08/31 23:55:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-CHS

[2012/08/31 23:54:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\zh-CN

[2012/08/31 23:54:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CHS

[2012/08/31 23:54:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN

[2012/08/31 23:53:13 | 000,000,000 | ---D | C] -- C:\Windows\zh-CN

[2012/08/31 23:12:56 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbport.sys.mui

[2012/08/31 23:12:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbhub.sys.mui

[2012/08/31 23:12:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tunnel.sys.mui

[2012/08/31 23:12:46 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndis.sys.mui

[2012/08/31 23:12:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdvgkmd.sys.mui

[2012/08/31 23:12:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdpwd.sys.mui

[2012/08/31 23:12:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mouclass.sys.mui

[2012/08/31 23:12:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mouhid.sys.mui

[2012/08/31 23:12:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tsusbhub.sys.mui

[2012/08/31 23:12:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tsusbflt.sys.mui

[2012/08/31 23:12:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\sermouse.sys.mui

[2012/08/31 23:12:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\battc.sys.mui

[2012/08/31 23:11:06 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\bfe.dll.mui

[2012/08/31 23:11:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\tcpip.sys.mui

[2012/08/31 23:10:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\scfilter.sys.mui

[2012/08/31 23:10:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\qwavedrv.sys.mui

[2012/08/31 23:10:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\pacer.sys.mui

[2012/08/31 23:10:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\zh-CN\ndiscap.sys.mui

[2012/08/31 23:09:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\volsnap.sys.mui

[2012/08/31 23:09:47 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\portcls.sys.mui

[2012/08/31 23:09:47 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vhdmp.sys.mui

[2012/08/31 23:09:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wd.sys.mui

[2012/08/31 23:09:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\umbus.sys.mui

[2012/08/31 23:09:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tpm.sys.mui

[2012/08/31 23:09:40 | 000,002,560 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\zh-CN\pscr.sys.mui

[2012/08/31 23:09:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\serscan.sys.mui

[2012/08/31 23:09:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rndismpx.sys.mui

[2012/08/31 23:09:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rndismp6.sys.mui

[2012/08/31 23:09:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pcmcia.sys.mui

[2012/08/31 23:09:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vwifibus.sys.mui

[2012/08/31 23:09:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\msdsm.sys.mui

[2012/08/31 23:09:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\serial.sys.mui

[2012/08/31 23:09:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\parport.sys.mui

[2012/08/31 23:09:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\MTConfig.sys.mui

[2012/08/31 23:09:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ataport.sys.mui

[2012/08/31 23:09:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdide.sys.mui

[2012/08/31 23:09:36 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mpio.sys.mui

[2012/08/31 23:09:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\afd.sys.mui

[2012/08/31 23:09:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bfe.dll.mui

[2012/08/31 23:09:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ws2ifsl.sys.mui

[2012/08/31 23:09:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wdf01000.sys.mui

[2012/08/31 23:09:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\tcpip.sys.mui

[2012/08/31 23:09:15 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\modem.sys.mui

[2012/08/31 23:09:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\usbrpm.sys.mui

[2012/08/31 23:09:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\fvevol.sys.mui

[2012/08/31 23:09:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\scfilter.sys.mui

[2012/08/31 23:09:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\rdbss.sys.mui

[2012/08/31 23:08:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\qwavedrv.sys.mui

[2012/08/31 23:08:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pacer.sys.mui

[2012/08/31 23:08:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\partmgr.sys.mui

[2012/08/31 23:08:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ntfs.sys.mui

[2012/08/31 23:08:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\nwifi.sys.mui

[2012/08/31 23:08:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndisuio.sys.mui

[2012/08/31 23:08:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ndiscap.sys.mui

[2012/08/31 23:08:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mountmgr.sys.mui

[2012/08/31 23:08:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\luafv.sys.mui

[2012/08/31 23:08:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\http.sys.mui

[2012/08/31 23:07:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\fltmgr.sys.mui

[2012/08/31 23:07:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\volmgrx.sys.mui

[2012/08/31 23:07:35 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerIb.sys.mui

[2012/08/31 23:07:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pnpmem.sys.mui

[2012/08/31 23:07:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\pci.sys.mui

[2012/08/31 23:07:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vdrvroot.sys.mui

[2012/08/31 23:07:33 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\mssmbios.sys.mui

[2012/08/31 23:07:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ULIAGPKX.SYS.mui

[2012/08/31 23:07:33 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\isapnp.sys.mui

[2012/08/31 23:07:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\NV_AGP.SYS.mui

[2012/08/31 23:07:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\i8042prt.sys.mui

[2012/08/31 23:07:32 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\kbdclass.sys.mui

[2012/08/31 23:07:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\kbdhid.sys.mui

[2012/08/31 23:07:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\AGP440.sys.mui

[2012/08/31 23:07:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\IPMIDrv.sys.mui

[2012/08/31 23:07:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\wacompen.sys.mui

[2012/08/31 23:07:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\HdAudio.sys.mui

[2012/08/31 23:07:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\hidbth.sys.mui

[2012/08/31 23:07:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\hdaudbus.sys.mui

[2012/08/31 23:07:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\Dot4usb.sys.mui

[2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\processr.sys.mui

[2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\intelppm.sys.mui

[2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdppm.sys.mui

[2012/08/31 23:07:27 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\amdk8.sys.mui

[2012/08/31 23:07:27 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrSerId.sys.mui

[2012/08/31 23:07:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthport.sys.mui

[2012/08/31 23:07:27 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthpan.sys.mui

[2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\disk.sys.mui

[2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\cdrom.sys.mui

[2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\BTHUSB.SYS.mui

[2012/08/31 23:07:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\bthenum.sys.mui

[2012/08/31 23:07:26 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\zh-CN\BrParwdm.sys.mui

[2012/08/31 23:07:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\ohci1394.sys.mui

[2012/08/31 23:07:25 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\1394ohci.sys.mui

[2012/08/31 23:07:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\acpi.sys.mui

[2012/08/31 23:07:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\GAGP30KX.SYS.mui

[2012/08/31 23:07:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\UAGP35.SYS.mui

[2012/08/31 22:08:07 | 000,000,000 | ---D | C] -- C:\Windows\de-DE

[2012/08/31 22:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407

[2012/08/31 22:07:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE

[2012/08/31 22:07:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de

[2012/08/31 22:06:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407

[2012/08/31 22:06:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE

[2012/08/31 22:05:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de

[2012/08/31 21:22:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdvgkmd.sys.mui

[2012/08/31 21:22:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdpwd.sys.mui

[2012/08/31 21:22:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui

[2012/08/31 21:22:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui

[2012/08/31 21:22:23 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui

[2012/08/31 21:22:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui

[2012/08/31 21:22:23 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tsusbhub.sys.mui

[2012/08/31 21:22:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tsusbflt.sys.mui

[2012/08/31 21:22:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui

[2012/08/31 21:22:20 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui

[2012/08/31 21:22:20 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui

[2012/08/31 21:22:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui

[2012/08/31 21:22:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui

[2012/08/31 21:22:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui

[2012/08/31 21:22:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui

[2012/08/31 21:22:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui

[2012/08/31 21:22:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui

[2012/08/31 21:20:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui

[2012/08/31 21:20:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui

[2012/08/31 21:20:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui

[2012/08/31 21:20:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui

[2012/08/31 21:19:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui

[2012/08/31 21:19:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui

[2012/08/31 21:19:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui

[2012/08/31 21:19:23 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui

[2012/08/31 21:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui

[2012/08/31 21:19:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui

[2012/08/31 21:19:23 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui

[2012/08/31 21:19:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui

[2012/08/31 21:19:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui

[2012/08/31 21:19:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui

[2012/08/31 21:19:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui

[2012/08/31 21:19:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui

[2012/08/31 21:19:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui

[2012/08/31 21:19:05 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui

[2012/08/31 21:19:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui

[2012/08/31 21:19:01 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui

[2012/08/31 21:18:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui

[2012/08/31 21:18:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui

[2012/08/31 21:18:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui

[2012/08/31 21:18:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui

[2012/08/31 21:18:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui

[2012/08/31 21:18:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui

[2012/08/31 21:18:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui

[2012/08/31 21:18:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui

[2012/08/31 21:18:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui

[2012/08/31 21:18:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui

[2012/08/31 21:18:54 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui

[2012/08/31 21:18:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui

[2012/08/31 21:18:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui

[2012/08/31 21:18:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui

[2012/08/31 21:18:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui

[2012/08/31 21:18:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui

[2012/08/31 21:18:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui

[2012/08/31 21:18:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui

[2012/08/31 21:18:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui

[2012/08/31 21:18:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui

[2012/08/31 21:18:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui

[2012/08/31 21:18:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui

[2012/08/31 21:18:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui

[2012/08/31 21:18:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui

[2012/08/31 21:18:12 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui

[2012/08/31 21:18:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui

[2012/08/31 21:18:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui

[2012/08/31 21:18:12 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui

[2012/08/31 21:18:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui

[2012/08/31 21:18:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui

[2012/08/31 21:18:05 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui

[2012/08/31 21:18:05 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui

[2012/08/31 21:18:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui

[2012/08/31 21:17:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui

[2012/08/31 21:17:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui

[2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui

[2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui

[2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui

[2012/08/31 21:17:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui

[2012/08/31 21:17:24 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui

[2012/08/31 21:17:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui

[2012/08/31 21:17:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui

[2012/08/31 21:17:24 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui

[2012/08/31 21:17:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui

[2012/08/31 21:17:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui

[2012/08/31 21:17:24 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui

[2012/08/31 21:17:24 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui

[2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui

[2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui

[2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui

[2012/08/31 21:17:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui

[2012/08/31 21:17:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui

[2012/08/31 21:17:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui

[2012/08/31 21:17:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui

[2012/08/31 21:17:20 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui

[2012/08/31 21:17:18 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui

[2012/08/31 21:17:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui

[2012/08/31 21:17:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui

[2012/08/31 21:17:15 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui

[2012/08/31 21:17:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui

[2012/08/31 21:17:15 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui

[2012/08/24 19:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/08/24 19:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2012/08/24 19:29:58 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2012/08/16 14:38:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012/08/16 14:38:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012/08/16 14:38:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/08/16 14:38:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012/08/15 13:38:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/08/15 13:38:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012/08/15 13:38:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012/08/15 13:36:31 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/09/13 20:42:16 | 000,735,958 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat

[2012/09/13 20:42:16 | 000,732,782 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat

[2012/09/13 20:42:16 | 000,721,780 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat

[2012/09/13 20:42:16 | 000,717,312 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat

[2012/09/13 20:42:16 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012/09/13 20:42:16 | 000,649,542 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat

[2012/09/13 20:42:16 | 000,487,362 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat

[2012/09/13 20:42:16 | 000,394,996 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat

[2012/09/13 20:42:16 | 000,377,894 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat

[2012/09/13 20:42:16 | 000,155,414 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat

[2012/09/13 20:42:16 | 000,152,730 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat

[2012/09/13 20:42:16 | 000,152,702 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat

[2012/09/13 20:42:16 | 000,150,294 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat

[2012/09/13 20:42:16 | 000,143,122 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat

[2012/09/13 20:42:16 | 000,142,288 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012/09/13 20:42:16 | 000,139,692 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat

[2012/09/13 20:42:16 | 000,119,868 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat

[2012/09/13 20:42:16 | 000,114,954 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat

[2012/09/13 20:42:16 | 000,095,096 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat

[2012/09/13 20:42:16 | 000,040,648 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat

[2012/09/13 20:42:15 | 016,183,068 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/13 20:42:15 | 000,738,244 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat

[2012/09/13 20:42:15 | 000,738,088 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat

[2012/09/13 20:42:15 | 000,732,780 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2012/09/13 20:42:15 | 000,689,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012/09/13 20:42:15 | 000,676,266 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat

[2012/09/13 20:42:15 | 000,661,284 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat

[2012/09/13 20:42:15 | 000,599,464 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat

[2012/09/13 20:42:15 | 000,502,086 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat

[2012/09/13 20:42:15 | 000,474,226 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat

[2012/09/13 20:42:15 | 000,472,006 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat

[2012/09/13 20:42:15 | 000,422,164 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat

[2012/09/13 20:42:15 | 000,410,570 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat

[2012/09/13 20:42:15 | 000,385,572 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat

[2012/09/13 20:42:15 | 000,170,798 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat

[2012/09/13 20:42:15 | 000,158,138 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat

[2012/09/13 20:42:15 | 000,149,106 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat

[2012/09/13 20:42:15 | 000,148,596 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012/09/13 20:42:15 | 000,146,602 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2012/09/13 20:42:15 | 000,140,910 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat

[2012/09/13 20:42:15 | 000,138,202 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/13 20:42:15 | 000,122,008 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat

[2012/09/13 20:42:15 | 000,120,296 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat

[2012/09/13 20:42:15 | 000,110,806 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat

[2012/09/13 20:42:15 | 000,100,946 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat

[2012/09/13 20:42:15 | 000,098,286 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat

[2012/09/13 20:42:15 | 000,094,604 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat

[2012/09/13 20:42:15 | 000,084,714 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat

[2012/09/13 20:42:15 | 000,036,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/09/13 20:42:11 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 20:42:10 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/09/13 20:31:24 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/09/13 20:31:20 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job

[2012/09/13 20:30:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/09/13 14:10:51 | 000,384,844 | ---- | M] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx

[2012/09/13 14:10:51 | 000,031,465 | ---- | M] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx

[2012/09/10 22:47:45 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\PAULOROBERTO\Desktop\OTL.exe

[2012/09/08 09:11:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/07 15:41:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/06 16:22:00 | 000,327,680 | ---- | M] () -- C:\Users\PAULOROBERTO\Documents\TESTEMALA.mdb

[2012/09/05 15:07:58 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/09/05 15:07:58 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/05 15:07:58 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/05 15:07:58 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/09/05 15:07:58 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/09/05 15:07:58 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/05 15:07:58 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/09/05 15:07:58 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/05 15:07:58 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/09/05 15:07:58 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/09/05 15:07:58 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/09/05 15:07:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/09/05 15:07:58 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/05 15:07:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/09/05 15:07:58 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/09/05 15:07:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/09/05 15:07:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/09/05 15:07:58 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/09/05 15:07:58 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/09/05 15:07:58 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/09/05 15:07:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/09/05 15:07:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/09/05 15:07:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/09/05 15:07:58 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/09/05 15:07:58 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/05 15:07:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/09/05 15:07:58 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/09/05 15:07:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/09/05 15:07:58 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/09/05 15:07:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/09/05 15:07:58 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/09/05 15:07:58 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/09/05 15:07:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/09/05 15:07:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/09/05 15:07:57 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/05 15:07:57 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/05 15:07:57 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/05 15:07:57 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/05 15:07:57 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/05 15:07:57 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/09/05 15:07:57 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/09/05 15:07:57 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/09/05 15:07:57 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/09/05 15:07:57 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/09/05 15:07:57 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/05 15:07:57 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/05 15:07:57 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/09/05 15:07:57 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/09/05 15:07:57 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/05 15:07:57 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/09/05 15:07:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/09/05 15:07:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/09/05 15:07:57 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/09/05 15:07:57 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/09/05 15:07:57 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/09/05 15:07:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/09/05 15:07:57 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/09/05 15:07:57 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/09/05 15:07:57 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/09/05 15:07:57 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/05 15:07:57 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/09/05 15:07:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/09/05 15:07:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/09/05 15:07:57 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/09/05 15:07:57 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/09/05 15:07:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/09/05 15:07:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/09/05 15:07:57 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/09/05 15:07:57 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/09/05 15:07:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/09/05 15:07:57 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/09/05 15:07:57 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/09/05 15:07:57 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/09/05 15:07:57 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/09/05 00:02:38 | 036,941,104 | ---- | M] (Microsoft Corporation) -- C:\IE9-Windows7-x64-ptb.exe

[2012/09/02 14:14:39 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\EXErrorsFix Schedule.job

[2012/09/02 12:03:22 | 000,000,677 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog

[2012/09/01 03:23:45 | 000,141,988 | ---- | M] () -- C:\Windows\SysNative\perfi011.dat

[2012/09/01 03:23:45 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\perfd011.dat

[2012/09/01 00:51:02 | 000,117,840 | ---- | M] () -- C:\Windows\SysNative\prfi0404.dat

[2012/09/01 00:51:02 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0404.dat

[2012/08/31 23:52:30 | 000,111,310 | ---- | M] () -- C:\Windows\SysNative\prfi0804.dat

[2012/08/31 23:52:30 | 000,031,548 | ---- | M] () -- C:\Windows\SysNative\prfd0804.dat

[2012/08/31 22:04:12 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat

[2012/08/31 22:04:11 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat

[2012/08/30 21:42:29 | 000,001,057 | ---- | M] () -- C:\Users\PAULOROBERTO\AppData\Roaming\vso_ts_preview.xml

[2012/08/30 12:02:37 | 000,055,957 | ---- | M] () -- C:\Users\PAULOROBERTO\Documents\.PDF (Adauto).pdf

[2012/08/24 19:30:01 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/08/22 15:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/08/22 15:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/08/16 14:50:56 | 000,437,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/09/13 14:11:21 | 000,384,844 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx

[2012/09/13 14:11:08 | 000,031,465 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx

[2012/09/07 22:08:51 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/09/07 15:41:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/09/05 15:07:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/09/05 15:07:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/09/02 12:03:50 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\EXErrorsFix Schedule.job

[2012/09/02 12:03:14 | 000,000,677 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog

[2012/09/01 03:32:17 | 000,141,988 | ---- | C] () -- C:\Windows\SysNative\perfi011.dat

[2012/09/01 03:32:14 | 000,410,570 | ---- | C] () -- C:\Windows\SysNative\perfh011.dat

[2012/09/01 03:32:14 | 000,122,008 | ---- | C] () -- C:\Windows\SysNative\perfc011.dat

[2012/09/01 03:32:14 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\perfd011.dat

[2012/09/01 00:56:52 | 000,117,840 | ---- | C] () -- C:\Windows\SysNative\prfi0404.dat

[2012/09/01 00:56:48 | 000,394,996 | ---- | C] () -- C:\Windows\SysNative\prfh0404.dat

[2012/09/01 00:56:48 | 000,114,954 | ---- | C] () -- C:\Windows\SysNative\prfc0404.dat

[2012/09/01 00:56:48 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0404.dat

[2012/08/31 23:59:00 | 000,111,310 | ---- | C] () -- C:\Windows\SysNative\prfi0804.dat

[2012/08/31 23:58:58 | 000,377,894 | ---- | C] () -- C:\Windows\SysNative\prfh0804.dat

[2012/08/31 23:58:58 | 000,119,868 | ---- | C] () -- C:\Windows\SysNative\prfc0804.dat

[2012/08/31 23:58:58 | 000,031,548 | ---- | C] () -- C:\Windows\SysNative\prfd0804.dat

[2012/08/31 22:12:23 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat

[2012/08/31 22:12:22 | 000,689,528 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat

[2012/08/31 22:12:22 | 000,148,596 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat

[2012/08/31 22:12:22 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat

[2012/08/30 12:02:37 | 000,055,957 | ---- | C] () -- C:\Users\PAULOROBERTO\Documents\.PDF (Adauto).pdf

[2012/08/24 19:30:01 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/12/23 21:52:04 | 000,017,408 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\WebpageIcons.db

[2011/12/18 23:08:10 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/06/26 16:06:41 | 013,478,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/06/12 17:14:49 | 000,001,410 | ---- | C] () -- C:\Windows\TVEpaDrv.ini

[2011/06/09 22:46:34 | 000,451,072 | ---- | C] () -- C:\Windows\emunist.exe

[2011/06/09 22:26:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/04/28 09:01:17 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MSJCE.dll

[2011/04/22 21:10:10 | 000,000,512 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Roaming\proxyvampire.ini

[2011/04/14 18:03:38 | 000,003,612 | ---- | C] () -- C:\Windows\SysWow64\RDDlg.dat

[2011/03/20 22:27:40 | 000,035,332 | ---- | C] () -- C:\Windows\SysWow64\uninst.exe

[2011/03/20 22:21:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/03/20 22:21:35 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/03/20 22:21:35 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/03/20 22:21:35 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/03/20 20:24:21 | 000,007,618 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\resmon.resmoncfg

[2011/01/20 00:41:49 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2011/01/18 20:04:46 | 000,019,572 | ---- | C] () -- C:\Windows\hpqins13.dat

[2011/01/17 17:00:35 | 000,008,192 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/05 22:22:41 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll

[2011/01/05 22:22:41 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\ChCfg.exe

[2011/01/05 22:22:40 | 000,037,376 | ---- | C] () -- C:\Windows\CPLUtl64.exe

[2011/01/05 22:21:03 | 000,000,164 | ---- | C] () -- C:\Windows\avrack.ini

[2010/12/29 23:08:33 | 000,001,057 | ---- | C] () -- C:\Users\PAULOROBERTO\AppData\Roaming\vso_ts_preview.xml

[2010/11/28 23:44:02 | 000,000,842 | ---- | C] () -- C:\Windows\SysWow64\SPC230NC.INI

[2010/11/24 00:35:10 | 000,023,234 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010/11/23 23:37:58 | 000,176,753 | ---- | C] () -- C:\Windows\hpoins29.dat

 

========== LOP Check ==========

 

[2010/11/26 22:53:11 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\7plus

[2011/07/09 20:14:51 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Abelssoft

[2010/11/27 09:25:19 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Alzex

[2011/01/02 16:08:41 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Ashampoo

[2011/08/21 16:18:55 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\DAEMON Tools Lite

[2012/07/14 19:43:16 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Downloaded Installations

[2011/01/01 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Easeware

[2012/04/29 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\GetRightToGo

[2011/10/16 13:08:59 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\ImgBurn

[2011/05/01 11:53:06 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\InterSoft Common

[2011/01/26 23:20:24 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\IObit

[2011/12/18 23:10:00 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Kutawaves Games

[2012/03/11 23:22:50 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Launchy

[2010/12/07 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Lingoes

[2011/11/03 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\MOBILedit

[2012/05/29 20:42:51 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Movier

[2012/08/07 20:39:50 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Nitro PDF

[2011/12/04 19:53:29 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\OfficeRecovery

[2011/07/09 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Opera

[2012/09/13 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Positivo

[2010/12/27 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Systweak

[2011/02/11 22:04:28 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Thunderbird

[2012/05/12 00:18:11 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\TrueCrypt

[2012/08/06 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\uTorrent

[2012/09/01 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\Vso

[2012/03/17 21:41:15 | 000,000,000 | ---D | M] -- C:\Users\PAULOROBERTO\AppData\Roaming\WinISO Computing

[2012/09/13 20:31:20 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job

[2011/05/08 12:32:34 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job

[2012/09/02 14:14:39 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\EXErrorsFix Schedule.job

[2012/01/22 23:23:00 | 000,000,934 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000Core.job

[2012/01/22 23:23:00 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2415253309-3379223506-2882669795-1000UA.job

[2011/05/10 22:17:02 | 000,000,120 | ---- | M] () -- C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job

[2012/07/30 08:48:50 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 212 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! prrsilva

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

|- Baixe: < 331oifp.png >

 

|- Salve-o no desktop ou C:\.

|- Duplo-clique em OTS.exe.

|- Ps: Para Windows Vista ou 7,execute OTS.exe e escolha a opção administrador.

 

adpvC8bl.jpg

 

|- Marque as caixinhas:

 

[] Reg - NetSvcs

[] File - Lop Check

 

64bitscan.png

 

|- Para SO 64 bit,marque a caixinha!

 

|- Em "Basic Scans",marque as caixinhas:

 

[] Use Company Name Whitelist

[] Skip Microsoft Files

 

|- Verifique: 250ii3s.png & n19ytt.png

 

|- À seguir,clique em 2lasxtt.png

 

|- Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )

|- Poste-o em sua resposta!

|- Acesse para isso! ( cjoint.com ou myfile.tk )

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! prrsilva

 

|- Estabeleça backups do registro,com ERUNT.

|- Baixe: < ERUNT >

|- Descompacte-o para o disco local e instale-o aí mesmo.

|- Para maiores detalhes,leia o Tutorial: < WinXPTutor's XP Resources.

 

-/-

 

|- O script da OTS está muito 'carregado',onde softwares e/ou entradas,podem ser removidas já que encontram-se vazias.

|- Verifique as linhas dispostas,e me diga o que não quer remover,para que edite o script e fique ao seu gosto.

|- Em todo caso,o utilitário ERUNT irá estabelecer backups para restaurar o registro.

 

-/-

 

|- Abra a OTS.exe,com um duplo-clique.

 

[unregister Dlls]
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtCtC0B0E0F0DyD0C0B0CyDtAtN0D0Tzu0StByDyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1012949692
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\: Main\\"Backup.Old.Start Page" -> http://www.google.com.br/
< FireFox Settings [Prefs.js] > -> C:\Users\PAULOROBERTO\AppData\Roaming\Mozilla\FireFox\Profiles\0mfi9aev.default\prefs.js
YN -> keyword.URL -> "http://mystart.incredimail.com/mb156/?loc=ff_address_bar&a=6OxVRRKqy1&search="
YN -> network.proxy.autoconfig_url -> "http://localhost:9000/proxy.pac"
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [HKLM] -> [Funmoods Helper Object]
YY -> {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} [HKLM] -> C:\Program Files (x86)\Bywifi\bywifiie.dll [bywifiBHO Class]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}" [HKLM] -> [Funmoods Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{12FC3D37-2A42-4FE3-8489-81296878CBA5}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Deskmedia" -> ["C:\Positivo\Deskmedia\Downloader.exe"]
YN -> "Deskmedia3" -> ["C:\Positivo\Deskmedia\GerenciadorLocal.exe"]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Deskmedia" -> [C:\Positivo\Deskmedia\Downloader.exe]
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe]
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe]
< RunOnce [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1020\] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YN -> "mctadmin" -> [C:\Windows\System32\mctadmin.exe]
< Software Policy Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Policies\Microsoft\Internet Explorer
YN -> \Control Panel\\"SecurityTab" -> [0]
YN -> \Control Panel\\"History" -> [0]
YN -> \Control Panel\\"DisableDeleteBrowsingHistory" -> [0]
YN -> \Restrictions\\"NoBrowserOptions" -> [0]
YN -> \Restrictions\\"NoBrowserContextMenu" -> [0]
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"NoActiveDesktop" -> [1]
YN -> \\"NoActiveDesktopChanges" -> [1]
YN -> \\"NoDriveTypeAutoRun" -> [60]
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"ConsentPromptBehaviorUser" -> [3]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
YN -> \\"DisallowRun" -> [1]
YN -> \\"NoNetworkConnections" -> [0]
YN -> \\"NoAddPrinter" -> [0]
YN -> \\"NoDeletePrinter" -> [0]
YN -> \\"NoSetFolders" -> [0]
YN -> \\"NoPropertiesMyComputer" -> [0]
YN -> \\"NoControlPanel" -> [0]
YN -> \\"NoViewContextMenu" -> [0]
YN -> \\"NoTrayContextMenu" -> [0]
YN -> \\"NoWinKeys" -> [0]
YN -> \\"NoDriveTypeAutoRun" -> [145]
YN -> \DisallowRun\\"cmd.exe" -> []
YN -> \DisallowRun\\"command.com" -> []
YN -> \DisallowRun\\"msconfig.exe" -> []
YN -> \DisallowRun\\"procexp.exe" -> []
YN -> \DisallowRun\\"kilbox.exe" -> []
YN -> \DisallowRun\\"procmgr.exe" -> []
YN -> \DisallowRun\\"systemexplorer.exe" -> []
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"NoDispCPL" -> [0]
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:Exec [HKLM] -> Reg Error: Value error. [button: Enviar para o OneNote]
YN -> {2670000A-7350-4f3c-8081-5663EE0C6C49}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: &Enviar para o OneNote]
YN -> {4248FE82-7FCB-46AC-B270-339F08212110}:Exec [HKLM] -> Reg Error: Value error. [button: &Teclado Virtual]
YN -> {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:Exec [HKLM] -> Reg Error: Value error. [button: &Anotações Vinculadas do OneNote]
YN -> {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:Reg Error: Value error. [HKLM] -> Reg Error: Value error. [Menu: &Anotações Vinculadas do OneNote]
YN -> {CCF151D8-D089-449F-A5A4-D9909053F20F}:Exec [HKLM] -> Reg Error: Value error. [button: Veri&ficação de URLs]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}:Exec [HKLM] -> [button: Bywifi: Vídeo Downloader]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}:Exec [HKLM] -> [Menu: Bywifi: Vídeo Downloader]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\] > -> HKEY_USERS\S-1-5-21-2415253309-3379223506-2882669795-1000\Software\Microsoft\Internet Explorer\Extensions\
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Exec" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Exec" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"HotIcon" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"HotIcon" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Icon" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"Icon" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"MenuText" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"MenuText" [HKLM] -> [Reg Error: Key error.]
YN -> 64bit-{09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ToolTip" [HKLM] -> [Reg Error: Key error.]
YN -> {09E90109-A9AA-4980-BCEF-76F8D924E902}\\"ToolTip" [HKLM] -> [Reg Error: Key error.]
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]
[Files/Folders - Created Within 30 Days]
NY ->  Trymedia -> C:\ProgramData\Trymedia
NY ->  PSafe -> C:\Users\PAULOROBERTO\PSafe
NY ->  6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  funmoods-speeddial.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx
NY ->  funmoods.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx
NY ->  6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp
NY ->  2 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY ->  1 C:\*.tmp files -> C:\*.tmp
[Files - No Company Name]
NY ->  funmoods-speeddial.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods-speeddial.crx
NY ->  funmoods.crx -> C:\Users\PAULOROBERTO\AppData\Local\funmoods.crx
NY ->  proxyvampire.ini -> C:\Users\PAULOROBERTO\AppData\Roaming\proxyvampire.ini
NY ->  DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\PAULOROBERTO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[File - Lop Check]
NY ->  MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job -> C:\Windows\Tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
[Alternate Data Streams]
NY -> @Alternate Data Stream - 212 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
[Custom Items]
:reg
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Deskmedia" =-
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Deskmedia"=-
:end
[CreateRestorePoint]

|- Cole estas informações que estão no Code,para o campo: "Paste Fix Here"

|- Clique em Run Fix -> Aguarde!

|- Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Dijram segue relatório

 

http://myfile.tk/3/09142012_234946.log

Bom Dia! prrsilva

 

|- Execute,novamente,ZHPDiag_silent.

|- Poste o link ao relatório!

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! prrsilva

 

|- Feche programas/pastas que estejam abertos.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_Logo.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".

 

O4 - Global Startup: C:\Users\PAULOROBERTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\zsnesw - Atalho.lnk . (...) -- C:\Users\PAULOROBERTO\Downloads\zsnesw.exe (.not file.)

O42 - Logiciel: Iminent - (.Iminent.) [HKLM] -- {A6E71E28-43CB-423E-B415-B7C00D77902E} => Infection PUP (Adware.IMBooster)

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos

O43 - CFD: 23/11/2010 - 21:39:13 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\Histórico

O43 - CFD: 15/09/2012 - 14:12:17 - [0] ----D C:\Users\PAULOROBERTO\AppData\Local\{27DCEF58-B909-48C2-8F23-74235E42851E}

O53 - SMSR:HKLM\...\startupreg\CCLite [Key] . (.ms - No comment.) -- C:\Windows\system32\Event Agent\ea.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\SnowWallpaper [Key] . (...) -- C:\Program Files (x86)\Artdocks Software\Animated Snow Desktop Wallpaper\SnowWallpaper.exe (.not file.)

O53 - SMSR:HKLM\...\startupreg\BabylonToolbar [Key] . (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (.not file.) => Infection BT (Toolbar.Babylon)

O53 - SMSR:HKLM\...\startupreg\Iminent [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) => Infection PUP (Adware.IMBooster)

O53 - SMSR:HKLM\...\startupreg\IminentMessenger [Key] . (...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) => Infection PUP (Adware.IMBooster)

 

[HKCU\Software\Tutorials] => Toolbar.Agent

[HKLM\Software\360Safe] => Infection Diverse (Lozavita.Troj)

[HKLM\Software\Trymedia Systems] => Infection BT (Adware.Trymedia)

[HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] => Infection BT (Adware.Agent)

[HKLM\Software\WOW6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\WOW6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\WOW6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] => Infection BT (Toolbar.Babylon)

[HKLM\Software\WOW6432Node\Trymedia Systems] => Infection BT (Adware.Trymedia)

 

hostfix

proxyfix

emptytemp

emptyflash

firewallraz

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite, Dijram segue relatório

 

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by PAULOROBERTO at 16/09/2012 00:37:20

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Software Key: {A6E71E28-43CB-423E-B415-B7C00D77902E}

 

========== Registry Key ==========

DELETED Key: StartupReg: CCLite

DELETED Key: StartupReg: SnowWallpaper

DELETED Key: StartupReg: BabylonToolbar

DELETED Key: StartupReg: Iminent

DELETED Key: StartupReg: IminentMessenger

DELETED Key*: HKCU\Software\Tutorials

NOT FOUND Key: HKLM\Software\360Safe

NOT FOUND Key: HKLM\Software\Trymedia Systems

DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

DELETED Key*: HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

DELETED Key*: HKLM\Software\WOW6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

DELETED Key*: HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

DELETED Key*: HKLM\Software\WOW6432Node\Trymedia Systems

 

========== Registry Value ==========

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

 

========== Repertory ==========

NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\PAULOROBERTO\AppData\Local\Histórico

DELETED Folder: C:\Users\PAULOROBERTO\AppData\Local\{27DCEF58-B909-48C2-8F23-74235E42851E}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED File: c:\users\pauloroberto\appdata\roaming\microsoft\internet explorer\quick launch\zsnesw - atalho.lnk

NOT FOUND File: c:\users\pauloroberto\downloads\zsnesw.exe

NOT FOUND File: c:\windows\system32\event agent\ea.exe

NOT FOUND File: c:\program files (x86)\artdocks software\animated snow desktop wallpaper\snowwallpaper.exe

DELETED Window Temporary:

DELETED Flash Cookies:

 

 

========== Summary ==========

15 : Registry Key

8 : Registry Value

5 : Repertory

6 : File

1 : Software

 

 

End of clean in 00mn 03s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 16/09/2012 00:37:20 [2615]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! prrsilva

 

|- Abra a OTS -> Clique em CleanUp. <- Confirme!

|- Ps: O computador irá reiniciar!

|- Nada mais à realizar!

|- Seus logs estão limpos!

|- Tudo Ok?

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.