Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
LoboGrande

PC desliga do nada.

Recommended Posts

Boa tarde,

Ao abrir os browsers IE e Firefox depois de algum tempo o PC deliga sozinho. Outro detalhe é que o Google Chrome não esta abrindo.

LOG DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Roger at 7:54:25 on 2012-08-13

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.1674 [GMT -3:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\IObit\Smart Defrag 2\SmartDefrag.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wscntfy.exe

svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\wiaacmgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aidi.com.br/links.html

uSearch Page =

uSearch Bar =

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos

comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all

users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [TkBellExe] "c:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

mRun: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: Add to AMV Convert Tool...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\arquivos de programas\skype\toolbars\internet

explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318846091609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{F6E17C43-6DE2-44E5-82FC-26D1A5F23FE4} : DhcpNameServer = 200.204.0.10 200.204.0.138

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~2\office12\GR99D3~1.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\roger\dados de aplicativos\mozilla\firefox\profiles\k5d27q9g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL -

hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=pt_BR&apn_uid=9abd7f2e-3fdc-407f-a9ad-6d35c9ded33d&apn_ptnrs=^ABZ&

apn_sauid=02EBEF0B-E1CD-4B5F-801A-50C1F14D06F3&apn_dtid=^YYYYYY^YY^BR&&q=

FF - component: c:\arquivos de programas\arquivos comuns\spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: c:\documents and settings\roger\dados de

aplicativos\mozilla\firefox\profiles\k5d27q9g.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\arquivos de programas\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\arquivos de programas\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\documents and settings\all users\dados de

aplicativos\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\roger\dados de

aplicativos\mozilla\firefox\profiles\k5d27q9g.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\plugins\np-mswmp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3212_7

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - fc790c76000000000000002511b88c65

FF - user.js: extensions.BabylonToolbar.instlDay - 15561

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.612:12:10

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-11 13496]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-23 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-10-23 86224]

R2 AntiVirService;Avira Realtime Protection;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-10-23 110032]

R2 AntiVirWebService;Avira Web Protection;c:\arquivos de programas\avira\antivir desktop\avwebgrd.exe [2011-10-23 465360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-23 83392]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-7-6 47640]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-6-12 2127728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-2-6 30312]

S3 BTCFilterService;USB Networking Driver Filter Service; [x]

S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\genbus.sys --> c:\windows\system32\drivers\GenBus.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-12-11 36608]

S3 motccgp;Motorola USB Composite Device Driver; [x]

S3 motccgpfl;MotCcgpFlService; [x]

S3 Motousbnet;Motorola USB Networking Driver Service; [x]

S3 motport;Motorola USB Diagnostic Port; [x]

S3 motusbdevice;Motorola USB Dev Driver; [x]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]

S3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\nus_bus.sys --> c:\windows\system32\drivers\NUS_Bus.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-6 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-6 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-6 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-2-6 114280]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-12-13 12984]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30

250056]

S4 CDMA Device Service;CDMA Device Service;c:\arquivos de programas\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-14 63488]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-12-11 238952]

S4 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2011-4-10 136176]

S4 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\google\update\GoogleUpdate.exe [2011-4-10 136176]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-7-11 229376]

.

=============== Created Last 30 ================

.

2012-08-12 14:18:19 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-08-12 14:18:19 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-08-12 14:18:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-08-12 14:18:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-08-10 11:50:18 -------- d-----w- C:\HijackThis

2012-08-09 21:52:07 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\AskToolbar

2012-08-09 21:49:30 -------- d-----w- c:\arquivos de programas\Ask.com

2012-08-09 15:12:14 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\BabylonToolbar

2012-08-09 15:12:12 -------- d-----w- c:\arquivos de programas\BabylonToolbar

2012-08-09 15:11:55 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\Babylon

2012-08-09 15:11:55 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Babylon

2012-08-09 15:11:49 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2012-08-09 15:11:48 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-08-09 15:11:48 -------- d-----w- c:\arquivos de programas\PDFCreator 2012

2012-08-07 22:36:19 81920 ----a-w- c:\windows\system32\pdfcmon.dll

2012-08-07 11:47:35 -------- d-----w- C:\LinhaDefensiva

2012-08-05 16:26:24 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\wtxpcom

2012-08-05 14:10:25 -------- d-----w- c:\arquivos de programas\PDFCreator

2012-07-29 00:43:40 -------- d-----w- c:\arquivos de programas\CDex

2012-07-24 14:51:56 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\TightVNC

.

==================== Find3M ====================

.

2012-07-29 12:10:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-29 12:10:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 15:33:38 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-11 15:33:37 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-07-11 15:33:36 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-11 15:33:35 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-06-27 11:39:33 60304 ----a-w- c:\documents and settings\roger\g2mdlhlpx.exe

2012-06-26 07:02:40 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 07:02:38 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-06-01 15:29:25 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2012-06-01 15:29:22 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2012-06-01 01:10:10 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 01:10:10 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-01-26 12:11:08 444283 ----a-w- c:\arquivos de programas\arquivos comuns\WinPcapNmap.exe

.

============= FINISH: 8:00:29,96 ===============

LOG Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/6/2010 07:38:27

System Uptime: 13/8/2012 07:04:33 (1 hours ago)

.

Motherboard: DIGITRON | | G31T-M7

Processor: Processador Intel Pentium III Xeon | CPU 1 | 2660/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 195 GiB total, 149,379 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 736 GiB total, 390,794 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

abgx360 v1.0.2

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.7 - Português

Adobe Reader 9.5.1 - Português

Adobe Shockwave Player 11.6

Arquivo do WinRAR

Ashampoo Burning Studio 2009

Ask Toolbar

µTorrent

Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB923789)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB982632)

Avira Free Antivirus

Avira SearchFree Toolbar plus Web Protection Updater

Babylon toolbar on IE

BabylonObjectInstaller

BS.Player FREE

Camtasia Studio 6

CCleaner

CDex - Open Source Digital Audio CD Extractor

Cisco WebEx Meetings

Cool Timer 3.6

CoolSMS 2.06 beta

CrossLoop 2.82

DAEMON Tools Lite

DVD Decrypter (Remove Only)

EasyRecovery Professional

Facebook Video Calling 1.2.0.159

FormatFactory 2.80

Freeware PDF Unlocker

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToMeeting 5.2.0.952

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Graphics Media Accelerator Driver

IObit Toolbar v4.5

Java Auto Updater

Java 6 Update 26

LogMeIn

Loudtalks Lite 1.8.0.0

MetaTrader 4.00

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office 2007 Custom UI Editor

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mobile Partner

MotoHelper MergeModules

Mozilla Firefox 14.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MyFreeCodec

Nelogica ProfitChart RT

Nexus 11.6

Off4Fit v2.1

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card

PartitionMagic

PDFCreator

pdfforge Toolbar v4.4

PhotoScape

Platform

PowerQuest PartitionMagic 8.0

Puran Defrag Free Edition 7.3

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealUpgrade 1.1

Samsung Kies

Samsung New PC Studio

SAMSUNG USB Driver for Mobile Phones

Skype Toolbars

Skype™ 5.3

SlimDrivers

Smart Defrag 2

Spamihilator 1.0.0 (32 bit)

Spybot - Search & Destroy

SweetIM for Messenger 3.3

swMSM

TweetDeck

UltraISO Premium V9.52

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VDownloader 3.0.721

Ventrilo Client

VIA Gerenciador de dispositivo de plataforma

Wealth-Lab Pro 5.3

WebFldrs XP

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

.

==== End Of File ===========================

LOG GMER

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-08-13 16:28:58

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_HD103SI rev.1AG01118

Running: gmer.exe; Driver: C:\DOCUME~1\Roger\CONFIG~1\Temp\uxtdypob.sys

---- System - GMER 1.0.15 ----

SSDT B9B3E76C

ZwClose

SSDT B9B3E726

ZwCreateKey

SSDT B9B3E776

ZwCreateSection

SSDT B9B3E71C

ZwCreateThread

SSDT B9B3E72B

ZwDeleteKey

SSDT B9B3E735

ZwDeleteValueKey

SSDT B9B3E767

ZwDuplicateObject

SSDT B9B3E73A

ZwLoadKey

SSDT B9B3E708

ZwOpenProcess

SSDT B9B3E70D

ZwOpenThread

SSDT B9B3E78F

ZwQueryValueKey

SSDT B9B3E744

ZwReplaceKey

SSDT B9B3E780

ZwRequestWaitReplyPort

SSDT B9B3E73F

ZwRestoreKey

SSDT B9B3E77B

ZwSetContextThread

SSDT B9B3E785

ZwSetSecurityObject

SSDT B9B3E730

ZwSetValueKey

SSDT B9B3E78A

ZwSystemDebugControl

SSDT B9B3E717

ZwTerminateProcess

INT 0x01 \??\C:\DOCUME~1\Roger\CONFIG~1\Temp\mbr.sys

A939FC42

INT 0x62 ?

8A32ECB8

INT 0x63 ?

8A1C9CB8

INT 0x73 ?

8A32ECB8

INT 0x73 ?

8A32ECB8

INT 0x73 ?

8A1C9CB8

INT 0x73 ?

8A32ECB8

INT 0x82 ?

8A32ECB8

INT 0x83 ?

8A1C9CB8

INT 0xB4 ?

8A1C9CB8

---- Kernel code sections - GMER 1.0.15 ----

.sptd1 C:\WINDOWS\system32\drivers\sptd.sys

entry point in ".sptd1" section [0xF75D0089]

.text USBPORT.SYS!DllUnload

B9D248AC 5 Bytes JMP 8A1C91C8

.text akh75j6y.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7

B9CBA900 48 Bytes JMP F006309A

? C:\WINDOWS\System32\Drivers\akh75j6y.SYS

suspicious PE modification

? C:\DOCUME~1\Roger\CONFIG~1\Temp\mbr.sys

O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\arquivos de programas\real\realplayer\update\realsched.exe[300] kernel32.dll!SetUnhandledExceptionFilter

7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG]

[F74BE232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR]

[F74BD730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR]

[F74BDF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR]

[F74BD730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]

[F74BD914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT atapi.sys[HAL.dll!READ_PORT_USHORT]

[F74BD856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]

[F74BE0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR]

[F74BDF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]

8A1C92F8

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]

[F74D1EA6] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]

8A01C2F8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs

8A32D1E8

Device \FileSystem\Fastfat \FatCdrom

89FAF430

Device \Driver\usbuhci \Device\USBPDO-0

8A1C6430

Device \Driver\usbuhci \Device\USBPDO-1

8A1C6430

Device \Driver\usbuhci \Device\USBPDO-2

8A1C6430

Device \Driver\usbuhci \Device\USBPDO-3

8A1C6430

Device \Driver\PCI_PNP4974 \Device\00000048

sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

Device \Driver\PCI_PNP4974 \Device\00000048

sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

Device \Driver\usbehci \Device\USBPDO-4

8A18C1E8

Device \Driver\Cdrom \Device\CdRom0

8A2911E8

Device \Driver\atapi \Device\Ide\IdePort0

[F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5

[F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1

[F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2

[F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3

[F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10

[F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\Cdrom \Device\CdRom1

8A2911E8

Device \Driver\NetBT \Device\NetBt_Wins_Export

89EEA430

Device \Driver\NetBT \Device\NetbiosSmb

89EEA430

Device \Driver\usbuhci \Device\USBFDO-0

8A1C6430

Device \Driver\NetBT \Device\NetBT_Tcpip_{F6E17C43-6DE2-44E5-82FC-26D1A5F23FE4}

89EEA430

Device \Driver\usbuhci \Device\USBFDO-1

8A1C6430

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver

89EB3430

Device \Driver\usbuhci \Device\USBFDO-2

8A1C6430

Device \Driver\usbuhci \Device\USBFDO-3

8A1C6430

Device \FileSystem\MRxSmb \Device\LanmanRedirector

89EB3430

Device \Driver\usbehci \Device\USBFDO-4

8A18C1E8

Device \Driver\akh75j6y \Device\Scsi\akh75j6y1

8A0191E8

Device \Driver\akh75j6y \Device\Scsi\akh75j6y1Port4Path0Target0Lun0

8A0191E8

Device \FileSystem\Fastfat \Fat

89FAF430

AttachedDevice \FileSystem\Fastfat \Fat

fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs

89F1B430

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0

0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0

0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12

0x57 0xC2 0x0B 0x23 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0

C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12

0x66 0xB4 0xCE 0x77 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0

0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12

0xA9 0xE6 0x23 0x93 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0

0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0

0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12

0x57 0xC2 0x0B 0x23 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0

C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12

0x66 0xB4 0xCE 0x77 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0

0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12

0xA9 0xE6 0x23 0x93 ...

Reg HKLM\SOFTWARE\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Media@100

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Media@111

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media@DiskPrompt

Microsoft's Silverlight Installation [1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media@104

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media@107

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media@106

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Media@111

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media@105

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Media@101

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media@110

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Media@100

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media@DiskPrompt

Microsoft's Silverlight Installation [1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media@102

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Media@101

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Media@102

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media@111

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\425A33BDE5485584E9095A16B9DC5D72\SourceList\Media@DiskPrompt

Microsoft's Silverlight Installation [1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\425A33BDE5485584E9095A16B9DC5D72\SourceList\Media@101

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Media@104

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\44D51B2A7D3B696448850A89C682FA0D\SourceList\Media@DiskPrompt

Microsoft's Silverlight Installation [1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\44D51B2A7D3B696448850A89C682FA0D\SourceList\Media@100

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media@101

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media@100

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media@104

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009014\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009014\SourceList\Media@100

DISK10;Please browse to the Adobe Reader installer.

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009024\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009024\SourceList\Media@101

DISK6;Please browse to the Adobe Reader installer.

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009034\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009034\SourceList\Media@102

DISK12;Please browse to the Adobe Reader installer.

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009044\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009044\SourceList\Media@103

DISK13;Please browse to the Adobe Reader installer.

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009054\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009054\SourceList\Media@104

DISK7;Please browse to the Adobe Reader installer.

Reg HKLM\SOFTWARE\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media@108

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Media@107

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Media@109

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media@110

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media@112

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Media@103

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\BB3686E2280450B3BBC202FE614DDB28\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\BB3686E2280450B3BBC202FE614DDB28\SourceList\Media@111

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media@103

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media@109

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media@102

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Media@108

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Media@110

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Media@106

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Media@105

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media@DiskPrompt

Microsoft's Silverlight Installation [1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media@103

;

Reg HKLM\SOFTWARE\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media@114

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\059103D1F2AE2884A90A9464776548A2\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\059103D1F2AE2884A90A9464776548A2\SourceList\Media@1

DISK1;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\080E7FFA4791FB54390101EDA1F1E50D\SourceList\Media@1

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@100

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@101

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@102

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@103

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@104

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@105

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@106

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@107

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@108

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media@109

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\38C64C5B95FCF5A4DA59EA2DD40BD700\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\38C64C5B95FCF5A4DA59EA2DD40BD700\SourceList\Media@1

DISK1;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@1

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@2

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@3

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@4

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@5

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@6

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@7

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@8

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@9

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@10

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media@11

;Microsoft Visual C++ 2005 Redistributable [Disk 1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\53F25BCB65C42F943A6DDFDE450B8174\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\53F25BCB65C42F943A6DDFDE450B8174\SourceList\Media@1

DISK1;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\578FDA89F84637E3F8B310C042469C84\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\5C1093C35543A0E32A41B090A305076A\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\6099BB8A816EA6041B163738FA4FC693\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\6099BB8A816EA6041B163738FA4FC693\SourceList\Media@1

DISK1;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\68AB67CA7DA76401B7449A0400000010\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\68AB67CA7DA76401B7449A0400000010\SourceList\Media@1

DISK1;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\6D4B2154146D9AC4BB9115B232DD57DB\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\6D4B2154146D9AC4BB9115B232DD57DB\SourceList\Media@1

DISK1;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\75751A024EA428C3791168C348FA6EAA\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media@DiskPrompt

Microsoft's Silverlight Installation [1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media@1

;1

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@DiskPrompt

[1]

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@1

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@100

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@101

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@102

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@103

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@104

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@105

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@106

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@107

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media@108

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\F3C3B613A5B63CBD3189BF6E41CEAC7A\SourceList\Media@1

;

Reg HKLM\SOFTWARE\Classes\Installer\Products\FCDAC0A0AD874C333A05DC1548B97920\SourceList\Media@1

;1

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@5fdc82699b860b11598f396787c0ea2b4f16c19c

sEubOqVHlZTSmMUXsm+x6A==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@a45189f50151665fc80d5a78c00e8d1835619f13

NlI20gq7+A2WKB2rXf8atphyzyFy52Wj1pblYu2n+kMwBWtOfzS9ir7O+qtxhSAeU/ewV2q2tiJVnyD2Mm8m68qZdmcjJh7CYe05E6AltPZahTUg1MgSNETi//DufWqNQ8fu3ma1bsFZtPz/

9zQDLUo9ZN76zZx5t29aOqEOXoALY+zzpZNHbJZLacoKqG3SuFTNsJZ7giMjG5VyzQXvWYFWCLypkDhSkzvtqxuKM+zLZU88bV9xjZ7XOeNojBdB0I8EgmxdZzxPiCD8SK2RvQCgmIYBT1Sa

bbUA9ANqpf2GyV6NMcyuWTEj80KC4PAr3TlXcPFt1FCPTG/Dxivh4Y/9N/npC8z+i3L1VwPQw/l01vZ9v1aHdzDCkxs+4D1O2smfjv49VH6ADtkOqxsAMaH6PkON2oYXFAVFhWmJG9mdiPsE

cYw/nYNVBkYsa1i7qNW1Jt5OTewDHxRgkRhfdIEQrXTupcjNZjJVEujOrb14RAzt0/5CZ4S75c/2Dzaxkdx7grWoYcr8t/R/q36y+OvIObNO28+CZwgue+jIumRk08Ys4M9XOGXzNOdnOlap

/ksTc4+f9subIF5uRMlNq4/ywpX4M4ClhWVWm5T6Yc6HT6CFUY0g21j2ZAAS5PCqpUH0DxmHyVstR5ffEiFuR5v1uXrnzpDJUGYWNB7e6W9x7hgCOS77YKrP0eK7zt+4/RnexgklyMBsqcDl

DtktB2RkEdDKIq+o98gvpM7dm2flFRXNUR6oqBX5le8jsQNTLrdhmBLDVAdKC/QXTCDlcejZX4uxXc+NUmhNsPeWN1Ok/HNoc94qkaEz1FsmQeX+XBAd2Vv3UzhDWYoYBb/D5tr18yBgq0fR

wyyNmnzyYia/xvPiWyMrkaCtwTnde62stGOYKomyMwGz89MDPH5E4V+fWKeOJOUpYjXbdxB7mlYVh6Z/NKk2u16oCM6wQYishFTlG3geMat6fKTtIMF5t5QQ1+d4PjF6gJSYvrrHfp/XL079

i4RDwooSEySzKTS

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@8221c1ffcd0256dca703f503b60aa803356dcf30

nzxeD9QjxLoHBq8PZynzIA==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@b5e8b3a0e9e20518a2041cdbb820011166de81d9

Aa8t2ocI8D44lv6OY8gwNg==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@04b6aa946161c9d04094d1442301a25428f27a3a

EmbfQNz9SQQpY2YKxZQYFkM/0QdjyatEjdV/SblMyrA=

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@efbf59ec1aaead98f8f7d6a44776f74b2ff94a4e

4oM9vWlFi0OmHSLZwu1uPw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76@43669315fa898b45c0cc721870405187f9bea943

m5rJjHrbIe/2HFkQ+g7fFQ==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\1ea8136ab0bca233881fe189b56fbebcbe87dbee@5fdc82699b860b11598f396787c0ea2b4f16c19c

r3D8fZxvvcP55LWTbOIMsw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\1ea8136ab0bca233881fe189b56fbebcbe87dbee@a45189f50151665fc80d5a78c00e8d1835619f13

SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fue

bQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0

F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUf

zNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xY

gjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3l

FuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfX

QuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkot

OvHU3+wpsmG9C3a

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\1ea8136ab0bca233881fe189b56fbebcbe87dbee@2fad5f53199884d0865e151a03b788252dd1cb6e

GH3FJYh+0+MolqoYgDEt+Q==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\2ae3ee540f55820e00723b823a4729d88b7376b3@5fdc82699b860b11598f396787c0ea2b4f16c19c

r3D8fZxvvcP55LWTbOIMsw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\2ae3ee540f55820e00723b823a4729d88b7376b3@a45189f50151665fc80d5a78c00e8d1835619f13

SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fue

bQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0

F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUf

zNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xY

gjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3l

FuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfX

QuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkot

OvHU3+wpsmG9C3a

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\2af4c803041bfda3bf7d660a249247cdd6093234@5fdc82699b860b11598f396787c0ea2b4f16c19c

r3D8fZxvvcP55LWTbOIMsw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\2af4c803041bfda3bf7d660a249247cdd6093234@a45189f50151665fc80d5a78c00e8d1835619f13

SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fue

bQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0

F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUf

zNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xY

gjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3l

FuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfX

QuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkot

OvHU3+wpsmG9C3a

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\60cea44417def7767e8151575f2e2599733f7d3f@38baf5baccb22a67777e56ac134f85253a39f2eb

NtgEm9xFwPr/fd+iQYLWww==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\9e123503f6719532bee4024e8d2669e3e269abbd@5fdc82699b860b11598f396787c0ea2b4f16c19c

r3D8fZxvvcP55LWTbOIMsw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\9e123503f6719532bee4024e8d2669e3e269abbd@a45189f50151665fc80d5a78c00e8d1835619f13

SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fue

bQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0

F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUf

zNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xY

gjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3l

FuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfX

QuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkot

OvHU3+wpsmG9C3a

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\a4eef174f2ede8e90cfc4755c428c91c663289a7@5fdc82699b860b11598f396787c0ea2b4f16c19c

r3D8fZxvvcP55LWTbOIMsw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\a4eef174f2ede8e90cfc4755c428c91c663289a7@a45189f50151665fc80d5a78c00e8d1835619f13

SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fue

bQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0

F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUf

zNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xY

gjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3l

FuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfX

QuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkot

OvHU3+wpsmG9C3a

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\fe6d551ddf7c9957d3c43daa97ae70e6ed4c8ffc@5fdc82699b860b11598f396787c0ea2b4f16c19c

r3D8fZxvvcP55LWTbOIMsw==

Reg

HKCU\Software\Microsoft\Windows\CurrentVersion\C00l\fe6d551ddf7c9957d3c43daa97ae70e6ed4c8ffc@a45189f50151665fc80d5a78c00e8d1835619f13

SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fue

bQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0

F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUf

zNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xY

gjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3l

FuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfX

QuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkot

OvHU3+wpsmG9C3a

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato,

A situação esta pior. Agora além de desligar o PC esta hyper lento, para você ter uma ideia antes eu descompactava alguns arquivos (11 arquivos com o tamanho de 800kb cada) em no máximo 5 minutos agora precisa de quase 3 horas.

Segue os logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Roger at 20:02:19 on 2012-08-17

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2820 [GMT -3:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\wscntfy.exe

svchost.exe

C:\WINDOWS\system32\igfxsrvc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=111304&tt=3212_7&babsrc=NT_ss&mntrId=fc790c76000000000000002511b88c65

uSearch Page =

uSearch Bar =

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [TkBellExe] "c:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

mRun: [<NO NAME>]

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: Add to AMV Convert Tool...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1318846091609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

TCP: Interfaces\{F6E17C43-6DE2-44E5-82FC-26D1A5F23FE4} : DhcpNameServer = 200.204.0.10 200.204.0.138

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquiv~1\micros~2\office12\GR99D3~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquiv~1\micros~2\office12\GRA8E1~1.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\roger\dados de aplicativos\mozilla\firefox\profiles\k5d27q9g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111304&tt=3212_7&babsrc=NT_ss&mntrId=fc790c76000000000000002511b88c65

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=

FF - component: c:\arquivos de programas\arquivos comuns\spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: c:\documents and settings\roger\dados de aplicativos\mozilla\firefox\profiles\k5d27q9g.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\arquivos de programas\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\arquivos de programas\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\arquivos de programas\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\roger\dados de aplicativos\mozilla\firefox\profiles\k5d27q9g.default\extensions\{e0301295-ab3e-4af3-979f-3d453c5f9f48}\plugins\np-mswmp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3212_7

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - fc790c76000000000000002511b88c65

FF - user.js: extensions.BabylonToolbar.instlDay - 15561

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.612:12:10

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-11 13496]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-23 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2011-10-23 86224]

R2 AntiVirService;Avira Realtime Protection;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2011-10-23 110032]

R2 AntiVirWebService;Avira Web Protection;c:\arquivos de programas\avira\antivir desktop\avwebgrd.exe [2011-10-23 465360]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-23 83392]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\logmein\x86\LMIGuardianSvc.exe [2011-6-8 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-7-6 47640]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-6-12 2127728]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-2-6 30312]

S3 BTCFilterService;USB Networking Driver Filter Service; [x]

S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\drivers\genbus.sys --> c:\windows\system32\drivers\GenBus.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-12-11 36608]

S3 motccgp;Motorola USB Composite Device Driver; [x]

S3 motccgpfl;MotCcgpFlService; [x]

S3 Motousbnet;Motorola USB Networking Driver Service; [x]

S3 motport;Motorola USB Diagnostic Port; [x]

S3 motusbdevice;Motorola USB Dev Driver; [x]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]

S3 NUS_Bus;Network USB Server Bus;c:\windows\system32\drivers\nus_bus.sys --> c:\windows\system32\drivers\NUS_Bus.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-6 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-6 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-6 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-2-6 114280]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-12-13 12984]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250056]

S4 CDMA Device Service;CDMA Device Service;c:\arquivos de programas\samsung\usb drivers\26_via_driver2\x86\VIAService.exe [2011-9-14 63488]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-12-11 238952]

S4 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2011-4-10 136176]

S4 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\google\update\GoogleUpdate.exe [2011-4-10 136176]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2011-7-11 229376]

.

=============== Created Last 30 ================

.

2012-08-14 08:42:13 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-08-12 14:18:19 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-08-12 14:18:19 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-08-12 14:18:19 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-08-12 14:18:19 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-08-10 11:50:18 -------- d-----w- C:\HijackThis

2012-08-09 21:52:07 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\AskToolbar

2012-08-09 21:49:30 -------- d-----w- c:\arquivos de programas\Ask.com

2012-08-09 15:12:14 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\BabylonToolbar

2012-08-09 15:12:12 -------- d-----w- c:\arquivos de programas\BabylonToolbar

2012-08-09 15:11:55 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\Babylon

2012-08-09 15:11:55 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Babylon

2012-08-09 15:11:49 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2012-08-09 15:11:48 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-08-09 15:11:48 -------- d-----w- c:\arquivos de programas\PDFCreator 2012

2012-08-07 22:36:19 81920 ----a-w- c:\windows\system32\pdfcmon.dll

2012-08-07 11:47:35 -------- d-----w- C:\LinhaDefensiva

2012-08-05 16:26:24 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\wtxpcom

2012-08-05 14:10:25 -------- d-----w- c:\arquivos de programas\PDFCreator

2012-07-29 00:43:40 -------- d-----w- c:\arquivos de programas\CDex

2012-07-24 14:51:56 -------- d-----w- c:\documents and settings\roger\dados de aplicativos\TightVNC

.

==================== Find3M ====================

.

2012-07-29 12:10:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-29 12:10:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 15:33:38 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-11 15:33:37 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-07-11 15:33:36 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-11 15:33:35 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-06-27 11:39:33 60304 ----a-w- c:\documents and settings\roger\g2mdlhlpx.exe

2012-06-26 07:02:40 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 07:02:38 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-06-01 15:29:25 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2012-06-01 15:29:22 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2012-06-01 01:10:10 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 01:10:10 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-01-26 12:11:08 444283 ----a-w- c:\arquivos de programas\arquivos comuns\WinPcapNmap.exe

.

============= FINISH: 20:03:16,98 ===============

Log attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/6/2010 07:38:27

System Uptime: 17/8/2012 09:22:25 (11 hours ago)

.

Motherboard: DIGITRON | | G31T-M7

Processor: Processador Intel Pentium III Xeon | CPU 1 | 2660/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 195 GiB total, 145,674 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 340,55 GiB free.

E: is FIXED (NTFS) - 736 GiB total, 386,944 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

abgx360 v1.0.2

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.7 - Português

Adobe Reader 9.5.1 - Português

Adobe Shockwave Player 11.6

Arquivo do WinRAR

Ashampoo Burning Studio 2009

Ask Toolbar

µTorrent

Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB923789)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB982632)

Avira Free Antivirus

Avira SearchFree Toolbar plus Web Protection Updater

Babylon toolbar on IE

BabylonObjectInstaller

BS.Player FREE

Camtasia Studio 6

CCleaner

CDex - Open Source Digital Audio CD Extractor

Cisco WebEx Meetings

Cool Timer 3.6

CoolSMS 2.06 beta

CrossLoop 2.82

DAEMON Tools Lite

DVD Decrypter (Remove Only)

EasyRecovery Professional

Facebook Video Calling 1.2.0.159

FormatFactory 2.80

Freeware PDF Unlocker

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToMeeting 5.2.0.952

HijackThis 1.99.1

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Graphics Media Accelerator Driver

IObit Toolbar v4.5

Java Auto Updater

Java 6 Update 26

LogMeIn

Loudtalks Lite 1.8.0.0

MetaTrader 4.00

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office 2007 Custom UI Editor

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mobile Partner

MotoHelper MergeModules

Mozilla Firefox 14.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MyFreeCodec

Nelogica ProfitChart RT

Nexus 11.6

Off4Fit v2.1

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

Pacote de Provedor de Serviços de Criptografia para o Microsoft Base Smart Card

PartitionMagic

PDFCreator

pdfforge Toolbar v4.4

PhotoScape

Platform

PowerQuest PartitionMagic 8.0

Puran Defrag Free Edition 7.3

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealUpgrade 1.1

Samsung Kies

Samsung New PC Studio

SAMSUNG USB Driver for Mobile Phones

Skype Toolbars

Skype™ 5.3

SlimDrivers

Smart Defrag 2

Spamihilator 1.0.0 (32 bit)

Spybot - Search & Destroy

SweetIM for Messenger 3.3

swMSM

TweetDeck

UltraISO Premium V9.52

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VDownloader 3.0.721

Ventrilo Client

VIA Gerenciador de dispositivo de plataforma

Wealth-Lab Pro 5.3

WebFldrs XP

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

.

==== End Of File ===========================

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Já verificou qual processo tem consumido mais processamento?

O computador desliga ou reinicia sozinho? Já considerou problemas de super aquecimento? Isso pode causar os sintomas mencionados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O problema do PC desligar sozinho e ter dificuldades em ligar eu já resolvi.

Tinha uma porta SATA que estava sem o conector, (não sei como isto foi acontecer) e os filetes da conexão estavam um sobreposto ao outro provavelmente causando algum tipo de curto circuito, eu os separei e parou o problema de desligar e ter dificuldades em ligar.

Tomei a liberdade de passar o COmbo.fix, por favor verifique pois o PC continua lento.

ComboFix 12-08-22.01 - Roger 23/08/2012 15:07.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3318.2697 [GMT -3:00]

Executando de: c:\documents and settings\Roger\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Roger\CONFIG~1\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll

c:\documents and settings\Roger\Configurações locais\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll

c:\documents and settings\Roger\Dados de aplicativos\PriceGong

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\1.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\2229.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\2355.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\a.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\b.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\c.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\d.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\e.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\f.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\g.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\h.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\i.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\j.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\k.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\l.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\m.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\mru.xml

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\n.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\o.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\p.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\q.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\r.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\s.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\t.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\u.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\v.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\w.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\wlu.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\x.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\y.txt

c:\documents and settings\Roger\Dados de aplicativos\PriceGong\Data\z.txt

c:\documents and settings\Roger\Dados de aplicativos\Toolbar4

c:\documents and settings\Roger\g2mdlhlpx.exe

c:\documents and settings\Roger\WINDOWS

c:\windows\Mplayer.exe

c:\windows\system32\ccrpTmr6.dll

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\muzapp.exe

c:\windows\system32\SET2B3.tmp

c:\windows\system32\SET2B8.tmp

c:\windows\system32\SET308.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-22 to 2012-08-22 ))))))))))))))))))))))))))))

.

.

2012-08-21 12:16 . 2012-08-21 12:16 -------- d-----w- c:\arquivos de programas\VS Revo Group

2012-08-14 08:42 . 2012-08-14 08:42 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-08-14 04:12 . 2012-08-14 04:12 -------- d-----w- c:\documents and settings\Administrador

2012-08-12 14:18 . 2008-04-14 02:20 159232 ----a-w- c:\windows\system32\ptpusd.dll

2012-08-12 14:18 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2012-08-12 14:18 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2012-08-12 14:18 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2012-08-10 11:50 . 2012-08-14 08:09 -------- d-----w- C:\HijackThis

2012-08-09 21:49 . 2012-08-09 21:49 -------- d-----w- c:\documents and settings\Roger\Configurações locais\Dados de aplicativos\APN

2012-08-09 15:12 . 2012-08-09 15:12 304 ----a-w- C:\user.js

2012-08-09 15:11 . 2012-08-09 15:11 -------- d-----w- c:\documents and settings\Roger\Dados de aplicativos\Babylon

2012-08-09 15:11 . 2012-08-09 15:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2012-08-09 15:11 . 2012-05-05 14:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX

2012-08-09 15:11 . 2012-08-09 15:12 -------- d-----w- c:\arquivos de programas\PDFCreator 2012

2012-08-09 15:11 . 2012-05-05 14:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2012-08-07 22:36 . 2012-06-30 11:46 81920 ----a-w- c:\windows\system32\pdfcmon.dll

2012-08-07 11:47 . 2012-08-07 11:48 -------- d-----w- C:\LinhaDefensiva

2012-08-05 16:26 . 2012-08-05 16:26 -------- d-----w- c:\documents and settings\Roger\Dados de aplicativos\wtxpcom

2012-08-05 14:10 . 2012-08-09 15:10 -------- d-----w- c:\arquivos de programas\PDFCreator

2012-08-02 18:42 . 2012-08-07 22:24 -------- d-----r- c:\documents and settings\NetworkService\Meus documentos

2012-07-29 00:43 . 2012-07-29 00:47 -------- d-----w- c:\arquivos de programas\CDex

2012-07-24 14:51 . 2012-07-24 14:51 -------- d-----w- c:\documents and settings\Roger\Dados de aplicativos\TightVNC

2012-07-24 14:51 . 2012-07-24 14:51 -------- d-----w- c:\documents and settings\Roger\Configurações locais\Dados de aplicativos\CrossLoop

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-29 12:10 . 2012-03-30 12:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-29 12:10 . 2011-05-18 09:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-11 15:33 . 2011-07-06 12:31 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-11 15:33 . 2011-07-06 12:31 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-07-11 15:33 . 2011-07-06 12:31 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-11 15:33 . 2011-07-06 12:31 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-06-26 07:02 . 2011-07-26 20:26 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 07:02 . 2011-07-26 20:26 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-06-01 15:29 . 2011-07-06 12:31 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2012-06-01 15:29 . 2010-08-01 11:42 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2012-06-01 01:10 . 2012-06-01 01:10 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-01 01:10 . 2012-06-01 01:10 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-01-26 12:11 . 2010-11-21 00:18 444283 ----a-w- c:\arquivos de programas\Arquivos comuns\WinPcapNmap.exe

2012-07-20 05:58 . 2011-05-06 19:46 136672 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"KiesPDLR"="c:\arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]

"KiesPreload"="c:\arquivos de programas\Samsung\Kies\Kies.exe" [2012-08-07 960440]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]

"TkBellExe"="c:\arquivos de programas\real\realplayer\update\realsched.exe" [2012-06-01 296056]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-07-11 15:33 87456 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Roger^Menu Iniciar^Programas^Inicializar^Spamihilator.lnk]

path=c:\documents and settings\Roger\Menu Iniciar\Programas\Inicializar\Spamihilator.lnk

backup=c:\windows\pss\Spamihilator.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2010-07-04 21:13 95576 ----a-w- c:\arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:20 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2012-04-17 15:19 3671872 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2000-01-01 00:00 40983152 ----a-w- c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2000-01-01 00:00 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2000-01-01 00:00 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2012-08-07 05:25 21432 ----a-w- c:\arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2012-08-07 05:25 960440 ----a-w- c:\arquivos de programas\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2012-08-07 05:25 3524536 ----a-w- c:\arquivos de programas\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2011-01-11 22:04 63048 ----a-w- c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Loudtalks]

2011-09-21 15:04 3006464 ----a-w- c:\arquivos de programas\Loudtalks Lite\Loudtalks.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2000-01-01 00:00 142360 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 18:02 15141768 ----a-r- c:\arquivos de programas\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimDrivers]

2011-12-12 14:53 27481952 ----a-w- c:\arquivos de programas\SlimDrivers\SlimDrivers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 15:59 254696 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-06-01 01:10 296056 ----a-w- c:\arquivos de programas\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-05-26 14:30 880496 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ose"=3 (0x3)

"odserv"=3 (0x3)

"Microsoft Office Groove Audit Service"=3 (0x3)

"MDM"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"idsvc"=3 (0x3)

"LMIMaint"=2 (0x2)

"LogMeIn"=2 (0x2)

"gupdatem"=3 (0x3)

"gupdate"=2 (0x2)

"Application Updater"=2 (0x2)

"IMFservice"=2 (0x2)

"FsUsbExService"=2 (0x2)

"CDMA Device Service"=2 (0x2)

"AdvancedSystemCareService"=2 (0x2)

"AdobeFlashPlayerUpdateSvc"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Arquivos de programas\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Spamihilator\\spamihilator.exe"=

"c:\\Arquivos de programas\\Spamihilator\\cdcc.exe"=

"c:\\Arquivos de programas\\Spamihilator\\dccproc.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\LogMeIn\\x86\\LogMeInToolkit.exe"=

"c:\\Documents and Settings\\Roger\\Configurações locais\\Dados de aplicativos\\CrossLoop\\vncviewer.exe"=

"c:\\Documents and Settings\\Roger\\Configurações locais\\Dados de aplicativos\\CrossLoop\\tvnserver.exe"=

"c:\\Documents and Settings\\Roger\\Configurações locais\\Dados de aplicativos\\CrossLoop\\CrossLoopConnect.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"62721:TCP"= 62721:TCP:Ut

"62721:UDP"= 62721:UDP:UT2

"5910:TCP"= 5910:TCP:vnc5910

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23/10/2011 16:39 36000]

R2 AntiVirSchedulerService;Avira Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [23/10/2011 16:39 86224]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\arquivos de programas\LogMeIn\x86\LMIGuardianSvc.exe [8/6/2011 13:04 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\arquivos de programas\LogMeIn\x86\rainfo.sys [11/1/2011 19:04 12856]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [12/6/2010 08:32 2127728]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [6/2/2012 19:15 30312]

S3 BTCFilterService;USB Networking Driver Filter Service; [x]

S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys --> c:\windows\system32\DRIVERS\GenBus.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [11/12/2011 08:22 36608]

S3 motccgp;Motorola USB Composite Device Driver; [x]

S3 motccgpfl;MotCcgpFlService; [x]

S3 Motousbnet;Motorola USB Networking Driver Service; [x]

S3 motport;Motorola USB Diagnostic Port; [x]

S3 motusbdevice;Motorola USB Dev Driver; [x]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [26/4/2012 17:58 113120]

S3 NUS_Bus;Network USB Server Bus;c:\windows\system32\DRIVERS\NUS_Bus.sys --> c:\windows\system32\DRIVERS\NUS_Bus.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [6/2/2012 19:15 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [6/2/2012 19:15 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [6/2/2012 19:15 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [6/2/2012 19:15 114280]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [13/12/2011 07:48 12984]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/3/2012 09:38 250056]

S4 CDMA Device Service;CDMA Device Service;c:\arquivos de programas\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [14/9/2011 15:35 63488]

S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [11/12/2011 08:22 238952]

S4 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/4/2011 11:32 136176]

S4 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [10/4/2011 11:32 136176]

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [11/7/2011 00:05 229376]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:10]

.

2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-04-10 14:32]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2011-04-10 14:32]

.

2012-08-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1897051121-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]

.

2012-08-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1708537768-1897051121-682003330-1003.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2012-04-30 21:21]

.

2012-08-22 c:\windows\Tasks\User_Feed_Synchronization-{CCEC3744-29F0-4BC3-A73D-8824CB2C5DD5}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.babylon.com/?affID=111304&tt=3212_7&babsrc=NT_ss&mntrId=fc790c76000000000000002511b88c65

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Add to AMV Convert Tool...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file

TCP: DhcpNameServer = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\documents and settings\Roger\Dados de aplicativos\Mozilla\Firefox\Profiles\k5d27q9g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111304&tt=3212_7&babsrc=NT_ss&mntrId=fc790c76000000000000002511b88c65

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3212_7

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=

FF - user.js: extensions.BabylonToolbar.id - fc790c76000000000000002511b88c65

FF - user.js: extensions.BabylonToolbar.instlDay - 15561

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.612:12

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Advanced SystemCare 4 - c:\arquivos de programas\IObit\Advanced SystemCare 4\ASCTray.exe

MSConfigStartUp-Facebook Update - c:\documents and settings\Roger\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe

MSConfigStartUp-KiesHelper - c:\arquivos de programas\Samsung\Kies\KiesHelper.exe

MSConfigStartUp-RamBooster - c:\arquivos de programas\RamBooster 2.0\Rambooster.exe

MSConfigStartUp-SearchSettings - c:\arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe

MSConfigStartUp-SweetIM - c:\arquivos de programas\SweetIM\Messenger\SweetIM.exe

MSConfigStartUp-WheelMouse - c:\arquivos de programas\Trust\GM-4600 Gamer Mouse\Amoumain.exe

AddRemove-01_Simmental - c:\arquivos de programas\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\arquivos de programas\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\arquivos de programas\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\arquivos de programas\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\arquivos de programas\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\arquivos de programas\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\arquivos de programas\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\arquivos de programas\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\arquivos de programas\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\arquivos de programas\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\arquivos de programas\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\arquivos de programas\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\arquivos de programas\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\arquivos de programas\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\arquivos de programas\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\arquivos de programas\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\arquivos de programas\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\arquivos de programas\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\arquivos de programas\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\arquivos de programas\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\arquivos de programas\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-26_VIA_driver2 - c:\arquivos de programas\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe

AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\arquivos de programas\Ask.com\Updater\Updater.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-22 09:45

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Google\Update\Clients]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Google\Update\ClientState]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Google\Update\network]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Google\Update\proxy]

@DACL=(02 0000)

"source"="auto"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Google\Update\UsageStats]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Installer\Products\2ECE3DEDBE3933E4DB55EAA5F15926A7\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/FullScreenBottomLayout.wsz]

@DACL=(02 0000)

"Prefs"="TrackTimeFormat;0"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin.wsz]

@DACL=(02 0000)

"Prefs"="mute;False"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/MainAppSkin2.wsz]

@DACL=(02 0000)

"Prefs"="TrackTimeFormat;0"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\MediaPlayer\Player\Skins\res://wmploc/RT_TEXT/wmpdxm.wsz]

@DACL=(02 0000)

"Prefs"="debug;Not Rocking Onward"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\17b3665d45a538ddee43205938d31d6104eb6f76]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="sEubOqVHlZTSmMUXsm+x6A=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="NlI20gq7+A2WKB2rXf8atphyzyFy52Wj1pblYu2n+kMwBWtOfzS9ir7O+qtxhSAeU/ewV2q2tiJVnyD2Mm8m68qZdmcjJh7CYe05E6AltPZahTUg1MgSNETi//DufWqNQ8fu3ma1bsFZtPz/9zQDLUo9ZN76zZx5t29aOqEOXoALY+zzpZNHbJZLacoKqG3SuFTNsJZ7giMjG5VyzQXvWYFWCLypkDhSkzvtqxuKM+zLZU88bV9xjZ7XOeNojBdB0I8EgmxdZzxPiCD8SK2RvQCgmIYBT1SabbUA9ANqpf2GyV6NMcyuWTEj80KC4PAr3TlXcPFt1FCPTG/Dxivh4Y/9N/npC8z+i3L1VwPQw/l01vZ9v1aHdzDCkxs+4D1O2smfjv49VH6ADtkOqxsAMaH6PkON2oYXFAVFhWmJG9mdiPsEcYw/nYNVBkYsa1i7qNW1Jt5OTewDHxRgkRhfdIEQrXTupcjNZjJVEujOrb14RAzt0/5CZ4S75c/2Dzaxkdx7grWoYcr8t/R/q36y+OvIObNO28+CZwgue+jIumRk08Ys4M9XOGXzNOdnOlap/ksTc4+f9subIF5uRMlNq4/ywpX4M4ClhWVWm5T6Yc6HT6CFUY0g21j2ZAAS5PCqpUH0DxmHyVstR5ffEiFuR5v1uXrnzpDJUGYWNB7e6W9x7hgCOS77YKrP0eK7zt+4/RnexgklyMBsqcDlDtktB2RkEdDKIq+o98gvpM7dm2flFRXNUR6oqBX5le8jsQNTLrdhmBLDVAdKC/QXTCDlcejZX4uxXc+NUmhNsPeWN1Ok/HNoc94qkaEz1FsmQeX+XBAd2Vv3UzhDWYoYBb/D5tr18yBgq0fRwyyNmnzyYia/xvPiWyMrkaCtwTnde62stGOYKomyMwGz89MDPH5E4V+fWKeOJOUpYjXbdxB7mlYVh6Z/NKk2u16oCM6wQYishFTlG3geMat6fKTtIMF5t5QQ1+d4PjF6gJSYvrrHfp/XL079i4RDwooSEySzKTS2byyH7NBG+7FfN0gRE2aP7BMsYeloBSZy3/yr82tafcKA5e0j9mMA6kBM9bELdN3cNrDqEB9YOHREaFuVxWfV+LktImjhQbTdTEBmB4t7jDA9S5n895qY5gklwb1vd+WzRd4H5fxfvC2/xkhahoHryYQ7S17lbXZtmzghwUH81StHP2+pyI4VHMiKzYt20JR7kITx5xdHXUpca2GduCZ45wgp7XQPjpH4pYgtAw8UWd+kx/c8CfieWFxclobpVW6DJWkJrJIFm/uaevkv2+RPtLFMuh8tWTiYiXSfX/jbEXMnaFk6IPfnDgdlXS/3qjzzeQURvmmrcs8uC39mPWw4fq3iR0peI++Iw/LsRElEEUETPCDP3r6/IoGnC16tuNzTQDFoe9lsKvZfIbeGHBeeJsqJyjN9lRChf3MXnaccxMWrldi4fE3o7nblK8n4w6HynjO0ceYO6/i2RVyfisFrh2PdV2zP58kYYBRZ2IXTWUKIJff1tI422i07a7BEC9FM9tGYqiZT6UjZDLMeIy1dVX6wuwg5PNtESLYoLczs+5feGoDN3+jD5DkvAQ2zjJ25xYOZLw3Zgk4e0UalFiFdQH9AHi2iCxjpGjND2kePm10C7fMNea0A3w29zegD8rcDFifaNpLtx9Ts6LO2aOS+ZQhVYtr4B9oM8G0ROHe7bNzrziec5EmGuMAR84v6r5zpQbmlQFUHBmzGvz0wjwbFMvHEZUN35p7LnK1O22pG+txl+s4vB9T6G3p4S00nte6OgPZgossZL12a9jub8BuNGiRGXgPKMzGzqK470IwZLxgyeTmn2qfXXmPSPL0H56RYPHp+8Cjvx8k4EnumizJ1RUmHD5FoIdN/UgTo5T9KaCltDQBzj5j09zTxyUEHUsyfoXy4+MPTzDllu6AO6zZumUINc+TBBirML7PRdNOZ4b+9Ng7djS84Opmt5PBTIkd+a2ibzZmLUddiy3i3mOoBPAbml1N4QohB9LYEznasuaPfZxkImoyN7sGl1ptvLSIvK85rwFRhsnwmUfs4EPziTSq6fi1RWtfWgDcB0U6pUecmpG/bpO4cX9agRm5sunATidRwv2VRK4N3UUZrkPFnURlsSr6BH1cNIzfT8z3keYucFqVWm4fzbNDw9nL0sVBQHws8vxlvzIhhHSpa2hkmkPAroOL5LqyOtk7A65ioP8emTrJm3spI6R/2OiBtajdfKnfV4ic/7rPlXBGq7mrQZ8Fs3wjxafi9TrPxCj0ZnlwDmvaYEmYLcGuNUSq4thBW0gEiWhry9QVn2aX/kXhGJdp5srT/oLV8x1u6Foiko3PXcBWvcTHXu/6EZndxPtKP6t++wrBJYefnpOAuI+xT89UAsoHZYng9er26IkJhefYTZ9EQyLP6X1I+CnhPS2PA7tyvssN8cQnRe7f/L1+Ogi4Sep6bixLMH5t4BXgu2DI09gVlQk8NJcrIxblJK5QMGuZwpUp9joJxjIJI/udz3ALI7DdvIwK5WxP8LrAC7+Jy88UlHBZdmEgUgaIvHwgrgGZ4kZ4PJnlpyLLxGaKwc+BWMwGHF7SYKe8Z+oCBvCtFvA9om1v8qNYnik3Gfd+fGLQx6RY8NgZTyBaKQ/CcDv+QJ/c+OQsLuJFxV7oKO65Q+E3XdjU+P09lVfmOyk96uMzObXVNA6xjScg16ffxdGlWSqkksEhkmuGg+iiULHXBdy61Jt3/lRsca0Dc0xqpeT0E1LqWGfPeawn14TLpvNKFzRf08MF/g2Oxi5ZWv+t9brh27iRvSkkvJo10cGrmTxk9Veb1+Gu3uPvtNzpxmIjAgtf+IkmdZStMMVoZ+az1ZlQc4eCADG4Wsk3R9vSlZPMIt2viYVnIOM/1dqwkLcVwHYHq5c6cDAFMttXWfBixoIH4BimXWGCO2qSXfOu9OmonnC5MlmdII7cf/TBZSsXDz6ufsWEOgf4kp+Arnik2KgdFxdeu4JErocbU2znz8fF7bl1SOKbY83pZn14Z7Is/uqc+6BBuZSfuCNTnzqgixIPVBKWobYsAcZaNv3/uR/Hm42W27lKtsSHOvX/k0Bss2ag5/E/tjbghHfJfl/dwd8wK4fK6T5H+P3OwpZuDskmtRgK3mcAXTICYAFz27uo5EQE/Swws61jNZEp/bfBOcjK1PqnGIGNll0HWg7SEgRJpJ+qtXTdmGsY7x0hO/5wjSXU3pqGG/ftK+hDbalL9NTShR+R18Jalk+M5cnJ6OPxEptxjf72dchoTTCs5ikAqFmH8IsUP1ZXAjeg/D7XSYzGn1kGpBohoH6P5XvmP5Knt4/FE6bfvKvBSrGnq6//4zwLXFeZ1CNmnt6rSNhrC9J+Qce674rTx7opWCTeG+DDy5Al9oDC4VMT/NwU4yr/PY2F+CsrMTck5de+X+cf8fzyPO0+jxdPHOqvKk9TayWCDwntv0tjWoCUUPbHCl0Hvz0pnf/p62y+869gU+ESc7vu3JUoBlr1E263YHnXGkfCxsGHNRNEqDv9+xScOeckBTdD42ve2E+U96t6G12pOvdpC1TSc7G2/FktyZZsWuQJxpV1bgCsM/MszAnAUeS3g2paGRgkImSZ7/SW0vPAdMSJjzKSzAKEs7Al7vmox"

"8221c1ffcd0256dca703f503b60aa803356dcf30"="nzxeD9QjxLoHBq8PZynzIA=="

"b5e8b3a0e9e20518a2041cdbb820011166de81d9"="Aa8t2ocI8D44lv6OY8gwNg=="

"04b6aa946161c9d04094d1442301a25428f27a3a"="EmbfQNz9SQQpY2YKxZQYFkM/0QdjyatEjdV/SblMyrA="

"efbf59ec1aaead98f8f7d6a44776f74b2ff94a4e"="4oM9vWlFi0OmHSLZwu1uPw=="

"43669315fa898b45c0cc721870405187f9bea943"="m5rJjHrbIe/2HFkQ+g7fFQ=="

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\1ea8136ab0bca233881fe189b56fbebcbe87dbee]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="r3D8fZxvvcP55LWTbOIMsw=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fuebQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUfzNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xYgjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3lFuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfXQuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkotOvHU3+wpsmG9C3a7pT10SQZlO/fwJrLp82QAU2gIhAqWOY/JVEQl7Xqio+4jGARoGxsrnPE+SbnVqTU6zJJT2TGFWe0F2s1sdwBVFcXnNZtMeLXx8wdYDpm1TfPl729QteosTDKS9Uf4fy6qOA+AxVEt98xxQOSRznrsjSBGv89lNtihfew+yYluwhrEqxIoSuKOZSJ53O2SiGCUDx4MIsuGtIPEpeGCRrR4c6X+8uIvgNz+/wZbt0U9/dCPoTHIxmkTuRzlPabxp0p5L+YBKAQpgfDZKLddzDS2D7aj+feswK896qUw4DxDSrd9DgSuiOed1V0dEi8y1o0C9MzrYJYqG1rjYON4w1jadTIJadFzYURp/t/lAdsZHLm6bI//ZkXvv0clmrRo8BEq1fu8ENh4O8d27Hz6gL2Ki6s8FvPW2Q37cGzbiLtIZ0Woj4NBzMY42J8VY2qGczrAAhOfQAUcmsbfSlqfi8L91rvM6XP4N4/Jjud0pYMV0fBiTVJVQSy1KNfqAFKT8gXc2coTtOFxA6KnQa4hQ4oNfIyhcGuDvZZy/8k6Z6Zg85cdKTtP9lHr1PQPsiEM/Gd87WbApWl8P4o98odDTE4gHwcF0UWX4DzvuYypODxI1jqE7X/WlZG870cvS76yuz/KQh0w6MfZT4fwYM/4Yq6CUVDHDHS2FfUoPsSVVGqy9BmrJN2a3/W7IteZefhLhi42"

"2fad5f53199884d0865e151a03b788252dd1cb6e"="GH3FJYh+0+MolqoYgDEt+Q=="

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\2ae3ee540f55820e00723b823a4729d88b7376b3]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="r3D8fZxvvcP55LWTbOIMsw=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fuebQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUfzNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xYgjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3lFuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfXQuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkotOvHU3+wpsmG9C3a7pT10SQZlO/fwJrLp82QAU2gIhAqWOY/JVEQl7Xqio+4jGARoGxsrnPE+SbnVqTU6zJJT2TGFWe0F2s1sdwBVFcXnNZtMeLXx8wdYDpm1TfPl729QteosTDKS9Uf4fy6qOA+AxVEt98xxQOSRznrsjSBGv89lNtihfew+yYluwhrEqxIoSuKOZSJ53O2SiGCUDx4MIsuGtIPEpeGCRrR4c6X+8uIvgNz+/wZbt0U9/dCPoTHIxmkTuRzlPabxp0p5L+YBKAQpgfDZKLddzDS2D7aj+feswK896qUw4DxDSrd9DgSuiOed1V0dEi8y1o0C9MzrYJYqG1rjYON4w1jadTIJadFzYURp/t/lAdsZHLm6bI//ZkXvv0clmrRo8BEq1fu8ENh4O8d27Hz6gL2Ki6s8FvPW2Q37cGzbiLtIZ0Woj4NBzMY42J8VY2qGczrAAhOfQAUcmsbfSlqfi8L91rvM6XP4N4/Jjud0pYMV0fBiTVJVQSy1KNfqAFKT8gXc2coTtOFxA6KnQa4hQ4oNfIyhcGuDvZZy/8k6Z6Zg85cdKTtP9lHr1PQPsiEM/Gd87WbApWl8P4o98odDTE4gHwcF0UWX4DzvuYypODxI1jqE7X/WlZG870cvS76yuz/KQh0w6MfZT4fwYM/4Yq6CUVDHDHS2FfUoPsSVVGqy9BmrJN2a3/W7IteZefhLhi42"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\2af4c803041bfda3bf7d660a249247cdd6093234]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="r3D8fZxvvcP55LWTbOIMsw=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fuebQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUfzNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xYgjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3lFuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfXQuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkotOvHU3+wpsmG9C3a7pT10SQZlO/fwJrLp82QAU2gIhAqWOY/JVEQl7Xqio+4jGARoGxsrnPE+SbnVqTU6zJJT2TGFWe0F2s1sdwBVFcXnNZtMeLXx8wdYDpm1TfPl729QteosTDKS9Uf4fy6qOA+AxVEt98xxQOSRznrsjSBGv89lNtihfew+yYluwhrEqxIoSuKOZSJ53O2SiGCUDx4MIsuGtIPEpeGCRrR4c6X+8uIvgNz+/wZbt0U9/dCPoTHIxmkTuRzlPabxp0p5L+YBKAQpgfDZKLddzDS2D7aj+feswK896qUw4DxDSrd9DgSuiOed1V0dEi8y1o0C9MzrYJYqG1rjYON4w1jadTIJadFzYURp/t/lAdsZHLm6bI//ZkXvv0clmrRo8BEq1fu8ENh4O8d27Hz6gL2Ki6s8FvPW2Q37cGzbiLtIZ0Woj4NBzMY42J8VY2qGczrAAhOfQAUcmsbfSlqfi8L91rvM6XP4N4/Jjud0pYMV0fBiTVJVQSy1KNfqAFKT8gXc2coTtOFxA6KnQa4hQ4oNfIyhcGuDvZZy/8k6Z6Zg85cdKTtP9lHr1PQPsiEM/Gd87WbApWl8P4o98odDTE4gHwcF0UWX4DzvuYypODxI1jqE7X/WlZG870cvS76yuz/KQh0w6MfZT4fwYM/4Yq6CUVDHDHS2FfUoPsSVVGqy9BmrJN2a3/W7IteZefhLhi42"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\60cea44417def7767e8151575f2e2599733f7d3f]

@DACL=(02 0000)

"38baf5baccb22a67777e56ac134f85253a39f2eb"="NtgEm9xFwPr/fd+iQYLWww=="

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\9e123503f6719532bee4024e8d2669e3e269abbd]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="r3D8fZxvvcP55LWTbOIMsw=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fuebQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUfzNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xYgjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3lFuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfXQuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkotOvHU3+wpsmG9C3a7pT10SQZlO/fwJrLp82QAU2gIhAqWOY/JVEQl7Xqio+4jGARoGxsrnPE+SbnVqTU6zJJT2TGFWe0F2s1sdwBVFcXnNZtMeLXx8wdYDpm1TfPl729QteosTDKS9Uf4fy6qOA+AxVEt98xxQOSRznrsjSBGv89lNtihfew+yYluwhrEqxIoSuKOZSJ53O2SiGCUDx4MIsuGtIPEpeGCRrR4c6X+8uIvgNz+/wZbt0U9/dCPoTHIxmkTuRzlPabxp0p5L+YBKAQpgfDZKLddzDS2D7aj+feswK896qUw4DxDSrd9DgSuiOed1V0dEi8y1o0C9MzrYJYqG1rjYON4w1jadTIJadFzYURp/t/lAdsZHLm6bI//ZkXvv0clmrRo8BEq1fu8ENh4O8d27Hz6gL2Ki6s8FvPW2Q37cGzbiLtIZ0Woj4NBzMY42J8VY2qGczrAAhOfQAUcmsbfSlqfi8L91rvM6XP4N4/Jjud0pYMV0fBiTVJVQSy1KNfqAFKT8gXc2coTtOFxA6KnQa4hQ4oNfIyhcGuDvZZy/8k6Z6Zg85cdKTtP9lHr1PQPsiEM/Gd87WbApWl8P4o98odDTE4gHwcF0UWX4DzvuYypODxI1jqE7X/WlZG870cvS76yuz/KQh0w6MfZT4fwYM/4Yq6CUVDHDHS2FfUoPsSVVGqy9BmrJN2a3/W7IteZefhLhi42"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\a4eef174f2ede8e90cfc4755c428c91c663289a7]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="r3D8fZxvvcP55LWTbOIMsw=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fuebQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUfzNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xYgjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3lFuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfXQuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkotOvHU3+wpsmG9C3a7pT10SQZlO/fwJrLp82QAU2gIhAqWOY/JVEQl7Xqio+4jGARoGxsrnPE+SbnVqTU6zJJT2TGFWe0F2s1sdwBVFcXnNZtMeLXx8wdYDpm1TfPl729QteosTDKS9Uf4fy6qOA+AxVEt98xxQOSRznrsjSBGv89lNtihfew+yYluwhrEqxIoSuKOZSJ53O2SiGCUDx4MIsuGtIPEpeGCRrR4c6X+8uIvgNz+/wZbt0U9/dCPoTHIxmkTuRzlPabxp0p5L+YBKAQpgfDZKLddzDS2D7aj+feswK896qUw4DxDSrd9DgSuiOed1V0dEi8y1o0C9MzrYJYqG1rjYON4w1jadTIJadFzYURp/t/lAdsZHLm6bI//ZkXvv0clmrRo8BEq1fu8ENh4O8d27Hz6gL2Ki6s8FvPW2Q37cGzbiLtIZ0Woj4NBzMY42J8VY2qGczrAAhOfQAUcmsbfSlqfi8L91rvM6XP4N4/Jjud0pYMV0fBiTVJVQSy1KNfqAFKT8gXc2coTtOFxA6KnQa4hQ4oNfIyhcGuDvZZy/8k6Z6Zg85cdKTtP9lHr1PQPsiEM/Gd87WbApWl8P4o98odDTE4gHwcF0UWX4DzvuYypODxI1jqE7X/WlZG870cvS76yuz/KQh0w6MfZT4fwYM/4Yq6CUVDHDHS2FfUoPsSVVGqy9BmrJN2a3/W7IteZefhLhi42"

.

[HKEY_USERS\S-1-5-21-1708537768-1897051121-682003330-1003\Software\Microsoft\Windows\CurrentVersion\C00l\fe6d551ddf7c9957d3c43daa97ae70e6ed4c8ffc]

@DACL=(02 0000)

"5fdc82699b860b11598f396787c0ea2b4f16c19c"="r3D8fZxvvcP55LWTbOIMsw=="

"a45189f50151665fc80d5a78c00e8d1835619f13"="SOt8H0qtCUj87XNgFEr8om4cDDimYFq5tvIr/L5x58ZcC3sW64CCVVr3PVx79/meh9jkpnspFY+hD5wZx+yPZtjA8Sbyz5DKKg0ZVorCxfYsSmyotHoy6rfPPeP+mRdDKNhitAwR4PnV1fuebQdJGr9FX5PVXqTVKSRIZpcU/yTNGlXPNjSWCjrwTGFX0kogXitYnaA/cwrO2YWdMx8OKbqJqW6Ge6uyD74X5Gjx1rkE9Wfm81c1yqypD8mgiazkYabvy+EN81AR/ndHAuG/FlDIqzvu2BP0F/TWyu2TAmznhgFC0/D217jFz+n+1hxHbr4HmIk8HHZ7aYYQVbkYKADyWPgHGUhU4oDOj4TI+vy2pYOXd8Rr5RpSgonGY/ZFcahWT8vgwZD8jrgb+1FFKIKnGPGL4qdnFi0YkIMbco+43vUfzNIAi3ob0H4UUOQAQptFviSz8xvCnVzLPp+K0G2hLyE6XP3oYO94eIMCBSrK629Z3DIxgOEbceUHV6aEWV9AaUgUpQfdXsD9HmOuHl7byTXvNctIzQQ0/DKysOC4HJuWGeO+WKnqPcfF+3xYgjTG88tSYfkybC/1mCvbdH3JuzBmcyi0Wk7UR1hhZvJmE4Hi+9o/XlMwZNMiXTx84gGIHbg6+0UQIf8Va+PQgZMQuqScQgSIEhwFPf+UyEK6SgVi77VpoOXfvYtGQIk5qXx/Ej6JFmAwqU3lFuV9haP8j+7YSFfVsOceVVx6xh6xgbT4WPgp3Gz/t+VIFCnQDWidRAqu2xZEUwJvktJMJeH1NIbx79kdGmrt4VLxTB0igXBZFLW8hEWYgoapM2vqEKqcGVZzOK1jNcsL1twDgmQsCNqLPGfXQuT1NtXXD5FAsSZq6jFVyp8LYXE+NZGVRA393+/8ZacCqV4cvXWvN/YFdCx/8u9eQNkE6zoexv3Qm2+PmSb82mWzotzMvsyO731c9/vHQHb5d/BSCwjZGrx/Rci88tuJvmnwNszpsRtVgkotOvHU3+wpsmG9C3a7pT10SQZlO/fwJrLp82QAU2gIhAqWOY/JVEQl7Xqio+4jGARoGxsrnPE+SbnVqTU6zJJT2TGFWe0F2s1sdwBVFcXnNZtMeLXx8wdYDpm1TfPl729QteosTDKS9Uf4fy6qOA+AxVEt98xxQOSRznrsjSBGv89lNtihfew+yYluwhrEqxIoSuKOZSJ53O2SiGCUDx4MIsuGtIPEpeGCRrR4c6X+8uIvgNz+/wZbt0U9/dCPoTHIxmkTuRzlPabxp0p5L+YBKAQpgfDZKLddzDS2D7aj+feswK896qUw4DxDSrd9DgSuiOed1V0dEi8y1o0C9MzrYJYqG1rjYON4w1jadTIJadFzYURp/t/lAdsZHLm6bI//ZkXvv0clmrRo8BEq1fu8ENh4O8d27Hz6gL2Ki6s8FvPW2Q37cGzbiLtIZ0Woj4NBzMY42J8VY2qGczrAAhOfQAUcmsbfSlqfi8L91rvM6XP4N4/Jjud0pYMV0fBiTVJVQSy1KNfqAFKT8gXc2coTtOFxA6KnQa4hQ4oNfIyhcGuDvZZy/8k6Z6Zg85cdKTtP9lHr1PQPsiEM/Gd87WbApWl8P4o98odDTE4gHwcF0UWX4DzvuYypODxI1jqE7X/WlZG870cvS76yuz/KQh0w6MfZT4fwYM/4Yq6CUVDHDHS2FfUoPsSVVGqy9BmrJN2a3/W7IteZefhLhi42"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Media]

@DACL=(02 0000)

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FA98C108219B99448EDF4C3B1EC100C\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"104"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"107"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"106"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Media]

@DACL=(02 0000)

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"105"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Media]

@DACL=(02 0000)

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"110"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Media]

@DACL=(02 0000)

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\37297481046CEAF47BC8DC52A6399760\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Media]

@DACL=(02 0000)

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Media]

@DACL=(02 0000)

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\425A33BDE5485584E9095A16B9DC5D72\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Media]

@DACL=(02 0000)

"104"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\44D51B2A7D3B696448850A89C682FA0D\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"101"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"104"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009014\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"100"="DISK10;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009024\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"101"="DISK6;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009034\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"102"="DISK12;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009044\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"103"="DISK13;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\68AB67CA7DA700005205A7C804009054\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"104"="DISK7;Please browse to the Adobe Reader installer."

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"108"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Media]

@DACL=(02 0000)

"107"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Media]

@DACL=(02 0000)

"109"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\9E0DE89293FE9BB33898F24ED18CCF08\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"110"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"112"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Media]

@DACL=(02 0000)

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BB3686E2280450B3BBC202FE614DDB28\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"111"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"109"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"102"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Media]

@DACL=(02 0000)

"108"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Media]

@DACL=(02 0000)

"110"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Media]

@DACL=(02 0000)

"106"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Media]

@DACL=(02 0000)

"105"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F3F86E863D2A6B148B1252798C5CCBBB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"103"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Patches\F9DC276355B3ECF3D85A5DC7A31B1005\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"114"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\059103D1F2AE2884A90A9464776548A2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\080E7FFA4791FB54390101EDA1F1E50D\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

"109"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\38C64C5B95FCF5A4DA59EA2DD40BD700\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\3e43b73803c7c394f8a6b2f0402e19c2\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"2"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"3"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"4"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"5"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"6"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"7"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"8"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"9"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"10"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

"11"=";Microsoft Visual C++ 2005 Redistributable [Disk 1]"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\53F25BCB65C42F943A6DDFDE450B8174\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\578FDA89F84637E3F8B310C042469C84\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\5C1093C35543A0E32A41B090A305076A\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6099BB8A816EA6041B163738FA4FC693\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\68AB67CA7DA76401B7449A0400000010\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\6D4B2154146D9AC4BB9115B232DD57DB\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"="DISK1;1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\75751A024EA428C3791168C348FA6EAA\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="Microsoft's Silverlight Installation [1]"

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[1]"

"1"=";"

"100"=";"

"101"=";"

"102"=";"

"103"=";"

"104"=";"

"105"=";"

"106"=";"

"107"=";"

"108"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\F3C3B613A5B63CBD3189BF6E41CEAC7A\SourceList\Media]

@DACL=(02 0000)

"1"=";"

.

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\FCDAC0A0AD874C333A05DC1548B97920\SourceList\Media]

@DACL=(02 0000)

"1"=";1"

.

[HKEY_LOCAL_MACHINE\software\EPSON\STM3\Driver\EPSON Stylus T23 Series\InkOrder]

@DACL=(02 0000)

"InkTankType"="S4"

.

[HKEY_LOCAL_MACHINE\software\EPSON\STM3\Driver\EPSON Stylus T23 Series\KickModule01]

@DACL=(02 0000)

"ExePath"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FARNEAB.EXE"

"Install"="/D \"EPSON Stylus T23 Series\" /M \"Stylus T23\" /I"

"StartUp"=" "

.

[HKEY_LOCAL_MACHINE\software\EPSON\STM3\Driver\EPSON Stylus T23 Series\Menu]

@DACL=(02 0000)

"920"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FHUTEAB.DLL /U1"

"921"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FHUTEAB.DLL /U2"

"922"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FHUTEAB.DLL /U3"

"923"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FARNEAB.EXE /DP"

"924"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FARNEAB.EXE /ASMRT /T \"MENU\""

"926"="c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_DUPA30.EXE /P \"EPSON Stylus T23 Series\" /D \"%sE_FVIFEAB.VIF\""

"Separators"="4,5,6"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(764)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'explorer.exe'(2780)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe

c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wscntfy.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-08-22 09:53:32 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-08-22 12:53

.

Pré-execução: 12 pasta(s) 156.892.831.744 bytes disponíveis

Pós execução: 14 pasta(s) 156.915.388.416 bytes disponíveis

.

- - End Of File - - FB9738294DF48A3702CCAC0AE8185273

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu não havia solicitado log do ComboFix, se deseja nossa ajuda, recomendo que faça apenas os procedimentos solicitados, rodar programas a esmo, apenas coloca sua segurança em risco.

Você não respondeu minha pergunta anterior, já verificou qual o processo que mais consome processamento?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok. Me desculpe.

O processo que mais consome processamento é:

WPFFontCache_v400.exe - Local Service - CPU 25

Detalhe neste momento não há nada aberto.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não tem relação com malware. Uma simples pesquisa no Google o ajudará a ver vários casos assim. Por ex:

http://social.msdn.microsoft.com/Forums/is/wpf/thread/e1e54398-acf5-4ae2-8f79-585d57f85ae7

Se o problema persistir, recomendo que poste em sistemas operacionais.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×