< %systemdrive%\WINLOGON.EXE  /md5 /s >
 winlogon.exe : MD5=898E7C06A350D4A1A64A9EA264D55452 -> C:\Windows\System32\winlogon.exe -> [2009/04/11 03:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=898E7C06A350D4A1A64A9EA264D55452 -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe -> [2009/04/11 03:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation)
 winlogon.exe : MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe -> [2008/01/20 23:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/04/05 20:52:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/04/05 20:52:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/04/05 20:52:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/04/05 20:52:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Arquivos de Programas\Internet Explorer\iexplore.exe [C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] -> [2011/04/05 20:52:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE" /SHOWICONSCOMMAND] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE" /HIDEICONSCOMMAND] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE" /REINSTALLBROWSER] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\ -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE"] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE] -> [2011/04/05 20:52:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW] -> [2011/04/05 20:52:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand -> C:\Windows\System32\IE4UINIT.EXE ["C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL] -> [2011/04/05 20:52:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\ -> C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE ["C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF] -> [2011/04/05 20:52:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\ -> C:\Arquivos de Programas\Internet Explorer\iexplore.exe [C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE] -> [2011/04/05 20:52:30 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE" /SHOWICONSCOMMAND] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE" /HIDEICONSCOMMAND] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE" /REINSTALLBROWSER] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command ->  -> 
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\ -> C:\PROGRAM FILES\OPERA\OPERA.EXE ["C:\PROGRAM FILES\OPERA\OPERA.EXE"] -> [2011/05/29 17:28:59 | 000,941,936 | ---- | M] (Opera Software)
 
CREATERESTOREPOINT
Restore point Set: OTS Restore Point
 
[Alternate Data Streams]
@Alternate Data Stream - 146 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:E5D9D7C9_Bb.gbp
@Alternate Data Stream - 2 bytes -> C:\Windows\System32:E5D9D7C9_Cef.gbp
< End of report >