Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom galera aqui estou de novo andei meio sumido pois estava tudo bem!
Agora percebi nao consigo abrir uma determinada pagina!Eu uso
o Mozilla FireFox e ele nao ta abrindo a pagina do 4shared.com
fiz zlguns teste e os outros navegadores abrem essa pagina tranquila
só o mozilla que nao!Ja escluoir ele de minha maquina por inteiro e nao resolveu!
Ja autorizei o FIREWALL pra abrir ele e nem deu resultado por issu venhu lhe pedir
uma ajuda!desde já agradeço!
Segue o seguinte log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:53, on 19/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll
O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll
O2 - BHO: Flash Video Decoder for FLV - {E3A5CD1D-2A58-4A37-8C42-B64B4E2D5D6E} - C:\WINDOWS\system32\flash102flv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll
O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll
O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7592 bytes
Como pedido,segue o seguinte log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:04, on 20/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll
O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\SearchSettings.dll
O2 - BHO: Flash Video Decoder for FLV - {E3A5CD1D-2A58-4A37-8C42-B64B4E2D5D6E} - C:\WINDOWS\system32\flash102flv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll
O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Arquivos de programas\Messenger_Plus_Live\tbMes1.dll
O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX0.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Arquivos de programas\Messenger_Plus_Live_Brazil\tbMes1.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7868 bytes
Olá!
Seja bem vindo à seção de Segurança & Malwares do fórum iMasters.
Por favor, siga as instruções na ordem dada. Com alguma dúvida, NÃO PULE para a próxima etapa. Pare e pergunte. Também não realize o que é pedido neste tópico em outros computadores. Tudo é feito especificamente para seu computador.
_____________________________________________________
<<1>>
Faça o download do HostsXpert e salve em uma pasta própria (como C:\HostsXpert)
-
OBSERVAÇÃO: Caso o HostsXpert reportar algum erro, clique em Make Writeable? e, após isso, clique em Restore MS Hosts File.
_____________________________________________________
<<2>>
Por favor, acesse Painel de Controle > Adicionar ou remover programas e desinstale as seguintes toolbars:
Windows Live Toolbar
Messenger Plus Live Toolbar
Messenger Plus Live Portuguese Toolbar
Softonic_Brasil Toolbar
MAX BR Toolbar
Messenger Plus Live Brazil Toolbar
Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Com relação ao Messenger Plus Live: caso não encontrá-lo, o desinstale e instale novamente, sem instalar nenhuma toolbar.
_____________________________________________________
<<3>>
Por favor, siga o tutorial abaixo e execute o AdRemover. Poste o log gerado. Utilize a opção CLEAN.
_____________________________________________________
<<4>>
Faça o download de Lop S&D
_____________________________________________________
<<5>>
Por favor, poste um novo log do HijackThis e nos informe como está seu computador depois dessas ações.
Abraços :D
*Bom to tentando desistalar os **toolbar*
e nao consigo minha maquina trava e abre
uma outra janela do explore.Tem como fazer os outros passos
pois vcs disseram pra nao pular nenhum!
Fikarei no aguardo!
Olá!
Pode pular somente o da toolbar. Estava tentando removê-las por bem, mas já que não querem, será por mal! ;)
Abraços :D
Como pedido segue os seguintes LOGS
1°LOG
======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======
Updated by C_XX on 13/06/10 at 20:40
Contact: AdRemover.contact@gmail.com
website: http://pagesperso-orange.fr/NosTools/ad_remover.html
C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:59:00 on 30/08/2010, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
Dih, CASA-77512E3B81 ( )
============== ACTION(S) ==============
Service: "Application Updater" Service stopped and deleted
0,Folder deleted: C:\Arquivos de programas\Application Updater
0,Folder deleted: C:\Documents and Settings\Dih\Menu Iniciar\Programas\Ask Search Assistant
0,Folder deleted: C:\Arquivos de programas\Ask Search Assistant
0,Folder deleted: C:\Documents and Settings\Dih\Configurações locais\Dados de aplicativos\Conduit
0,Folder deleted: C:\Arquivos de programas\Conduit
0,Folder deleted: C:\Documents and Settings\Dih\Dados de aplicativos\Dealio
0,Folder deleted: C:\Documents and Settings\oscar\Dados de aplicativos\Dealio
0,Folder deleted: C:\Documents and Settings\ramom\Dados de aplicativos\Dealio
0,Folder deleted: C:\Arquivos de programas\Dealio Toolbar
0,Folder deleted: C:\Documents and Settings\Dih\Dados de aplicativos\Search Settings
0,Folder deleted: C:\Documents and Settings\oscar\Dados de aplicativos\Search Settings
0,Folder deleted: C:\Documents and Settings\ramom\Dados de aplicativos\Search Settings
0,Folder deleted: C:\Arquivos de programas\Search Settings
3,File deleted: C:\WINDOWS\Installer\48e352.msi
3,File deleted: C:\WINDOWS\Installer\56c99b.msi
3,File deleted: C:\WINDOWS\Installer\56c9a1.msi
(!) -- Temporary files deleted.
-- File opened: C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\FireFox\Profiles\kouwjd3j.default\Prefs.js --
Line deleted: user_pref("CT2124320.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line deleted: user_pref("CT2124320.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT212...
Line deleted: user_pref("CT2124320.ct2467812.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_S...
Line deleted: user_pref("CT2284000.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...
Line deleted: user_pref("CT2284000.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT228...
Line deleted: user_pref("CT2552374.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13");
Line deleted: user_pref("CT2552374.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...
Line deleted: user_pref("CT2552374.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255...
Line deleted: user_pref("browser.search.defaultthis.engineName", "MAX BR Customized Web Search");
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2284000&Sea...
Line deleted: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2284000&SearchSource=13");
-- File closed --
-- File opened: C:\Documents and Settings\ramom\Dados de aplicativos\Mozilla\FireFox\Profiles\22ef7qo1.default\Prefs.js --
Line deleted: user_pref("CT2124320.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line deleted: user_pref("CT2124320.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT212...
Line deleted: user_pref("CT2124320.ct2467812.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_S...
Line deleted: user_pref("browser.search.defaultthis.engineName", "Messenger Plus Live Customized Web Search");
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&Sea...
Line deleted: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13");
-- File closed --
1,Key deleted: HKLM\Software\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
1,Key deleted: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
1,Key deleted: HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
1,Key deleted: HKLM\Software\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
1,Key deleted: HKLM\Software\Classes\Interface\{D8F245F7-60CF-4370-A70D-6867467ECBF2}
1,Key deleted: HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
0,Key deleted: HKLM\Software\Classes\SearchSettings.BHO
0,Key deleted: HKLM\Software\Classes\SearchSettings.BHO.1
0,Key deleted: HKLM\Software\Application Updater
0,Key deleted: HKLM\Software\Conduit
0,Key deleted: HKLM\Software\Dealio
0,Key deleted: HKLM\Software\Search Settings
0,Key deleted: HKCU\Software\AskSearchAsst
0,Key deleted: HKCU\Software\Conduit
0,Key deleted: HKCU\Software\Dealio
0,Key deleted: HKCU\Software\Search Settings
0,Key deleted: HKCU\Software\AppDataLow\Software\Dealio
0,Key deleted: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C878CD69-85DB-426B-81A3-E71175AAEB91}
0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask.com Search Assistant
0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe
0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
============== ADDITIONNAL SCAN ==============
Mozilla Firefox Version [3.6.8 (pt-BR)]
-- C:\Documents and Settings\Dih\Dados de aplicativos\Mozilla\FireFox\Profiles\piywsds7.default\Prefs.js --
browser.download.lastDir, C:\\Documents and Settings\\Dih\\Meus documentos\\Diguinho\\Fotos\\Originals\\Originals
browser.search.defaultenginename, Yahoo
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://www.plusnetwork.com
browser.startup.homepage_override.mstone, rv:1.9.2.8
keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
-- C:\Documents and Settings\oscar\Dados de aplicativos\Mozilla\FireFox\Profiles\kouwjd3j.default\Prefs.js --
browser.search.defaultenginename, Yahoo
browser.search.selectedEngine, Yahoo
browser.startup.homepage_override.mstone, rv:1.9.2.8
keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
-- C:\Documents and Settings\ramom\Dados de aplicativos\Mozilla\FireFox\Profiles\22ef7qo1.default\Prefs.js --
browser.search.defaultenginename, Yahoo
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.6
keyword.URL, hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
========================================
Internet Explorer Version [8.0.6001.18702]
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Arquivos de programas\Ad-Remover\Quarantine: 122 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 17 File(s)
C:\Ad-Report-CLEAN[1].txt - 30/08/2010 (5382 Byte(s))
End at: 12:06:20, 30/08/2010
============== E.O.F ==============
2°LOG
Não foram encontradas pastas com o Lop!
--------------------\\ Procura no Registro
..... OK !
--------------------\\ Verificando o Arquivos/Ficheiros Hosts
Arquivos/Ficheiros Hosts LIMPO
--------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 12:41:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Procurando por outras infecções
Não foram encontradas outras infecções.
[F:822][D:27]-> C:\DOCUME~1\Dih\CONFIG~1\Temp
[F:97][D:0]-> C:\DOCUME~1\Dih\Cookies
[F:4587][D:10]-> C:\DOCUME~1\Dih\CONFIG~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - qui 26/08/2010|18:18 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - seg 30/08/2010|12:43 - Option : [1]
--------------------\\ Verificação completa em 12:43:15
e 3° e ultimo LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:11, on 30/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Flash Video Decoder for FLV - {E3A5CD1D-2A58-4A37-8C42-B64B4E2D5D6E} - C:\WINDOWS\system32\flash102flv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX0.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Portuguese Toolbar - {b46b614e-44c7-4448-ac14-9ab9f7740d64} - C:\Arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\tbSof0.dll
O3 - Toolbar: MAX BR Toolbar - {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - C:\Arquivos de programas\MAX_BR\tbMAX0.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{229BCC09-E9B9-4C62-A762-04A24156DA2A}: NameServer = 200.165.132.148 200.165.132.155
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6338 bytes
Aguardo mais informaçoes forte abraço e desculpe pela demora!
Olá!
Por favor, desinstale e instale novamente o Firefox 3.6.8.
Depois siga estas instruções abaixo:
Faça o Download do DDS e salve no Desktop (Área de trabalho).
OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.
Abraços :D
Bom como pedido os seguintes logs
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dih at 11:46:31,20 on ter 31/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1046.18.511.197 [GMT -3:00]
AV: Microsoft Security Essentials On-access scanning enabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Dih\Desktop\dds.scr
============== Pseudo HJT Report ===============
uWindow Title =
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\tbSof0.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Portuguese Toolbar: {b46b614e-44c7-4448-ac14-9ab9f7740d64} - c:\arquivos de programas\messenger_plus_live_portuguese\tbMes1.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
BHO: Flash Video Decoder for FLV: {e3a5cd1d-2a58-4a37-8c42-b64b4e2d5d6e} - c:\windows\system32\flash102flv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: MAX BR Toolbar: {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - c:\arquivos de programas\max_br\tbMAX0.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll
TB: Messenger Plus Live Portuguese Toolbar: {b46b614e-44c7-4448-ac14-9ab9f7740d64} - c:\arquivos de programas\messenger_plus_live_portuguese\tbMes1.dll
TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\tbSof0.dll
TB: MAX BR Toolbar: {fe379c63-1156-4c8c-8dbb-f823d3ea4b37} - c:\arquivos de programas\max_br\tbMAX0.dll
uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\arquiv~1\arquiv~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {229BCC09-E9B9-4C62-A762-04A24156DA2A} = 200.165.132.148 200.165.132.155
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dih\dadosd~1\mozilla\firefox\profiles\piywsds7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "[http://www.firefox.com"](http://www.firefox.com));
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-9 31232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-5-31 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-5-31 8320]
=============== Created Last 30 ================
2010-08-30 14:58:56 0 dc----w- c:\arquivos de programas\Ad-Remover
2010-08-29 02:35:21 380928 -c--a-w- c:\windows\system32\irprops.cpl
2010-08-26 21:13:44 0 dc----w- C:\Lop SD
2010-08-21 16:15:27 0 dc----w- c:\docume~1\dih\dadosd~1\PriceGong
2010-08-21 14:38:17 8192 -c--a-w- c:\windows\system32\wshirda.dll
2010-08-21 14:38:17 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-21 14:38:16 28672 -c--a-w- c:\windows\system32\irmon.dll
2010-08-21 14:38:16 28672 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-08-21 14:38:09 152576 -c--a-w- c:\windows\system32\irftp.exe
2010-08-21 14:38:09 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-08-20 13:58:29 388608 -c--a-w- C:\HiJackThis.exe
2010-08-16 18:34:11 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2010-08-16 18:34:03 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2010-08-10 19:41:52 72 -c--a-w- c:\windows\system32\flash102flv.usr
2010-08-10 19:41:52 48 -c--a-w- c:\windows\system32\flash102flv.cfg
2010-08-10 19:41:52 1029120 -c--a-w- c:\windows\system32\flash102flv.dll
2010-08-04 20:19:19 138 -c--a-w- c:\windows\system32\locale.dat
2010-08-04 14:54:50 0 dc----w- c:\arquivos de programas\CyberScript32
==================== Find3M ====================
2010-08-30 03:12:48 79022 ----a-w- c:\windows\system32\perfc016.dat
2010-08-30 03:12:48 468108 ----a-w- c:\windows\system32\perfh016.dat
2010-07-09 21:35:11 20664 -c--a-r- c:\windows\fonts\Karate.ttf.htm
2010-07-09 21:32:04 33712 -c--a-r- c:\windows\fonts\BEATSVIL.TTF.htm
2010-07-09 21:25:06 32264 -c--a-r- c:\windows\fonts\BARBECUE.TTF.htm
2010-06-30 12:32:26 149504 -c--a-w- c:\windows\system32\schannel.dll
2010-06-24 12:24:53 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02:34 1852032 -c--a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:09 80384 -c--a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:42:28 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2010-01-30 03:27:13 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe
============= FINISH: 11:47:17,23 ===============
2°log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 16/1/2010 19:25:07
System Uptime: 31/8/2010 10:59:07 (1 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5VDC-X
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 45,827 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador de interrupção do sistema
Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081106&REV_00\3&267A616A&0&05
Manufacturer:
Name: Controlador de interrupção do sistema
PNP Device ID: PCI\VEN_1106&DEV_5308&SUBSYS_53081106&REV_00\3&267A616A&0&05
Service:
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N80
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6111
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N70
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia N70
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd
==== System Restore Points ===================
RP6: 2/6/2010 01:01:49 - Software Distribution Service 3.0
RP7: 2/6/2010 15:14:55 - Software Distribution Service 3.0
RP8: 3/6/2010 18:12:52 - Software Distribution Service 3.0
RP9: 4/6/2010 19:26:20 - Software Distribution Service 3.0
RP10: 6/6/2010 00:35:47 - Software Distribution Service 3.0
RP11: 7/6/2010 14:55:08 - Software Distribution Service 3.0
RP12: 7/6/2010 15:09:04 - Software Distribution Service 3.0
RP13: 8/6/2010 15:16:06 - Ponto de verificação do sistema
RP14: 8/6/2010 22:43:13 - Software Distribution Service 3.0
RP15: 10/6/2010 01:30:33 - Software Distribution Service 3.0
RP16: 10/6/2010 02:29:18 - Software Distribution Service 3.0
RP17: 10/6/2010 12:07:17 - Software Distribution Service 3.0
RP18: 10/6/2010 23:16:36 - Software Distribution Service 3.0
RP19: 11/6/2010 00:38:35 - Software Distribution Service 3.0
RP20: 11/6/2010 18:25:39 - Software Distribution Service 3.0
RP21: 13/6/2010 20:19:06 - Ponto de verificação do sistema
RP22: 14/6/2010 12:40:45 - Software Distribution Service 3.0
RP23: 15/6/2010 19:18:47 - Software Distribution Service 3.0
RP24: 16/6/2010 18:08:53 - Software Distribution Service 3.0
RP25: 17/6/2010 19:46:13 - Ponto de verificação do sistema
RP26: 17/6/2010 23:25:03 - Software Distribution Service 3.0
RP27: 20/6/2010 10:41:04 - Software Distribution Service 3.0
RP28: 21/6/2010 15:58:49 - Software Distribution Service 3.0
RP29: 22/6/2010 18:57:38 - Ponto de verificação do sistema
RP30: 23/6/2010 18:11:54 - Software Distribution Service 3.0
RP31: 23/6/2010 22:06:29 - Software Distribution Service 3.0
RP32: 24/6/2010 19:57:40 - Software Distribution Service 3.0
RP33: 26/6/2010 08:47:23 - Software Distribution Service 3.0
RP34: 27/6/2010 12:21:14 - Software Distribution Service 3.0
RP35: 28/6/2010 18:27:27 - Software Distribution Service 3.0
RP36: 30/6/2010 00:15:01 - Software Distribution Service 3.0
RP37: 30/6/2010 15:40:50 - Software Distribution Service 3.0
RP38: 1/7/2010 20:25:34 - Software Distribution Service 3.0
RP39: 2/7/2010 11:26:53 - Installed Nokia Series 40 Theme Studio 2.2
RP40: 2/7/2010 22:31:01 - Software Distribution Service 3.0
RP41: 4/7/2010 00:18:57 - Software Distribution Service 3.0
RP42: 5/7/2010 10:43:42 - Software Distribution Service 3.0
RP43: 6/7/2010 19:28:37 - Software Distribution Service 3.0
RP44: 7/7/2010 17:05:02 - Removido Google Earth.
RP45: 7/7/2010 22:17:30 - Software Distribution Service 3.0
RP46: 8/7/2010 22:39:40 - Software Distribution Service 3.0
RP47: 9/7/2010 22:48:56 - Software Distribution Service 3.0
RP48: 11/7/2010 09:48:01 - Software Distribution Service 3.0
RP49: 12/7/2010 10:08:44 - Software Distribution Service 3.0
RP50: 13/7/2010 22:31:24 - Software Distribution Service 3.0
RP51: 14/7/2010 13:00:44 - Software Distribution Service 3.0
RP52: 15/7/2010 13:49:55 - Software Distribution Service 3.0
RP53: 16/7/2010 23:20:44 - Software Distribution Service 3.0
RP54: 18/7/2010 00:13:59 - Software Distribution Service 3.0
RP55: 19/7/2010 11:46:13 - Software Distribution Service 3.0
RP56: 20/7/2010 14:57:25 - Ponto de verificação do sistema
RP57: 21/7/2010 10:26:14 - Software Distribution Service 3.0
RP58: 22/7/2010 13:30:07 - Ponto de verificação do sistema
RP59: 22/7/2010 14:01:21 - Software Distribution Service 3.0
RP60: 23/7/2010 14:11:51 - Ponto de verificação do sistema
RP61: 23/7/2010 17:34:17 - Software Distribution Service 3.0
RP62: 24/7/2010 23:48:29 - Ponto de verificação do sistema
RP63: 25/7/2010 23:53:15 - Software Distribution Service 3.0
RP64: 27/7/2010 11:55:37 - Instalação de driver não assinada
RP65: 27/7/2010 12:08:29 - Software Distribution Service 3.0
RP66: 28/7/2010 21:01:51 - Ponto de verificação do sistema
RP67: 30/7/2010 10:06:19 - Software Distribution Service 3.0
RP68: 31/7/2010 10:50:10 - Software Distribution Service 3.0
RP69: 1/8/2010 16:21:21 - Software Distribution Service 3.0
RP70: 2/8/2010 21:10:47 - Software Distribution Service 3.0
RP71: 4/8/2010 09:40:51 - Software Distribution Service 3.0
RP72: 5/8/2010 10:47:10 - Software Distribution Service 3.0
RP73: 7/8/2010 15:50:09 - Ponto de verificação do sistema
RP74: 9/8/2010 01:02:21 - Software Distribution Service 3.0
RP75: 10/8/2010 08:23:10 - Software Distribution Service 3.0
RP76: 11/8/2010 11:03:30 - Software Distribution Service 3.0
RP77: 11/8/2010 15:07:53 - Software Distribution Service 3.0
RP78: 11/8/2010 18:10:36 - Software Distribution Service 3.0
RP79: 11/8/2010 23:38:55 - Software Distribution Service 3.0
RP80: 12/8/2010 22:48:12 - Software Distribution Service 3.0
RP81: 14/8/2010 10:56:19 - Software Distribution Service 3.0
RP82: 16/8/2010 10:31:07 - Software Distribution Service 3.0
RP83: 17/8/2010 15:40:44 - Software Distribution Service 3.0
RP84: 18/8/2010 11:26:19 - Installed Opera 10.61.
RP85: 19/8/2010 11:29:59 - Removed Opera 10.61.
RP86: 19/8/2010 23:12:42 - Software Distribution Service 3.0
RP87: 21/8/2010 08:45:30 - Software Distribution Service 3.0
RP88: 22/8/2010 12:11:22 - Software Distribution Service 3.0
RP89: 23/8/2010 19:04:49 - Software Distribution Service 3.0
RP90: 24/8/2010 23:38:08 - Software Distribution Service 3.0
RP91: 25/8/2010 12:04:01 - Instalação de driver não assinada
RP92: 27/8/2010 17:35:40 - Software Distribution Service 3.0
RP93: 28/8/2010 12:37:29 - Instalação de driver não assinada
RP94: 28/8/2010 12:54:09 - Instalação de driver não assinada
RP95: 28/8/2010 23:33:48 - Instalação de driver não assinada
RP96: 30/8/2010 00:22:59 - Software Distribution Service 3.0
RP97: 31/8/2010 11:28:53 - Software Distribution Service 3.0
==== Installed Programs ======================
Ad-Remover By C_XX
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Arquivo do WinRAR
Assistente de Conexão do Windows Live
Atualização de Segurança para o Windows Media Player (KB952069)
Atualização de Segurança para o Windows Media Player (KB954155)
Atualização de Segurança para o Windows Media Player (KB968816)
Atualização de Segurança para o Windows Media Player (KB973540)
Atualização de Segurança para o Windows Media Player (KB978695)
Atualização de Segurança para o Windows Media Player 11 (KB954154)
Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)
Atualização de Segurança para Windows Internet Explorer 8 (KB971961)
Atualização de Segurança para Windows Internet Explorer 8 (KB976325)
Atualização de Segurança para Windows Internet Explorer 8 (KB978207)
Atualização de Segurança para Windows Internet Explorer 8 (KB981332)
Atualização de Segurança para Windows Internet Explorer 8 (KB982381)
Atualização de Segurança para Windows XP (KB2079403)
Atualização de Segurança para Windows XP (KB2115168)
Atualização de Segurança para Windows XP (KB2160329)
Atualização de Segurança para Windows XP (KB2229593)
Atualização de Segurança para Windows XP (KB2286198)
Atualização de Segurança para Windows XP (KB923561)
Atualização de Segurança para Windows XP (KB941569)
Atualização de Segurança para Windows XP (KB946648)
Atualização de Segurança para Windows XP (KB950762)
Atualização de Segurança para Windows XP (KB950974)
Atualização de Segurança para Windows XP (KB951066)
Atualização de Segurança para Windows XP (KB951376-v2)
Atualização de Segurança para Windows XP (KB951748)
Atualização de Segurança para Windows XP (KB952004)
Atualização de Segurança para Windows XP (KB952954)
Atualização de Segurança para Windows XP (KB955069)
Atualização de Segurança para Windows XP (KB956572)
Atualização de Segurança para Windows XP (KB956744)
Atualização de Segurança para Windows XP (KB956802)
Atualização de Segurança para Windows XP (KB956803)
Atualização de Segurança para Windows XP (KB956844)
Atualização de Segurança para Windows XP (KB957097)
Atualização de Segurança para Windows XP (KB958644)
Atualização de Segurança para Windows XP (KB958687)
Atualização de Segurança para Windows XP (KB958869)
Atualização de Segurança para Windows XP (KB959426)
Atualização de Segurança para Windows XP (KB960225)
Atualização de Segurança para Windows XP (KB960803)
Atualização de Segurança para Windows XP (KB960859)
Atualização de Segurança para Windows XP (KB961501)
Atualização de Segurança para Windows XP (KB969059)
Atualização de Segurança para Windows XP (KB969947)
Atualização de Segurança para Windows XP (KB970238)
Atualização de Segurança para Windows XP (KB970430)
Atualização de Segurança para Windows XP (KB971468)
Atualização de Segurança para Windows XP (KB971486)
Atualização de Segurança para Windows XP (KB971557)
Atualização de Segurança para Windows XP (KB971633)
Atualização de Segurança para Windows XP (KB971657)
Atualização de Segurança para Windows XP (KB971961)
Atualização de Segurança para Windows XP (KB972270)
Atualização de Segurança para Windows XP (KB973354)
Atualização de Segurança para Windows XP (KB973507)
Atualização de Segurança para Windows XP (KB973525)
Atualização de Segurança para Windows XP (KB973869)
Atualização de Segurança para Windows XP (KB973904)
Atualização de Segurança para Windows XP (KB974112)
Atualização de Segurança para Windows XP (KB974318)
Atualização de Segurança para Windows XP (KB974392)
Atualização de Segurança para Windows XP (KB974571)
Atualização de Segurança para Windows XP (KB975025)
Atualização de Segurança para Windows XP (KB975467)
Atualização de Segurança para Windows XP (KB975560)
Atualização de Segurança para Windows XP (KB975561)
Atualização de Segurança para Windows XP (KB975562)
Atualização de Segurança para Windows XP (KB975713)
Atualização de Segurança para Windows XP (KB976325)
Atualização de Segurança para Windows XP (KB977165)
Atualização de Segurança para Windows XP (KB977816)
Atualização de Segurança para Windows XP (KB977914)
Atualização de Segurança para Windows XP (KB978037)
Atualização de Segurança para Windows XP (KB978251)
Atualização de Segurança para Windows XP (KB978262)
Atualização de Segurança para Windows XP (KB978338)
Atualização de Segurança para Windows XP (KB978542)
Atualização de Segurança para Windows XP (KB978601)
Atualização de Segurança para Windows XP (KB978706)
Atualização de Segurança para Windows XP (KB979309)
Atualização de Segurança para Windows XP (KB979482)
Atualização de Segurança para Windows XP (KB979559)
Atualização de Segurança para Windows XP (KB979683)
Atualização de Segurança para Windows XP (KB980195)
Atualização de Segurança para Windows XP (KB980218)
Atualização de Segurança para Windows XP (KB980232)
Atualização de Segurança para Windows XP (KB980436)
Atualização de Segurança para Windows XP (KB981852)
Atualização de Segurança para Windows XP (KB981997)
Atualização de Segurança para Windows XP (KB982214)
Atualização de Segurança para Windows XP (KB982665)
Atualização para Windows Internet Explorer 8 (KB976662)
Atualização para Windows Internet Explorer 8 (KB978506)
Atualização para Windows Internet Explorer 8 (KB980182)
Atualização para Windows XP (KB951978)
Atualização para Windows XP (KB955759)
Atualização para Windows XP (KB961503)
Atualização para Windows XP (KB967715)
Atualização para Windows XP (KB968389)
Atualização para Windows XP (KB971737)
Atualização para Windows XP (KB973687)
Atualização para Windows XP (KB973815)
Atualização para Windows XP (KB978207)
aTube Catcher
Auslogics Disk Defrag
CCleaner
CyberScript v3.2
DVD Solution
eMule
Encore 5
Ferramenta de Carregamento do Windows Live
Free Mp3 Wma Converter V 1.9
GameDesire-Pool & Snooker
GIF Movie Gear 4.2.3
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix para o Windows Media Player 11 (KB939683)
Hotfix para Windows XP (KB952287)
Hotfix para Windows XP (KB961118)
Hotfix para Windows XP (KB976098-v2)
Hotfix para Windows XP (KB979306)
Hotfix para Windows XP (KB981793)
InCD
Java Auto Updater
Java 6 Update 18
JPEG Camera v0.97
JPEG USB Video Camera Driver v0.94
Junk Mail filter update
LG ODD Auto Firmware UpdateLightModem 3.0
Malwarebytes' Anti-Malware
MAX_BR Toolbar
Messenger Plus! Live
Messenger_Plus_Live_Portuguese Toolbar
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Antimalware Service PT-BR Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional com FrontPage
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.6.8)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Launcher
Nero OEM
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Series 40 Theme Studio 2.2
Nokia Software Updater
OGA Notifier 2.0.0048.0
Pacote de Driver do Windows - Nokia Modem (06/01/2009 7.01.0.4)
Pacote de Driver do Windows - Nokia Modem (10/05/2009 4.2)
Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
PhotoScape
Plugin Letras.mus.br 1.10
PowerDVD
PowerProducer
PPP over Ethernet Protocol 0.98
Pro Evolution Soccer 2010
Search Settings v1.2.3
Segoe UI
Skype Toolbars
Skype™ 4.2
Softonic_Brasil Toolbar
SoundMAX
SpywareBlaster 4.2
Truco WinnersGames 2.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB2.0 PC Camera
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sync
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
31/8/2010 10:59:28, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
30/8/2010 18:40:26, error: W32Time [17] - Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host inacessível. (0x80072751)
30/8/2010 18:40:05, error: W32Time [17] - Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host inacessível. (0x80072751)
30/8/2010 18:40:04, error: W32Time [17] - Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host inacessível. (0x80072751)
30/8/2010 18:35:23, error: W32Time [17] - Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host inacessível. (0x80072751)
30/8/2010 17:14:22, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
30/8/2010 16:46:02, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
30/8/2010 12:02:58, error: Service Control Manager [7034] - O serviço Spooler de impressão foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
30/8/2010 12:02:58, error: Service Control Manager [7034] - O serviço SeaPort foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
30/8/2010 12:02:58, error: Service Control Manager [7034] - O serviço Java Quick Starter foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
30/8/2010 12:02:58, error: Service Control Manager [7034] - O serviço InCD Helper foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
30/8/2010 12:02:58, error: Service Control Manager [7031] - O serviço Microsoft Antimalware Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 15000 milissegundos: Reiniciar o serviço.
30/8/2010 11:11:41, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
30/8/2010 00:05:59, error: DCOM [10005] - Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/8/2010 00:05:36, error: DCOM [10005] - Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
30/8/2010 00:05:33, error: DCOM [10005] - Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
30/8/2010 00:05:18, error: Service Control Manager [7026] - Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
30/8/2010 00:05:18, error: Service Control Manager [7001] - O serviço Serviços IPSEC depende do serviço Driver IPSEC, mas não foi possível iniciá-lo devido ao seguinte erro: Um dispositivo conectado ao sistema não está funcionando.
30/8/2010 00:05:18, error: Service Control Manager [7001] - O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP, mas não foi possível iniciá-lo devido ao seguinte erro: Um dispositivo conectado ao sistema não está funcionando.
30/8/2010 00:05:18, error: Service Control Manager [7001] - O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não foi possível iniciá-lo devido ao seguinte erro: Um dispositivo conectado ao sistema não está funcionando.
30/8/2010 00:05:18, error: Service Control Manager [7001] - O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não foi possível iniciá-lo devido ao seguinte erro: Um dispositivo conectado ao sistema não está funcionando.
30/8/2010 00:04:58, error: DCOM [10005] - Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
29/8/2010 23:27:43, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
29/8/2010 08:54:14, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
28/8/2010 23:39:30, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.487.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: AUTORIDADE NT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80072efd Error description: A connection with the server could not be established
28/8/2010 23:28:34, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
28/8/2010 12:31:08, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
28/8/2010 00:36:10, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
27/8/2010 22:51:20, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
27/8/2010 18:29:55, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
27/8/2010 18:28:13, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
27/8/2010 18:27:27, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
27/8/2010 17:13:51, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
27/8/2010 09:54:29, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
26/8/2010 17:29:55, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
26/8/2010 16:35:52, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.283.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: AUTORIDADE NT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
26/8/2010 16:18:18, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
26/8/2010 07:53:39, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
25/8/2010 10:15:49, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
24/8/2010 23:26:10, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
24/8/2010 22:21:41, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
24/8/2010 15:26:03, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
24/8/2010 10:30:46, error: Dhcp [1002] - A concessão 192.168.254.1 do endereço IP para a placa de rede com endereço de rede 001731913E4B foi negada pelo servidor DHCP 192.168.254.254 (O servidor DHCP enviou uma mensagem DHCPNACK).
==== End Of File ===========================
Aguardo mais instruçoes....
Olá!
<<1>>
Siga o tutorial abaixo e execute o Malwarebyte's Anti-Malware. Poste o log gerado.
Tutorial do Malwarebyte's Anti-Malware
_____________________________________________________
<<2>>
Por favor, siga o tutorial no link abaixo:
#### Como usar o ComboFix ####
Sugiro que imprima as instruções abaixo pois não poderá lê-las enquanto utiliza a ferramenta.
>
NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
-
De forma alguma saia do ComboFix usando o "X" do programa. Caso queira sair, tecle "N".
segue os logs
Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3877
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/9/2010 13:49:27
mbam-log-2010-09-01 (13-49-27).txt
Tipo de Verificação: Completa (A:\|C:\|D:\|)
Objetos verificados: 234380
Tempo decorrido: 1 hour(s), 58 minute(s), 47 second(s)
Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 0
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 1
Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)
Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)
Chaves do Registro infectadas:
(Nenhum ítem malicioso foi detectado)
Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)
Pastas infectadas:
(Nenhum ítem malicioso foi detectado)
Arquivos infectados:
C:\Arquivos de programas\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully.
2°LOG
ComboFix 10-09-01.02 - Dih 01/09/2010 14:21:51.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1046.18.511.267 [GMT -3:00]
Executando de: c:\documents and settings\Dih\Desktop\ComboFix.exe
AV: Microsoft Security Essentials On-access scanning disabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dih\Dados de aplicativos\PriceGong
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\mru.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\z.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\1.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\a.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\b.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\c.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\d.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\e.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\f.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\g.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\h.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\i.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\J.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\k.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\l.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\m.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\n.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\o.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\p.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\q.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\r.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\s.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\t.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\u.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\v.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\w.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\x.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\y.xml
c:\documents and settings\oscar\Dados de aplicativos\PriceGong\Data\z.xml
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))
.
2010-08-30 14:58 . 2010-08-30 15:06 -------- dc----w- c:\arquivos de programas\Ad-Remover
2010-08-28 15:59 . 2010-08-28 15:59 -------- dcsh--w- c:\documents and settings\ramom\Phone Browser
2010-08-26 21:13 . 2010-08-30 15:43 -------- dc----w- C:\Lop SD
2010-08-21 14:38 . 2008-04-14 03:20 8192 -c--a-w- c:\windows\system32\wshirda.dll
2010-08-21 14:38 . 2008-04-14 03:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-21 14:38 . 2008-04-14 03:20 28672 -c--a-w- c:\windows\system32\irmon.dll
2010-08-21 14:38 . 2008-04-14 03:20 28672 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-08-21 14:38 . 2008-04-14 03:21 152576 -c--a-w- c:\windows\system32\irftp.exe
2010-08-21 14:38 . 2008-04-14 03:21 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-08-20 13:58 . 2010-08-20 13:59 388608 -c--a-w- C:\HiJackThis.exe
2010-08-16 18:34 . 2001-09-06 02:50 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2010-08-16 18:34 . 2008-04-14 03:20 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2010-08-12 20:43 . 2010-08-12 20:43 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\Malwarebytes
2010-08-10 19:41 . 2010-08-04 15:05 1029120 -c--a-w- c:\windows\system32\flash102flv.dll
2010-08-04 20:19 . 2010-09-01 17:13 138 -c--a-w- c:\windows\system32\locale.dat
2010-08-04 14:54 . 2010-09-01 14:34 -------- dc----w- c:\arquivos de programas\CyberScript32
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 20:42 . 2001-10-28 18:07 79022 ----a-w- c:\windows\system32\perfc016.dat
2010-08-31 20:42 . 2001-10-28 18:07 468108 ----a-w- c:\windows\system32\perfh016.dat
2010-08-21 11:58 . 2010-02-13 16:39 -------- dc----w- c:\arquivos de programas\Messenger_Plus_Live_Portuguese
2010-07-27 23:11 . 2010-05-08 20:51 -------- dc----w- c:\arquivos de programas\MAX_BR
2010-07-27 23:11 . 2010-03-28 17:11 -------- dc----w- c:\arquivos de programas\Softonic_Brasil
2010-07-23 22:10 . 2010-05-29 17:45 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\PC Suite
2010-07-22 16:30 . 2010-07-22 14:57 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\Skype
2010-07-22 15:38 . 2010-07-22 15:38 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\Auslogics
2010-07-22 15:09 . 2010-07-22 15:09 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\skypePM
2010-07-21 19:42 . 2010-04-05 02:13 -------- dc----w- c:\arquivos de programas\WinnersGames
2010-07-21 13:40 . 2010-07-21 13:40 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\Malwarebytes
2010-07-17 16:59 . 2010-07-13 13:59 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\PC Suite
2010-07-10 02:11 . 2010-05-29 17:45 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2010-07-05 15:04 . 2010-07-05 15:04 -------- dc----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\Application Updater
2010-07-05 14:59 . 2010-07-05 14:58 -------- dc----w- c:\arquivos de programas\Free Audio Pack
2010-06-30 12:32 . 2004-08-04 03:45 149504 -c--a-w- c:\windows\system32\schannel.dll
2010-06-24 12:24 . 2004-08-04 03:45 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 03:38 1852032 -c--a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 02:14 354304 -c--a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 03:45 80384 -c--a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-01-16 21:19 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-04 03:45 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2010-01-30 03:27 . 2010-01-17 02:11 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . CB6BBDCCC9F7984E2CA6CA5842746635 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . E64296F1D45C776FAC6EE8F89EF3C303 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 03:45 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 424919C0378FD828E0FE4683B480BE9B . 1028096 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2010-06-24 . BFD26DB90A37C2B79EBA3F0FCB36B5CF . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 3E34A8371BF952433A4D645CAA15B1F8 . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll
[-] 2010-06-24 . 3E34A8371BF952433A4D645CAA15B1F8 . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 6D179FBB1B42A3C33955652D3A38BFDF . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-22 . A4FCA9BAA4659222874AB4C130E9C56D . 3084800 . . [6.00.2900.3660] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2009-12-22 . A4FCA9BAA4659222874AB4C130E9C56D . 3084800 . . [6.00.2900.3660] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-12-22 . 0EEFCAFFE3216936538D250E280BA9BB . 3092480 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[-] 2009-12-22 . 9CEF5BDCA08EF0E1EDBE554DD42EA78A . 3092480 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[-] 2009-12-22 . 9CEF5BDCA08EF0E1EDBE554DD42EA78A . 3092480 . . [6.00.2900.5921] . . c:\windows\ie8\mshtml.dll
[-] 2009-12-22 . 876465CA0016F14EDB3CBC9BCE9212E1 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[-] 2009-12-21 . B5A5C997C2F926C40CCC64A3BD377D4B . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . AAD700DEA94EE6E56E591C351111941A . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll
[-] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\$NtUninstallKB978207$\mshtml.dll
[-] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 894ED07C32A34C94D2D152091C2C666B . 3084288 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207_0$\mshtml.dll
[-] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[-] 2009-10-29 . 7E6CF52059A20F624607F65F4EEAC7CB . 3091968 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB976325_0$\mshtml.dll
[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 4E6A46B3168F5A5AABD76A9A0FFE0571 . 2150400 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 46CBD078D6273AAC9BB98F7A964B007F . 2150400 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 2F96B731F201031071DDE5EEE414B24C . 2149376 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 89733862C3CE777D821253A842C36291 . 2149376 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 23BB94AD11225E8AE43015CF857FD4BA . 2190208 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . ABE4DD1C48487AD0C2DEFB972549CBAB . 2140160 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-04 . ABE4DD1C48487AD0C2DEFB972549CBAB . 2140160 . . [5.1.2600.3610] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AF8A3B4150C87E692E5CD27836BFA83D . 2190336 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-09 . 7F92E99C2FCC721DE2B8A3B6A6BC4FFF . 2149376 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2010-06-24 . 119AC859ABDA997E87CD30E10145B1AD . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 1F337249AE3EF62110CEED8A0425E7C7 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll
[-] 2010-06-24 . 1F337249AE3EF62110CEED8A0425E7C7 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . 326CDF2109D669998922946D6B490836 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . D8E3E2FD8928B2BD8BEB2518C2E45ED1 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-22 . F4D30BAB1887DF1A51BE1ADA1144E258 . 664064 . . [6.00.2900.3660] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2009-12-22 . F4D30BAB1887DF1A51BE1ADA1144E258 . 664064 . . [6.00.2900.3660] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-12-22 . 7C71CB1573D17542DDC37C6D7B623AA1 . 670720 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
[-] 2009-12-22 . 48447E9A4417F21933C1A2C2CCC37E4E . 669184 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
[-] 2009-12-22 . 48447E9A4417F21933C1A2C2CCC37E4E . 669184 . . [6.00.2900.5921] . . c:\windows\ie8\wininet.dll
[-] 2009-12-22 . 596C8203A6EA00FD970436984A6539B4 . 670720 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[-] 2009-12-21 . 79805286A6D381A658A1871F6B3588B9 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 11162780821A0531D39E675A662D766F . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 33F66E223793072231CED7FA3C02F877 . 664064 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207_0$\wininet.dll
[-] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\$NtUninstallKB978207$\wininet.dll
[-] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-10-29 . 55F5CB6F5FB06679097F1DA144245CD5 . 670720 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB976325_0$\wininet.dll
[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2004-08-04 . C44792D0F3070F7959E4DC4F49380595 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 00:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 00:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2001-10-28 18:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2001-10-28 18:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . CAE51873B94D3C2CF6FCB555A042B9DF . 2028544 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 4CC872935CC85068DF50923A0DF53FC3 . 2028544 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FC563DD4043C14C9B91D9CC0D1186FB1 . 2028032 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 90AFCA87DE42E75E4C0D5FC660006F5C . 2028032 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 5B655CC36552CF102F75A4422F7A9A00 . 2067200 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 768C3ACBAF109B2D498B682473CABD54 . 2019840 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-04 . 768C3ACBAF109B2D498B682473CABD54 . 2019840 . . [5.1.2600.3610] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 9CFC9992BF7C7AFE6FF7E5DE76D74A5F . 2067200 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . 09C6501998773C0D0A1D7AA7B2B0CE66 . 2028032 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 03:45 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
2010-07-27 23:23 2734688 -c--a-w- c:\arquivos de programas\Softonic_Brasil\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b46b614e-44c7-4448-ac14-9ab9f7740d64}]
2010-05-27 14:13 2515552 -c--a-w- c:\arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3A5CD1D-2A58-4A37-8C42-B64B4E2D5D6E}]
2010-08-04 15:05 1029120 -c--a-w- c:\windows\system32\flash102flv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]
2010-07-27 23:23 2734688 -c--a-w- c:\arquivos de programas\MAX_BR\tbMAX0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b46b614e-44c7-4448-ac14-9ab9f7740d64}"= "c:\arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll" [2010-05-27 2515552]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-07-27 2734688]
"{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}"= "c:\arquivos de programas\MAX_BR\tbMAX0.dll" [2010-07-27 2734688]
[HKEY_CLASSES_ROOT\clsid\{b46b614e-44c7-4448-ac14-9ab9f7740d64}]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B46B614E-44C7-4448-AC14-9AB9F7740D64}"= "c:\arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll" [2010-05-27 2515552]
"{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}"= "c:\arquivos de programas\MAX_BR\tbMAX0.dll" [2010-07-27 2734688]
"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-07-27 2734688]
[HKEY_CLASSES_ROOT\clsid\{b46b614e-44c7-4448-ac14-9ab9f7740d64}]
[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:21 110592 -c--a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:20 15360 -c--a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 19:09 20480 -c--a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-17 03:09 135664 -c--atw- c:\documents and settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 17:21 61952 -c----w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-14 02:06 1397760 ------w- c:\arquivos de programas\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-17 02:40 557056 ----a-w- c:\arquivos de programas\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-05-18 07:57 188416 -c----w- c:\arquivos de programas\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 19:44 3883840 -c--a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 17:53 1093208 -c--a-w- c:\arquivos de programas\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 12:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 13:57 1451520 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 22:24 32768 ----a-w- c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-09-28 19:32 344064 -c----w- c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 09:11 925696 ----a-w- c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 17:21 246504 -c--a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-05-12 14:19 270336 -c--a-w- c:\windows\tsnp2std.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\PhotoScape\\PhotoScape.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Arquivos de programas\\Windows Media Player\\wmdbexport.exe"=
"c:\\WINDOWS\\system32\\HDAShCut.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\getodd.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\GetODDModel.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\getadmin.exe"=
"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=
"c:\\Arquivos de programas\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\fwupdate.exe"=
"c:\\oscar\\wlsetup-custom.exe"=
"c:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"=
"c:\\Arquivos de programas\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\Buyer.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Arquivos de programas\\ltmoh\\Ltmoh.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\Smax4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\oscar\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [9/6/2002 23:09 31232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31/5/2010 23:25 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31/5/2010 23:25 8320]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-09-01 c:\windows\Tasks\OGALogon.job
2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{4149C9B5-B8C4-4522-8252-6D3A5332BB93}.job
2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{7591141C-7460-4C2F-8949-CAF1DAD084F0}.job
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {229BCC09-E9B9-4C62-A762-04A24156DA2A} = 200.165.132.148 200.165.132.155
FF - ProfilePath - c:\documents and settings\Dih\Dados de aplicativos\Mozilla\Firefox\Profiles\piywsds7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 14:31
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.%Û<%]
@="+Û+_auto_file"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\open]
@="A&brir"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\open\command]
@="c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe /Open \"%L\""
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\play]
@="&Executar"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\play\command]
@="c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\arquivos de programas\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\arquivos de programas\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\arquivos de programas\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_por-br.nlr
c:\arquivos de programas\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Microsoft Security Essentials\MsMpEng.exe
c:\arquivos de programas\Ahead\InCD\InCDsrv.exe
c:\arquivos de programas\Java\jre6\bin\jqs.exe
c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-09-01 14:37:42 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-09-01 17:37
Pré-execução: 19 pasta(s) 49.248.120.832 bytes disponíveis
Pós execução: 21 pasta(s) 49.802.432.512 bytes disponíveis
ah lembrando que mesmu com issu
meu problema continua..
aguardo mais instruçoes
Olá!
Por favor execute novamente o ComboFix.
logo do comboFix
ComboFix 10-09-01.02 - Dih 06/09/2010 11:37:11.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.1046.18.511.221 [GMT -3:00]
Executando de: c:\documents and settings\Dih\Desktop\ComboFix.exe
AV: Microsoft Security Essentials On-access scanning disabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dih\Dados de aplicativos\PriceGong
c:\documents and settings\Dih\Dados de aplicativos\PriceGong\Data\mru.xml
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))
.
2010-09-03 20:42 . 2010-09-03 20:42 -------- dc----w- c:\arquivos de programas\Arquivos comuns\MainConcept
2010-09-03 20:41 . 2010-09-03 20:46 -------- dc----w- c:\documents and settings\ramom\.SimpleCenter
2010-09-03 20:40 . 2010-09-03 20:40 -------- dc----w- c:\arquivos de programas\Arquivos comuns\i4j_jres
2010-09-03 20:39 . 2010-09-03 20:41 -------- dc----w- c:\arquivos de programas\SimpleCenter
2010-08-30 14:58 . 2010-08-30 15:06 -------- dc----w- c:\arquivos de programas\Ad-Remover
2010-08-28 15:59 . 2010-08-28 15:59 -------- dcsh--w- c:\documents and settings\ramom\Phone Browser
2010-08-26 21:13 . 2010-08-30 15:43 -------- dc----w- C:\Lop SD
2010-08-21 14:38 . 2008-04-14 03:20 8192 -c--a-w- c:\windows\system32\wshirda.dll
2010-08-21 14:38 . 2008-04-14 03:20 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-21 14:38 . 2008-04-14 03:20 28672 -c--a-w- c:\windows\system32\irmon.dll
2010-08-21 14:38 . 2008-04-14 03:20 28672 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-08-21 14:38 . 2008-04-14 03:21 152576 -c--a-w- c:\windows\system32\irftp.exe
2010-08-21 14:38 . 2008-04-14 03:21 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-08-20 13:58 . 2010-08-20 13:59 388608 -c--a-w- C:\HiJackThis.exe
2010-08-16 18:34 . 2001-09-06 02:50 5632 -c--a-w- c:\windows\system32\ptpusb.dll
2010-08-16 18:34 . 2008-04-14 03:20 159232 -c--a-w- c:\windows\system32\ptpusd.dll
2010-08-12 20:43 . 2010-08-12 20:43 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\Malwarebytes
2010-08-10 19:41 . 2010-09-02 04:10 1029632 -c--a-w- c:\windows\system32\flash102flv.dll
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 14:19 . 2010-08-04 14:54 -------- dc----w- c:\arquivos de programas\CyberScript32
2010-09-03 20:48 . 2010-05-29 17:34 -------- dc----w- c:\arquivos de programas\Nokia
2010-09-02 04:34 . 2010-08-04 20:19 138 -c--a-w- c:\windows\system32\locale.dat
2010-08-31 20:42 . 2001-10-28 18:07 79022 ----a-w- c:\windows\system32\perfc016.dat
2010-08-31 20:42 . 2001-10-28 18:07 468108 ----a-w- c:\windows\system32\perfh016.dat
2010-08-21 11:58 . 2010-02-13 16:39 -------- dc----w- c:\arquivos de programas\Messenger_Plus_Live_Portuguese
2010-07-27 23:11 . 2010-05-08 20:51 -------- dc----w- c:\arquivos de programas\MAX_BR
2010-07-27 23:11 . 2010-03-28 17:11 -------- dc----w- c:\arquivos de programas\Softonic_Brasil
2010-07-23 22:10 . 2010-05-29 17:45 -------- dc----w- c:\documents and settings\ramom\Dados de aplicativos\PC Suite
2010-07-22 16:30 . 2010-07-22 14:57 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\Skype
2010-07-22 15:38 . 2010-07-22 15:38 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\Auslogics
2010-07-22 15:09 . 2010-07-22 15:09 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\skypePM
2010-07-21 19:42 . 2010-04-05 02:13 -------- dc----w- c:\arquivos de programas\WinnersGames
2010-07-21 13:40 . 2010-07-21 13:40 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\Malwarebytes
2010-07-17 16:59 . 2010-07-13 13:59 -------- dc----w- c:\documents and settings\Dih\Dados de aplicativos\PC Suite
2010-07-10 02:11 . 2010-05-29 17:45 -------- dc----w- c:\documents and settings\All Users\Dados de aplicativos\PC Suite
2010-06-30 12:32 . 2004-08-04 03:45 149504 -c--a-w- c:\windows\system32\schannel.dll
2010-06-24 12:24 . 2004-08-04 03:45 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 03:38 1852032 -c--a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 02:14 354304 -c--a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 03:45 80384 -c--a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-01-16 21:19 744448 -c--a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-04 03:45 1172480 -c--a-w- c:\windows\system32\msxml3.dll
2010-01-30 03:27 . 2010-01-17 02:11 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\browser.dll
[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netman.dll
[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . CB6BBDCCC9F7984E2CA6CA5842746635 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-09 . E64296F1D45C776FAC6EE8F89EF3C303 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2004-08-04 03:45 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 424919C0378FD828E0FE4683B480BE9B . 1028096 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2010-06-24 . BFD26DB90A37C2B79EBA3F0FCB36B5CF . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 3E34A8371BF952433A4D645CAA15B1F8 . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll
[-] 2010-06-24 . 3E34A8371BF952433A4D645CAA15B1F8 . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-05-06 . 20800D7145CF4E247775458B404FD44A . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . AA1410ABF16D5F3655569927075CEF05 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 23099BB44DA6A7D80B15FF4F7C51877D . 5944832 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2010-02-25 . 6D179FBB1B42A3C33955652D3A38BFDF . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-22 . A4FCA9BAA4659222874AB4C130E9C56D . 3084800 . . [6.00.2900.3660] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2009-12-22 . A4FCA9BAA4659222874AB4C130E9C56D . 3084800 . . [6.00.2900.3660] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-12-22 . 0EEFCAFFE3216936538D250E280BA9BB . 3092480 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[-] 2009-12-22 . 9CEF5BDCA08EF0E1EDBE554DD42EA78A . 3092480 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[-] 2009-12-22 . 9CEF5BDCA08EF0E1EDBE554DD42EA78A . 3092480 . . [6.00.2900.5921] . . c:\windows\ie8\mshtml.dll
[-] 2009-12-22 . 876465CA0016F14EDB3CBC9BCE9212E1 . 3094528 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[-] 2009-12-21 . B5A5C997C2F926C40CCC64A3BD377D4B . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\mshtml.dll
[-] 2009-12-21 . AAD700DEA94EE6E56E591C351111941A . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll
[-] 2009-10-29 . 0400A0005968E08910288E8C83350C53 . 3091968 . . [6.00.2900.5897] . . c:\windows\$NtUninstallKB978207$\mshtml.dll
[-] 2009-10-29 . 58A17D0C94F23CD59346720B0C374A90 . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[-] 2009-10-29 . 80F9322FBC4BBBC3A0DB6E9B3C953C60 . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . 894ED07C32A34C94D2D152091C2C666B . 3084288 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207_0$\mshtml.dll
[-] 2009-10-29 . 83C85ADB961232DA44A36314B7AC0F2F . 3094016 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[-] 2009-10-29 . 7E6CF52059A20F624607F65F4EEAC7CB . 3091968 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[-] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\mshtml.dll
[-] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB976325_0$\mshtml.dll
[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 4E6A46B3168F5A5AABD76A9A0FFE0571 . 2150400 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-02-16 . 46CBD078D6273AAC9BB98F7A964B007F . 2150400 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 2F96B731F201031071DDE5EEE414B24C . 2149376 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[-] 2009-08-04 . 89733862C3CE777D821253A842C36291 . 2149376 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-08-04 . 23BB94AD11225E8AE43015CF857FD4BA . 2190208 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe
[-] 2009-08-04 . ABE4DD1C48487AD0C2DEFB972549CBAB . 2140160 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2009-08-04 . ABE4DD1C48487AD0C2DEFB972549CBAB . 2140160 . . [5.1.2600.3610] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . AF8A3B4150C87E692E5CD27836BFA83D . 2190336 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-09 . 7F92E99C2FCC721DE2B8A3B6A6BC4FFF . 2149376 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486_0$\ntoskrnl.exe
[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\user32.dll
[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2010-06-24 . 119AC859ABDA997E87CD30E10145B1AD . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 1F337249AE3EF62110CEED8A0425E7C7 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll
[-] 2010-06-24 . 1F337249AE3EF62110CEED8A0425E7C7 . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-05-06 . 2B050AA55BEB6F3D5BF29FD7D3893A4E . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . 326CDF2109D669998922946D6B490836 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . E5CC74D62E06066451D59248CBFBAED0 . 916480 . . [8.00.6001.18904] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2010-02-25 . D8E3E2FD8928B2BD8BEB2518C2E45ED1 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-22 . F4D30BAB1887DF1A51BE1ADA1144E258 . 664064 . . [6.00.2900.3660] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[-] 2009-12-22 . F4D30BAB1887DF1A51BE1ADA1144E258 . 664064 . . [6.00.2900.3660] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-12-22 . 7C71CB1573D17542DDC37C6D7B623AA1 . 670720 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\wininet.dll
[-] 2009-12-22 . 48447E9A4417F21933C1A2C2CCC37E4E . 669184 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\wininet.dll
[-] 2009-12-22 . 48447E9A4417F21933C1A2C2CCC37E4E . 669184 . . [6.00.2900.5921] . . c:\windows\ie8\wininet.dll
[-] 2009-12-22 . 596C8203A6EA00FD970436984A6539B4 . 670720 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\wininet.dll
[-] 2009-12-21 . 79805286A6D381A658A1871F6B3588B9 . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB980182-IE8\wininet.dll
[-] 2009-12-21 . 11162780821A0531D39E675A662D766F . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 191FFB2798E4DB25F04C2E71C9595A85 . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[-] 2009-10-29 . E30B8F0D3BFAF4B403C57F05242AEF74 . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 33F66E223793072231CED7FA3C02F877 . 664064 . . [6.00.2900.3640] . . c:\windows\$NtUninstallKB978207_0$\wininet.dll
[-] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-10-29 . 4415FF5D7386D49186AD9174EBA0A760 . 669184 . . [6.00.2900.5897] . . c:\windows\$NtUninstallKB978207$\wininet.dll
[-] 2009-10-29 . 892AB77C3FA3A5B64EAFEFFB45661963 . 670720 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-10-29 . 55F5CB6F5FB06679097F1DA144245CD5 . 670720 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[-] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB976325$\wininet.dll
[-] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB976325_0$\wininet.dll
[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2004-08-04 . C44792D0F3070F7959E4DC4F49380595 . 1281024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 00:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 00:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2001-10-28 18:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2001-10-28 18:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll
[-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-04-28 . CAE51873B94D3C2CF6FCB555A042B9DF . 2028544 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 4CC872935CC85068DF50923A0DF53FC3 . 2028544 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . FC563DD4043C14C9B91D9CC0D1186FB1 . 2028032 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe
[-] 2009-08-04 . 90AFCA87DE42E75E4C0D5FC660006F5C . 2028032 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-08-04 . 5B655CC36552CF102F75A4422F7A9A00 . 2067200 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe
[-] 2009-08-04 . 768C3ACBAF109B2D498B682473CABD54 . 2019840 . . [5.1.2600.3610] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2009-08-04 . 768C3ACBAF109B2D498B682473CABD54 . 2019840 . . [5.1.2600.3610] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 9CFC9992BF7C7AFE6FF7E5DE76D74A5F . 2067200 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . 09C6501998773C0D0A1D7AA7B2B0CE66 . 2028032 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB971486_0$\ntkrnlpa.exe
[-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
[-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-04 03:45 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
2010-07-27 23:23 2734688 -c--a-w- c:\arquivos de programas\Softonic_Brasil\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b46b614e-44c7-4448-ac14-9ab9f7740d64}]
2010-05-27 14:13 2515552 -c--a-w- c:\arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3A5CD1D-2A58-4A37-8C42-B64B4E2D5D6E}]
2010-09-02 04:10 1029632 -c--a-w- c:\windows\system32\flash102flv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]
2010-07-27 23:23 2734688 -c--a-w- c:\arquivos de programas\MAX_BR\tbMAX0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b46b614e-44c7-4448-ac14-9ab9f7740d64}"= "c:\arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll" [2010-05-27 2515552]
"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-07-27 2734688]
"{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}"= "c:\arquivos de programas\MAX_BR\tbMAX0.dll" [2010-07-27 2734688]
[HKEY_CLASSES_ROOT\clsid\{b46b614e-44c7-4448-ac14-9ab9f7740d64}]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B46B614E-44C7-4448-AC14-9AB9F7740D64}"= "c:\arquivos de programas\Messenger_Plus_Live_Portuguese\tbMes1.dll" [2010-05-27 2515552]
"{FE379C63-1156-4C8C-8DBB-F823D3EA4B37}"= "c:\arquivos de programas\MAX_BR\tbMAX0.dll" [2010-07-27 2734688]
"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Brasil\tbSof0.dll" [2010-07-27 2734688]
[HKEY_CLASSES_ROOT\clsid\{b46b614e-44c7-4448-ac14-9ab9f7740d64}]
[HKEY_CLASSES_ROOT\clsid\{fe379c63-1156-4c8c-8dbb-f823d3ea4b37}]
[HKEY_CLASSES_ROOT\clsid\{12fc3d37-2a42-4fe3-8489-81296878cba5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sclauncher"="c:\arquivos de programas\SimpleCenter\bin\win\sclauncher.exe" [2007-10-11 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:21 110592 -c--a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:20 15360 -c--a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-07-11 19:09 20480 -c--a-w- c:\windows\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-17 03:09 135664 -c--atw- c:\documents and settings\ramom\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 17:21 61952 -c----w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-03-14 02:06 1397760 ------w- c:\arquivos de programas\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-17 02:40 557056 ----a-w- c:\arquivos de programas\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
2005-05-18 07:57 188416 -c----w- c:\arquivos de programas\ltmoh\ltmoh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 19:44 3883840 -c--a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 17:53 1093208 -c--a-w- c:\arquivos de programas\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 12:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 13:57 1451520 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 22:24 32768 ----a-w- c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-09-28 19:32 344064 -c----w- c:\windows\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 09:11 925696 ----a-w- c:\arquivos de programas\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 17:21 246504 -c--a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-05-12 14:19 270336 -c--a-w- c:\windows\tsnp2std.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Arquivos de programas\\PhotoScape\\PhotoScape.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Arquivos de programas\\Windows Media Player\\wmdbexport.exe"=
"c:\\WINDOWS\\system32\\HDAShCut.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\getodd.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\GetODDModel.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Documents and Settings\\ramom\\Configurações locais\\Dados de aplicativos\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\getadmin.exe"=
"c:\\Arquivos de programas\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe"=
"c:\\Arquivos de programas\\Analog Devices\\Core\\smax4pnp.exe"=
"c:\\Arquivos de programas\\CyberScript32\\CyberScript.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\fwupdate.exe"=
"c:\\oscar\\wlsetup-custom.exe"=
"c:\\Arquivos de programas\\Ahead\\InCD\\InCD.exe"=
"c:\\Arquivos de programas\\Windows Live\\Contacts\\wlcomm.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Arquivos de programas\\lg_fwupdate\\Buyer.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Arquivos de programas\\ltmoh\\Ltmoh.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Arquivos de programas\\Analog Devices\\SoundMAX\\Smax4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\oscar\\eMule\\emule.exe"=
"c:\\Arquivos de programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Arquivos de programas\\SimpleCenter\\Home Media Server.exe"=
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [9/6/2002 23:09 31232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [31/5/2010 23:25 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [31/5/2010 23:25 8320]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-09-06 c:\windows\Tasks\MP Scheduled Scan.job
2010-09-06 c:\windows\Tasks\OGALogon.job
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{4149C9B5-B8C4-4522-8252-6D3A5332BB93}.job
2010-09-06 c:\windows\Tasks\User_Feed_Synchronization-{7591141C-7460-4C2F-8949-CAF1DAD084F0}.job
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MI1933~1\Office10\EXCEL.EXE/3000
TCP: {229BCC09-E9B9-4C62-A762-04A24156DA2A} = 200.165.132.148 200.165.132.155
FF - ProfilePath - c:\documents and settings\Dih\Dados de aplicativos\Mozilla\Firefox\Profiles\piywsds7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com
FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 11:44
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.%Û<%]
@="+Û+_auto_file"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell]
@="open"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\open]
@="A&brir"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\open\command]
@="c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe /Open \"%L\""
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\play]
@="&Executar"
[HKEY_LOCAL_MACHINE\software\Classes\%Û<%_auto_file*\shell\play\command]
@="c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe /Play \"%L\""
.
Tempo para conclusão: 2010-09-06 11:51:17
ComboFix-quarantined-files.txt 2010-09-06 14:51
ComboFix2.txt 2010-09-01 17:37
Pré-execução: 20 pasta(s) 48.982.036.480 bytes disponíveis
Pós execução: 21 pasta(s) 49.119.932.416 bytes disponíveis
Mesmu com essa 2° vez que execultei o combofix ainda continua
meu problema os dizeres sao os seguintes:
Conexão reiniciada
A conexão para o servidor foi reiniciada durante o carregamento da página.
* Este site pode estar temporariamente fora do ar ou sobrecarregado. Tente de novo em alguns instantes.
* Se você não consegue carregar nenhuma página, verifique a conexão de rede do computador.
* Se o seu computador ou rede forem protegidos por um firewall ou proxy, certifique-se de que o Firefox esteja autorizado a acessar a web.
E é só esse site que faz issu.aguardo mais instruçoes.
Olá, Ragde!
Dando um feedback ao Lord Evil enquanto ele resolve uns Pro!, depois ele dará continuidade no caso!
Vamos tentar resolver o problema inicial, Ok?
1º
*Clique em [iniciar] > [Executar] > digite: Combofix /uninstall
*Clique [OK]
/applications/core/interface/imageproxy/imageproxy.php?img=http://h.imagehost.org/0248/92674490.jpg&key=d7625160bdb4f34fddfbe12b72891b63b90fddb13f504a329efcb0a689cdc439" alt="92674490.jpg" />
*Clique em [Executar]
*Aguarde até surgir a mensagem: "ComboFix está desinstalado"
*Clique [OK]
2º
*Baixe o ATF'>http://www.atribune.org/ccount/click.php?id=1"]ATF Cleaner e salve-o no desktop
*Duplo clique em ATF-Cleaner
*Selecione: [] Select All
*Clique em [Empty Selected]
=>Caso use Firefox ou Opera:
*Clique na aba "Firefox" ou em "Opera"
*Selecione: [] Select All
*Clique em [sim] > [Empty Selected] > [sim]
*Clique em [Exit] ou no [X] para sair do programa
->OK
3º
*Baixe e instale o CCleaner'>http://www.piriform.com/ccleaner/download/slim/downloadfile"]CCleaner
*Abra o programa e na aba "Windows", desça até a opção "Avançado" e selecione "Dados Prefetch antigos"
*Clique em [Executar Limpeza]
*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]
->Teve muitos erros mais corrigiu todos
* Por gentileza, use regularmente o ATFCleaner e o CCleaner para manter o PC em ordem.
Informe-nos se resolveu o problema!
No aguardo!
Infelismente o mesmu problema continua e as vezes
quando desligo minha maquina e ligo no dia seguinte
o meu mozilla firefox nao esta sendo encontrado pelo
xul.dll ai tenhu de instalar de novo.
a pagina que tento entrar fala assim
Conexão reiniciada
A conexão para o servidor foi reiniciada durante o carregamento da página.
* Este site pode estar temporariamente fora do ar ou sobrecarregado. Tente de novo em alguns instantes.
* Se você não consegue carregar nenhuma página, verifique a conexão de rede do computador.
* Se o seu computador ou rede forem protegidos por um firewall ou proxy, certifique-se de que o Firefox esteja autorizado a acessar a web.
fiko no aguardo....
Ragde,
Geralmente quando da esse problema, é só limpar o cache do navegador.
Você realizaou o procedimento do ATFcleaner?
Tente limpar o cache do firefox...
Clique em Ferramentas e escolha a opção Limpar histórico recente. Na janela que segue, marque pelo menos as opções Cache e Cookies. Certifique-se de que Tudo está selecionado na parte superior da janela. Clique em Limpar agora.
/applications/core/interface/imageproxy/imageproxy.php?img=http://s.glbimg.com/jo/g1/f/original/2010/09/07/07-mozillaff-300.jpg&key=02edb0aae9e700226382c62fb7a330476b4c04e9c95aeceebef24ef68cb08556" alt="07-mozillaff-300.jpg" />
Depois posta o resultado aqui!
Para uma melhor organização no fórum e uma posśivel resolução do seu problema, o seu tópico foi dividido.
Tópico de Origem'>http://forum.imasters.com.br/index.php?/topic/405976-problema-com-navegador-eu-achu/"]Origem >> Tópico de Destino'>http://forum.imasters.com.br/index.php?/topic/410095-problema-com-o-navegador-firefox/"]Destino
Forte Abraço!
Bom galera nao sei quem foi mais excluiram,
meu antivirus Micrisolft Security Essentials
e deoiis dissu nao consigo instalar ele!
sempre da esse erro!0x80070643
alguem poderia me ajudar!
fikarei no aguardo!
Bom dia Ragde!
Desculpe a demora pela resposta...
Leia o tópico abaixo e veja se resolve o seu problema:
No aguardo!
Bom esse Topico nao pode me ajudar
pois meu pc é dividido em 3 usuarios
e mor esse motivo nao consegui executar
o Prompt de Comando no modulo de Adiministrador!
AQguardo mais instruçoes!
Olá!
Vou continuar e resolver seu problema a partir daqui.
Por favor, sendo um computador de três usuários, entre na conta de Administrador e execute o sugerido naquele tópico que o Felipe_88 passou.
Lembrando que como seu computador possui Windows XP, não é necessário clicar com o botão direito e depois em "Executar como Administrador". Pode já executar direto com um clique ;D
Abraços :D
Tópico Arquivado
Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.
Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.
Olá!
Por favor, seguindo a regra 2 deste fórum, desinstale o HijackThis 2.0.2 no Adicionar ou Remover Programas do Painel de Controle e, somente após isso, instale a versão 2.0.4
Poste o log da versão 2.0.4.
Regra nº 2
Abraços :D