[Arquivado]Tasker.exe O que é?

[loi 0]

Bom, eu sou novo aqui então paciência ^^O que ocorre é o seguinte, já 2 vezes que estou jogando warcraft III e me aparece 1 mensagem de que o tasker.exe sofreu erro no aplicativo. Então puto da vida, coloquei no google a palavrinha "tasker.exe" e graças a Deus me apareceu esse fórum. Vamos ao que interessa, eis o log:Logfile of HijackThis v1.99.1Scan saved at 06:31:27, on 1/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeC:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\WinLogT.exeC:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exeC:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeC:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exeC:\Arquivos de programas\Last.fm\LastFMHelper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\winmds.exeC:\WINDOWS\system32\msiexec.exeC:\WINDOWS\system32\svchost.exeC:\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exePor favor, uma resposta pro meu problema ^^

[DigRam 144]

Boa Noite loi!

 

>@< Faça o download do ComboFix.

>@< Baixe-o para o Desktop!

>@< Feche todas as janelas e execute a ferramenta!

>@< Para quem possui o Avast,surgirá um alerta de malware ( Win32 D adobra-EY[Trj] ),que deverá ser ignorado.

>@< Abrirá a janela Auto Scan. Aguarde!

>@< Digite a opção para continuar < Enter >

>@< Aguarde a conclusão!

>@< Poste o relatório: C:\ComboFix.txt,na sua resposta + Log do HJT,atualizado.

 

Abraços!

[loi 0]

2007-08-17 19:46 <DIR> d-------- C:\Arquivos de programas\1stbenison

2007-08-17 19:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Macrovision

2007-08-17 19:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Real

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-17 19:33 <DIR> d-------- C:\Arquivos de programas\eMule

2007-08-17 19:33 <DIR> d-------- C:\Arquivos de programas\Desliga o Computador

2007-08-17 19:32 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\teamspeak2

2007-08-17 19:32 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-08-17 19:31 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-17 19:30 <DIR> d-------- C:\c7bfc58581f458d6e9145b3a6b4d0bdd

2007-08-17 19:30 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-08-17 19:28 <DIR> d-------- C:\Arquivos de programas\NetLimiter

2007-08-17 19:27 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\LockTime

2007-08-17 19:26 <DIR> d-------- C:\Arquivos de programas\Ocean Technology

2007-08-17 19:22 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Lavasoft

2007-08-17 19:22 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-08-17 19:22 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2007-08-17 19:21 <DIR> d-------- C:\Arquivos de programas\Azureus

2007-08-17 19:20 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\GlobalSCAPE

2007-08-17 19:20 <DIR> d-------- C:\DOCUME~1\Loi\Contacts

2007-08-17 19:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-17 19:19 <DIR> d-------- C:\Arquivos de programas\Google

2007-08-17 19:19 <DIR> d-------- C:\Arquivos de programas\GlobalSCAPE

2007-08-17 19:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-17 19:18 <DIR> d-------- C:\Arquivos de programas\CyberScript32

2007-08-17 19:17 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Real

2007-08-17 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-09-01 19:09 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-09-01 07:27 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys

2007-08-27 04:18 --------- d-------- C:\Arquivos de programas\Ahead

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-24 17:31 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution

2007-07-07 23:33 504320 --a------ C:\WINDOWS\system32\winlogon.exe

2007-07-07 23:23 --------- d-------- C:\Arquivos de programas\microsoft frontpage

2007-07-07 23:19 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-07-07 20:09 --------- d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-07-07 20:09 --------- d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-03-11 13:27 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 C:\WINDOWS\system32\VTTimer.exe]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-02-20 13:08]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-08-17 19:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2006-06-06 12:38]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loi^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\Loi\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

"C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]

C:\Arquivos de programas\NetLimiter\NetLimiter.exe /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-09-02 04:33:58 C:\WINDOWS\Tasks\At25.job

2007-09-02 04:33:58 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At28.job

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At35.job

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At42.job

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At43.job

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-02 01:38:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-02 1:39:21

C:\ComboFix-quarantined-files.txt ... 2007-09-02 01:39

 

--- E O F ---

[loi 0]

Boa noite DigRam e obrigado pela predisposição em me ajudar ^^

 

Log atualizado do HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 01:53:30, on 2/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\WinLogT.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1B7A6F-B287-488E-A8BD-18CC21D4A96A}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[DigRam 144]

Bom Dia loi!

 

>@< O Log do ComboFix,saiu sem o cabeçalho...

____________________

 

>@< Faça o download do Avenger.

>@< Descompacte-o e crie uma pasta para o programa!Coloque esta pasta no Disco Local-C ou Desktop!

>@< Rode o programa e marque Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\WINDOWS\system32\winmds.exe

C:\WINDOWS\Tasks\At25.job

C:\WINDOWS\Tasks\At26.job

C:\WINDOWS\Tasks\At27.job

C:\WINDOWS\Tasks\At28.job

C:\WINDOWS\Tasks\At29.job

C:\WINDOWS\Tasks\At30.job

C:\WINDOWS\Tasks\At31.job

C:\WINDOWS\Tasks\At32.job

C:\WINDOWS\Tasks\At33.job

C:\WINDOWS\Tasks\At34.job

C:\WINDOWS\Tasks\At35.job

C:\WINDOWS\Tasks\At36.job

C:\WINDOWS\Tasks\At37.job

C:\WINDOWS\Tasks\At38.job

C:\WINDOWS\Tasks\At39.job

C:\WINDOWS\Tasks\At40.job

C:\WINDOWS\Tasks\At41.job

C:\WINDOWS\Tasks\At42.job

C:\WINDOWS\Tasks\At43.job

C:\WINDOWS\Tasks\At44.job

C:\WINDOWS\Tasks\At45.job

C:\WINDOWS\Tasks\At46.job

C:\WINDOWS\Tasks\At47.job

C:\WINDOWS\Tasks\At48.job

 

Folders to delete:

C:\c7bfc58581f458d6e9145b3a6b4d0bdd

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

_____________________

 

>@< Faça o download do FxMydoom.exe <!>

>@< Salve-o no Desktop!

>@< Desabilite a Restauração do Sistema.

>@< Com todos os programas fechados e o navegador,dê um duplo clique em FxMydoom.exe <!>

>@< Clique em Start. Aguarde!

>@< Terminando,reinicie o computador e,reabilite a Restauração do Sistema.

>@< Poste então: Avenger.txt + Relatório do FixMydoom + HJT,atualizado.

 

Abraços!

[loi 0]

DigRam, só por curiosidade... Esses programas eles fazem o quê? Eu gostaria de me informar também e quem sabe aprender um pouquinho, pra quem sabe futuramente poder ajudar alguém também. Tem algum lugar que eu possa ler algo a respeito? Obrigado pela atenção disponibilizada, mais uma vez ^^

 

 

AVENGER

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\hyauyabl

 

*******************

 

Script file located at: \??\C:\kcgtjpuu.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\winmds.exe deleted successfully.

File C:\WINDOWS\Tasks\At25.job deleted successfully.

File C:\WINDOWS\Tasks\At26.job deleted successfully.

File C:\WINDOWS\Tasks\At27.job deleted successfully.

File C:\WINDOWS\Tasks\At28.job deleted successfully.

File C:\WINDOWS\Tasks\At29.job deleted successfully.

File C:\WINDOWS\Tasks\At30.job deleted successfully.

File C:\WINDOWS\Tasks\At31.job deleted successfully.

File C:\WINDOWS\Tasks\At32.job deleted successfully.

File C:\WINDOWS\Tasks\At33.job deleted successfully.

File C:\WINDOWS\Tasks\At34.job deleted successfully.

File C:\WINDOWS\Tasks\At35.job deleted successfully.

File C:\WINDOWS\Tasks\At36.job deleted successfully.

File C:\WINDOWS\Tasks\At37.job deleted successfully.

File C:\WINDOWS\Tasks\At38.job deleted successfully.

File C:\WINDOWS\Tasks\At39.job deleted successfully.

File C:\WINDOWS\Tasks\At40.job deleted successfully.

File C:\WINDOWS\Tasks\At41.job deleted successfully.

File C:\WINDOWS\Tasks\At42.job deleted successfully.

File C:\WINDOWS\Tasks\At43.job deleted successfully.

File C:\WINDOWS\Tasks\At44.job deleted successfully.

File C:\WINDOWS\Tasks\At45.job deleted successfully.

File C:\WINDOWS\Tasks\At46.job deleted successfully.

File C:\WINDOWS\Tasks\At47.job deleted successfully.

File C:\WINDOWS\Tasks\At48.job deleted successfully.

Folder C:\c7bfc58581f458d6e9145b3a6b4d0bdd deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

[============================================================]

 

FXMYDOOM

 

Symantec W32.Novarg@mm/W32.Mydoom@mm Removal Tool 1.12.0

 

C:\System Volume Information: (not scanned)

D:\System Volume Information: (not scanned)

F:\System Volume Information: (not scanned)

W32.Novarg@mm/W32.Mydoom@mm has not been found on your computer.

[loi 0]

HijackThis

 

Logfile of HijackThis v1.99.1

Scan saved at 14:51:27, on 2/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[DigRam 144]

Bom Dia loi!

 

DigRam, só por curiosidade... Esses programas eles fazem o quê? Eu gostaria de me informar também e quem sabe aprender um pouquinho, pra quem sabe futuramente poder ajudar alguém também. Tem algum lugar que eu possa ler algo a respeito? Obrigado pela atenção disponibilizada, mais uma vez ^^

>@< Ao final,dos procedimentos,responderei às solicitações.

_____________________

 

>@< Faça um escaneamento OnLine,em: < Kaspersky >

>@< Poste o relatório,deste scan + HJT,atualizado.

 

Abraços!

[loi 0]

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, September 03, 2007 5:29:52 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 3/09/2007

Kaspersky Anti-Virus database records: 402818

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - Critical Areas:

C:\WINDOWS

C:\DOCUME~1\Loi\CONFIG~1\Temp\

 

Scan Statistics:

Total number of scanned objects: 13780

Number of viruses found: 1

Number of infected objects: 1

Number of suspicious objects: 0

Duration of the scan process: 00:09:58

 

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{12D7DC82-7A87-43E8-9CEC-D6A9B15DA622}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd8189.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_628.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\WinLogT.exe Infected: Trojan.Win32.Patched.af skipped

C:\DOCUME~1\Loi\CONFIG~1\Temp\~DF5979.tmp Object is locked skipped

 

Scan process completed.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 05:35:14, on 3/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[DigRam 144]

Bom Dia loi!

 

>@< Abra o Avenger e marque: Input script manually.

>@< Clique no ícone da lupa!

 

Files to delete:

C:\WINDOWS\WinLogT.exe

 

Registry values to replace with dummy:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WinLogT

>@< Na caixa que abrir,cole o que foi copiado na área do quote,logo àcima!

>@< Clique em Done.

>@< Clique no ícone do semáforo!

>@< Clique em Ok.

>@< O computador irá reiniciar!

____________________________

 

>@< Crie um ponto de restauração,antes de executar êstes procedimentos!

>@< Configure o Windows para que mostre: Ver todos os Arquivos,até os ocultos!

>@< Desabilite as proteções residentes de AntiVírus e AntiSpywares!

>@< Faça o download da EliStarA.

>@< Baixe-a para o Desktop!

>@< Faça o download do EliTriIP.

>@< Baixe-o para o Desktop!

>@< Ps: Ambas,as ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

>@< Selecione as ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da ferramenta escolhida!

>@< Faça o download do Clean.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável para o Desktop! ( Atalho. )

>@< O executável é um ícone denominado: clean.cmd

>@< Reinicie o computador e entre em Modo de Segurança.

>@< Execute,primeiro,a ferramenta: EliStartA.

>@< Vá ao seu ícone e execute-a!Mas,deixe desmarcada a caixa: Eliminar Ficheros Automaticamente.

>@< Selecione a(s) unidade(s) que será(ão) escaneada(s): C:\...no seu caso!

>@< Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois,pode demorar alguns minutos.

>@< Terminando,execute a ferramenta EliTriIP.

>@< O scan desta ferramenta é mais rápido!

>@< Terminando,execute o programa de limpeza profunda ( clean ) com um duplo clique no seu executável.

>@< Abrir-se-á um prompt com três opções: Escolha o hum ( 1 )!Função 'Recherche.'

>@< Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

>@< Aperte Enter,novamente!

>@< Surgirá um relatório ( rapport_clean ),que voçê deverá copiar e postar para análise.

____________________________

 

>@< Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + rapport_clean + Avenger.txt <!>

>@< Poste,também,um nôvo Log do HijackThis,na sua resposta.

>@< Ps: A ferramenta EliStarA,deletará (Opcional! ) a sua página inicial!Posteriormente,voçê à configurará novamente.

 

Abraços!

[loi 0]

Bom, fiz todos os procedimentos mas aconteceu algo estranho. O Avenger não mostrour relatório algum, ele chegou a abrir 1 bloco de notas mas sem nada. Tava totalmente vazio O_o

Bom, ae seguem os relatórios:

 

INFOSAT

 

Tue Sep 04 14:52:26 2007

EliStartPage v14.57 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

 

Tue Sep 04 14:53:13 2007

EliStartPage v14.57 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

Eliminadas las Paginas de Inicio y de Busqueda del IE

Eliminados Ficheros Temporales del IE

 

Tue Sep 04 14:54:30 2007

EliStartPage v14.57 ©2007 S.G.H. / Satinfo S.L.

--------------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\UPGRDHLP.EXE --> Eliminado, CyDoor

C:\Arquivos de programas\K-Lite Codec Pack\Real\Update_OB\UPGRDHLP.EXE --> Eliminado, CyDoor

C:\WINDOWS\NIRCMD.EXE --> Eliminado, Tool-NirCmd

C:\WINDOWS\system32\Tools\COUNTER.EXE --> Eliminado, Restart

C:\WINDOWS\system32\Tools\RESTART.EXE --> Eliminado, Restart

 

Tue Sep 04 15:11:02 2007

EliTriIP v3.83 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Acción Directa):

No detectado Parche MS06-001 de Microsoft instalado. (WMF)

 

Tue Sep 04 15:11:18 2007

EliTriIP v3.83 ©2007 S.G.H. / Satinfo S.L.

---------------------------------------------

Lista de Acciones (por Exploración):

Explorando Unidad C:\

 

 

E tipo, quando eu executei o ELISTARA.14092007 eu desmarquei a opção de eliminar ficheiros, mas toda vez que ele escaneava aparecia 1 pedido de Sim ou Não pra remover "infecciones". Eu apertava sim.

Segue 1 SS do ocorrido:

 

 

 

===========================================

 

Agora o relatório do Rapport Clean

 

ter 04/09/2007 a 15:14:21,89

 

*** Recherche C:

 

*** Recherche C:\WINDOWS\

 

*** Recherche C:\WINDOWS\system32

 

*** Recherche C:\Arquivos de programas

*** End of the report !

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:31:44, on 4/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Last.fm Helper.lnk = C:\Arquivos de programas\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1B7A6F-B287-488E-A8BD-18CC21D4A96A}: NameServer = 200.165.132.155 200.149.55.142

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

[DigRam 144]

Bom Dia loi!

 

E tipo, quando eu executei o ELISTARA.14092007 eu desmarquei a opção de eliminar ficheiros, mas toda vez que ele escaneava aparecia 1 pedido de Sim ou Não pra remover "infecciones". Eu apertava sim.

>@< Tudo Ok! Pois os ficheiros não eram legítimos.

Bom, fiz todos os procedimentos mas aconteceu algo estranho. O Avenger não mostrour relatório algum, ele chegou a abrir 1 bloco de notas mas sem nada. Tava totalmente vazio O_o

>@< Provavelmente,foi sobrescrito.

>@< Rode,novamente,o ComboFix e poste o relatório. ( ComboFix.txt )

________________________

 

>@< E as mensagens de erro...continuam?

 

>@< Faça o download do AutoRuns.

>@< Salve-o no Disco Local-C e descompacte-o aí mesmo,em uma pasta própria. < C:\Autoruns.exe >

>@< Dê um duplo clique em Autoruns.exe <!> Aguarde!

>@< No menu,Options, marque: Verify Code Signatures e Hide signed Microsoft Entries.

>@< Clique em File >> Refresh.

>@< Aguarde!E,ao terminar,clique em File >> Save as..

>@< Copie o relatório ( .txt ),para o Bloco de Notas,e cole na sua resposta.

 

Abraços!

[loi 0]

Bom, encontrei os logs do combofix. Só que foram 2.

Seguem os logs:

 

ComboFix 07-08-30.3 - "Loi" 2007-09-02 1:37:13.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1046.18.725 [GMT -3:00]

* Created a new restore point

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\234V7v2y.exe

C:\WINDOWS\Tasks.\At1.job

C:\WINDOWS\Tasks.\At10.job

C:\WINDOWS\Tasks.\At11.job

C:\WINDOWS\Tasks.\At12.job

C:\WINDOWS\Tasks.\At13.job

C:\WINDOWS\Tasks.\At14.job

C:\WINDOWS\Tasks.\At15.job

C:\WINDOWS\Tasks.\At16.job

C:\WINDOWS\Tasks.\At17.job

C:\WINDOWS\Tasks.\At18.job

C:\WINDOWS\Tasks.\At19.job

C:\WINDOWS\Tasks.\At2.job

C:\WINDOWS\Tasks.\At20.job

C:\WINDOWS\Tasks.\At21.job

C:\WINDOWS\Tasks.\At22.job

C:\WINDOWS\Tasks.\At23.job

C:\WINDOWS\Tasks.\At24.job

C:\WINDOWS\Tasks.\At3.job

C:\WINDOWS\Tasks.\At4.job

C:\WINDOWS\Tasks.\At5.job

C:\WINDOWS\Tasks.\At6.job

C:\WINDOWS\Tasks.\At7.job

C:\WINDOWS\Tasks.\At8.job

C:\WINDOWS\Tasks.\At9.job

 

 

((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))

 

 

2007-09-02 01:36 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-09-01 21:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

2007-09-01 19:09 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll

2007-09-01 19:09 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\InstallShield

2007-09-01 14:49 89,814 --a------ C:\WINDOWS\War3Unin.dat

2007-09-01 14:49 2,829 --a------ C:\WINDOWS\War3Unin.pif

2007-09-01 14:49 139,264 --a------ C:\WINDOWS\War3Unin.exe

2007-09-01 07:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-09-01 07:28 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-09-01 07:19 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-09-01 07:19 <DIR> d-------- C:\Downloads

2007-09-01 07:01 <DIR> d-------- C:\Arquivos de programas\BitComet

2007-09-01 06:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-09-01 06:29 <DIR> d-------- C:\HijackThis

2007-09-01 06:23 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-08-31 22:08 <DIR> d-------- C:\Arquivos de programas\Last.fm

2007-08-30 14:28 <DIR> d-------- C:\Arquivos de programas\ACDSee32

2007-08-30 04:15 11,342 --a------ C:\WINDOWS\system32\winmds.exe

2007-08-24 04:36 109,056 --a------ C:\WINDOWS\SF97UNIN.EXE

2007-08-24 04:30 <DIR> d-------- C:\Arquivos de programas\Sonic Foundry Noise Reduction Plug-In

2007-08-24 03:47 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Publish Providers

2007-08-24 01:35 <DIR> d-------- C:\Arquivos de programas\Sonic Foundry Plug-Ins

2007-08-24 01:34 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-08-24 01:31 <DIR> d-------- C:\Audio

2007-08-24 01:30 <DIR> d-------- C:\DOCUME~1\Loi\WINDOWS

2007-08-24 01:30 <DIR> d-------- C:\Arquivos de programas\Waves

2007-08-24 01:26 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2007-08-24 01:26 <DIR> d-------- C:\Arquivos de programas\Sony

2007-08-24 01:16 <DIR> d-------- C:\Program Files

2007-08-24 01:13 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Sony

2007-08-24 00:50 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Sony Setup

2007-08-23 15:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-08-23 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

2007-08-23 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WindowsLiveInstaller

2007-08-23 15:06 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-20 20:05 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Hamachi

2007-08-20 20:04 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-08-18 16:36 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2007-08-18 16:31 <DIR> d-------- C:\Arquivos de programas\WinPcap

2007-08-18 16:31 <DIR> d-------- C:\Arquivos de programas\WC3Banlist

2007-08-17 23:57 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Azureus

2007-08-17 23:49 <DIR> d-------- C:\Arquivos de programas\Acdsee

2007-08-17 22:44 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-08-17 22:44 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-08-17 22:44 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-08-17 22:44 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-08-17 22:44 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2007-08-17 22:44 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-08-17 22:44 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-17 22:44 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-08-17 22:44 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-08-17 22:44 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-08-17 20:51 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-08-17 20:51 <DIR> d-------- C:\WINDOWS\pss

2007-08-17 20:51 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2007-08-17 20:49 96,256 --a------ C:\WINDOWS\system32\drivers\sptd8189.sys

2007-08-17 20:49 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-17 20:45 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2007-08-17 20:44 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-08-17 20:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-08-17 20:33 <DIR> dr-h----- C:\MSOCache

2007-08-17 20:10 <DIR> d-------- C:\Arquivos de programas\ABBYY FineReader 6.0

2007-08-17 20:10 <DIR> d-------- C:\Arquivos de programas\ABBYY FineReader 5.0 Sprint

2007-08-17 20:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

2007-08-17 20:08 <DIR> d-------- C:\Arquivos de programas\FaxTools

2007-08-17 20:01 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll

2007-08-17 20:01 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll

2007-08-17 20:01 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-08-17 20:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-08-17 20:01 <DIR> d-------- C:\Arquivos de programas\Lexmark 1200 Series

2007-08-17 19:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-17 19:46 <DIR> d-------- C:\Arquivos de programas\1stbenison

2007-08-17 19:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Macrovision

2007-08-17 19:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Real

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-17 19:33 <DIR> d-------- C:\Arquivos de programas\eMule

2007-08-17 19:33 <DIR> d-------- C:\Arquivos de programas\Desliga o Computador

2007-08-17 19:32 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\teamspeak2

2007-08-17 19:32 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-08-17 19:31 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-17 19:30 <DIR> d-------- C:\c7bfc58581f458d6e9145b3a6b4d0bdd

2007-08-17 19:30 <DIR> d-------- C:\Arquivos de programas\Winamp

2007-08-17 19:28 <DIR> d-------- C:\Arquivos de programas\NetLimiter

2007-08-17 19:27 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\LockTime

2007-08-17 19:26 <DIR> d-------- C:\Arquivos de programas\Ocean Technology

2007-08-17 19:22 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Lavasoft

2007-08-17 19:22 <DIR> d-------- C:\Arquivos de programas\Lavasoft

2007-08-17 19:22 <DIR> d-------- C:\Arquivos de programas\Foxit Software

2007-08-17 19:21 <DIR> d-------- C:\Arquivos de programas\Azureus

2007-08-17 19:20 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\GlobalSCAPE

2007-08-17 19:20 <DIR> d-------- C:\DOCUME~1\Loi\Contacts

2007-08-17 19:19 <DIR> d-------- C:\Arquivos de programas\Messenger Plus! Live

2007-08-17 19:19 <DIR> d-------- C:\Arquivos de programas\Google

2007-08-17 19:19 <DIR> d-------- C:\Arquivos de programas\GlobalSCAPE

2007-08-17 19:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-17 19:18 <DIR> d-------- C:\Arquivos de programas\CyberScript32

2007-08-17 19:17 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Real

2007-08-17 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Real

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-09-01 19:09 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-09-01 07:27 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys

2007-08-27 04:18 --------- d-------- C:\Arquivos de programas\Ahead

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-24 17:31 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution

2007-07-07 23:33 504320 --a------ C:\WINDOWS\system32\winlogon.exe

2007-07-07 23:23 --------- d-------- C:\Arquivos de programas\microsoft frontpage

2007-07-07 23:19 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-07-07 20:09 --------- d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-07-07 20:09 --------- d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-03-11 13:27 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-08-03 03:53 C:\WINDOWS\system32\VTTimer.exe]

"WinLogT"="C:\WINDOWS\WinLogT.exe" [2006-02-20 13:08]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 19:03]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2007-08-17 19:35]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2006-06-06 12:38]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loi^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\Loi\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

"C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]

C:\Arquivos de programas\NetLimiter\NetLimiter.exe /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

 

*Newly Created Service* - CATCHME

 

Contents of the 'Scheduled Tasks' folder

2007-09-02 04:33:58 C:\WINDOWS\Tasks\At25.job

2007-09-02 04:33:58 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At28.job

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 08:58:51 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\winmds.exe

2007-09-01 17:11:30 C:\WINDOWS\Tasks\At35.job

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\winmds.exe

2007-08-30 18:02:53 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At42.job

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At43.job

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\winmds.exe

2007-09-02 04:33:59 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\winmds.exe

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-02 01:38:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-02 1:39:21

C:\ComboFix-quarantined-files.txt ... 2007-09-02 01:39

 

--- E O F ---

 

=======================================

 

Combofix-Quarantine FILES

 

2007-08-30 04:03	  26176	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\234V7v2y.exe.vir2007-08-30 11:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At12.job.vir2007-08-30 12:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At13.job.vir2007-08-30 13:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At14.job.vir2007-08-30 14:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At15.job.vir2007-09-01 02:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At3.job.vir2007-09-01 03:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At4.job.vir2007-09-01 04:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At5.job.vir2007-09-01 05:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At6.job.vir2007-09-01 06:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At7.job.vir2007-09-01 07:03	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At8.job.vir2007-09-01 08:03	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At9.job.vir2007-09-01 09:03	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At10.job.vir2007-09-01 14:11	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At11.job.vir2007-09-01 15:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At16.job.vir2007-09-01 16:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At17.job.vir2007-09-01 17:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At18.job.vir2007-09-01 18:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At19.job.vir2007-09-01 19:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At20.job.vir2007-09-01 20:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At21.job.vir2007-09-01 21:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At22.job.vir2007-09-01 22:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At23.job.vir2007-09-01 23:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At24.job.vir2007-09-02 00:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At1.job.vir2007-09-02 01:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At2.job.vir2007-09-02 01:36	  0	--a------	C:\Qoobox\BackEnv\CACHE.folder.cf2007-09-02 01:36	  0	--a------	C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf2007-09-02 01:36	  0	--a------	C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf2007-09-02 01:36	  105	--a------	C:\Qoobox\BackEnv\profiles.folder.cf2007-09-02 01:36	  157	--a------	C:\Qoobox\BackEnv\STARTUP.folder.cf2007-09-02 01:36	  196	--a------	C:\Qoobox\BackEnv\APPDATA.folder.cf2007-09-02 01:36	  3176	--a------	C:\Qoobox\BackEnv\setpath.bat2007-09-02 01:36	  35	--a------	C:\Qoobox\BackEnv\MY PICTURES.folder.cf2007-09-02 01:36	  55	--a------	C:\Qoobox\BackEnv\DESKTOP.folder.cf2007-09-02 01:36	  55	--a------	C:\Qoobox\BackEnv\TEMPLATES.folder.cf2007-09-02 01:36	  57	--a------	C:\Qoobox\BackEnv\FAVORITES.folder.cf2007-09-02 01:36	  57	--a------	C:\Qoobox\BackEnv\PERSONAL.folder.cf2007-09-02 01:36	  57	--a------	C:\Qoobox\BackEnv\START MENU.folder.cf2007-09-02 01:36	  75	--a------	C:\Qoobox\BackEnv\PROGRAMS.folder.cf2007-09-02 01:39	  507434	--a------	C:\Qoobox\snapshot_2007-09-02_ 13909,56.cfListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 3C23-7F32C:\QOOBOX|   snapshot_2007-09-02_ 13909,56.cf|   +---BackEnv|	   APPDATA.folder.cf|	   CACHE.folder.cf|	   DESKTOP.folder.cf|	   FAVORITES.folder.cf|	   LOCAL APPDATA.folder.cf|	   LOCAL SETTINGS.folder.cf|	   MY PICTURES.folder.cf|	   PERSONAL.folder.cf|	   profiles.folder.cf|	   PROGRAMS.folder.cf|	   setpath.bat|	   START MENU.folder.cf|	   STARTUP.folder.cf|	   TEMPLATES.folder.cf|	   \---Quarantine	+---C	|   +---ComboFix	|   \---WINDOWS	|	   +---system32	|	   |	   234V7v2y.exe.vir	|	   |	   	|	   \---Tasks	|			   At1.job.vir	|			   At10.job.vir	|			   At11.job.vir	|			   At12.job.vir	|			   At13.job.vir	|			   At14.job.vir	|			   At15.job.vir	|			   At16.job.vir	|			   At17.job.vir	|			   At18.job.vir	|			   At19.job.vir	|			   At2.job.vir	|			   At20.job.vir	|			   At21.job.vir	|			   At22.job.vir	|			   At23.job.vir	|			   At24.job.vir	|			   At3.job.vir	|			   At4.job.vir	|			   At5.job.vir	|			   At6.job.vir	|			   At7.job.vir	|			   At8.job.vir	|			   At9.job.vir	|			   	\---Registry_backups

[loi 0]

O relatório do AutoRuns

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ avast! avast! service GUI component (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\ashdisp.exe

+ SunJavaUpdateSched Java Platform SE binary (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre1.6.0_02\bin\jusched.exe

+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

+ Last.fm Helper.lnk c:\arquivos de programas\last.fm\lastfmhelper.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ BitComet File not found: C:\Arquivos de programas\BitComet\BitComet.exe

+ BitTorrent File not found: C:\Arquivos de programas\BitTorrent\bittorrent.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ All Converter c:\arquivos de programas\1stbenison\all converter\cmext.dll

+ avast avast! Shell Extension (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\ashshell.dll

+ Extensão do 'Painel de controle' para panorâmica de vídeo File not found: deskpan.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\arquivos de programas\real\realplayer\rpshell.dll

+ Shell Icon Handler for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll

+ ShellLink for Application References Application Deployment Support Library (Not verified) Microsoft Corporation c:\windows\system32\dfshim.dll

+ WinRAR shell extension c:\arquivos de programas\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 6.0 for ActivieX (Verified) Adobe Systems, Incorporated c:\arquivos de programas\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

+ SSVHelper Class Java Platform SE binary (Verified) Sun Microsystems, Inc. c:\arquivos de programas\java\jre1.6.0_02\bin\ssv.dll

+ {53707962-6F74-2D53-2644-206D7942484F} Bad download blocker (Verified) Safer Networking Ltd. c:\arquivos de programas\spybot - search & destroy\sdhelper.dll

HKLM\System\CurrentControlSet\Services

+ aswUpdSv Fornece atualização automática para o antivírus avast!. (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\aswupdsv.exe

+ avast! Antivirus Gerencia e executa os serviços do antivírus avast! neste computador. Isto inclui a Proteção residente, a Quarentena e o Agendador. (Verified) ALWIL Software c:\arquivos de programas\alwil software\avast4\ashserv.exe

HKLM\System\CurrentControlSet\Services

+ Aavmker4 avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP (Verified) ALWIL Software c:\windows\system32\drivers\aavmker4.sys

+ aswMon2 avast! File System Filter Driver for Windows XP (Verified) ALWIL Software c:\windows\system32\drivers\aswmon2.sys

+ aswRdr avast! TDI RDR Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswrdr.sys

+ aswTdi avast! TDI Filter Driver (Verified) ALWIL Software c:\windows\system32\drivers\aswtdi.sys

+ catchme File not found: C:\DOCUME~1\Loi\CONFIG~1\Temp\catchme.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ cifckeli File not found: system32\drivers\rmmctrqd.sys

+ dtscsi c:\windows\system32\drivers\dtscsi.sys

+ hamachi Hamachi Virtual Network Interface Driver (Verified) LogMeIn, Inc. c:\windows\system32\drivers\hamachi.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RMSPPPOE PPP over Ethernet Protocol NDIS Intermediate Driver (Not verified) Robert Schlabbach c:\windows\system32\drivers\rmspppoe.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ Tcpip Driver de protocolo TCP/IP (Not verified) Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ NL LSP c:\arquivos de programas\netlimiter\nl_lsp.dll

+ NL MSAFD Tcpip [RAW/IP] c:\arquivos de programas\netlimiter\nl_lsp.dll

+ NL MSAFD Tcpip [TCP/IP] c:\arquivos de programas\netlimiter\nl_lsp.dll

+ NL MSAFD Tcpip [uDP/IP] c:\arquivos de programas\netlimiter\nl_lsp.dll

+ NL RSVP TCP Service Provider c:\arquivos de programas\netlimiter\nl_lsp.dll

+ NL RSVP UDP Service Provider c:\arquivos de programas\netlimiter\nl_lsp.dll

 

 

 

 

 

Ok, agora me tira outra dúvida. Meus programas P2P e Torrents tão sempre dando problema. Independente de qual eu instale. Quando não é o BitComit ou Azureus, é o SoulSeek dando pau mandando relatório de erros \=

Eu comprei o windows original justo pra tá tudo legalizado.

QUando eu tinha o piratão, nunca dava esses problemas, agora tá dando com o original.

O que é isso hein?

[DigRam 144]

Bom Dia loi!

 

>@< Este relatório do ComboFix,parece ser o primeiro postado por voçê.Mas,desta vez,completo!

>@< Apague os antigos relatórios!

>@< Rode,novamente,o ComboFix e poste o seu Log.( ComboFix.txt )

 

 

Abraços!

[loi 0]

Falaê DigRam, bom feriado pra você!

 

PARTE 1

 

ComboFix 07-08-30.3 - "Loi" 2007-09-07 8:14:59.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.684 [GMT -3:00]

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_NPF

 

 

((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))

 

 

2007-09-07 08:14 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-09-07 08:14 1,467,462 --a------ C:\ComboFix.exe

2007-09-06 06:37 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll

2007-09-06 06:37 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL

2007-09-06 06:37 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL

2007-09-06 06:37 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL

2007-09-06 06:37 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL

2007-09-06 06:37 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL

2007-09-06 06:37 <DIR> d-------- C:\Arquivos de programas\Free Audio Pack

2007-09-05 20:25 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Real

2007-09-05 16:05 <DIR> d-------- C:\Arquivos de programas\Soulseek

2007-09-05 07:05 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\BitTorrent

2007-09-05 07:04 <DIR> d-------- C:\Arquivos de programas\BitTorrent

2007-09-05 06:46 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\uTorrent

2007-09-05 06:30 98,304 --a------ C:\WINDOWS\system32\tsccvid.dll

2007-09-05 06:30 <DIR> d-------- C:\Arquivos de programas\TechSmith

2007-09-05 06:27 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2007-09-04 14:37 <DIR> d-------- C:\clean

2007-09-03 04:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-09-03 04:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Kaspersky Lab

2007-09-03 04:33 <DIR> d---s---- C:\DOCUME~1\Loi\UserData

2007-09-03 01:30 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-09-03 01:30 <DIR> d-------- C:\Arquivos de programas\Coolsoft

2007-09-01 21:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Messenger Plus!

2007-09-01 19:09 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll

2007-09-01 19:09 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\InstallShield

2007-09-01 14:49 89,814 --a------ C:\WINDOWS\War3Unin.dat

2007-09-01 14:49 2,829 --a------ C:\WINDOWS\War3Unin.pif

2007-09-01 14:49 139,264 --a------ C:\WINDOWS\War3Unin.exe

2007-09-01 07:28 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-09-01 07:28 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-09-01 07:19 <DIR> d-------- C:\Downloads

2007-09-01 06:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Spybot - Search & Destroy

2007-09-01 06:29 <DIR> d-------- C:\HijackThis

2007-09-01 06:23 <DIR> d-------- C:\Arquivos de programas\MSN Messenger

2007-08-31 22:08 <DIR> d-------- C:\Arquivos de programas\Last.fm

2007-08-24 04:36 109,056 --a------ C:\WINDOWS\SF97UNIN.EXE

2007-08-24 04:30 <DIR> d-------- C:\Arquivos de programas\Sonic Foundry Noise Reduction Plug-In

2007-08-24 03:47 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Publish Providers

2007-08-24 01:35 <DIR> d-------- C:\Arquivos de programas\Sonic Foundry Plug-Ins

2007-08-24 01:34 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-08-24 01:31 <DIR> d-------- C:\Audio

2007-08-24 01:30 <DIR> d-------- C:\DOCUME~1\Loi\WINDOWS

2007-08-24 01:30 <DIR> d-------- C:\Arquivos de programas\Waves

2007-08-24 01:26 <DIR> d-------- C:\Arquivos de programas\Vstplugins

2007-08-24 01:26 <DIR> d-------- C:\Arquivos de programas\Sony

2007-08-24 01:16 <DIR> d-------- C:\Program Files

2007-08-24 01:13 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Sony

2007-08-24 00:50 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Sony Setup

2007-08-23 15:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-08-23 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WLInstaller

2007-08-23 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\WindowsLiveInstaller

2007-08-23 15:06 <DIR> d-------- C:\Arquivos de programas\Windows Live

2007-08-20 20:05 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Hamachi

2007-08-20 20:04 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2007-08-18 16:36 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2007-08-18 16:31 <DIR> d-------- C:\Arquivos de programas\WC3Banlist

2007-08-17 23:57 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\Azureus

2007-08-17 23:49 <DIR> d-------- C:\Arquivos de programas\Acdsee

2007-08-17 22:44 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-08-17 22:44 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-08-17 22:44 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-08-17 22:44 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-08-17 22:44 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2007-08-17 22:44 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-08-17 22:44 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-08-17 22:44 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-08-17 22:44 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-08-17 22:44 <DIR> d-------- C:\Arquivos de programas\Alwil Software

2007-08-17 20:51 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2007-08-17 20:51 <DIR> d-------- C:\WINDOWS\pss

2007-08-17 20:51 <DIR> d-------- C:\Arquivos de programas\DAEMON Tools

2007-08-17 20:49 96,256 --a------ C:\WINDOWS\system32\drivers\sptd8189.sys

2007-08-17 20:49 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-08-17 20:45 24,816 --a------ C:\WINDOWS\system32\mdimon.dll

2007-08-17 20:44 <DIR> d-------- C:\WINDOWS\SHELLNEW

2007-08-17 20:35 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-08-17 20:33 <DIR> dr-h----- C:\MSOCache

2007-08-17 20:10 <DIR> d-------- C:\Arquivos de programas\ABBYY FineReader 6.0

2007-08-17 20:10 <DIR> d-------- C:\Arquivos de programas\ABBYY FineReader 5.0 Sprint

2007-08-17 20:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\BVRP Software

2007-08-17 20:08 <DIR> d-------- C:\Arquivos de programas\FaxTools

2007-08-17 20:01 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll

2007-08-17 20:01 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll

2007-08-17 20:01 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-08-17 20:01 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-08-17 20:01 <DIR> d-------- C:\Arquivos de programas\Lexmark 1200 Series

2007-08-17 19:54 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-08-17 19:46 <DIR> d-------- C:\Arquivos de programas\1stbenison

2007-08-17 19:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DADOSD~1\Macrovision

2007-08-17 19:37 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Real

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2007-08-17 19:35 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2007-08-17 19:33 <DIR> d-------- C:\Arquivos de programas\eMule

2007-08-17 19:33 <DIR> d-------- C:\Arquivos de programas\Desliga o Computador

2007-08-17 19:32 <DIR> d-------- C:\DOCUME~1\Loi\DADOSD~1\teamspeak2

2007-08-17 19:32 <DIR> d-------- C:\Arquivos de programas\Teamspeak2_RC2

2007-08-17 19:31 <DIR> d-------- C:\Arquivos de programas\Windows Media Connect 2

2007-08-17 19:30 <DIR> d-------- C:\Arquivos de programas\Winamp

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-09-05 03:52 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys

2007-09-01 19:09 --------- d--h----- C:\Arquivos de programas\InstallShield Installation Information

2007-08-27 04:18 --------- d-------- C:\Arquivos de programas\Ahead

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-24 17:31 --------- d-------- C:\Arquivos de programas\CyberLink DVD Solution

2007-07-07 23:33 504320 --a------ C:\WINDOWS\system32\winlogon.exe

2007-07-07 23:23 --------- d-------- C:\Arquivos de programas\microsoft frontpage

2007-07-07 23:19 --------- d-------- C:\Arquivos de programas\Arquivos comuns\MSSoap

2007-07-07 20:09 --------- d-------- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2007-07-07 20:09 --------- d-------- C:\Arquivos de programas\Arquivos comuns\ODBC

2007-06-26 03:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-13 10:21 1035264 --a------ C:\WINDOWS\explorer.exe

2004-03-11 13:27 40960 --a------ C:\Arquivos de programas\Uninstall_CDS.exe

--------- C:\Arquivos de programas\Serviços on-line

--------- C:\Arquivos de programas\Arquivos comuns\Serviços

[loi 0]

PARTE 4

 

 

----a-w 100,352 2006-08-16 11:59:24 C:\WINDOWS\system32\6to4svc.dll

----a-w 56,832 2005-03-02 18:18:26 C:\WINDOWS\system32\authz.dll

----a-w 1,024,000 2007-06-14 18:09:18 C:\WINDOWS\system32\browseui.dll

----a-w 225,792 2005-07-26 04:40:27 C:\WINDOWS\system32\catsrv.dll

----a-w 625,152 2005-07-26 04:40:28 C:\WINDOWS\system32\catsrvut.dll

----a-w 151,552 2007-06-14 18:09:19 C:\WINDOWS\system32\cdfview.dll

----a-w 110,080 2005-07-26 04:40:28 C:\WINDOWS\system32\clbcatex.dll

----a-w 498,688 2005-07-26 04:40:29 C:\WINDOWS\system32\clbcatq.dll

----a-w 60,416 2005-07-26 04:40:29 C:\WINDOWS\system32\colbact.dll

----a-w 617,472 2006-08-25 15:49:12 C:\WINDOWS\system32\comctl32.dll

----a-w 97,792 2005-07-26 04:40:29 C:\WINDOWS\system32\comrepl.dll

----a-w 1,267,200 2005-07-26 04:40:30 C:\WINDOWS\system32\comsvcs.dll

----a-w 540,160 2005-07-26 04:40:30 C:\WINDOWS\system32\comuid.dll

----a-w 1,055,744 2007-06-14 18:09:19 C:\WINDOWS\system32\danim.dll

----a-w 111,616 2006-05-19 13:23:33 C:\WINDOWS\system32\dhcpcsvc.dll

----a-w 357,888 2007-06-14 18:09:19 C:\WINDOWS\system32\dxtmsft.dll

----a-w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dxtrans.dll

----a-w 243,200 2005-07-26 04:40:30 C:\WINDOWS\system32\es.dll

----a-w 1,092,096 2005-10-20 22:25:15 C:\WINDOWS\system32\esent.dll

----a-w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\extmgr.dll

----a-w 1,146,320 2005-03-17 17:39:58 C:\WINDOWS\system32\FM20.DLL

----a-w 260,328 2007-09-03 16:49:15 C:\WINDOWS\system32\FNTCACHE.DAT

----a-w 80,896 2005-10-17 21:21:02 C:\WINDOWS\system32\fontsub.dll

----a-w 72,704 2006-07-21 08:28:16 C:\WINDOWS\system32\hlink.dll

----a-w 254,976 2005-06-29 01:49:48 C:\WINDOWS\system32\icm32.dll

----a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\iepeers.dll

----a-w 683,520 2007-05-16 15:13:54 C:\WINDOWS\system32\inetcomm.dll

----a-w 96,768 2007-06-14 18:09:19 C:\WINDOWS\system32\inseng.dll

----a-w 95,744 2006-05-19 13:23:33 C:\WINDOWS\system32\iphlpapi.dll

----a-w 163,840 2006-06-01 18:48:50 C:\WINDOWS\system32\jgdw400.dll

----a-w 27,648 2006-06-01 18:48:50 C:\WINDOWS\system32\jgpl400.dll

----a-w 450,560 2006-05-18 05:36:07 C:\WINDOWS\system32\jscript.dll

----a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\jsproxy.dll

----a-w 1,023,488 2007-04-16 15:53:09 C:\WINDOWS\system32\kernel32.dll

----a-w 19,968 2005-09-01 01:43:35 C:\WINDOWS\system32\linkinfo.dll

----a-w 40,960 2007-03-08 15:36:54 C:\WINDOWS\system32\mf3216.dll

----a-w 927,504 2006-11-01 19:18:30 C:\WINDOWS\system32\mfc40u.dll

----a-w 981,760 2006-10-14 08:13:25 C:\WINDOWS\system32\mfc42u.dll

----a-w 74,240 2005-06-29 01:49:48 C:\WINDOWS\system32\mscms.dll

----a-w 271,360 2007-04-13 06:21:14 C:\WINDOWS\system32\mscoree.dll

----a-w 426,496 2006-03-01 19:44:01 C:\WINDOWS\system32\msdtcprx.dll

----a-w 956,416 2006-03-01 19:44:01 C:\WINDOWS\system32\msdtctm.dll

----a-w 161,280 2006-03-01 19:44:01 C:\WINDOWS\system32\msdtcuiu.dll

----a-w 539,136 2006-11-27 14:55:29 C:\WINDOWS\system32\msftedit.dll

----a-w 3,079,680 2007-06-14 18:09:22 C:\WINDOWS\system32\mshtml.dll

----a-w 449,024 2007-06-14 18:09:20 C:\WINDOWS\system32\mshtmled.dll

----a-w 146,432 2007-06-14 18:09:20 C:\WINDOWS\system32\msrating.dll

----a-w 532,480 2007-06-14 18:09:21 C:\WINDOWS\system32\mstime.dll

----a-w 1,386,496 2004-02-23 23:42:40 C:\WINDOWS\system32\msvbvm60.dll

----a-w 66,560 2006-03-01 19:44:01 C:\WINDOWS\system32\mtxclu.dll

----a-w 91,136 2006-03-01 19:44:01 C:\WINDOWS\system32\mtxoci.dll

----a-w 197,632 2005-08-22 18:34:58 C:\WINDOWS\system32\netman.dll

----a-w 1,284,608 2005-07-26 04:40:32 C:\WINDOWS\system32\ole32.dll

----a-w 75,264 2005-07-26 04:40:32 C:\WINDOWS\system32\olecli32.dll

----a-w 37,888 2005-07-26 04:40:32 C:\WINDOWS\system32\olecnv32.dll

----a-w 123,904 2006-10-16 16:15:45 C:\WINDOWS\system32\oledlg.dll

----a-w 58,596 2007-09-03 16:51:25 C:\WINDOWS\system32\perfc009.dat

----a-w 67,232 2007-09-03 16:51:25 C:\WINDOWS\system32\perfc016.dat

----a-w 392,296 2007-09-03 16:51:25 C:\WINDOWS\system32\perfh009.dat

----a-w 425,072 2007-09-03 16:51:25 C:\WINDOWS\system32\perfh016.dat

----a-w 39,424 2007-06-14 18:09:21 C:\WINDOWS\system32\pngfilt.dll

----a-w 1,291,776 2005-08-30 03:55:37 C:\WINDOWS\system32\quartz.dll

----a-w 181,248 2006-06-22 10:48:30 C:\WINDOWS\system32\rasmans.dll

----a-w 433,152 2006-11-27 14:55:29 C:\WINDOWS\system32\riched20.dll

----a-w 397,824 2005-07-26 04:40:33 C:\WINDOWS\system32\rpcss.dll

----a-w 144,896 2007-04-25 14:22:27 C:\WINDOWS\system32\schannel.dll

----a-w 1,494,528 2007-06-14 18:09:21 C:\WINDOWS\system32\shdocvw.dll

----a-w 8,483,328 2006-12-19 21:50:36 C:\WINDOWS\system32\shell32.dll

----a-w 474,112 2007-06-14 18:09:21 C:\WINDOWS\system32\shlwapi.dll

----a-w 134,656 2006-12-19 21:50:36 C:\WINDOWS\system32\shsvcs.dll

----a-w 96,768 2004-12-07 19:34:12 C:\WINDOWS\system32\srvsvc.dll

----a-w 714,752 2006-10-20 01:38:48 C:\WINDOWS\system32\sxs.dll

----a-w 118,272 2005-10-17 21:21:02 C:\WINDOWS\system32\t2embed.dll

----a-w 249,344 2005-07-08 16:29:17 C:\WINDOWS\system32\tapisrv.dll

----a-w 77,312 2005-05-11 02:30:02 C:\WINDOWS\system32\telnet.exe

----a-w 101,376 2005-07-26 04:40:33 C:\WINDOWS\system32\txflog.dll

------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe

----a-w 124,416 2005-08-23 03:39:53 C:\WINDOWS\system32\umpnpmgr.dll

----a-w 185,344 2007-02-05 20:18:57 C:\WINDOWS\system32\upnphost.dll

----a-w 616,448 2007-06-14 18:09:21 C:\WINDOWS\system32\urlmon.dll

----a-w 578,048 2007-03-08 15:36:54 C:\WINDOWS\system32\user32.dll

------w 28,672 2006-03-17 00:38:01 C:\WINDOWS\system32\verclsid.exe

----a-w 905,216 2007-03-27 06:23:36 C:\WINDOWS\system32\VSFilter.dll

----a-w 68,096 2006-01-04 03:35:30 C:\WINDOWS\system32\webclnt.dll

----a-w 1,843,712 2007-03-08 15:33:32 C:\WINDOWS\system32\win32k.sys

----a-w 660,992 2007-06-26 14:09:18 C:\WINDOWS\system32\wininet.dll

----a-w 293,376 2007-03-17 13:44:49 C:\WINDOWS\system32\winsrv.dll

----a-w 11,776 2006-03-01 19:44:01 C:\WINDOWS\system32\xolehlp.dll

------w 119,296 2007-06-14 14:24:20 C:\WINDOWS\system32\xpsp3res.dll

----a-w 195,072 2005-07-26 04:40:29 C:\WINDOWS\system32\Com\comadmin.dll

-c--a-w 100,352 2006-08-16 11:59:24 C:\WINDOWS\system32\dllcache\6to4svc.dll

-c--a-w 42,496 2006-10-12 14:04:05 C:\WINDOWS\system32\dllcache\agentdp2.dll

-c--a-w 57,344 2007-03-09 13:46:24 C:\WINDOWS\system32\dllcache\agentdpv.dll

-c--a-w 256,512 2006-10-12 11:09:53 C:\WINDOWS\system32\dllcache\agentsvr.exe

-c--a-w 56,832 2005-03-02 18:18:26 C:\WINDOWS\system32\dllcache\authz.dll

-c--a-w 1,024,000 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\browseui.dll

-c--a-w 225,792 2005-07-26 04:40:27 C:\WINDOWS\system32\dllcache\catsrv.dll

-c--a-w 625,152 2005-07-26 04:40:28 C:\WINDOWS\system32\dllcache\catsrvut.dll

-c--a-w 151,552 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\cdfview.dll

-c--a-w 110,080 2005-07-26 04:40:28 C:\WINDOWS\system32\dllcache\clbcatex.dll

-c--a-w 498,688 2005-07-26 04:40:29 C:\WINDOWS\system32\dllcache\clbcatq.dll

-c--a-w 60,416 2005-07-26 04:40:29 C:\WINDOWS\system32\dllcache\colbact.dll

-c--a-w 195,072 2005-07-26 04:40:29 C:\WINDOWS\system32\dllcache\comadmin.dll

-c--a-w 617,472 2006-08-25 15:49:12 C:\WINDOWS\system32\dllcache\comctl32.dll

-c--a-w 97,792 2005-07-26 04:40:29 C:\WINDOWS\system32\dllcache\comrepl.dll

-c--a-w 1,267,200 2005-07-26 04:40:30 C:\WINDOWS\system32\dllcache\comsvcs.dll

-c--a-w 540,160 2005-07-26 04:40:30 C:\WINDOWS\system32\dllcache\comuid.dll

-c--a-w 1,055,744 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\danim.dll

-c--a-w 111,616 2006-05-19 13:23:33 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll

-c--a-w 86,528 2007-05-16 15:13:53 C:\WINDOWS\system32\dllcache\directdb.dll

-c--a-w 357,888 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\dxtmsft.dll

-c--a-w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\dxtrans.dll

-c--a-w 243,200 2005-07-26 04:40:30 C:\WINDOWS\system32\dllcache\es.dll

-c--a-w 1,092,096 2005-10-20 22:25:15 C:\WINDOWS\system32\dllcache\esent.dll

-c--a-w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\extmgr.dll

-c--a-w 80,896 2005-10-17 21:21:02 C:\WINDOWS\system32\dllcache\fontsub.dll

-c--a-w 72,704 2006-07-21 08:28:16 C:\WINDOWS\system32\dllcache\hlink.dll

-c--a-w 254,976 2005-06-29 01:49:48 C:\WINDOWS\system32\dllcache\icm32.dll

-c--a-w 18,432 2007-06-14 14:07:24 C:\WINDOWS\system32\dllcache\iedw.exe

-c--a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\iepeers.dll

-c--a-w 683,520 2007-05-16 15:13:54 C:\WINDOWS\system32\dllcache\inetcomm.dll

-c--a-w 96,768 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\inseng.dll

-c--a-w 95,744 2006-05-19 13:23:33 C:\WINDOWS\system32\dllcache\iphlpapi.dll

-c----w 163,840 2006-06-01 18:48:50 C:\WINDOWS\system32\dllcache\jgdw400.dll

-c----w 27,648 2006-06-01 18:48:50 C:\WINDOWS\system32\dllcache\jgpl400.dll

-c--a-w 450,560 2006-05-18 05:36:07 C:\WINDOWS\system32\dllcache\jscript.dll

-c--a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\jsproxy.dll

-c--a-w 1,023,488 2007-04-16 15:53:09 C:\WINDOWS\system32\dllcache\kernel32.dll

-c----w 172,416 2006-06-14 08:47:45 C:\WINDOWS\system32\dllcache\kmixer.sys

-c--a-w 19,968 2005-09-01 01:43:35 C:\WINDOWS\system32\dllcache\linkinfo.dll

-c--a-w 40,960 2007-03-08 15:36:54 C:\WINDOWS\system32\dllcache\mf3216.dll

-c--a-w 927,504 2006-11-01 19:18:30 C:\WINDOWS\system32\dllcache\mfc40u.dll

-c--a-w 981,760 2006-10-14 08:13:25 C:\WINDOWS\system32\dllcache\mfc42u.dll

-c--a-w 7,680 2005-07-25 23:46:57 C:\WINDOWS\system32\dllcache\migregdb.exe

-c----w 453,120 2006-05-05 09:41:45 C:\WINDOWS\system32\dllcache\mrxsmb.sys

-c--a-w 143,360 2006-03-23 05:44:21 C:\WINDOWS\system32\dllcache\msadco.dll

-c--a-w 536,576 2006-12-26 13:07:36 C:\WINDOWS\system32\dllcache\msado15.dll

-c--a-w 180,224 2006-12-26 13:07:36 C:\WINDOWS\system32\dllcache\msadomd.dll

-c--a-w 200,704 2006-12-26 13:07:36 C:\WINDOWS\system32\dllcache\msadox.dll

-c--a-w 74,240 2005-06-29 01:49:48 C:\WINDOWS\system32\dllcache\mscms.dll

-c--a-w 426,496 2006-03-01 19:44:01 C:\WINDOWS\system32\dllcache\msdtcprx.dll

-c--a-w 956,416 2006-03-01 19:44:01 C:\WINDOWS\system32\dllcache\msdtctm.dll

-c--a-w 161,280 2006-03-01 19:44:01 C:\WINDOWS\system32\dllcache\msdtcuiu.dll

-c--a-w 539,136 2006-11-27 14:55:29 C:\WINDOWS\system32\dllcache\msftedit.dll

-c--a-w 3,079,680 2007-06-14 18:09:22 C:\WINDOWS\system32\dllcache\mshtml.dll

-c--a-w 449,024 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mshtmled.dll

-c--a-w 102,400 2006-12-26 13:07:36 C:\WINDOWS\system32\dllcache\msjro.dll

-c--a-w 1,314,816 2007-05-16 15:13:56 C:\WINDOWS\system32\dllcache\msoe.dll

-c--a-w 146,432 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\msrating.dll

-c--a-w 532,480 2007-06-14 18:09:21 C:\WINDOWS\system32\dllcache\mstime.dll

-c--a-w 66,560 2006-03-01 19:44:01 C:\WINDOWS\system32\dllcache\mtxclu.dll

-c--a-w 91,136 2006-03-01 19:44:01 C:\WINDOWS\system32\dllcache\mtxoci.dll

-c--a-w 197,632 2005-08-22 18:34:58 C:\WINDOWS\system32\dllcache\netman.dll

-c--a-w 574,464 2007-02-09 11:10:35 C:\WINDOWS\system32\dllcache\ntfs.sys

-c--a-w 1,284,608 2005-07-26 04:40:32 C:\WINDOWS\system32\dllcache\ole32.dll

-c--a-w 75,264 2005-07-26 04:40:32 C:\WINDOWS\system32\dllcache\olecli32.dll

-c--a-w 37,888 2005-07-26 04:40:32 C:\WINDOWS\system32\dllcache\olecnv32.dll

-c--a-w 123,904 2006-10-16 16:15:45 C:\WINDOWS\system32\dllcache\oledlg.dll

-c--a-w 39,424 2007-06-14 18:09:21 C:\WINDOWS\system32\dllcache\pngfilt.dll

-c--a-w 1,291,776 2005-08-30 03:55:37 C:\WINDOWS\system32\dllcache\quartz.dll

-c--a-w 181,248 2006-06-22 10:48:30 C:\WINDOWS\system32\dllcache\rasmans.dll

-c--a-w 174,592 2006-05-05 09:47:57 C:\WINDOWS\system32\dllcache\rdbss.sys

-c--a-w 139,528 2005-06-10 04:11:19 C:\WINDOWS\system32\dllcache\rdpwd.sys

-c--a-w 433,152 2006-11-27 14:55:29 C:\WINDOWS\system32\dllcache\riched20.dll

-c--a-w 202,240 2006-07-13 08:48:58 C:\WINDOWS\system32\dllcache\rmcast.sys

-c--a-w 397,824 2005-07-26 04:40:33 C:\WINDOWS\system32\dllcache\rpcss.dll

-c--a-w 144,896 2007-04-25 14:22:27 C:\WINDOWS\system32\dllcache\schannel.dll

-c--a-w 1,494,528 2007-06-14 18:09:21 C:\WINDOWS\system32\dllcache\shdocvw.dll

-c--a-w 8,483,328 2006-12-19 21:50:36 C:\WINDOWS\system32\dllcache\shell32.dll

-c--a-w 474,112 2007-06-14 18:09:21 C:\WINDOWS\system32\dllcache\shlwapi.dll

-c--a-w 134,656 2006-12-19 21:50:36 C:\WINDOWS\system32\dllcache\shsvcs.dll

-c----w 6,400 2006-06-14 08:47:46 C:\WINDOWS\system32\dllcache\splitter.sys

-c--a-w 96,768 2004-12-07 19:34:12 C:\WINDOWS\system32\dllcache\srvsvc.dll

-c--a-w 714,752 2006-10-20 01:38:48 C:\WINDOWS\system32\dllcache\sxs.dll

-c--a-w 118,272 2005-10-17 21:21:02 C:\WINDOWS\system32\dllcache\t2embed.dll

-c--a-w 249,344 2005-07-08 16:29:17 C:\WINDOWS\system32\dllcache\tapisrv.dll

-c--a-w 359,808 2007-09-05 06:52:57 C:\WINDOWS\system32\dllcache\tcpip.sys

-c--a-w 225,664 2006-08-16 09:37:30 C:\WINDOWS\system32\dllcache\tcpip6.sys

-c--a-w 77,312 2005-05-11 02:30:02 C:\WINDOWS\system32\dllcache\telnet.exe

-c--a-w 101,376 2005-07-26 04:40:33 C:\WINDOWS\system32\dllcache\txflog.dll

-c--a-w 124,416 2005-08-23 03:39:53 C:\WINDOWS\system32\dllcache\umpnpmgr.dll

-c--a-w 318,464 2007-06-27 19:02:52 C:\WINDOWS\system32\dllcache\unregmp2.exe

-c--a-w 185,344 2007-02-05 20:18:57 C:\WINDOWS\system32\dllcache\upnphost.dll

-c--a-w 616,448 2007-06-14 18:09:21 C:\WINDOWS\system32\dllcache\urlmon.dll

-c--a-w 578,048 2007-03-08 15:36:54 C:\WINDOWS\system32\dllcache\user32.dll

-c--a-w 851,968 2007-06-26 13:57:02 C:\WINDOWS\system32\dllcache\vgx.dll

-c--a-w 510,976 2007-05-16 15:13:57 C:\WINDOWS\system32\dllcache\wab32.dll

-c--a-w 85,504 2007-05-16 15:13:57 C:\WINDOWS\system32\dllcache\wabimp.dll

-c----w 82,944 2006-06-14 09:00:45 C:\WINDOWS\system32\dllcache\wdmaud.sys

-c--a-w 68,096 2006-01-04 03:35:30 C:\WINDOWS\system32\dllcache\webclnt.dll

-c--a-w 1,843,712 2007-03-08 15:33:32 C:\WINDOWS\system32\dllcache\win32k.sys

-c--a-w 660,992 2007-06-26 14:09:18 C:\WINDOWS\system32\dllcache\wininet.dll

-c--a-w 293,376 2007-03-17 13:44:49 C:\WINDOWS\system32\dllcache\winsrv.dll

-c--a-w 11,776 2006-03-01 19:44:01 C:\WINDOWS\system32\dllcache\xolehlp.dll

----a-w 142,464 2006-02-15 00:22:26 C:\WINDOWS\system32\drivers\aec.sys

----a-w 262,784 2006-03-17 00:33:10 C:\WINDOWS\system32\drivers\http.sys

----a-w 172,416 2006-06-14 08:47:45 C:\WINDOWS\system32\drivers\kmixer.sys

----a-w 453,120 2006-05-05 09:41:45 C:\WINDOWS\system32\drivers\mrxsmb.sys

----a-w 574,464 2007-02-09 11:10:35 C:\WINDOWS\system32\drivers\ntfs.sys

----a-w 174,592 2006-05-05 09:47:57 C:\WINDOWS\system32\drivers\rdbss.sys

----a-w 139,528 2005-06-10 04:11:19 C:\WINDOWS\system32\drivers\rdpwd.sys

----a-w 202,240 2006-07-13 08:48:58 C:\WINDOWS\system32\drivers\rmcast.sys

----a-w 6,400 2006-06-14 08:47:46 C:\WINDOWS\system32\drivers\splitter.sys

----a-w 225,664 2006-08-16 09:37:30 C:\WINDOWS\system32\drivers\tcpip6.sys

----a-w 82,944 2006-06-14 09:00:45 C:\WINDOWS\system32\drivers\wdmaud.sys

----a-w 213,048 2005-05-24 14:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

----a-w 94,208 2007-02-21 20:48:18 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

----a-w 946,176 2007-02-21 20:49:08 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

----a-w 765,680 2004-03-22 18:17:04 C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

----a-w 42,224 2004-03-22 18:17:10 C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

----a-w 765,680 2004-03-22 18:17:04 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

----a-w 42,224 2004-03-22 18:17:10 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

----a-w 25,840 2004-03-22 18:17:08 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

----atw 16,384 2007-09-07 11:17:44 C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat

----atw 16,384 2007-09-05 23:24:53 C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat

----atw 16,384 2007-09-05 06:54:42 C:\WINDOWS\Temp\Perflib_Perfdata_670.dat

----atw 16,384 2007-09-03 08:48:26 C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat

----a-w 40,960 2007-09-07 11:18:07 C:\WINDOWS\Temp\rtdrvmon.exe

----a-w 74,802 2007-01-19 12:51:03 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

----a-w 995,383 2007-01-19 12:51:04 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

----a-w 1,011,774 2007-01-19 12:51:04 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

----a-w 401,462 2007-01-19 12:51:04 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

----a-w 1,054,208 2006-08-25 15:49:10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

----a-w 258,048 2007-09-03 08:55:48 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

----a-w 114,176 2007-09-03 08:55:48 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

 

PARTE 5

 

----a-w 68,608 2007-08-24 04:03:24 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

----a-w 72,192 2007-08-24 04:03:33 C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

----a-w 4,308,992 2007-08-24 04:03:33 C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

----a-w 2,878,976 2007-08-24 04:03:29 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

----a-w 482,304 2007-08-24 04:03:34 C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

----a-w 258,048 2007-08-24 04:03:19 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

----a-w 114,176 2007-08-24 04:03:19 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

----a-w 260,096 2007-08-24 04:03:38 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

----a-w 5,025,792 2007-08-24 04:03:26 C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

----a-w 10,752 2007-08-24 04:03:23 C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

----a-w 503,808 2007-08-24 04:03:18 C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

----a-w 13,312 2007-08-24 04:03:20 C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

----a-w 8,192 2007-08-24 04:03:31 C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

----a-w 36,864 2007-08-24 04:03:32 C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

----a-w 5,632 2007-08-24 04:03:32 C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

----a-w 413,696 2007-08-24 04:03:21 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

----a-w 36,864 2007-08-24 04:03:21 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

----a-w 647,168 2007-08-24 04:03:22 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

----a-w 73,728 2007-08-24 04:03:22 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

----a-w 745,472 2007-08-24 04:03:20 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

----a-w 667,648 2007-08-24 04:03:39 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

----a-w 372,736 2007-08-24 04:03:40 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

----a-w 110,592 2007-08-24 04:03:40 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

----a-w 28,672 2007-08-24 04:03:16 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

----a-w 5,632 2007-08-24 04:03:40 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

----a-w 32,768 2007-08-24 04:03:17 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

----a-w 12,800 2007-08-24 04:03:17 C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

----a-w 7,168 2007-08-24 04:03:17 C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

----a-w 110,592 2007-08-24 04:03:36 C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

----a-w 3,018,752 2007-08-24 04:03:37 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

----a-w 389,120 2007-08-24 04:03:37 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

----a-w 81,920 2007-08-24 04:03:24 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

----a-w 716,800 2007-08-24 04:03:35 C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

----a-w 884,736 2007-08-24 04:03:19 C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

----a-w 5,050,368 2007-08-24 04:03:30 C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

----a-w 397,312 2007-08-24 04:03:25 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

----a-w 188,416 2007-08-24 04:03:25 C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

----a-w 700,416 2007-08-24 04:03:38 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

----a-w 81,920 2007-08-24 04:03:25 C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

----a-w 368,640 2007-08-24 04:03:35 C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

----a-w 258,048 2007-08-24 04:03:38 C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

----a-w 299,008 2007-08-24 04:03:36 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

----a-w 131,072 2007-08-24 04:03:36 C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

----a-w 258,048 2007-08-24 04:03:23 C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

----a-w 114,688 2007-08-24 04:03:26 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

----a-w 835,584 2007-08-24 04:03:39 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

----a-w 86,016 2007-08-24 04:03:27 C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

----a-w 823,296 2007-08-24 04:03:28 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

----a-w 5,316,608 2007-08-24 04:03:28 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

----a-w 2,035,712 2007-08-24 04:03:29 C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

------w 448,128 2004-10-28 01:14:18 C:\WINDOWS\Driver Cache\i386\mrxsmb.sys

----a-w 316,928 2006-11-03 02:29:46 C:\WINDOWS\inf\unregmp2.exe

----a-r 593,920 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

----a-r 12,288 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

----a-r 86,016 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

----a-r 135,168 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

----a-r 11,264 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

----a-r 27,136 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

----a-r 4,096 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

----a-r 794,624 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

----a-r 249,856 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

----a-r 61,440 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

----a-r 23,040 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

----a-r 286,720 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

----a-r 409,600 2007-08-17 23:45:32 C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

----a-w 55,488 2005-09-23 10:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

----a-w 503,808 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

----a-w 10,752 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

----a-w 8,192 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

----a-w 23,552 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

----a-w 70,656 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

----a-w 26,824 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

----a-w 29,896 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

----a-w 29,888 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

----a-w 88,576 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

----a-w 4,608 2005-09-23 10:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

----a-w 9,728 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

----a-w 224,952 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

----a-w 28,672 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

----a-w 413,696 2005-09-23 10:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

----a-w 647,168 2005-09-23 10:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

----a-w 745,472 2005-09-23 10:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

----a-w 87,552 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

----a-w 800,768 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

----a-w 36,864 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

----a-w 326,144 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

----a-w 4,308,992 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

----a-w 102,400 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

----a-w 226,816 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

----a-w 66,240 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

----a-w 5,615,616 2005-09-23 10:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

----a-w 96,440 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

----a-w 14,848 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

----a-w 136,192 2005-09-23 10:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

----a-w 377,344 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

----a-w 110,592 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

----a-w 389,120 2005-09-23 10:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

----a-w 2,878,976 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

----a-w 482,304 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

----a-w 716,800 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

----a-w 884,736 2005-09-23 10:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

----a-w 5,050,368 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

----a-w 188,416 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

----a-w 3,018,752 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

----a-w 700,416 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

----a-w 258,048 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

----a-w 47,616 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

----a-w 114,176 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

----a-w 368,640 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

----a-w 299,008 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

----a-w 260,096 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

----a-w 5,025,792 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

----a-w 5,316,608 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

----a-w 2,035,712 2005-09-23 10:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

----a-w 1,140,920 2005-09-23 10:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

----a-w 1,306,624 2005-09-23 10:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

----a-w 298,496 2005-09-23 10:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

----a-w 41,984 2004-08-04 12:00:00 C:\WINDOWS\msagent\agentdp2.dll

----a-w 58,880 2004-08-04 12:00:00 C:\WINDOWS\msagent\agentdpv.dll

----a-w 256,512 2004-08-04 12:00:00 C:\WINDOWS\msagent\agentsvr.exe

----a-w 100,352 2004-08-04 12:00:00 C:\WINDOWS\system32\6to4svc.dll

----a-w 56,832 2004-08-04 12:00:00 C:\WINDOWS\system32\authz.dll

----a-w 1,017,344 2004-08-04 12:00:00 C:\WINDOWS\system32\browseui.dll

----a-w 229,888 2004-08-04 12:00:00 C:\WINDOWS\system32\catsrv.dll

----a-w 628,224 2004-08-04 12:00:00 C:\WINDOWS\system32\catsrvut.dll

----a-w 151,040 2004-08-04 12:00:00 C:\WINDOWS\system32\cdfview.dll

----a-w 110,080 2004-08-04 12:00:00 C:\WINDOWS\system32\clbcatex.dll

----a-w 501,248 2004-08-04 12:00:00 C:\WINDOWS\system32\clbcatq.dll

----a-w 62,464 2004-08-04 12:00:00 C:\WINDOWS\system32\colbact.dll

----a-w 611,328 2004-08-04 12:00:00 C:\WINDOWS\system32\comctl32.dll

----a-w 82,432 2004-08-04 12:00:00 C:\WINDOWS\system32\comrepl.dll

----a-w 1,251,840 2004-08-04 12:00:00 C:\WINDOWS\system32\comsvcs.dll

----a-w 540,160 2004-08-04 12:00:00 C:\WINDOWS\system32\comuid.dll

----a-w 1,055,232 2004-08-04 12:00:00 C:\WINDOWS\system32\danim.dll

----a-w 111,104 2004-08-04 12:00:00 C:\WINDOWS\system32\dhcpcsvc.dll

----a-w 357,888 2004-08-04 12:00:00 C:\WINDOWS\system32\dxtmsft.dll

----a-w 201,728 2004-08-04 12:00:00 C:\WINDOWS\system32\dxtrans.dll

----a-w 243,200 2004-08-04 12:00:00 C:\WINDOWS\system32\es.dll

----a-w 1,092,096 2004-08-04 12:00:00 C:\WINDOWS\system32\esent.dll

----a-w 55,808 2004-08-04 12:00:00 C:\WINDOWS\system32\extmgr.dll

----a-w 1,146,184 2003-08-03 21:56:16 C:\WINDOWS\system32\FM20.DLL

----a-w 260,328 2007-08-24 16:16:34 C:\WINDOWS\system32\FNTCACHE.DAT

----a-w 79,360 2004-08-04 12:00:00 C:\WINDOWS\system32\fontsub.dll

----a-w 77,850 2004-08-04 12:00:00 C:\WINDOWS\system32\hlink.dll

----a-w 253,952 2004-08-04 12:00:00 C:\WINDOWS\system32\icm32.dll

----a-w 249,344 2004-08-04 12:00:00 C:\WINDOWS\system32\iepeers.dll

----a-w 678,400 2004-08-04 12:00:00 C:\WINDOWS\system32\inetcomm.dll

----a-w 96,768 2004-08-04 12:00:00 C:\WINDOWS\system32\inseng.dll

----a-w 95,744 2004-08-04 12:00:00 C:\WINDOWS\system32\iphlpapi.dll

----a-w 144,896 2004-08-04 12:00:00 C:\WINDOWS\system32\jgdw400.dll

----a-w 42,496 2004-08-04 12:00:00 C:\WINDOWS\system32\jgpl400.dll

----a-w 450,560 2004-08-04 12:00:00 C:\WINDOWS\system32\jscript.dll

----a-w 15,872 2004-08-04 12:00:00 C:\WINDOWS\system32\jsproxy.dll

----a-w 1,022,464 2004-08-04 12:00:00 C:\WINDOWS\system32\kernel32.dll

----a-w 18,944 2004-08-04 12:00:00 C:\WINDOWS\system32\linkinfo.dll

----a-w 39,936 2004-08-04 12:00:00 C:\WINDOWS\system32\mf3216.dll

----a-w 924,432 2004-08-04 12:00:00 C:\WINDOWS\system32\mfc40u.dll

----a-w 1,024,000 2004-08-04 12:00:00 C:\WINDOWS\system32\mfc42u.dll

----a-w 73,728 2004-08-04 12:00:00 C:\WINDOWS\system32\mscms.dll

----a-w 270,848 2005-09-23 10:28:52 C:\WINDOWS\system32\mscoree.dll

----a-w 425,472 2004-08-04 12:00:00 C:\WINDOWS\system32\msdtcprx.dll

----a-w 949,248 2004-08-04 12:00:00 C:\WINDOWS\system32\msdtctm.dll

----a-w 161,280 2004-08-04 12:00:00 C:\WINDOWS\system32\msdtcuiu.dll

----a-w 537,088 2004-08-04 12:00:00 C:\WINDOWS\system32\msftedit.dll

----a-w 3,003,392 2004-08-04 12:00:00 C:\WINDOWS\system32\mshtml.dll

----a-w 448,512 2004-08-04 12:00:00 C:\WINDOWS\system32\mshtmled.dll

----a-w 146,432 2004-08-04 12:00:00 C:\WINDOWS\system32\msrating.dll

----a-w 530,432 2004-08-04 12:00:00 C:\WINDOWS\system32\mstime.dll

----a-w 1,392,671 2004-08-04 12:00:00 C:\WINDOWS\system32\msvbvm60.dll

----a-w 66,560 2004-08-04 12:00:00 C:\WINDOWS\system32\mtxclu.dll

----a-w 90,112 2004-08-04 12:00:00 C:\WINDOWS\system32\mtxoci.dll

----a-w 198,144 2004-08-04 12:00:00 C:\WINDOWS\system32\netman.dll

----a-w 1,284,608 2005-04-28 19:32:32 C:\WINDOWS\system32\ole32.dll

----a-w 75,264 2005-04-28 19:32:32 C:\WINDOWS\system32\olecli32.dll

----a-w 37,888 2005-04-28 19:32:32 C:\WINDOWS\system32\olecnv32.dll

----a-w 118,784 2004-08-04 12:00:00 C:\WINDOWS\system32\oledlg.dll

----a-w 58,596 2007-08-24 04:05:50 C:\WINDOWS\system32\perfc009.dat

----a-w 67,232 2007-08-24 04:05:50 C:\WINDOWS\system32\perfc016.dat

----a-w 392,296 2007-08-24 04:05:50 C:\WINDOWS\system32\perfh009.dat

----a-w 425,072 2007-08-24 04:05:50 C:\WINDOWS\system32\perfh016.dat

----a-w 39,424 2004-08-04 12:00:00 C:\WINDOWS\system32\pngfilt.dll

----a-w 1,292,288 2004-08-04 12:00:00 C:\WINDOWS\system32\quartz.dll

----a-w 174,080 2004-08-04 12:00:00 C:\WINDOWS\system32\rasmans.dll

----a-w 431,616 2004-08-04 12:00:00 C:\WINDOWS\system32\riched20.dll

----a-w 395,776 2005-04-28 19:32:32 C:\WINDOWS\system32\rpcss.dll

----a-w 144,896 2004-08-04 12:00:00 C:\WINDOWS\system32\schannel.dll

----a-w 1,483,264 2004-08-04 12:00:00 C:\WINDOWS\system32\shdocvw.dll

----a-w 8,413,696 2004-08-04 12:00:00 C:\WINDOWS\system32\shell32.dll

----a-w 473,600 2004-08-04 12:00:00 C:\WINDOWS\system32\shlwapi.dll

----a-w 134,656 2004-08-04 12:00:00 C:\WINDOWS\system32\shsvcs.dll

----a-w 96,768 2004-08-04 12:00:00 C:\WINDOWS\system32\srvsvc.dll

----a-w 714,752 2004-08-04 12:00:00 C:\WINDOWS\system32\sxs.dll

----a-w 210,432 2004-08-04 12:00:00 C:\WINDOWS\system32\t2embed.dll

----a-w 246,272 2004-08-04 12:00:00 C:\WINDOWS\system32\tapisrv.dll

----a-w 76,800 2004-08-04 12:00:00 C:\WINDOWS\system32\telnet.exe

----a-w 101,376 2004-08-04 12:00:00 C:\WINDOWS\system32\txflog.dll

----a-w 119,296 2004-08-04 12:00:00 C:\WINDOWS\system32\umpnpmgr.dll

----a-w 185,344 2004-08-04 12:00:00 C:\WINDOWS\system32\upnphost.dll

----a-w 602,112 2004-08-04 12:00:00 C:\WINDOWS\system32\urlmon.dll

----a-w 577,536 2004-08-04 12:00:00 C:\WINDOWS\system32\user32.dll

----a-w 67,584 2004-08-04 12:00:00 C:\WINDOWS\system32\webclnt.dll

----a-w 1,836,032 2004-08-04 12:00:00 C:\WINDOWS\system32\win32k.sys

----a-w 658,432 2004-08-04 12:00:00 C:\WINDOWS\system32\wininet.dll

----a-w 291,328 2004-08-04 12:00:00 C:\WINDOWS\system32\winsrv.dll

----a-w 11,776 2004-08-04 12:00:00 C:\WINDOWS\system32\xolehlp.dll

----a-w 195,584 2004-08-04 12:00:00 C:\WINDOWS\system32\Com\comadmin.dll

-c--a-w 100,352 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\6to4svc.dll

-c--a-w 41,984 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\agentdp2.dll

-c--a-w 58,880 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\agentdpv.dll

-c--a-w 256,512 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\agentsvr.exe

-c--a-w 56,832 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\authz.dll

-c--a-w 1,017,344 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\browseui.dll

-c--a-w 229,888 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\catsrv.dll

-c--a-w 628,224 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\catsrvut.dll

-c--a-w 151,040 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\cdfview.dll

-c--a-w 110,080 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\clbcatex.dll

-c--a-w 501,248 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\clbcatq.dll

-c--a-w 62,464 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\colbact.dll

-c--a-w 195,584 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\comadmin.dll

-c--a-w 611,328 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\comctl32.dll

-c--a-w 82,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\comrepl.dll

-c--a-w 1,251,840 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\comsvcs.dll

-c--a-w 540,160 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\comuid.dll

-c--a-w 1,055,232 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\danim.dll

-c--a-w 111,104 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\dhcpcsvc.dll

-c--a-w 81,408 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\directdb.dll

-c--a-w 357,888 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\dxtmsft.dll

-c--a-w 201,728 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\dxtrans.dll

-c--a-w 243,200 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\es.dll

-c--a-w 1,092,096 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\esent.dll

-c--a-w 55,808 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\extmgr.dll

-c--a-w 79,360 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\fontsub.dll

-c--a-w 77,850 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\hlink.dll

-c--a-w 253,952 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\icm32.dll

-c--a-w 18,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\iedw.exe

-c--a-w 249,344 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\iepeers.dll

-c--a-w 678,400 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\inetcomm.dll

-c--a-w 96,768 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\inseng.dll

-c--a-w 95,744 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\iphlpapi.dll

-c--a-w 450,560 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\jscript.dll

-c--a-w 15,872 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\jsproxy.dll

-c--a-w 1,022,464 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\kernel32.dll

-c--a-w 18,944 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\linkinfo.dll

-c--a-w 39,936 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mf3216.dll

-c--a-w 924,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mfc40u.dll

-c--a-w 1,024,000 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mfc42u.dll

-c--a-w 7,680 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\migregdb.exe

-c--a-w 143,360 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msadco.dll

-c--a-w 536,576 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msado15.dll

-c--a-w 180,224 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msadomd.dll

-c--a-w 200,704 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msadox.dll

-c--a-w 73,728 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mscms.dll

-c--a-w 425,472 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msdtcprx.dll

-c--a-w 949,248 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msdtctm.dll

-c--a-w 161,280 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msdtcuiu.dll

-c--a-w 537,088 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msftedit.dll

-c--a-w 3,003,392 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mshtml.dll

-c--a-w 448,512 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mshtmled.dll

-c--a-w 102,400 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msjro.dll

-c--a-w 1,311,232 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msoe.dll

-c--a-w 146,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\msrating.dll

-c--a-w 530,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mstime.dll

-c--a-w 66,560 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mtxclu.dll

-c--a-w 90,112 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\mtxoci.dll

-c--a-w 198,144 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\netman.dll

-c--a-w 574,592 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\ntfs.sys

-c--a-w 1,284,608 2005-04-28 19:32:32 C:\WINDOWS\system32\dllcache\ole32.dll

-c--a-w 75,264 2005-04-28 19:32:32 C:\WINDOWS\system32\dllcache\olecli32.dll

-c--a-w 37,888 2005-04-28 19:32:32 C:\WINDOWS\system32\dllcache\olecnv32.dll

-c--a-w 118,784 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\oledlg.dll

-c--a-w 39,424 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\pngfilt.dll

-c--a-w 1,292,288 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\quartz.dll

-c--a-w 174,080 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\rasmans.dll

-c--a-w 174,592 2004-10-28 01:13:58 C:\WINDOWS\system32\dllcache\rdbss.sys

-c--a-w 139,400 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\rdpwd.sys

-c--a-w 431,616 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\riched20.dll

-c--a-w 200,064 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\rmcast.sys

-c--a-w 395,776 2005-04-28 19:32:32 C:\WINDOWS\system32\dllcache\rpcss.dll

-c--a-w 144,896 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\schannel.dll

-c--a-w 1,483,264 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\shdocvw.dll

-c--a-w 8,413,696 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\shell32.dll

-c--a-w 473,600 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\shlwapi.dll

-c--a-w 134,656 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\shsvcs.dll

-c--a-w 96,768 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\srvsvc.dll

-c--a-w 714,752 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\sxs.dll

-c--a-w 210,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\t2embed.dll

-c--a-w 246,272 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\tapisrv.dll

-c--a-w 359,040 2007-09-01 10:27:23 C:\WINDOWS\system32\dllcache\tcpip.sys

-c--a-w 223,616 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\tcpip6.sys

-c--a-w 76,800 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\telnet.exe

-c--a-w 101,376 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\txflog.dll

-c--a-w 119,296 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\umpnpmgr.dll

-c--a-w 316,928 2006-11-03 02:29:46 C:\WINDOWS\system32\dllcache\unregmp2.exe

-c--a-w 185,344 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\upnphost.dll

-c--a-w 602,112 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\urlmon.dll

-c--a-w 577,536 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\user32.dll

-c--a-w 848,384 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\vgx.dll

-c--a-w 504,832 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\wab32.dll

-c--a-w 84,992 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\wabimp.dll

-c--a-w 67,584 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\webclnt.dll

-c--a-w 1,836,032 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\win32k.sys

-c--a-w 658,432 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\wininet.dll

-c--a-w 291,328 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\winsrv.dll

-c--a-w 11,776 2004-08-04 12:00:00 C:\WINDOWS\system32\dllcache\xolehlp.dll

----a-w 142,464 2004-08-03 22:39:38 C:\WINDOWS\system32\drivers\aec.sys

----a-w 263,040 2004-08-04 12:00:00 C:\WINDOWS\system32\drivers\http.sys

----a-w 171,776 2004-08-03 23:07:50 C:\WINDOWS\system32\drivers\kmixer.sys

----a-w 448,128 2004-10-28 01:14:18 C:\WINDOWS\system32\drivers\mrxsmb.sys

----a-w 574,592 2004-08-04 12:00:00 C:\WINDOWS\system32\drivers\ntfs.sys

----a-w 174,592 2004-10-28 01:13:58 C:\WINDOWS\system32\drivers\rdbss.sys

----a-w 139,400 2004-08-04 12:00:00 C:\WINDOWS\system32\drivers\rdpwd.sys

----a-w 200,064 2004-08-04 12:00:00 C:\WINDOWS\system32\drivers\RMCast.sys

----a-w 6,400 2004-08-03 23:07:48 C:\WINDOWS\system32\drivers\splitter.sys

----a-w 223,616 2004-08-04 12:00:00 C:\WINDOWS\system32\drivers\tcpip6.sys

----a-w 82,944 2004-08-03 23:15:06 C:\WINDOWS\system32\drivers\wdmaud.sys

----a-w 758,784 2003-06-19 04:31:44 C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

----a-w 35,328 2003-06-19 04:31:46 C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

----a-w 758,784 2003-06-19 04:31:44 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

----a-w 35,328 2003-06-19 04:31:46 C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

----a-w 18,944 2003-06-19 04:31:48 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

----a-w 40,960 2007-09-02 04:34:16 C:\WINDOWS\Temp\rtdrvmon.exe

----a-w 258,048 2007-08-24 04:03:19 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

----a-w 114,176 2007-08-24 04:03:19 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

 

PARTE 6 ( FINAL )

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries &amp; legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

&quot;VTTimer&quot;=&quot;VTTimer.exe&quot; [2006-08-03 03:53 C:\WINDOWS\system32\VTTimer.exe]

&quot;SunJavaUpdateSched&quot;=&quot;C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe&quot; [2007-07-12 04:00]

&quot;avast!&quot;=&quot;C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe&quot; [2007-07-27 19:03]

&quot;TkBellExe&quot;=&quot;realsched.exe&quot; []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

&quot;BitComet&quot;=&quot;C:\Arquivos de programas\BitComet\BitComet.exe&quot; []

&quot;BitTorrent&quot;=&quot;C:\Arquivos de programas\BitTorrent\bittorrent.exe&quot; []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loi^Menu Iniciar^Programas^Inicializar^hamachi.lnk]

path=C:\Documents and Settings\Loi\Menu Iniciar\Programas\Inicializar\hamachi.lnk

backup=C:\WINDOWS\pss\hamachi.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

&quot;C:\Arquivos de programas\DAEMON Tools\daemon.exe&quot; -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]

&quot;C:\Arquivos de programas\Google\Google Talk\googletalk.exe&quot; /autostart

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]

&quot;C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe&quot;

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]

C:\Arquivos de programas\NetLimiter\NetLimiter.exe /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

&quot;C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe&quot; -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys

R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS

S0 cifckeli;cifckeli;C:\WINDOWS\system32\drivers\rmmctrqd.sys

 

 

**************************************************************************

 

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-07 08:18:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-09-07 8:20:17 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-09-07 08:19

 

--- E O F ---

 

ComboFix - Quarantined Files

 

2007-07-08 21:23	  15399	--a------	C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir2007-08-30 04:03	  26176	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\234V7v2y.exe.vir2007-08-30 11:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At12.job.vir2007-08-30 12:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At13.job.vir2007-08-30 13:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At14.job.vir2007-08-30 14:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At15.job.vir2007-09-01 02:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At3.job.vir2007-09-01 03:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At4.job.vir2007-09-01 04:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At5.job.vir2007-09-01 05:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At6.job.vir2007-09-01 06:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At7.job.vir2007-09-01 07:03	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At8.job.vir2007-09-01 08:03	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At9.job.vir2007-09-01 09:03	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At10.job.vir2007-09-01 14:11	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At11.job.vir2007-09-01 15:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At16.job.vir2007-09-01 16:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At17.job.vir2007-09-01 17:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At18.job.vir2007-09-01 18:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At19.job.vir2007-09-01 19:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At20.job.vir2007-09-01 20:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At21.job.vir2007-09-01 21:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At22.job.vir2007-09-01 22:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At23.job.vir2007-09-01 23:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At24.job.vir2007-09-02 00:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At1.job.vir2007-09-02 01:01	  350	--a------	C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At2.job.vir2007-09-02 01:39	  507434	--a------	C:\Qoobox\snapshot_2007-09-02_ 13909,56.cf2007-09-07 08:14	  0	--a------	C:\Qoobox\BackEnv\CACHE.folder.cf2007-09-07 08:14	  0	--a------	C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf2007-09-07 08:14	  0	--a------	C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf2007-09-07 08:14	  142	--a------	C:\Qoobox\BackEnv\profiles.folder.cf2007-09-07 08:14	  196	--a------	C:\Qoobox\BackEnv\APPDATA.folder.cf2007-09-07 08:14	  2925	--a------	C:\Qoobox\BackEnv\setpath.bat2007-09-07 08:14	  35	--a------	C:\Qoobox\BackEnv\MY PICTURES.folder.cf2007-09-07 08:14	  55	--a------	C:\Qoobox\BackEnv\DESKTOP.folder.cf2007-09-07 08:14	  55	--a------	C:\Qoobox\BackEnv\TEMPLATES.folder.cf2007-09-07 08:14	  57	--a------	C:\Qoobox\BackEnv\FAVORITES.folder.cf2007-09-07 08:14	  57	--a------	C:\Qoobox\BackEnv\PERSONAL.folder.cf2007-09-07 08:14	  57	--a------	C:\Qoobox\BackEnv\START MENU.folder.cf2007-09-07 08:14	  75	--a------	C:\Qoobox\BackEnv\PROGRAMS.folder.cf2007-09-07 08:14	  93	--a------	C:\Qoobox\BackEnv\STARTUP.folder.cf2007-09-07 08:16	  1046	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cfListagem de caminhos de pastaO n£mero de s‚rie do volume ‚ 3C23-7F32C:\QOOBOX|   snapshot_2007-09-02_ 13909,56.cf|   +---BackEnv|	   APPDATA.folder.cf|	   CACHE.folder.cf|	   DESKTOP.folder.cf|	   FAVORITES.folder.cf|	   LOCAL APPDATA.folder.cf|	   LOCAL SETTINGS.folder.cf|	   MY PICTURES.folder.cf|	   PERSONAL.folder.cf|	   profiles.folder.cf|	   PROGRAMS.folder.cf|	   setpath.bat|	   START MENU.folder.cf|	   STARTUP.folder.cf|	   TEMPLATES.folder.cf|	   \---Quarantine	+---C	|   +---ComboFix	|   |	   FProps.vbs.vir	|   |	   	|   \---WINDOWS	|	   +---system32	|	   |	   234V7v2y.exe.vir	|	   |	   	|	   \---Tasks	|			   At1.job.vir	|			   At10.job.vir	|			   At11.job.vir	|			   At12.job.vir	|			   At13.job.vir	|			   At14.job.vir	|			   At15.job.vir	|			   At16.job.vir	|			   At17.job.vir	|			   At18.job.vir	|			   At19.job.vir	|			   At2.job.vir	|			   At20.job.vir	|			   At21.job.vir	|			   At22.job.vir	|			   At23.job.vir	|			   At24.job.vir	|			   At3.job.vir	|			   At4.job.vir	|			   At5.job.vir	|			   At6.job.vir	|			   At7.job.vir	|			   At8.job.vir	|			   At9.job.vir	|			   	\---Registry_backups			LEGACY_NPF.reg.cf

[DigRam 144]

Bom Dia loi!

 

>@< As mensagens sobre Tasker.exe,ainda lhe incomodam?

_____________________

 

>@< Faça o download do DiagHelp.

>@< Salve-o no Disco Local-C.

>@< Descompacte a ferramenta e abra a pasta DiagHelp.

>@< Dê um duplo clique em go.cmd

>@< Abrir-se-á um prompt e,nas opções,escolha o 1 >> Aperte Enter.

>@< Aperte Enter novamente!(...ou,qualquer tecla! )

>@< Aguarde o término da análise!

>@< Terminando,feche o programa e copie/cole o relatório ( C:\resultat.txt ),na sua resposta+HJT,atualizado.

 

Abraços!

[Sam Spade 2]

Tópico Arquivado

 

Como o autor não respondeu por mais de 20 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.