se.co 0 Denunciar post Postado Julho 1, 2008 bom dia! percebi uma lentidão no meu pc e entrando no forum vi que JGARCIA recomendava o COMBOFIX.exe. Executei e estou enviando o log para voces ajudarem a resolvelo. segue: ComboFix 08-06-20.4 - Seco 2008-07-01 9:48:22.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.2086 [GMT -3:00] Executando de: C:\Users\Seco\Documents\KomboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusäes ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Downloaded Program Files\setup.inf C:\Windows\system32\drivers\downld C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\mdelk.exe C:\Windows\system32\drivers\srosa.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((( Ficheiros criados de 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))) . 2099-12-31 09:33 . 2008-02-04 15:29 <DIR> d-------- C:\crack1 2099-06-02 14:29 . 2099-06-02 14:29 <DIR> d-------- C:\Ativa‡Æo Windows Vista Ultimate PT-BR 32-64bits OEM BIOS 12 2007 - Testado byZAZ 2099-06-02 14:25 . 2099-06-02 14:25 <DIR> d-------- C:\ATIVA€ÇO VIA OEM BIOS (JUNHO 2007)--- Windows Vista Ultimate PT BR 32bits Portugues Brasil VersÆo Final + CRACK.iso --- 2099-05-31 17:16 . 2099-05-31 17:16 <DIR> d-------- C:\TUTORIAL - COMO ATIVAR O WINDOWS VISTA ULTIMATE FINAL PT - BR 2008-07-01 09:44 . 2008-07-01 09:47 <DIR> d-------- C:\327882R2FWJFW 2008-07-01 09:33 . 2008-07-01 09:36 <DIR> d-------- C:\Users\All Users\Google Updater 2008-07-01 09:33 . 2008-07-01 09:36 <DIR> d-------- C:\ProgramData\Google Updater 2008-06-30 18:42 . 2008-06-30 18:42 <DIR> d-------- C:\Program Files\Kingsoft 2008-06-30 08:32 . 2008-06-30 08:32 244 --ah----- C:\sqmnoopt00.sqm 2008-06-30 08:32 . 2008-06-30 08:32 232 --ah----- C:\sqmdata00.sqm 2008-06-28 17:21 . 2008-06-30 19:10 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-06-26 18:29 . 2008-07-01 08:52 268,372,604 --a------ C:\Windows\MEMORY.DMP 2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\Users\Seco\AppData\Roaming\DassaultSystemes 2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\Users\All Users\DassaultSystemes 2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\ProgramData\DassaultSystemes 2008-06-24 11:11 . 2008-06-24 11:11 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Nero 2008-06-24 11:08 . 2008-06-24 11:08 <DIR> d-------- C:\Users\All Users\Nero 2008-06-24 11:08 . 2008-06-24 11:08 <DIR> d-------- C:\ProgramData\Nero 2008-06-24 11:08 . 2008-06-24 11:08 <DIR> d-------- C:\Program Files\Nero 2008-06-24 11:08 . 2008-06-24 11:10 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-17 20:21 . 2008-06-17 20:21 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-06-17 20:20 . 2008-06-17 20:20 372 --a------ C:\Windows\avwin.ini 2008-06-17 20:20 . 2008-06-17 20:20 158 --a------ C:\Windows\avx.ini 2008-06-17 18:11 . 2008-06-17 18:17 <DIR> d-------- C:\Users\Seco\AppData\Roaming\SmartDraw 2008-06-12 14:54 . 2008-06-12 14:54 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Printer Info Cache 2008-06-12 14:54 . 2008-06-12 14:54 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Image Zone Express 2008-06-12 14:41 . 2008-06-12 14:41 <DIR> d-------- C:\Users\All Users\HPSSUPPLY 2008-06-12 14:41 . 2008-06-12 14:41 <DIR> d-------- C:\ProgramData\HPSSUPPLY 2008-06-12 14:38 . 2008-06-12 14:38 <DIR> d-------- C:\Program Files\Hewlett-Packard 2008-06-12 14:37 . 2008-06-12 14:40 <DIR> d-------- C:\Program Files\Common Files\HP 2008-06-12 14:28 . 2008-06-12 14:53 157,776 --a------ C:\Windows\hpoins19.dat 2008-06-12 14:17 . 2007-03-13 17:06 26,952 --a------ C:\Windows\hpomdl19.dat 2008-06-12 12:03 . 2008-06-12 12:03 <DIR> d-------- C:\Users\All Users\WEBREG 2008-06-12 12:03 . 2008-06-12 12:03 <DIR> d-------- C:\ProgramData\WEBREG 2008-06-12 12:01 . 2008-06-12 12:01 <DIR> d-------- C:\Users\Seco\AppData\Roaming\HP 2008-06-12 11:57 . 2008-06-12 11:57 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-06-12 11:20 . 2008-06-13 08:29 <DIR> d-------- C:\Users\All Users\HP 2008-06-12 11:20 . 2008-06-13 08:29 <DIR> d-------- C:\ProgramData\HP 2008-06-12 10:26 . 2008-06-12 10:26 <DIR> d-------- C:\temp\FixEngine 2008-06-12 10:14 . 2008-06-12 10:14 <DIR> d-------- C:\Windows\Downloaded Installations 2008-06-12 10:14 . 2008-06-12 14:41 <DIR> d-------- C:\Program Files\HP 2008-06-11 08:53 . 2008-04-23 01:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-06-11 08:53 . 2008-04-23 01:27 428,032 --a------ C:\Windows\System32\EncDec.dll 2008-06-11 08:53 . 2008-04-23 01:27 292,352 --a------ C:\Windows\System32\psisdecd.dll 2008-06-11 08:53 . 2008-04-23 01:26 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-11 08:53 . 2008-04-23 01:26 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-11 08:53 . 2008-04-23 01:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-11 08:53 . 2008-04-23 01:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-09 09:00 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-06-09 09:00 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-06-09 09:00 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-06-04 15:25 . 2008-06-04 15:26 <DIR> d-------- C:\Users\All Users\Adobe 2008-06-04 15:25 . 2008-06-04 15:26 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-06-03 16:14 . 2008-06-03 16:14 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-06-03 16:14 . 2008-06-03 16:14 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-06-03 16:13 . 2008-06-03 16:13 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-06-03 16:13 . 2008-06-03 16:13 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-06-03 16:13 . 2008-06-03 16:13 216,632 --a------ C:\Windows\System32\drivers\netio.sys 2008-06-03 16:13 . 2008-06-03 16:13 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-06-03 16:13 . 2008-06-03 16:13 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-06-03 16:13 . 2008-06-03 16:13 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-06-03 16:12 . 2008-06-03 16:12 83,968 --a------ C:\Windows\System32\dnsrslvr.dll 2008-06-03 16:12 . 2008-06-03 16:12 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-06-03 14:43 . 2008-06-03 14:43 2,923,520 --a------ C:\Windows\explorer.exe 2008-06-03 14:42 . 2008-06-03 14:42 1,152,000 --a------ C:\Windows\System32\themecpl.dll 2008-06-03 14:42 . 2008-06-03 14:42 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-06-03 14:42 . 2008-06-03 14:42 233,888 --a------ C:\Windows\System32\DreamScene.dll 2008-06-03 14:42 . 2008-06-03 14:42 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-06-03 14:40 . 2008-06-03 14:40 374,456 --a------ C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-06-03 14:39 . 2008-06-03 14:39 414,208 --a------ C:\Windows\System32\msscp.dll 2008-06-03 14:39 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-06-03 14:38 . 2008-06-03 14:38 8,147,968 --a------ C:\Windows\System32\wmploc.DLL 2008-06-03 14:38 . 2008-06-03 14:38 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll 2008-06-03 14:38 . 2008-06-03 14:38 7,680 --a------ C:\Windows\System32\spwmp.dll 2008-06-03 14:38 . 2008-06-03 14:38 4,096 --a------ C:\Windows\System32\msdxm.ocx 2008-06-03 14:38 . 2008-06-03 14:38 4,096 --a------ C:\Windows\System32\dxmasf.dll 2008-06-03 14:37 . 2008-06-03 14:37 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-06-03 14:37 . 2008-06-03 14:37 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe 2008-06-03 14:37 . 2008-06-03 14:37 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-06-03 14:37 . 2008-06-03 14:37 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-06-03 14:37 . 2008-06-03 14:37 109,624 --a------ C:\Windows\System32\drivers\ataport.sys 2008-06-03 14:37 . 2008-06-03 14:37 104,448 --a------ C:\Windows\System32\DWWIN.EXE 2008-06-03 14:37 . 2008-06-03 14:37 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-06-03 14:37 . 2008-06-03 14:37 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-06-03 14:37 . 2008-06-03 14:37 15,928 --a------ C:\Windows\System32\drivers\pciide.sys 2008-06-03 14:36 . 2008-06-03 14:36 337,408 --a------ C:\Windows\System32\intl.cpl 2008-06-03 14:36 . 2008-06-03 14:36 166,912 --a------ C:\Windows\System32\lpksetup.exe 2008-06-03 14:36 . 2008-06-03 14:36 25,600 --a------ C:\Windows\System32\LangCleanupSysprepAction.dll 2008-06-03 14:36 . 2008-06-03 14:36 23,552 --a------ C:\Windows\System32\lpremove.exe 2008-06-03 14:36 . 2008-06-03 14:36 10,240 --a------ C:\Windows\System32\MUILanguageCleanup.dll 2008-06-03 14:35 . 2008-06-03 14:35 <DIR> d-------- C:\Program Files\Microsoft Works 2008-06-03 14:29 . 2008-06-03 14:29 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-03 14:26 . 2008-06-04 10:20 <DIR> d-------- C:\Users\All Users\Microsoft Help 2008-06-03 14:26 . 2008-06-04 10:20 <DIR> d-------- C:\ProgramData\Microsoft Help 2008-06-03 14:21 . 2008-06-03 14:21 <DIR> dr-h----- C:\MSOCache 2008-06-03 14:01 . 2008-06-03 14:51 <DIR> d-------- C:\Users\All Users\NVIDIA 2008-06-03 14:01 . 2008-06-03 14:51 <DIR> d-------- C:\ProgramData\NVIDIA 2008-06-03 13:49 . 2008-06-03 13:49 <DIR> d-------- C:\Program Files\BitLocker 2008-06-03 13:42 . 2008-06-03 13:42 229,888 --a------ C:\Windows\System32\msshsq.dll 2008-06-03 13:39 . 2008-06-03 13:39 224,768 --a------ C:\Windows\System32\drivers\usbport.sys 2008-06-03 13:39 . 2008-06-03 13:39 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys 2008-06-03 13:39 . 2008-06-03 13:39 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys 2008-06-03 13:39 . 2008-06-03 13:39 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys 2008-06-03 13:39 . 2008-06-03 13:39 23,040 --a------ C:\Windows\System32\drivers\usbuhci.sys 2008-06-03 13:39 . 2008-06-03 13:39 8,704 --a------ C:\Windows\System32\hcrstco.dll 2008-06-03 13:39 . 2008-06-03 13:39 8,704 --a------ C:\Windows\System32\hccoin.dll 2008-06-03 13:39 . 2008-06-03 13:39 5,888 --a------ C:\Windows\System32\drivers\usbd.sys 2008-06-03 13:28 . 2008-06-03 13:28 2,605,568 --a------ C:\Windows\System32\SLsvc.exe 2008-06-03 13:28 . 2008-06-03 13:28 566,784 --a------ C:\Windows\System32\SLCommDlg.dll 2008-06-03 13:28 . 2008-06-03 13:28 351,232 --a------ C:\Windows\System32\SLUI.exe 2008-06-03 13:28 . 2008-06-03 13:28 268,288 --a------ C:\Windows\System32\mcbuilder.exe 2008-06-03 13:28 . 2008-06-03 13:28 223,232 --a------ C:\Windows\System32\SLC.dll 2008-06-03 13:28 . 2008-06-03 13:28 186,368 --a------ C:\Windows\System32\SLLUA.exe 2008-06-03 13:28 . 2008-06-03 13:28 57,856 --a------ C:\Windows\System32\SLUINotify.dll 2008-06-03 13:28 . 2008-06-03 13:28 39,936 --a------ C:\Windows\System32\slcinst.dll 2008-06-03 13:28 . 2008-06-03 13:28 33,280 --a------ C:\Windows\System32\slwmi.dll 2008-06-03 13:23 . 2008-06-03 13:23 1,171,848 --a------ C:\Windows\System32\SecureKeyBackupCPL.dll 2008-06-03 13:23 . 2008-06-03 13:23 711 --a------ C:\Windows\System32\CPSOKBTasks.xml 2008-06-03 13:19 . 2008-06-03 13:19 320,000 --a------ C:\Windows\System32\drivers\csc.sys 2008-06-03 13:19 . 2008-06-03 13:19 105,984 --a------ C:\Windows\System32\CscMig.dll 2008-06-03 13:16 . 2008-06-03 13:16 678,408 --a------ C:\Windows\System32\gpprefcl.dll 2008-06-03 13:14 . 2008-06-03 13:14 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-06-03 13:14 . 2008-06-03 13:14 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-06-03 13:11 . 2008-06-03 13:11 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-06-03 13:09 . 2008-06-03 13:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll . ((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 12:00 --------- d-----w C:\Program Files\Windows Mail 2008-06-04 13:10 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys 2008-06-04 13:10 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys 2008-06-04 13:10 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys 2008-06-04 13:10 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys 2008-06-04 13:10 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys 2008-06-04 13:10 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys 2008-06-03 18:19 --------- d-----w C:\Program Files\Windows Calendar 2008-06-03 18:18 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys 2008-06-03 18:18 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2008-06-03 18:18 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys 2008-06-03 18:18 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys 2008-06-03 18:18 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys 2008-06-03 17:46 --------- d-----w C:\Program Files\Windows Defender 2008-06-03 17:43 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-06-03 17:35 --------- d-----w C:\Program Files\MSBuild 2008-06-03 17:01 174 --sha-w C:\Program Files\desktop.ini 2008-06-03 16:49 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-03 16:49 --------- d-----w C:\Program Files\Microsoft Games 2008-06-03 16:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-03 16:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-06-03 16:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-06-03 16:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-06-03 16:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-02 20:59 --------- d-sh--w C:\ProgramData\Modelos 2008-06-02 20:59 --------- d-sh--w C:\ProgramData\Menu Iniciar 2008-06-02 20:59 --------- d-sh--w C:\ProgramData\Favoritos 2008-06-02 20:59 --------- d-sh--w C:\ProgramData\Documentos 2008-06-02 20:59 --------- d-sh--w C:\ProgramData\Dados de aplicativos 2008-06-02 20:59 --------- d-sh--w C:\Program Files\Common Files\Sistema 2008-06-02 20:59 --------- d-sh--w C:\Program Files\Arquivos Comuns 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 09:33 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-03 13:11 1232896] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-07-01 09:50 22696] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352] "HP Software Update"="C:\arquivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-07-01 09:50 107112] "Adobe Reader Speed Launcher"="C:\arquivos de programa\reader8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ SolidWorks Task Scheduler Engine.lnk - C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1844114194-1584063930-1142964930-1000] "EnableNotificationsRef"=dword:00000006 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{BC742875-7056-44F4-AEF3-27240637D6B3}C:\\arquivos de programa\\emule\\emule.exe"= UDP:C:\arquivos de programa\emule\emule.exe:eMule "UDP Query User{1C6EA11D-7824-46ED-8FDC-67D1D4CD0684}C:\\arquivos de programa\\emule\\emule.exe"= TCP:C:\arquivos de programa\emule\emule.exe:eMule "{F33595D2-2E81-46FB-9997-200AA09EE118}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FF6E4FD8-2788-45C1-98EC-F373C00C652B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{E3E68D6B-430F-4317-A624-B2D81F2D7A8F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{487D1C74-19EB-471C-944B-0E78A39FA540}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9EC39E64-07B6-41A6-B226-8B8FA6D7ABD4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9F6D9562-C8B8-48C9-BAF9-4161A0BCAE27}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-05-13 00:27] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 17:40] S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-06-03 09:17] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f5f3254-30e0-11dd-90c0-806e6f6e6963}] \shell\AutoRun\command - E:\EIProcessCaller.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557bf85e-46fa-11dd-9752-0019d1e8a4d6}] \shell\AutoRun\command - F:\nideiect.com \shell\explore\Command - F:\nideiect.com \shell\open\Command - F:\nideiect.com *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Conte£do da pasta 'Tarefas Agendadas' "2008-06-28 12:52:11 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Seco.job" - C:\PROGRA~2\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-07-01 12:36:19 C:\Windows\Tasks\User_Feed_Synchronization-{22331444-F7A4-4F10-819A-2717D1198AE9}.job" - C:\Windows\system32\msfeedssync.exe "2008-06-03 12:57:55 C:\Windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job" fim fico no aguardo de uma resposta. desde já estou agradecido pelas dicas obtidas no forum. Att, Seco Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 2, 2008 Bom Dia! se.co >@< Faça o download do HijackThis. >@< Baixe-o para o Disco Local-C e estabeleça uma pasta própria para o programa. >@< Temos como exemplo: < C:\HijackThis.exe > ou < C:\HijackThis\HijackThis.exe > >@< Mas,não execute-o ainda! >@< Para que o Log do HijackThis saia completo,vá em Iniciar >> Executar. >@< Digite: msconfig >> Ok. >@< Na aba Geral,marque: Inicialização normal - Carregar todos os drivers de dispositivo e serviços >@< Clique em Aplicar >> Ok. >@< Reinicie o computador! >@< Abra o HijackThis e clique em Do a system scan and save a logfile. >@< Abrir-se-á um Bloco de Notas! >@< Selecione e copie o seu conteúdo para este Tópico. Não crie outro! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
se.co 0 Denunciar post Postado Julho 2, 2008 Bom dia! Carissimo boscofreitas, ontem aqui no forum descobri o ELIBAGLE, eu rodei e ele me deletou dois arquivos infectados. Com isso eu já consegui instalar o Norton novamente e estou trabalhando precariamente. Uma coisa que percebi é que a memoria fisica livre do meu PC esta sempre em zero. É normal mas mesmo assim, segue o log do HijackThis, ele abriu uma janela de erro, aqual copiei e esta no inicio. texto da janela de erro --------------------------- HijackThis --------------------------- An unexpected error has occurred at procedure: modMain_CheckOther1Item() Error #75 - Path/File access error Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 6.00.1904 MSIE version: 7.0.6000.16681 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. --------------------------- OK texto do log file Logfile of HijackThis v1.99.1 Scan saved at 08:42, on 2008-07-02 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\arquivos de programa\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\arquivos de programa\reader8\Reader\reader_sl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exe C:\arquivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe C:\HijackThis\HijackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com// R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [HP Software Update] C:\arquivos de programa\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\arquivos de programa\reader8\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...t/wlscctrl2.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) desde já agradecido. Seco Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 4, 2008 Bom Dia! se.co >@< Faça um escaneamento OnLine,pelo Panda. >@< Em,Arquivar e analisar,preencha o campo: País/Distrito/Região/E-Mail válido. >@< Digite o seu E-Mail. >@< Marque o botão:Não desejo receber informações... >@< Clique em: Pesquise agora,sem custos.Aguarde! >@< Permita a instalação do Active X. <!> Leia o Tutorial: < Link > >@< No aviso,clique em Instalar.Aguarde a finalização,da contagem regressiva! >@< Terminando e,em: Selecione um dispositivo para analisar... >@< Escolha: O Meu Computador. >@< Aguarde!Pois vai demorar um pouco para concluir o scan. >@< Terminando,copie o relatório e poste,na sua resposta + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
se.co 0 Denunciar post Postado Julho 4, 2008 Bom dia digram ! Segue o log do panda. ANALYSIS: 2008-07-03 17:34:13PROTECTIONS: 2 MALWARE: 20 SUSPECTS: 2 PROTECTIONS Description Windows Defender Norton Antivirus Internet Security 2007 C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@casalemedia[1].txt00139061 Cookie/Doubleclick TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@doubleclick[1].txt00139061 Cookie/Doubleclick TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\seco@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@atdmt[2].txt00145393 Cookie/Tradedoubler TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@tradedoubler[1].txt00145457 Cookie/FastClick TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@fastclick[2].txt00145731 Cookie/Tribalfusion TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@tribalfusion[1].txt00147824 Cookie/Clickbank TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@clickbank[1].txt00167749 Cookie/Toplist TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@toplist[2].txt00167753 Cookie/Statcounter TrackingCookie C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\seco@statcounter[1].txt00167753 Cookie/Statcounter TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@statcounter[2].txt00168056 Cookie/YieldManager TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@ad.yieldmanager[2].txt00168056 Cookie/YieldManager TrackingCookie C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\seco@ad.yieldmanager[2].txt00168061 Cookie/Apmebf TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@apmebf[1].txt00168090 Cookie/Serving-sys TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@serving-sys[1].txt00168093 Cookie/Serving-sys TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@bs.serving-sys[2].txt00169190 Cookie/Advertising TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@advertising[1].txt00170553 Cookie/Com.com TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@ig.com[2].txt00170553 Cookie/Com.com TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@ig.com[1].txt00170557 Cookie/Com.com TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@terra.com[1].txt00170559 Cookie/Com.com TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@uol.com[1].txt00170559 Cookie/Com.com TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@uol.com[1].txt00172221 Cookie/Zedo TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@zedo[2].txt00286736 Cookie/Cgi-bin TrackingCookie C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@www6.addfreestats[1].txt02812232 Generic Trojan Virus/Trojan C:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data1.cab[KWatch9x.EXE] Fico no aguardo, Se.co Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 6, 2008 Bom Dia! se.co <@> Qual dispositivo removível,voçê utiliza nesta unidade? < E:\EIProcessCaller.exe > ------------------------------------ <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt File::C:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data1.cab F:\nideiect.com Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557bf85e-46fa-11dd-9752-0019d1e8a4d6}] Folder:: C:\Program Files\Kingsoft\AntiVirus\KAV2007IS <@> Arraste,com o Mouse,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Reinicie o computador! <@> Terminando,poste o relatório: C:\ComboFix.txt + HJT,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
se.co 0 Denunciar post Postado Julho 12, 2008 Boa tarde Sr. DigRam! Desculpe a demora para retornar uma resposta, é que tive problemas de servidor e estava sem acesso a internet. Então, segue os logs: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:39:12, on 07/07/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\System32\rundll32.exeC:\arquivos de programa\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\arquivos de programa\reader8\Reader\reader_sl.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exeC:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exeC:\Windows\System32\rundll32.exeC:\arquivos de programa\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://br.msn.com//"]http://br.msn.com//[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [HP Software Update] C:\arquivos de programa\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\arquivos de programa\reader8\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - [url="http://favorites.live.com/quickadd.aspx"]http://favorites.live.com/quickadd.aspx[/url]O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [url="http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab"]http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[/url]O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - [url="http://cdn.scan.onecare.live.com/resource/download/scanner/pt-pt/wlscctrl2.cab"]http://cdn.scan.onecare.live.com/resource/...t/wlscctrl2.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [url="https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/url]O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - [url="http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab"]http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 8208 bytesComboFix 08-07-02.5 - Seco 2008-07-07 13:31:47.3 - NTFSx86Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.1883 [GMT -3:00]Executando de: C:\Users\Seco\Documents\programas ver rem\ComboFix.exeCommand switches used :: C:\Users\Seco\Documents\programas ver rem\CFScript.txt * Criado um novo ponto de restauroFILE ::C:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data1.cabF:\nideiect.com.((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\Kingsoft\AntiVirus\KAV2007ISC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\CheckRunOnce.exeC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data1.cabC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data1.hdrC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data2.cabC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\ikernel.ex_C:\Program Files\Kingsoft\AntiVirus\KAV2007IS\KAVSetup.EXEC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\layout.binC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\setup.bmpC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\Setup.iniC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\setup.inxC:\Program Files\Kingsoft\AntiVirus\KAV2007IS\setup.iss.((((((((((((((((((((((( Ficheiros criados de 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))).2099-12-31 09:33 . 2008-02-04 15:29 <DIR> d-------- C:\crack12099-06-02 14:29 . 2099-06-02 14:29 <DIR> d-------- C:\Ativação Windows Vista Ultimate PT-BR 32-64bits OEM BIOS 12 2007 - Testado byZAZ2099-06-02 14:25 . 2099-06-02 14:25 <DIR> d-------- C:\ATIVAÇÃO VIA OEM BIOS (JUNHO 2007)--- Windows Vista Ultimate PT BR 32bits Portugues Brasil Versão Final + CRACK.iso ---2099-05-31 17:16 . 2099-05-31 17:16 <DIR> d-------- C:\TUTORIAL - COMO ATIVAR O WINDOWS VISTA ULTIMATE FINAL PT - BR2008-07-04 17:52 . 2002-03-14 09:38 36,864 --a------ C:\Windows\System32\OpenCNC_API.dll2008-07-03 15:15 . 2008-07-03 15:15 <DIR> d-------- C:\Program Files\Panda Security2008-07-03 15:15 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys2008-07-03 13:56 . 2008-07-03 13:57 <DIR> d-------- C:\LinhaDefensiva2008-07-03 13:53 . 2008-07-07 13:30 <DIR> d-------- C:\327882R2FWJFW2008-07-03 12:07 . 2008-07-03 12:07 <DIR> d-------- C:\Users\Public\Adobe Acrobat PDF Writer 5.02008-07-03 10:18 . 2008-02-28 14:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll2008-07-03 10:18 . 2008-02-28 14:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB2008-07-03 09:30 . 2008-07-07 13:30 <DIR> d-------- C:\temp\TempDiretório de backup SW2008-07-02 12:07 . 2008-07-02 12:09 <DIR> d-------- C:\Users\Public\solidworks 20082008-07-02 08:34 . 2008-07-03 14:15 <DIR> d-------- C:\HijackThis2008-07-01 14:06 . 2008-07-01 14:48 <DIR> d-------- C:\Program Files\Norton Internet Security2008-07-01 14:04 . 2008-07-01 14:33 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS2008-07-01 14:01 . 2008-07-01 14:33 <DIR> d-------- C:\Program Files\Symantec2008-07-01 09:33 . 2008-07-07 08:23 <DIR> d-------- C:\Users\All Users\Google Updater2008-07-01 09:33 . 2008-07-07 08:23 <DIR> d-------- C:\ProgramData\Google Updater2008-06-30 18:42 . 2008-06-30 18:42 <DIR> d-------- C:\Program Files\Kingsoft2008-06-30 08:32 . 2008-06-30 08:32 244 --ah----- C:\sqmnoopt00.sqm2008-06-30 08:32 . 2008-06-30 08:32 232 --ah----- C:\sqmdata00.sqm2008-06-28 17:21 . 2008-06-30 19:10 <DIR> d-------- C:\Program Files\Windows Live Safety Center2008-06-26 18:29 . 2008-07-01 08:52 268,372,604 --a------ C:\Windows\MEMORY.DMP2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\Users\Seco\AppData\Roaming\DassaultSystemes2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\Users\All Users\DassaultSystemes2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\ProgramData\DassaultSystemes2008-06-24 11:11 . 2008-06-24 11:11 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Nero2008-06-24 11:08 . 2008-07-03 10:18 <DIR> d-------- C:\Users\All Users\Nero2008-06-24 11:08 . 2008-07-03 10:18 <DIR> d-------- C:\ProgramData\Nero2008-06-24 11:08 . 2008-06-24 11:08 <DIR> d-------- C:\Program Files\Nero2008-06-24 11:08 . 2008-07-03 10:18 <DIR> d-------- C:\Program Files\Common Files\Nero2008-06-17 20:21 . 2008-06-17 20:21 <DIR> d--h----- C:\Program Files\InstallShield Installation Information2008-06-17 20:20 . 2008-06-17 20:20 372 --a------ C:\Windows\avwin.ini2008-06-17 20:20 . 2008-06-17 20:20 158 --a------ C:\Windows\avx.ini2008-06-17 18:11 . 2008-06-17 18:17 <DIR> d-------- C:\Users\Seco\AppData\Roaming\SmartDraw2008-06-12 14:54 . 2008-06-12 14:54 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Printer Info Cache2008-06-12 14:54 . 2008-06-12 14:54 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Image Zone Express2008-06-12 14:41 . 2008-06-12 14:41 <DIR> d-------- C:\Users\All Users\HPSSUPPLY2008-06-12 14:41 . 2008-06-12 14:41 <DIR> d-------- C:\ProgramData\HPSSUPPLY2008-06-12 14:38 . 2008-06-12 14:38 <DIR> d-------- C:\Program Files\Hewlett-Packard2008-06-12 14:37 . 2008-06-12 14:40 <DIR> d-------- C:\Program Files\Common Files\HP2008-06-12 14:28 . 2008-06-12 14:53 157,776 --a------ C:\Windows\hpoins19.dat2008-06-12 14:17 . 2007-03-13 17:06 26,952 --a------ C:\Windows\hpomdl19.dat2008-06-12 12:03 . 2008-06-12 12:03 <DIR> d-------- C:\Users\All Users\WEBREG2008-06-12 12:03 . 2008-06-12 12:03 <DIR> d-------- C:\ProgramData\WEBREG2008-06-12 12:01 . 2008-06-12 12:01 <DIR> d-------- C:\Users\Seco\AppData\Roaming\HP2008-06-12 11:57 . 2008-06-12 11:57 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard2008-06-12 11:20 . 2008-06-13 08:29 <DIR> d-------- C:\Users\All Users\HP2008-06-12 11:20 . 2008-06-13 08:29 <DIR> d-------- C:\ProgramData\HP2008-06-12 10:26 . 2008-06-12 10:26 <DIR> d-------- C:\temp\FixEngine2008-06-12 10:14 . 2008-06-12 10:14 <DIR> d-------- C:\Windows\Downloaded Installations2008-06-12 10:14 . 2008-06-12 14:41 <DIR> d-------- C:\Program Files\HP2008-06-11 08:53 . 2008-04-23 01:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll2008-06-11 08:53 . 2008-04-23 01:27 428,032 --a------ C:\Windows\System32\EncDec.dll2008-06-11 08:53 . 2008-04-23 01:27 292,352 --a------ C:\Windows\System32\psisdecd.dll2008-06-11 08:53 . 2008-04-23 01:26 218,624 --a------ C:\Windows\System32\psisrndr.ax2008-06-11 08:53 . 2008-04-23 01:26 80,896 --a------ C:\Windows\System32\MSNP.ax2008-06-11 08:53 . 2008-04-23 01:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax2008-06-11 08:53 . 2008-04-23 01:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax.((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-04 20:37 --------- d-----w C:\ProgramData\Symantec2008-07-02 00:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-07-01 17:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF2008-07-01 17:33 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT2008-07-01 12:33 --------- d-----w C:\Program Files\Google2008-06-30 21:42 --------- d-----w C:\Program Files\Common Files\InstallShield2008-06-30 20:50 --------- d-----w C:\Users\Seco\AppData\Roaming\SolidWorks2008-06-11 12:00 --------- d-----w C:\Program Files\Windows Mail2008-06-04 18:26 --------- d-----w C:\Program Files\Common Files\Adobe2008-06-04 13:20 --------- d-----w C:\ProgramData\Microsoft Help2008-06-03 19:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll2008-06-03 19:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys2008-06-03 19:13 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys2008-06-03 19:13 296,448 ----a-w C:\Windows\System32\gdi32.dll2008-06-03 19:13 24,064 ----a-w C:\Windows\System32\netcfg.exe2008-06-03 19:13 22,016 ----a-w C:\Windows\System32\netiougc.exe2008-06-03 19:13 216,632 ----a-w C:\Windows\system32\drivers\netio.sys2008-06-03 19:13 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll2008-06-03 19:12 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll2008-06-03 19:12 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe2008-06-03 18:19 --------- d-----w C:\Program Files\Windows Calendar2008-06-03 17:51 --------- d-----w C:\ProgramData\NVIDIA2008-06-03 17:46 --------- d-----w C:\Program Files\Windows Defender2008-06-03 17:43 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr2008-06-03 17:43 67,584 ----a-w C:\Windows\System32\wlanhlp.dll2008-06-03 17:43 542,720 ----a-w C:\Windows\System32\sysmain.dll2008-06-03 17:43 502,784 ----a-w C:\Windows\System32\wlansvc.dll2008-06-03 17:43 47,104 ----a-w C:\Windows\System32\wlanapi.dll2008-06-03 17:43 297,984 ----a-w C:\Windows\System32\wlansec.dll2008-06-03 17:43 290,816 ----a-w C:\Windows\System32\wlanmsm.dll2008-06-03 17:43 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys2008-06-03 17:43 24,064 ----a-w C:\Windows\System32\wtsapi32.dll2008-06-03 17:43 2,923,520 ----a-w C:\Windows\explorer.exe2008-06-03 17:43 2,027,008 ----a-w C:\Windows\System32\win32k.sys2008-06-03 17:42 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys2008-06-03 17:42 233,888 ----a-w C:\Windows\System32\DreamScene.dll2008-06-03 17:42 1,152,000 ----a-w C:\Windows\System32\themecpl.dll2008-06-03 17:42 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys2008-06-03 17:40 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll2008-06-03 17:39 414,208 ----a-w C:\Windows\System32\msscp.dll2008-06-03 17:38 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL2008-06-03 17:38 7,680 ----a-w C:\Windows\System32\spwmp.dll2008-06-03 17:38 4,096 ----a-w C:\Windows\System32\dxmasf.dll2008-06-03 17:38 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll2008-06-03 17:37 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys2008-06-03 17:37 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe2008-06-03 17:37 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe2008-06-03 17:37 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys2008-06-03 17:37 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys2008-06-03 17:37 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys2008-06-03 17:37 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys2008-06-03 17:37 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys2008-06-03 17:37 104,448 ----a-w C:\Windows\System32\DWWIN.EXE2008-06-03 17:36 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll2008-06-03 17:36 23,552 ----a-w C:\Windows\System32\lpremove.exe2008-06-03 17:36 166,912 ----a-w C:\Windows\System32\lpksetup.exe2008-06-03 17:36 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll2008-06-03 17:35 --------- d-----w C:\Program Files\MSBuild2008-06-03 17:35 --------- d-----w C:\Program Files\Microsoft Works2008-06-03 17:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 82008-06-03 17:01 174 --sha-w C:\Program Files\desktop.ini2008-06-03 16:49 --------- d-----w C:\Program Files\Windows Sidebar2008-06-03 16:49 --------- d-----w C:\Program Files\Microsoft Games2008-06-03 16:49 --------- d-----w C:\Program Files\BitLocker2008-06-03 16:42 229,888 ----a-w C:\Windows\System32\msshsq.dll2008-06-03 16:39 8,704 ----a-w C:\Windows\System32\hcrstco.dll2008-06-03 16:39 8,704 ----a-w C:\Windows\System32\hccoin.dll2008-06-03 16:39 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys2008-06-03 16:39 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys2008-06-03 16:39 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys2008-06-03 16:39 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys2008-06-03 16:39 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys2008-06-03 16:39 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys2008-06-03 16:28 57,856 ----a-w C:\Windows\System32\SLUINotify.dll2008-06-03 16:28 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll2008-06-03 16:28 39,936 ----a-w C:\Windows\System32\slcinst.dll2008-06-03 16:28 351,232 ----a-w C:\Windows\System32\SLUI.exe2008-06-03 16:28 33,280 ----a-w C:\Windows\System32\slwmi.dll2008-06-03 16:28 268,288 ----a-w C:\Windows\System32\mcbuilder.exe2008-06-03 16:28 223,232 ----a-w C:\Windows\System32\SLC.dll2008-06-03 16:28 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe2008-06-03 16:28 186,368 ----a-w C:\Windows\System32\SLLUA.exe2008-06-03 16:23 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll2008-06-03 16:19 320,000 ----a-w C:\Windows\system32\drivers\csc.sys2008-06-03 16:19 105,984 ----a-w C:\Windows\System32\CscMig.dll2008-06-03 16:16 678,408 ----a-w C:\Windows\System32\gpprefcl.dll2008-06-03 16:14 84,480 ----a-w C:\Windows\System32\INETRES.dll2008-06-03 16:14 737,792 ----a-w C:\Windows\System32\inetcomm.dll2008-06-03 16:11 11,776 ----a-w C:\Windows\System32\sbunattend.exe2008-06-03 16:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll2008-06-03 16:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll2008-06-03 16:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll2008-06-03 16:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll2008-06-03 16:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll2008-06-03 16:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll2008-06-03 16:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll2008-06-03 16:07 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys2008-06-03 16:06 --------- d-----w C:\Program Files\Microsoft Silverlight2008-06-03 16:00 974,336 ----a-w C:\Windows\System32\crypt32.dll2008-06-03 15:57 2,048 ----a-w C:\Windows\System32\tzres.dll.((((((((((((((((((((((((((((( snapshot@2008-07-03_14.10.34,38 ))))))))))))))))))))))))))))))))))))))))).- 2008-07-03 13:26:44 67,584 --s-a-w C:\Windows\bootstat.dat+ 2008-07-07 11:16:24 67,584 --s-a-w C:\Windows\bootstat.dat+ 2008-06-30 13:39:58 128,256 ----a-w C:\Windows\Downloaded Program Files\as2stubie.dll- 2008-07-03 13:26:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2008-07-07 11:16:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2008-07-03 13:26:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2008-07-07 11:16:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2008-07-03 13:28:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT+ 2008-07-07 11:17:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT+ 2008-07-07 11:17:57 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1- 2008-07-03 13:28:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT+ 2008-07-07 11:17:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT+ 2008-07-07 11:17:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1+ 2008-07-04 15:22:36 2,608 ----a-w C:\Windows\SoftwareDistribution\EventCache\{CBCB9FDB-06FA-47D6-90C4-9D7EF1F4AE4E}.bin+ 2002-03-13 21:43:36 110,592 ----a-w C:\Windows\System32\axTuneDll.dll- 2008-07-03 16:38:36 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2008-07-07 11:16:25 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2008-07-03 16:38:36 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2008-07-07 11:16:25 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2008-07-03 16:38:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2008-07-07 11:16:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 1999-07-06 14:12:18 79,872 ----a-w C:\Windows\System32\FSServer.dll+ 2001-05-24 18:03:26 61,440 ----a-w C:\Windows\System32\HEI32_2.DLL+ 2002-03-13 21:19:44 77,824 ----a-w C:\Windows\System32\ISaSYS.dll+ 2002-03-13 21:19:52 90,112 ----a-w C:\Windows\System32\ISaXLAPI.dll+ 2002-03-20 18:25:58 147,456 ----a-w C:\Windows\System32\mdsiMacroSupport.dll+ 2002-03-20 18:26:20 163,910 ----a-w C:\Windows\System32\mdsiMacroSupportVBX.dll+ 2002-03-20 18:27:02 32,768 ----a-w C:\Windows\System32\mdsiMicroCommand.dll+ 2002-03-13 22:20:50 81,920 ----a-w C:\Windows\System32\mdsiVBServer.dll- 2008-05-09 17:35:06 16,863,864 ----a-w C:\Windows\System32\mrt.exe+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe+ 2000-04-18 19:51:08 155,648 ----a-w C:\Windows\System32\NETEDLIB.DLL- 2008-07-01 20:12:06 104,570 ----a-w C:\Windows\System32\perfc009.dat+ 2008-07-07 16:32:47 104,570 ----a-w C:\Windows\System32\perfc009.dat- 2008-07-01 20:12:06 612,848 ----a-w C:\Windows\System32\perfh009.dat+ 2008-07-07 16:32:47 612,848 ----a-w C:\Windows\System32\perfh009.dat- 2008-07-01 20:12:06 83,624 ----a-w C:\Windows\System32\prfc0416.dat+ 2008-07-07 16:32:47 83,624 ----a-w C:\Windows\System32\prfc0416.dat- 2008-07-01 20:12:06 508,304 ----a-w C:\Windows\System32\prfh0416.dat+ 2008-07-07 16:32:47 508,304 ----a-w C:\Windows\System32\prfh0416.dat+ 2000-11-29 15:21:30 136,704 ----a-w C:\Windows\System32\SoftSercansEXE.dll- 2008-07-03 12:26:19 7,024 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1844114194-1584063930-1142964930-1000_UserData.bin+ 2008-07-07 11:18:58 7,076 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1844114194-1584063930-1142964930-1000_UserData.bin- 2008-07-03 13:28:36 57,922 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin+ 2008-07-07 11:18:58 58,248 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin- 2008-07-03 13:28:34 32,302 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin+ 2008-07-07 11:18:17 32,944 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin.-- Snapshot reset to current date --.(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))..REGEDIT4*Nota* entradas vazias & legítimas por defeito não são mostradas.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 09:33 68856]"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-03 13:11 1232896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]"HP Software Update"="C:\arquivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]"Adobe Reader Speed Launcher"="C:\arquivos de programa\reader8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 02:08 107112]"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 04:18 22696]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk - C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520][HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1844114194-1584063930-1142964930-1000]"EnableNotificationsRef"=dword:00000006[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"TCP Query User{BC742875-7056-44F4-AEF3-27240637D6B3}C:\\arquivos de programa\\emule\\emule.exe"= UDP:C:\arquivos de programa\emule\emule.exe:eMule"UDP Query User{1C6EA11D-7824-46ED-8FDC-67D1D4CD0684}C:\\arquivos de programa\\emule\\emule.exe"= TCP:C:\arquivos de programa\emule\emule.exe:eMule"{F33595D2-2E81-46FB-9997-200AA09EE118}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)"{FF6E4FD8-2788-45C1-98EC-F373C00C652B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{E3E68D6B-430F-4317-A624-B2D81F2D7A8F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{487D1C74-19EB-471C-944B-0E78A39FA540}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{9EC39E64-07B6-41A6-B226-8B8FA6D7ABD4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{9F6D9562-C8B8-48C9-BAF9-4161A0BCAE27}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-06-03 17:55]R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 17:40]S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-06-03 09:17][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]GPSvcGroup REG_MULTI_SZ GPSvcHPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc*Newly Created Service* - COMHOST[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]%SystemRoot%\system32\soundschemes.exe /AddRegistration.Conteúdo da pasta 'Tarefas Agendadas'"2008-07-01 17:49:34 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Seco.job"- C:\PROGRA~2\NORTON~1\NORTON~1\Navw32.exeB/TASK:"2008-07-07 15:44:11 C:\Windows\Tasks\User_Feed_Synchronization-{22331444-F7A4-4F10-819A-2717D1198AE9}.job"- C:\Windows\system32\msfeedssync.exe"2008-06-03 12:57:55 C:\Windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job"- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-07-07 13:32:56Windows 6.0.6000 NTFSProcurando processos ocultos ...Procurando entradas auto inicializáveis ocultas ...Procurando ficheiros ocultos ...Varredura completada com sucessoFicheiros ocultos: 0**************************************************************************.Tempo para conclusão: 2008-07-07 13:33:50ComboFix-quarantined-files.txt 2008-07-07 16:33:34ComboFix2.txt 2008-07-03 17:11:15Pre-Run: 300,609,220,608 bytes disponíveisPost-Run: 300,702,531,584 bytes disponíveis330 --- E O F --- 2008-07-04 15:21:39segue tambem o log do antivirus pandaonline;***********************************************************************************************************************************************************************************ANALYSIS: 2008-07-03 17:34:13PROTECTIONS: 2MALWARE: 20SUSPECTS: 2;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Windows Defender 1.1.1603.0 No NoNorton Antivirus Internet Security 2007 14.1.2 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@casalemedia[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@doubleclick[1].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\seco@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@atdmt[2].txt00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@tradedoubler[1].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@fastclick[2].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@tribalfusion[1].txt00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@clickbank[1].txt00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@toplist[2].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\seco@statcounter[1].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@statcounter[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@ad.yieldmanager[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\seco@ad.yieldmanager[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@apmebf[1].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@serving-sys[1].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@bs.serving-sys[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@advertising[1].txt00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@ig.com[2].txt00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@ig.com[1].txt00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@terra.com[1].txt00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\seco@uol.com[1].txt00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@uol.com[1].txt00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@zedo[2].txt00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Cookies\Low\seco@www6.addfreestats[1].txt02812232 Generic Trojan Virus/Trojan No 0 No No C:\Program Files\Kingsoft\AntiVirus\KAV2007IS\data1.cab[KWatch9x.EXE];===================================================================================================================================================================================SUSPECTSSent Location /s5;===================================================================================================================================================================================No C:\solid\patch_sw2006sp0.0\patch_sldappu.exe /s5No C:\Users\Seco\Documents\programas ver rem\ComboFix.exe /s5;===================================================================================================================================================================================VULNERABILITIESId Severity Description /s5;=================================================================================================================================================================================== 184379 MEDIUM MS08-001 /s5 182048 HIGH MS07-069 /s5 176382 HIGH MS07-057 /s5 170906 HIGH MS07-045 /s5 164913 HIGH MS07-033 /s5 160623 HIGH MS07-027 /s5;=================================================================================================================================================================================== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 12, 2008 Boa Tarde! se.co <@> Copie,para o Bloco de Notas,as informações sob o CODE. REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center]"InternetSettingsDisableNotify"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AutoUpdateDisableNotify"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000000[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1844114194-1584063930-1142964930-1000]"EnableNotificationsRef"=dword:00000000 <@> Salve-as,no Desktop,com o nome: Del.reg <@> Deveremos ter um ícone,do tipo: < > <@> Como Tipo de arquivos,coloque: Todos os arquivos! <@> Com todas as janelas fechadas,execute o arquivo com um duplo-clique. <@> Aceite a inclusão,ao registro! ------------------------------------ <@> Faça o download do a-squared Free 3.5 Link Opcional: < a-squared > <@> Abra o programa e clique em: Atualizar agora >> Aguarde! <@> Terminando,clique em: Analisar agora. <@> Escolha a opção: Inteligente <@> Clique em Analisar! <@> Terminando,envie os ítens encontrados para a quarentena. << Importante! <@> Aonde,daí,serão excluídos ou restaurados. <@> Salve o relatório,desta verificação,e poste na sua resposta. <@> Poste,também,um novo log do ComboFix. ( ComboFix.txt ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
se.co 0 Denunciar post Postado Julho 15, 2008 Boa tarde Sr. Digram Aminha unidade E:\ e um leitor de cd/dvd. Conforme sua orientação, segue os logs pedidos a-squared Free - Versão 3.5 Última atualização 15/07/2008 12:38:11 Configurações da análise: Objetos: Memória, Rastros, Cookies, C:\Windows\, C:\Program Files Análise de arquivos: Ligado Heurística: Ligado Análise de ADS: Ligado Início da análise: 15/07/2008 12:38:21 Key: HKEY_USERS\S-1-5-21-1844114194-1584063930-1142964930-1000\software\kazaa detectado: Trace.Registry.KaZaA Analisado Arquivos: 68391 Objetos: 339949 Cookies: 74 Processos: 48 Encontrado Arquivos: 0 Objetos: 1 Cookies: 0 Processos: 0 Chaves do registro: 0 Fim da análise: 15/07/2008 13:04:30 Duração da análise: 0:26:09 Key: HKEY_USERS\S-1-5-21-1844114194-1584063930-1142964930-1000\software\kazaa Em quarentena Trace.Registry.KaZaA Em quarentena Arquivos: 0 Objetos: 1 Cookies: 0 E o log do COMBOFIX ComboFix 08-07-14.2 - Seco 2008-07-15 12:21:30.4 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1046.18.2165 [GMT -3:00] Executando de: C:\Users\Seco\Documents\programas ver rem\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\InfoSat.txt . ((((((((((((((((((((((( Ficheiros criados de 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))) . 2099-12-31 09:33 . 2008-02-04 15:29 <DIR> d-------- C:\crack1 2099-06-02 14:29 . 2099-06-02 14:29 <DIR> d-------- C:\Ativação Windows Vista Ultimate PT-BR 32-64bits OEM BIOS 12 2007 - Testado byZAZ 2099-06-02 14:25 . 2099-06-02 14:25 <DIR> d-------- C:\ATIVAÇÃO VIA OEM BIOS (JUNHO 2007)--- Windows Vista Ultimate PT BR 32bits Portugues Brasil Versão Final + CRACK.iso --- 2099-05-31 17:16 . 2099-05-31 17:16 <DIR> d-------- C:\TUTORIAL - COMO ATIVAR O WINDOWS VISTA ULTIMATE FINAL PT - BR 2008-07-15 09:06 . 2008-06-25 21:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-15 09:06 . 2008-06-25 21:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-14 18:36 . 2008-07-14 19:16 <DIR> d-------- C:\Program Files\a-squared Free 2008-07-12 12:52 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys 2008-07-12 12:52 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat 2008-07-12 12:52 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf 2008-07-07 13:38 . 2008-07-07 13:38 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-04 17:52 . 2002-03-14 09:38 36,864 --a------ C:\Windows\System32\OpenCNC_API.dll 2008-07-03 15:15 . 2008-07-03 15:15 <DIR> d-------- C:\Program Files\Panda Security 2008-07-03 15:15 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys 2008-07-03 13:56 . 2008-07-03 13:57 <DIR> d-------- C:\LinhaDefensiva 2008-07-03 12:07 . 2008-07-03 12:07 <DIR> d-------- C:\Users\Public\Adobe Acrobat PDF Writer 5.0 2008-07-03 10:18 . 2008-02-28 14:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll 2008-07-03 10:18 . 2008-02-28 14:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB 2008-07-03 09:30 . 2008-07-15 12:12 <DIR> d-------- C:\temp\TempDiretório de backup SW 2008-07-02 12:07 . 2008-07-02 12:09 <DIR> d-------- C:\Users\Public\solidworks 2008 2008-07-02 08:34 . 2008-07-03 14:15 <DIR> d-------- C:\HijackThis 2008-07-01 14:06 . 2008-07-12 12:54 <DIR> d-------- C:\Program Files\Norton Internet Security 2008-07-01 14:04 . 2008-07-01 14:33 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS 2008-07-01 14:01 . 2008-07-01 14:33 <DIR> d-------- C:\Program Files\Symantec 2008-07-01 09:33 . 2008-07-15 12:17 <DIR> d-------- C:\Users\All Users\Google Updater 2008-07-01 09:33 . 2008-07-15 12:17 <DIR> d-------- C:\ProgramData\Google Updater 2008-06-30 18:42 . 2008-06-30 18:42 <DIR> d-------- C:\Program Files\Kingsoft 2008-06-30 08:32 . 2008-06-30 08:32 244 --ah----- C:\sqmnoopt00.sqm 2008-06-30 08:32 . 2008-06-30 08:32 232 --ah----- C:\sqmdata00.sqm 2008-06-28 17:21 . 2008-06-30 19:10 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-06-26 18:29 . 2008-07-01 08:52 268,372,604 --a------ C:\Windows\MEMORY.DMP 2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\Users\Seco\AppData\Roaming\DassaultSystemes 2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\Users\All Users\DassaultSystemes 2008-06-26 14:20 . 2008-06-26 14:20 <DIR> d-------- C:\ProgramData\DassaultSystemes 2008-06-24 11:11 . 2008-06-24 11:11 <DIR> d-------- C:\Users\Seco\AppData\Roaming\Nero 2008-06-24 11:08 . 2008-07-03 10:18 <DIR> d-------- C:\Users\All Users\Nero 2008-06-24 11:08 . 2008-07-03 10:18 <DIR> d-------- C:\ProgramData\Nero 2008-06-24 11:08 . 2008-06-24 11:08 <DIR> d-------- C:\Program Files\Nero 2008-06-24 11:08 . 2008-07-03 10:18 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-06-17 20:21 . 2008-06-17 20:21 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-06-17 20:20 . 2008-06-17 20:20 372 --a------ C:\Windows\avwin.ini 2008-06-17 20:20 . 2008-06-17 20:20 158 --a------ C:\Windows\avx.ini 2008-06-17 18:11 . 2008-06-17 18:17 <DIR> d-------- C:\Users\Seco\AppData\Roaming\SmartDraw . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-15 12:11 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-14 21:47 --------- d-----w C:\ProgramData\Symantec 2008-07-12 16:12 174 --sha-w C:\Program Files\desktop.ini 2008-07-12 16:03 --------- d-----w C:\Program Files\Windows Mail 2008-07-02 00:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-01 17:33 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-07-01 17:33 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-07-01 12:33 --------- d-----w C:\Program Files\Google 2008-06-30 21:42 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-30 20:50 --------- d-----w C:\Users\Seco\AppData\Roaming\SolidWorks 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-06-13 11:29 --------- d-----w C:\ProgramData\HP 2008-06-12 17:54 --------- d-----w C:\Users\Seco\AppData\Roaming\Printer Info Cache 2008-06-12 17:54 --------- d-----w C:\Users\Seco\AppData\Roaming\Image Zone Express 2008-06-12 17:41 --------- d-----w C:\ProgramData\HPSSUPPLY 2008-06-12 17:41 --------- d-----w C:\Program Files\HP 2008-06-12 17:40 --------- d-----w C:\Program Files\Common Files\HP 2008-06-12 17:38 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-12 15:03 --------- d-----w C:\ProgramData\WEBREG 2008-06-12 15:01 --------- d-----w C:\Users\Seco\AppData\Roaming\HP 2008-06-12 14:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-06-04 18:26 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-03 19:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-06-03 19:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-06-03 19:13 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-06-03 19:13 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-06-03 19:13 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-06-03 19:13 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-06-03 19:13 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-06-03 19:13 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-06-03 19:12 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-06-03 19:12 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-06-03 18:19 --------- d-----w C:\Program Files\Windows Calendar 2008-06-03 17:51 --------- d-----w C:\ProgramData\NVIDIA 2008-06-03 17:46 --------- d-----w C:\Program Files\Windows Defender 2008-06-03 17:43 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-06-03 17:43 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-06-03 17:43 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-06-03 17:43 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-06-03 17:43 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-06-03 17:43 297,984 ----a-w C:\Windows\System32\wlansec.dll 2008-06-03 17:43 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2008-06-03 17:43 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2008-06-03 17:43 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2008-06-03 17:43 2,923,520 ----a-w C:\Windows\explorer.exe 2008-06-03 17:43 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-06-03 17:42 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2008-06-03 17:42 233,888 ----a-w C:\Windows\System32\DreamScene.dll 2008-06-03 17:42 1,152,000 ----a-w C:\Windows\System32\themecpl.dll 2008-06-03 17:42 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-06-03 17:40 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-06-03 17:39 414,208 ----a-w C:\Windows\System32\msscp.dll 2008-06-03 17:38 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2008-06-03 17:38 7,680 ----a-w C:\Windows\System32\spwmp.dll 2008-06-03 17:38 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2008-06-03 17:38 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2008-06-03 17:37 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-06-03 17:37 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-06-03 17:37 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-06-03 17:37 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-06-03 17:37 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-06-03 17:37 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-06-03 17:37 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-06-03 17:37 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-06-03 17:37 104,448 ----a-w C:\Windows\System32\DWWIN.EXE 2008-06-03 17:36 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll 2008-06-03 17:36 23,552 ----a-w C:\Windows\System32\lpremove.exe 2008-06-03 17:36 166,912 ----a-w C:\Windows\System32\lpksetup.exe 2008-06-03 17:36 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll 2008-06-03 17:35 --------- d-----w C:\Program Files\MSBuild 2008-06-03 17:35 --------- d-----w C:\Program Files\Microsoft Works 2008-06-03 17:29 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-06-03 16:49 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-03 16:49 --------- d-----w C:\Program Files\Microsoft Games 2008-06-03 16:49 --------- d-----w C:\Program Files\BitLocker 2008-06-03 16:42 229,888 ----a-w C:\Windows\System32\msshsq.dll 2008-06-03 16:39 8,704 ----a-w C:\Windows\System32\hcrstco.dll 2008-06-03 16:39 8,704 ----a-w C:\Windows\System32\hccoin.dll 2008-06-03 16:39 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys 2008-06-03 16:39 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys 2008-06-03 16:39 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys 2008-06-03 16:39 23,040 ----a-w C:\Windows\system32\drivers\usbuhci.sys 2008-06-03 16:39 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys 2008-06-03 16:39 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys 2008-06-03 16:28 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-06-03 16:28 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-06-03 16:28 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-06-03 16:28 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-06-03 16:28 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-06-03 16:28 268,288 ----a-w C:\Windows\System32\mcbuilder.exe 2008-06-03 16:28 223,232 ----a-w C:\Windows\System32\SLC.dll 2008-06-03 16:28 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe 2008-06-03 16:28 186,368 ----a-w C:\Windows\System32\SLLUA.exe 2008-06-03 16:23 1,171,848 ----a-w C:\Windows\System32\SecureKeyBackupCPL.dll 2008-06-03 16:19 320,000 ----a-w C:\Windows\system32\drivers\csc.sys 2008-06-03 16:19 105,984 ----a-w C:\Windows\System32\CscMig.dll 2008-06-03 16:16 678,408 ----a-w C:\Windows\System32\gpprefcl.dll 2008-06-03 16:14 84,480 ----a-w C:\Windows\System32\INETRES.dll 2008-06-03 16:14 737,792 ----a-w C:\Windows\System32\inetcomm.dll . ((((((((((((((((((((((((((((( snapshot_2008-07-07_13.33.24,88 ))))))))))))))))))))))))))))))))))))))))) . + 2006-10-26 23:55:38 138,024 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL + 2006-10-27 18:16:36 46,864 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL - 2008-06-04 13:20:43 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-07-15 12:11:00 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - 2008-06-04 13:20:44 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-07-15 12:11:01 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - 2008-06-04 13:20:44 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-07-15 12:11:00 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - 2008-06-04 13:20:44 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-07-15 12:11:00 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - 2008-06-04 13:20:44 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-07-15 12:11:00 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - 2008-06-04 13:20:44 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-07-15 12:11:01 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - 2008-06-04 13:20:44 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-07-15 12:11:01 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - 2008-06-04 13:20:44 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-07-15 12:11:00 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - 2008-06-04 13:20:44 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-07-15 12:11:00 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - 2008-06-04 13:20:44 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-07-15 12:11:00 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - 2008-06-04 13:20:44 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-07-15 12:11:01 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - 2008-06-04 13:20:44 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-07-15 12:11:00 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - 2008-07-07 11:16:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-07-15 14:37:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-07-07 11:16:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-07-15 14:37:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-20 15:10:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-14 19:56:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-20 15:10:11 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-14 19:56:14 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-20 15:10:11 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-14 19:56:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-07 11:17:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-07-15 14:38:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-07-15 14:38:53 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-03 18:21:56 986,056 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat + 2008-07-12 16:12:52 986,056 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat - 2008-07-07 11:17:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-07-15 14:38:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-07-15 14:38:48 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 + 2008-07-15 14:34:49 5,042 ----a-w C:\Windows\SoftwareDistribution\EventCache\{848735DF-EE34-4EC2-A20B-708D6168BBB0}.bin - 2008-07-07 11:16:25 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-15 15:17:08 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-07-07 11:16:25 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-15 15:17:08 327,680 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-07-07 11:16:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-15 15:17:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-07-03 17:07:54 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-07-15 15:21:25 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-05-29 23:35:11 17,486,968 ----a-w C:\Windows\System32\mrt.exe + 2008-06-25 16:15:46 17,972,344 ----a-w C:\Windows\System32\mrt.exe - 2006-11-02 09:46:11 797,696 ----a-w C:\Windows\System32\NaturalLanguage6.dll + 2008-06-26 03:22:33 797,696 ----a-w C:\Windows\System32\NaturalLanguage6.dll + 2008-07-12 15:44:24 2,456 ----a-w C:\Windows\System32\networklist\icons\{C69B420A-734A-46B3-A3F2-77E899E1D511}_24.bin + 2008-07-12 15:44:24 4,280 ----a-w C:\Windows\System32\networklist\icons\{C69B420A-734A-46B3-A3F2-77E899E1D511}_32.bin + 2008-07-12 15:44:24 9,560 ----a-w C:\Windows\System32\networklist\icons\{C69B420A-734A-46B3-A3F2-77E899E1D511}_48.bin - 2006-11-02 09:46:11 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll + 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\System32\NlsData0000.dll - 2006-11-02 09:46:11 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll + 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\System32\NlsData0001.dll - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0002.dll - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0003.dll - 2006-11-02 09:46:11 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll + 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\System32\NlsData0007.dll - 2006-11-02 09:46:11 4,874,240 ----a-w C:\Windows\System32\NlsData0009.dll + 2008-06-26 03:22:33 4,874,240 ----a-w C:\Windows\System32\NlsData0009.dll - 2006-11-02 09:46:11 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll + 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll - 2006-11-02 09:46:11 2,641,408 ----a-w C:\Windows\System32\NlsData000c.dll + 2008-06-26 03:22:33 2,641,408 ----a-w C:\Windows\System32\NlsData000c.dll - 2006-11-02 09:46:11 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll + 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\System32\NlsData000d.dll - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData000f.dll - 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0010.dll - 2006-11-02 09:46:11 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll + 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\System32\NlsData0011.dll - 2006-11-02 09:46:11 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll + 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\System32\NlsData0013.dll - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0018.dll - 2006-11-02 09:46:11 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll + 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\System32\NlsData0019.dll - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData001a.dll - 2006-11-02 09:46:11 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData001b.dll - 2006-11-02 09:46:11 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData001d.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0020.dll - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData0021.dll - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData0022.dll - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0024.dll - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0026.dll - 2006-11-02 09:46:12 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll + 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\System32\NlsData0027.dll - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData002a.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0039.dll - 2006-11-02 09:46:12 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\System32\NlsData003e.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0045.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0046.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0047.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData0049.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004a.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004b.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004c.dll - 2006-11-02 09:46:12 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\System32\NlsData004e.dll - 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0414.dll - 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0416.dll - 2006-11-02 09:46:12 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\System32\NlsData0816.dll - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData081a.dll - 2006-11-02 09:46:12 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\System32\NlsData0c1a.dll - 2006-11-02 08:21:55 11,722,752 ----a-w C:\Windows\System32\NlsLexicons0001.dll + 2008-06-26 00:33:04 11,722,752 ----a-w C:\Windows\System32\NlsLexicons0001.dll - 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\System32\NlsLexicons0002.dll + 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\System32\NlsLexicons0002.dll - 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\System32\NlsLexicons0003.dll + 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\System32\NlsLexicons0003.dll - 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\System32\NlsLexicons000c.dll + 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\System32\NlsLexicons000c.dll - 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\System32\NlsLexicons000d.dll + 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\System32\NlsLexicons000d.dll - 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\System32\NlsLexicons000f.dll + 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\System32\NlsLexicons000f.dll - 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\System32\NlsLexicons0010.dll + 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\System32\NlsLexicons0010.dll - 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\System32\NlsLexicons0011.dll + 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\System32\NlsLexicons0011.dll - 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\System32\NlsLexicons0013.dll + 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\System32\NlsLexicons0013.dll - 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\System32\NlsLexicons0018.dll + 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\System32\NlsLexicons0018.dll - 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\System32\NlsLexicons0019.dll + 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\System32\NlsLexicons0019.dll - 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\System32\NlsLexicons001a.dll + 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\System32\NlsLexicons001a.dll - 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\System32\NlsLexicons001b.dll + 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\System32\NlsLexicons001b.dll - 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\System32\NlsLexicons001d.dll + 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\System32\NlsLexicons001d.dll - 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll + 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll - 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll + 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll - 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll + 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll - 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\System32\NlsLexicons0026.dll + 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\System32\NlsLexicons0026.dll - 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\System32\NlsLexicons0027.dll + 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\System32\NlsLexicons0027.dll - 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\System32\NlsLexicons002a.dll + 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\System32\NlsLexicons002a.dll - 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll + 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll - 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\System32\NlsLexicons003e.dll + 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\System32\NlsLexicons003e.dll - 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll + 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll - 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll + 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll - 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll + 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll - 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll + 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll - 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\System32\NlsLexicons004a.dll + 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\System32\NlsLexicons004a.dll - 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\System32\NlsLexicons004b.dll + 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\System32\NlsLexicons004b.dll - 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\System32\NlsLexicons004c.dll + 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\System32\NlsLexicons004c.dll - 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\System32\NlsLexicons004e.dll + 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\System32\NlsLexicons004e.dll - 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\System32\NlsLexicons0414.dll + 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\System32\NlsLexicons0414.dll - 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\System32\NlsLexicons0416.dll + 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\System32\NlsLexicons0416.dll - 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\System32\NlsLexicons0816.dll + 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\System32\NlsLexicons0816.dll - 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll + 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\System32\NlsLexicons081a.dll - 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll + 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\System32\NlsLexicons0c1a.dll - 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\System32\NlsModels0011.dll + 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\System32\NlsModels0011.dll - 2008-07-07 16:32:47 104,570 ----a-w C:\Windows\System32\perfc009.dat + 2008-07-15 12:56:25 104,570 ----a-w C:\Windows\System32\perfc009.dat - 2008-07-07 16:32:47 612,848 ----a-w C:\Windows\System32\perfh009.dat + 2008-07-15 12:56:25 612,848 ----a-w C:\Windows\System32\perfh009.dat - 2008-07-07 16:32:47 83,624 ----a-w C:\Windows\System32\prfc0416.dat + 2008-07-15 12:56:25 83,624 ----a-w C:\Windows\System32\prfc0416.dat - 2008-07-07 16:32:47 508,304 ----a-w C:\Windows\System32\prfh0416.dat + 2008-07-15 12:56:25 508,304 ----a-w C:\Windows\System32\prfh0416.dat - 2008-06-03 16:18:53 11,315,200 ----a-w C:\Windows\System32\shell32.dll + 2008-04-24 04:51:39 11,315,712 ----a-w C:\Windows\System32\shell32.dll - 2008-07-01 17:47:25 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-07-15 12:19:11 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-07-07 11:18:58 7,076 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1844114194-1584063930-1142964930-1000_UserData.bin + 2008-07-15 14:39:49 7,264 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1844114194-1584063930-1142964930-1000_UserData.bin - 2008-07-07 11:18:58 58,248 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-15 14:39:49 58,368 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-07-07 11:18:17 32,944 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-07-15 12:22:18 33,928 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-06-11 11:22:28 148,514 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-07-12 22:10:16 162,298 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2008-07-01 17:39:56 15,682,254 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-07-15 12:02:30 20,354,283 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-06-26 03:22:33 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NaturalLanguage6.dll + 2008-06-26 03:22:33 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0000.dll + 2008-06-26 03:22:33 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0001.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0002.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0003.dll + 2008-06-26 03:22:33 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0007.dll + 2008-06-26 03:22:33 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0009.dll + 2008-06-26 03:22:33 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000a.dll + 2008-06-26 03:22:33 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000c.dll + 2008-06-26 03:22:33 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000d.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData000f.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0010.dll + 2008-06-26 03:22:33 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0011.dll + 2008-06-26 03:22:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0013.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0018.dll + 2008-06-26 03:22:33 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0019.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001a.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001b.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData001d.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0020.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0021.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0022.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0024.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0026.dll + 2008-06-26 03:22:33 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0027.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData002a.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0039.dll + 2008-06-26 03:22:33 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData003e.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0045.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0046.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0047.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0049.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004a.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004b.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004c.dll + 2008-06-26 03:22:33 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData004e.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0414.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0416.dll + 2008-06-26 03:22:33 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0816.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData081a.dll + 2008-06-26 03:22:33 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsData0c1a.dll + 2008-06-26 00:33:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0001.dll + 2008-06-26 00:34:20 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0002.dll + 2008-06-26 00:33:41 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0003.dll + 2008-06-26 00:33:35 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0007.dll + 2008-06-26 00:33:33 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0009.dll + 2008-06-26 00:33:39 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000a.dll + 2008-06-26 00:33:34 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000c.dll + 2008-06-26 00:33:36 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000d.dll + 2008-06-26 00:33:48 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons000f.dll + 2008-06-26 00:33:49 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0010.dll + 2008-06-26 00:33:37 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0011.dll + 2008-06-26 00:33:12 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0013.dll + 2008-06-26 00:34:01 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0018.dll + 2008-06-26 00:34:03 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0019.dll + 2008-06-26 00:33:43 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001a.dll + 2008-06-26 00:34:37 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001b.dll + 2008-06-26 00:34:14 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons001d.dll + 2008-06-26 00:34:34 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0020.dll + 2008-06-26 00:33:40 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0021.dll + 2008-06-26 00:34:33 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0022.dll + 2008-06-26 00:34:39 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0024.dll + 2008-06-26 00:34:30 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0026.dll + 2008-06-26 00:33:50 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0027.dll + 2008-06-26 00:34:26 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons002a.dll + 2008-06-26 00:33:46 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0039.dll + 2008-06-26 00:33:52 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons003e.dll + 2008-06-26 00:34:18 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0045.dll + 2008-06-26 00:33:58 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0046.dll + 2008-06-26 00:33:45 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0047.dll + 2008-06-26 00:34:24 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0049.dll + 2008-06-26 00:34:25 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004a.dll + 2008-06-26 00:34:22 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004b.dll + 2008-06-26 00:34:36 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004c.dll + 2008-06-26 00:34:23 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons004e.dll + 2008-06-26 00:33:54 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0414.dll + 2008-06-26 00:33:57 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0416.dll + 2008-06-26 00:33:56 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0816.dll + 2008-06-26 00:34:11 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons081a.dll + 2008-06-26 00:34:09 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsLexicons0c1a.dll + 2008-06-26 00:33:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\NlsModels0011.dll + 2008-06-26 03:18:12 797,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NaturalLanguage6.dll + 2008-06-26 03:18:18 1,523,200 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0000.dll + 2008-06-26 03:18:19 2,597,888 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0001.dll + 2008-06-26 03:18:20 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0002.dll + 2008-06-26 03:18:21 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0003.dll + 2008-06-26 03:18:21 2,241,024 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0007.dll + 2008-06-26 03:18:22 4,874,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0009.dll + 2008-06-26 03:18:24 9,845,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000a.dll + 2008-06-26 03:18:24 2,641,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000c.dll + 2008-06-26 03:18:26 2,340,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000d.dll + 2008-06-26 03:18:26 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData000f.dll + 2008-06-26 03:18:30 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0010.dll + 2008-06-26 03:18:32 2,655,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0011.dll + 2008-06-26 03:18:33 3,464,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0013.dll + 2008-06-26 03:18:34 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0018.dll + 2008-06-26 03:18:38 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0019.dll + 2008-06-26 03:18:38 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001a.dll + 2008-06-26 03:18:40 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001b.dll + 2008-06-26 03:18:42 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData001d.dll + 2008-06-26 03:18:43 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0020.dll + 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0021.dll + 2008-06-26 03:18:44 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0022.dll + 2008-06-26 03:18:44 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0024.dll + 2008-06-26 03:18:45 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0026.dll + 2008-06-26 03:18:45 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0027.dll + 2008-06-26 03:18:46 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData002a.dll + 2008-06-26 03:18:46 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0039.dll + 2008-06-26 03:18:47 1,799,168 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData003e.dll + 2008-06-26 03:18:49 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0045.dll + 2008-06-26 03:18:51 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0046.dll + 2008-06-26 03:18:52 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0047.dll + 2008-06-26 03:18:53 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0049.dll + 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004a.dll + 2008-06-26 03:18:54 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004b.dll + 2008-06-26 03:18:57 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004c.dll + 2008-06-26 03:18:58 3,102,720 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData004e.dll + 2008-06-26 03:19:00 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0414.dll + 2008-06-26 03:19:01 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0416.dll + 2008-06-26 03:19:04 4,493,312 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0816.dll + 2008-06-26 03:19:04 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData081a.dll + 2008-06-26 03:19:05 1,963,520 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsData0c1a.dll + 2008-06-26 00:30:04 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0001.dll + 2008-06-26 00:31:26 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0002.dll + 2008-06-26 00:30:49 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0003.dll + 2008-06-26 00:30:39 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0007.dll + 2008-06-26 00:30:36 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0009.dll + 2008-06-26 00:30:47 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000a.dll + 2008-06-26 00:30:37 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000c.dll + 2008-06-26 00:30:43 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000d.dll + 2008-06-26 00:30:54 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons000f.dll + 2008-06-26 00:30:55 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0010.dll + 2008-06-26 00:30:45 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0011.dll + 2008-06-26 00:30:11 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0013.dll + 2008-06-26 00:31:06 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0018.dll + 2008-06-26 00:31:09 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0019.dll + 2008-06-26 00:30:50 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001a.dll + 2008-06-26 00:31:46 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001b.dll + 2008-06-26 00:31:23 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons001d.dll + 2008-06-26 00:31:44 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0020.dll + 2008-06-26 00:30:48 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0021.dll + 2008-06-26 00:31:40 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0022.dll + 2008-06-26 00:31:48 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0024.dll + 2008-06-26 00:31:35 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0026.dll + 2008-06-26 00:30:57 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0027.dll + 2008-06-26 00:31:34 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons002a.dll + 2008-06-26 00:30:53 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0039.dll + 2008-06-26 00:30:59 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons003e.dll + 2008-06-26 00:31:25 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0045.dll + 2008-06-26 00:31:04 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0046.dll + 2008-06-26 00:30:52 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0047.dll + 2008-06-26 00:31:32 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0049.dll + 2008-06-26 00:31:33 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004a.dll + 2008-06-26 00:31:29 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004b.dll + 2008-06-26 00:31:45 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004c.dll + 2008-06-26 00:31:30 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons004e.dll + 2008-06-26 00:31:00 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0414.dll + 2008-06-26 00:31:03 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0416.dll + 2008-06-26 00:31:02 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0816.dll + 2008-06-26 00:31:22 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons081a.dll + 2008-06-26 00:31:16 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsLexicons0c1a.dll + 2008-06-26 00:30:01 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.20867_none_9c4456c346dd3a34\NlsModels0011.dll + 2008-06-26 03:29:06 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NaturalLanguage6.dll + 2008-01-19 07:35:38 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0000.dll + 2008-01-19 07:35:39 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0001.dll + 2008-01-19 07:35:39 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0002.dll + 2008-01-19 07:35:40 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0003.dll + 2008-01-19 07:35:40 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0007.dll + 2008-01-19 07:35:42 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0009.dll + 2008-01-19 07:35:44 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000a.dll + 2008-01-19 07:35:45 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000c.dll + 2008-01-19 07:35:46 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000d.dll + 2008-01-19 07:35:46 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData000f.dll + 2008-01-19 07:35:46 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0010.dll + 2008-01-19 07:35:46 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0011.dll + 2008-01-19 07:35:47 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0013.dll + 2008-01-19 07:35:47 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0018.dll + 2008-01-19 07:35:47 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0019.dll + 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001a.dll + 2008-01-19 07:35:48 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001b.dll + 2008-01-19 07:35:49 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData001d.dll + 2008-01-19 07:35:49 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0020.dll + 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0021.dll + 2008-01-19 07:35:49 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0022.dll + 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0024.dll + 2008-01-19 07:35:50 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0026.dll + 2008-01-19 07:35:50 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0027.dll + 2008-01-19 07:35:50 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData002a.dll + 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0039.dll + 2008-01-19 07:35:51 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData003e.dll + 2008-01-19 07:35:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0045.dll + 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0046.dll + 2008-01-19 07:35:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0047.dll + 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0049.dll + 2008-01-19 07:35:53 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004a.dll + 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004b.dll + 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004c.dll + 2008-01-19 07:35:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData004e.dll + 2008-01-19 07:35:55 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0414.dll + 2008-01-19 07:35:56 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0416.dll + 2008-01-19 07:35:57 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0816.dll + 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData081a.dll + 2008-01-19 07:35:57 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsData0c1a.dll + 2006-11-02 08:21:55 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0001.dll + 2006-11-02 08:22:34 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0002.dll + 2006-11-02 08:22:13 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0003.dll + 2008-06-26 01:45:43 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0007.dll + 2008-06-26 01:45:55 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0009.dll + 2006-11-02 08:22:11 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000a.dll + 2006-11-02 08:22:06 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000c.dll + 2006-11-02 08:22:09 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000d.dll + 2006-11-02 08:22:17 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons000f.dll + 2006-11-02 08:22:18 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0010.dll + 2006-11-02 08:22:10 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0011.dll + 2006-11-02 08:21:58 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0013.dll + 2006-11-02 08:22:25 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0018.dll + 2006-11-02 08:22:26 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0019.dll + 2006-11-02 08:22:14 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons001a.dll + 2006-11-02 08:22:47 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons001b.dll + 2006-11-02 08:22:31 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons001d.dll + 2006-11-02 08:22:45 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0020.dll + 2006-11-02 08:22:12 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0021.dll + 2006-11-02 08:22:44 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0022.dll + 2006-11-02 08:22:49 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0024.dll + 2006-11-02 08:22:42 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0026.dll + 2006-11-02 08:22:19 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0027.dll + 2006-11-02 08:22:41 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons002a.dll + 2006-11-02 08:22:16 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0039.dll + 2006-11-02 08:22:20 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons003e.dll + 2006-11-02 08:22:33 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0045.dll + 2006-11-02 08:22:25 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0046.dll + 2006-11-02 08:22:15 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0047.dll + 2006-11-02 08:22:39 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0049.dll + 2006-11-02 08:22:39 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004a.dll + 2006-11-02 08:22:36 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004b.dll + 2006-11-02 08:22:46 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004c.dll + 2006-11-02 08:22:37 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons004e.dll + 2006-11-02 08:22:21 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0414.dll + 2006-11-02 08:22:24 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0416.dll + 2006-11-02 08:22:22 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0816.dll + 2006-11-02 08:22:29 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons081a.dll + 2006-11-02 08:22:27 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsLexicons0c1a.dll + 2006-11-02 08:21:54 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\NlsModels0011.dll + 2008-06-26 03:19:03 801,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NaturalLanguage6.dll + 2008-06-26 03:19:12 1,523,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0000.dll + 2008-06-26 03:19:16 2,599,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0001.dll + 2008-06-26 03:19:20 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0002.dll + 2008-06-26 03:19:22 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0003.dll + 2008-06-26 03:19:23 2,243,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0007.dll + 2008-06-26 03:19:24 4,875,776 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0009.dll + 2008-06-26 03:19:27 9,847,296 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000a.dll + 2008-06-26 03:19:27 2,643,456 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000c.dll + 2008-06-26 03:19:31 2,342,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000d.dll + 2008-06-26 03:19:32 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData000f.dll + 2008-06-26 03:19:32 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0010.dll + 2008-06-26 03:19:32 2,657,280 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0011.dll + 2008-06-26 03:19:34 3,466,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0013.dll + 2008-06-26 03:19:35 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0018.dll + 2008-06-26 03:19:36 4,497,408 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0019.dll + 2008-06-26 03:19:37 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001a.dll + 2008-06-26 03:19:38 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001b.dll + 2008-06-26 03:19:40 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData001d.dll + 2008-06-26 03:19:41 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0020.dll + 2008-06-26 03:19:42 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0021.dll + 2008-06-26 03:19:43 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0022.dll + 2008-06-26 03:19:44 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0024.dll + 2008-06-26 03:19:44 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0026.dll + 2008-06-26 03:19:45 1,966,592 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0027.dll + 2008-06-26 03:19:46 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData002a.dll + 2008-06-26 03:19:48 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0039.dll + 2008-06-26 03:19:48 1,801,216 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData003e.dll + 2008-06-26 03:19:50 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0045.dll + 2008-06-26 03:19:51 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0046.dll + 2008-06-26 03:19:52 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0047.dll + 2008-06-26 03:19:54 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0049.dll + 2008-06-26 03:19:56 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004a.dll + 2008-06-26 03:19:57 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004b.dll + 2008-06-26 03:19:58 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004c.dll + 2008-06-26 03:20:00 3,104,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData004e.dll + 2008-06-26 03:20:04 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0414.dll + 2008-06-26 03:20:05 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0416.dll + 2008-06-26 03:20:07 4,495,360 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0816.dll + 2008-06-26 03:20:08 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData081a.dll + 2008-06-26 03:20:09 1,965,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsData0c1a.dll + 2008-06-26 01:42:33 11,722,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0001.dll + 2008-06-26 01:42:55 4,164,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0002.dll + 2008-06-26 01:42:31 1,452,544 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0003.dll + 2008-06-26 01:42:38 12,240,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0007.dll + 2008-06-26 01:42:38 2,644,480 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0009.dll + 2008-06-26 01:42:38 9,892,864 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000a.dll + 2008-06-26 01:42:31 6,237,696 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000c.dll + 2008-06-26 01:42:27 1,722,368 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000d.dll + 2008-06-26 01:42:40 5,654,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons000f.dll + 2008-06-26 01:42:38 4,175,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0010.dll + 2008-06-26 01:42:29 2,466,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0011.dll + 2008-06-26 01:42:27 4,981,248 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0013.dll + 2008-06-26 01:42:48 3,331,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0018.dll + 2008-06-26 01:42:54 6,781,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0019.dll + 2008-06-26 01:42:36 6,014,976 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001a.dll + 2008-06-26 01:43:07 6,585,856 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001b.dll + 2008-06-26 01:42:55 6,346,240 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons001d.dll + 2008-06-26 01:43:07 1,236,992 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0020.dll + 2008-06-26 01:42:31 2,136,064 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0021.dll + 2008-06-26 01:43:07 5,499,904 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0022.dll + 2008-06-26 01:43:14 7,964,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0024.dll + 2008-06-26 01:43:07 5,791,232 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0026.dll + 2008-06-26 01:42:41 6,224,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0027.dll + 2008-06-26 01:42:55 4,096 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons002a.dll + 2008-06-26 01:42:35 1,782,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0039.dll + 2008-06-26 01:42:41 4,045,824 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons003e.dll + 2008-06-26 01:42:51 1,793,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0045.dll + 2008-06-26 01:42:43 1,808,896 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0046.dll + 2008-06-26 01:42:33 1,411,072 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0047.dll + 2008-06-26 01:42:56 1,558,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0049.dll + 2008-06-26 01:42:58 3,419,136 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004a.dll + 2008-06-26 01:42:53 1,702,912 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004b.dll + 2008-06-26 01:43:07 4,093,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004c.dll + 2008-06-26 01:42:56 1,972,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons004e.dll + 2008-06-26 01:42:43 4,616,192 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0414.dll + 2008-06-26 01:42:47 5,090,816 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0416.dll + 2008-06-26 01:42:44 5,031,936 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0816.dll + 2008-06-26 01:42:57 7,042,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons081a.dll + 2008-06-26 01:42:57 6,917,120 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsLexicons0c1a.dll + 2008-06-26 01:42:23 5,071,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.22211_none_9e5aa34943e0a766\NlsModels0011.dll + 2008-06-09 22:40:17 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16699_none_f0498ecc6e94a1be\OESpamFilter.dat + 2008-06-09 22:37:40 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20855_none_f0fa6c058795698f\OESpamFilter.dat + 2008-06-11 00:28:21 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18088_none_f2399d146bb3fd67\OESpamFilter.dat + 2008-06-09 22:36:23 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22200_none_f311b8d58497f018\OESpamFilter.dat + 2008-04-24 04:51:39 11,315,712 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.16680_none_69ec6cd815163c56\shell32.dll + 2008-04-24 04:40:28 11,319,808 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6000.20822_none_6ab8eba52e01644f\shell32.dll + 2008-04-24 04:58:20 11,580,416 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\shell32.dll + 2008-04-24 04:45:45 11,581,440 ----a-w C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.22166_none_6c77e9dd2b44cd39\shell32.dll . -- Snapshot reset to current date -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vazias & legítimas por defeito não são mostradas. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 09:33 68856] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-03 13:11 1232896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696] "HP Software Update"="C:\arquivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "Adobe Reader Speed Launcher"="C:\arquivos de programa\reader8\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 02:08 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 04:18 22696] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 06:45 222208] C:\Users\Seco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ SolidWorks Task Scheduler Engine.lnk - C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1844114194-1584063930-1142964930-1000] "EnableNotificationsRef"=dword:00000006 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{BC742875-7056-44F4-AEF3-27240637D6B3}C:\\arquivos de programa\\emule\\emule.exe"= UDP:C:\arquivos de programa\emule\emule.exe:eMule "UDP Query User{1C6EA11D-7824-46ED-8FDC-67D1D4CD0684}C:\\arquivos de programa\\emule\\emule.exe"= TCP:C:\arquivos de programa\emule\emule.exe:eMule "{F33595D2-2E81-46FB-9997-200AA09EE118}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FF6E4FD8-2788-45C1-98EC-F373C00C652B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{E3E68D6B-430F-4317-A624-B2D81F2D7A8F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{487D1C74-19EB-471C-944B-0E78A39FA540}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9EC39E64-07B6-41A6-B226-8B8FA6D7ABD4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{9F6D9562-C8B8-48C9-BAF9-4161A0BCAE27}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24] R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\idsdefs\20080711.001\IDSvix86.sys [2008-06-03 17:55] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 17:40] S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2008-06-03 09:17] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Conteúdo da pasta 'Tarefas Agendadas' "2008-07-01 17:49:34 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Seco.job" - C:\PROGRA~2\NORTON~1\NORTON~1\Navw32.exeB/TASK: "2008-07-14 14:05:02 C:\Windows\Tasks\User_Feed_Synchronization-{22331444-F7A4-4F10-819A-2717D1198AE9}.job" - C:\Windows\system32\msfeedssync.exe "2008-06-03 12:57:55 C:\Windows\Tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-15 12:24:43 Windows 6.0.6000 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros ocultos ... Varredura completada com sucesso Ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2008-07-15 12:26:20 ComboFix-quarantined-files.txt 2008-07-15 15:26:17 ComboFix2.txt 2008-07-07 16:33:51 ComboFix3.txt 2008-07-03 17:11:15 Pre-Run: 295,810,027,520 bytes disponíveis Post-Run: 308,447,608,832 bytes disponíveis 817 --- E O F --- 2008-07-15 12:11:50 fico no aguardo da resposta Att, Se.Co Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 16, 2008 Bom Dia! se.co <!> Repita o procedimento do Post #8,em relação ao "Del.reg". --------------------------- <!> Poste um novo log do HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
se.co 0 Denunciar post Postado Julho 16, 2008 Boa tarde Sr. DigRam! Conforme me orientaste, segue o log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:35, on 16/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\arquivos de programa\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\arquivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Arquivos de programas\SolidCAM2007R11.2\Solidcam\Solidcam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com// R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] C:\arquivos de programa\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\arquivos de programa\reader8\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\arquivos de programa\SolidWorks\swScheduler\swBOEngine.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\arquivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...t/wlscctrl2.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\ARQUIVOS DE PROGRAMAS\a-squared Free\a2service.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8728 bytes desde o inicio destas orientações meu PC parece ter melhorado um pouco, não esta mais tão lento como no inicio destes procedimentos, mas continuo com memoria fisico muito proxima de zero Fico no aguardo de novas orientações. Se.Co Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Julho 16, 2008 Boa Tarde! se.co desde o inicio destas orientações meu PC parece ter melhorado um pouco, não esta mais tão lento como no inicio destes procedimentos, mas continuo com memoria fisico muito proxima de zero <@> Vejo,pelo log do HijackThis,que voçê desabilitou algumas inicializações. <@> Com esse recurso,houve alguma melhora? ---------------------------------- >@< BAIXE: < Advanced WindowsCare > >@< Salve-o no Desktop ou Arquivos de Programa. >@< Este programa,elimina: históricos e temporários. >@< Procura,também,otimizar o SO e remover alguns Spywares. >@< Libera alguma memória! --------------------------------- >@< Antes de executar o programa,atualize o Banco de Dados: Clique em Estado. >@< Clique em Atualizar Agora. >> Aguarde! >@< Terminando,vá em Mais >> Clique em Limpador de Memória. >@< Abrir-se-á a janela: Limpador de Memória. >@< Clique em Limpar agora! Aguarde... >@< Surgirá uma mensagem,após o término,informando a quantidade de memória liberada. >@< Clique em Sair. >@< Agora,o utilitário está pronto para limpar e otimizar o seu computador. >@< Abra o programa e clique em Start >> Clique em Scan. ( Analisar ) >@< Terminando,aparecerão em vermelho,os ítens a serem removidos. >@< Clique,agora,no botão Care. ( Reparar ) >@< Caso queira monitorar,o que será removido,clique para cada ítem,em: Show Details,antes de clicar em Reparar. >@< Concluindo,reinicie o computador! --------------------------------- <@> No Executar,digite: ComboFix.exe /u --> Clique: OK <@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação! --------------------------------- <@> O log está limpo! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Agosto 17, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
