~TiuTalk~ 7 Denunciar post Postado Outubro 3, 2008 Por favor, analisem meu log do ComboFix: ComboFix 08-10-02.04 - Thi&Cissa 2008-10-03 6:22:56.3 - NTFSx86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1748 [GMT -3:00] Executando de: C:\Documents and Settings\Thi&Cissa\Desktop\ComboFix.exe ATENAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAO INSTALADA !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\inst.exe C:\WINDOWS\system32\AutoRun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GBPSV -------\Service_GbpSv ((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 ))))))))))))))))))))))))))))))) . 2008-10-03 03:48 . 2008-10-03 03:48 134,111 --a------ C:\WINDOWS\P O P M U N D O_1223016487047.png 2008-10-02 05:55 . 2008-10-02 05:55 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\nView_Profiles 2008-09-29 06:20 . 2008-09-29 06:20 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\.idlerc 2008-09-29 05:30 . 2006-06-26 02:49 1,867,776 --a------ C:\WINDOWS\system32\python24.dll 2008-09-29 05:16 . 2008-09-29 05:16 <DIR> d-------- C:\Python25 2008-09-29 04:49 . 2008-10-02 08:57 <DIR> d-------- C:\Arquivos de programas\Tibia Auto 2008-09-29 04:38 . 2008-10-02 16:37 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Tibia 2008-09-29 04:38 . 2008-10-01 16:05 <DIR> d-------- C:\Arquivos de programas\Tibia 2008-09-29 02:19 . 2008-09-29 02:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-09-28 06:14 . 2008-09-28 06:14 518 --a------ C:\pro.conf 2008-09-27 01:36 . 2008-09-27 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\eboostr 2008-09-23 15:44 . 2008-04-07 05:38 22,872 -ra------ C:\WINDOWS\system32\AdobePDFUI.dll 2008-09-21 17:38 . 2008-09-21 17:38 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\InstallShield 2008-09-21 17:38 . 2008-09-21 17:39 <DIR> d-------- C:\Arquivos de programas\Motorola Phone Tools 2008-09-21 16:35 . 2008-09-21 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software 2008-09-20 20:30 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-09-20 20:30 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2008-09-20 20:30 . 2003-12-26 06:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD17C.tmp 2008-09-20 20:28 . 2008-09-21 16:35 24,192 --a------ C:\Documents and Settings\Thi&Cissa\usbsermptxp.sys 2008-09-20 20:28 . 2008-09-21 16:35 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2008-09-20 20:28 . 2008-09-21 16:35 22,768 --a------ C:\Documents and Settings\Thi&Cissa\usbsermpt.sys 2008-09-20 20:27 . 2008-09-20 20:27 <DIR> d-------- C:\WINDOWS\Profiles 2008-09-20 20:27 . 2008-09-20 20:27 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\WINDOWS 2008-09-20 01:43 . 2008-09-28 21:55 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Vso 2008-09-20 01:43 . 2008-09-20 01:43 <DIR> d-------- C:\Arquivos de programas\VSO 2008-09-20 01:43 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll 2008-09-20 01:43 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2008-09-20 01:43 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll 2008-09-20 01:43 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-09-20 01:43 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-09-20 01:43 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-09-20 01:43 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-09-20 01:43 . 2008-09-20 01:43 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-20 01:43 . 2008-09-20 01:43 47,360 --a------ C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\pcouffin.sys 2008-09-14 06:46 . 2008-09-14 06:46 <DIR> d-------- C:\Arquivos de programas\Level Up! Games 2008-09-14 05:28 . 2008-09-14 05:28 <DIR> d-------- C:\Arquivos de programas\2BrightSparks 2008-09-14 05:19 . 2008-09-14 05:28 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\CoreFTP 2008-09-12 22:14 . 2008-09-13 02:00 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\AdobeUM 2008-09-12 15:05 . 2008-09-24 06:08 <DIR> d-------- C:\Arquivos de programas\Google 2008-09-10 04:59 . 2008-09-10 04:59 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe Systems 2008-09-10 04:59 . 2008-09-10 04:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared 2008-09-10 01:38 . 2008-09-10 01:38 509 --a------ C:\Atalho para data.lnk 2008-09-09 10:48 . 2008-09-09 10:48 <DIR> d--h----- C:\WINDOWS\PIF 2008-09-09 10:37 . 2008-09-09 10:37 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Windows Search 2008-09-09 05:27 . 2008-09-27 20:13 <DIR> d-------- C:\Arquivos de programas\Windows Desktop Search 2008-09-09 05:27 . 2008-09-09 05:27 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight 2008-09-09 05:25 . 2008-09-09 05:25 <DIR> d-------- C:\WINDOWS\system32\URTTEMP 2008-09-08 20:00 . 2008-09-08 20:00 <DIR> d-------- C:\Arquivos de programas\TomBrennanSoftware 2008-09-07 12:51 . 2008-09-10 05:07 <DIR> d-------- C:\Arquivos de programas\ionCube Encoder 6.5 2008-09-07 04:52 . 2008-09-07 04:52 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Ubisoft 2008-09-07 04:52 . 2008-09-07 04:52 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Ubisoft 2008-09-07 04:42 . 2008-09-07 04:42 <DIR> d-------- C:\WINDOWS\Logs 2008-09-07 04:26 . 2008-09-07 07:00 <DIR> d-------- C:\Arquivos de programas\Assassin's Creed 2008-09-03 14:11 . 2008-09-03 14:11 <DIR> d-------- C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\TuneUp Software 2008-09-03 14:11 . 2008-09-03 14:11 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-09-03 14:11 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-03 14:10 . 2008-09-03 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software 2008-09-03 14:10 . 2008-09-14 06:36 <DIR> d-------- C:\Arquivos de programas\TuneUp Utilities 2008 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-03 09:18 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy 2008-10-03 03:55 --------- d-----w C:\Arquivos de programas\LogMeIn 2008-09-25 20:57 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2008-09-25 20:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft 2008-09-25 19:23 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard 2008-09-23 18:44 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe 2008-09-23 05:54 --------- d-----w C:\Arquivos de programas\Mozilla Thunderbird 2008-09-21 23:52 --------- d-----w C:\Arquivos de programas\DreaMule 2008-09-21 20:38 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information 2008-09-17 18:30 952 --sha-w C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2008-09-10 04:41 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\MySQL 2008-09-05 14:29 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live 2008-09-01 13:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-01 10:32 --------- d-----w C:\Arquivos de programas\EA GAMES 2008-09-01 07:02 --------- d-----w C:\Arquivos de programas\Lighthouse Interactive 2008-09-01 03:49 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield 2008-08-30 11:27 --------- d-----w C:\Arquivos de programas\Paint.NET 2008-08-29 04:33 --------- d-----w C:\Arquivos de programas\PowerQuest 2008-08-27 18:32 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GlobalSCAPE 2008-08-26 13:42 --------- d-----w C:\Arquivos de programas\MagicISO 2008-08-23 01:53 --------- d-----w C:\Arquivos de programas\Winamp 2008-08-19 00:23 8 --sh--r C:\Documents and Settings\All Users\Dados de aplicativos\A1D843D817.sys 2008-08-15 19:22 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! 2008-08-13 12:07 --------- d-----w C:\Arquivos de programas\DBConvert 2008-08-13 09:25 --------- d-----w C:\Arquivos de programas\Calibrize 2008-08-06 01:33 --------- d-----w C:\Arquivos de programas\SecondLife 2008-08-05 07:13 --------- d-----w C:\Arquivos de programas\Yahoo! 2008-08-05 06:57 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\SmartFTP 2008-08-05 04:55 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-08-05 04:55 286,720 ------w C:\WINDOWS\Setup1.exe 2008-08-05 04:55 --------- d-----w C:\Arquivos de programas\Contas Pessoais 2 2008-08-05 04:53 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Borland Shared 2008-08-04 00:59 --------- d-----w C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Yahoo! 2008-08-03 03:38 --------- d-----w C:\Arquivos de programas\MUSHclient . ((((((((((((((((((((((((((((( snapshot@2008-08-16_17.52.21.29 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-27 17:32:36 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\SP2QFE\vgx.dll + 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\spmsg.dll + 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\spuninst.exe + 2007-03-06 01:00:54 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\spcustom.dll + 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe + 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\updspapi.dll + 2008-09-09 08:25:52 7,680 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll + 2008-09-09 08:25:48 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll + 2008-09-09 08:25:53 33,792 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2008-09-09 13:40:09 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2008-09-09 13:40:10 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll + 2008-09-09 08:25:54 4,608 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll + 2008-09-09 08:25:54 26,112 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2008-09-09 08:26:41 45,056 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript.resources\7.0.5000.0_pt-BR_b03f5f7f11d50a3a\Microsoft.Jscript.resources.dll + 2008-09-09 13:40:16 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-09-09 08:26:41 36,864 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.resources\7.0.5000.0_pt-BR_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll + 2008-09-09 08:25:48 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2008-09-09 13:40:11 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2008-09-09 08:25:49 6,144 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll + 2008-09-09 08:25:48 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-09-09 08:25:47 32,768 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2008-09-09 08:25:48 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2008-09-09 08:26:43 778,240 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\mscorcfg.resources.dll + 2008-09-09 08:25:54 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll + 2008-09-09 08:26:43 229,376 ----a-w C:\WINDOWS\assembly\GAC\mscorlib.resources\1.0.5000.0_pt-BR_b77a5c561934e089\Mscorlib.resources.dll + 2008-09-09 08:26:41 10,240 ----a-w C:\WINDOWS\assembly\GAC\Regcode.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\RegCode.resources.dll + 2008-09-09 13:40:14 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll + 2008-09-09 08:26:43 16,384 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Configuration.Install.resources.dll + 2008-09-09 08:25:54 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2008-09-09 13:40:13 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll + 2008-09-09 08:26:42 118,784 ----a-w C:\WINDOWS\assembly\GAC\System.Data.resources\1.0.5000.0_pt-BR_b77a5c561934e089\System.Data.resources.dll + 2008-09-09 13:40:14 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll + 2008-09-09 08:26:42 139,264 ----a-w C:\WINDOWS\assembly\GAC\System.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Design.resources.dll + 2008-09-09 13:40:10 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll + 2008-09-09 08:26:41 20,480 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll + 2008-09-09 13:40:15 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2008-09-09 08:26:43 6,144 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Drawing.design.resources.dll + 2008-09-09 08:25:55 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2008-09-09 08:26:42 13,312 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Drawing.resources.dll + 2008-09-09 13:40:13 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll + 2008-09-09 08:26:41 32,768 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll + 2008-09-09 13:40:11 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2008-09-09 13:40:11 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll + 2008-09-09 08:26:43 24,576 ----a-w C:\WINDOWS\assembly\GAC\system.management.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Management.resources.dll + 2008-09-09 13:40:14 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll + 2008-09-09 08:26:42 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Messaging.resources.dll + 2008-09-09 13:40:16 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll + 2008-09-09 08:26:42 81,920 ----a-w C:\WINDOWS\assembly\GAC\System.resources\1.0.5000.0_pt-BR_b77a5c561934e089\System.resources.dll + 2008-09-09 08:26:41 28,672 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting.resources\1.0.5000.0_pt-BR_b77a5c561934e089\System.runtime.remoting.resources.dll + 2008-09-09 13:40:13 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2008-09-09 08:26:41 12,288 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll + 2008-09-09 13:40:12 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2008-09-09 08:26:41 7,680 ----a-w C:\WINDOWS\assembly\GAC\System.Security.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Security.resources.dll + 2008-09-09 13:40:12 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll + 2008-09-09 08:26:42 40,960 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.Resources.dll + 2008-09-09 13:40:15 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2008-09-09 08:26:43 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Web.Mobile.resources.dll + 2008-09-09 13:40:09 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2008-09-09 13:40:11 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2008-09-09 08:26:42 122,880 ----a-w C:\WINDOWS\assembly\GAC\System.Web.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Web.resources.dll + 2008-09-09 08:26:42 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services.resources\1.0.5000.0_pt-BR_b03f5f7f11d50a3a\System.Web.Services.resources.dll + 2008-09-09 13:40:10 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2008-09-10 07:50:38 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2008-09-09 08:26:42 184,320 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms.resources\1.0.5000.0_pt-BR_b77a5c561934e089\System.Windows.Forms.resources.dll + 2008-09-09 13:40:12 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll + 2008-09-09 08:26:42 110,592 ----a-w C:\WINDOWS\assembly\GAC\System.XML.resources\1.0.5000.0_pt-BR_b77a5c561934e089\System.xml.resources.dll + 2008-09-09 13:40:14 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll + 2008-09-10 07:50:39 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2008-08-30 11:27:39 102,400 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsFileType\431343df6d45ea5d4a10cc26fadae79e\DdsFileType.ni.dll - 2008-07-18 17:28:02 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\58dd669935b698a80a7209e111a01021\ICSharpCode.SharpZipLib.ni.dll + 2008-08-30 11:27:40 548,864 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\58dd669935b698a80a7209e111a01021\ICSharpCode.SharpZipLib.ni.dll - 2008-07-18 17:27:56 114,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\f45ea7a3fe72ea840b39c3b3104f6767\Interop.WIA.ni.dll + 2008-08-30 11:27:30 114,688 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.WIA\f45ea7a3fe72ea840b39c3b3104f6767\Interop.WIA.ni.dll + 2008-08-30 11:27:24 253,952 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\04ebaac245683d357d7e72dbc72be55d\PaintDotNet.Base.ni.dll + 2008-08-30 11:27:35 1,953,792 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\dc62a33b30bbd42638be7d581be45066\PaintDotNet.Core.ni.dll + 2008-08-30 11:27:38 770,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\e01033bcf151c468a3a4c3064034f8d2\PaintDotNet.Data.ni.dll + 2008-08-30 11:27:43 753,664 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\53732619844d19010fc56289b4ae27d0\PaintDotNet.Effects.ni.dll + 2008-08-30 11:27:31 348,160 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\de11cbcc2627cb8453fd35c811962eb6\PaintDotNet.Resources.ni.dll + 2008-08-30 11:27:30 23,040 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.StylusR#\178acbd94b5303ee55af6efccbd0514e\PaintDotNet.StylusReader.ni.dll + 2008-08-30 11:27:26 643,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\b2e88cd257cd1c20ecf5b7bbd241fef7\PaintDotNet.SystemLayer.ni.dll + 2008-08-30 11:27:46 2,195,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PaintDotNet\79297328391619d816b1de5daa13d3a9\PaintDotNet.ni.exe + 2008-08-30 11:27:48 29,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WiaProxy32\6c6aa7239ee8063a58c9130960253d27\WiaProxy32.ni.exe + 2008-09-10 07:51:23 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5f8a7b59\CustomMarshalers.dll + 2008-09-10 07:50:56 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_91d4cc21\CustomMarshalers.dll + 2008-09-10 07:51:16 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_696f7413\mscorlib.dll + 2008-09-10 07:51:37 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9de23834\mscorlib.dll + 2008-09-10 07:51:11 1,466,368 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_058f2d20\System.Design.dll + 2008-09-10 07:51:30 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a28b2e91\System.Design.dll + 2008-09-10 07:50:57 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_151676d5\System.Drawing.Design.dll + 2008-09-10 07:51:23 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_69f5b2b3\System.Drawing.Design.dll + 2008-09-10 07:51:32 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_d57d4149\System.Drawing.dll + 2008-09-10 07:51:13 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f5c53307\System.Drawing.dll + 2008-09-10 07:51:26 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_864d3b90\System.Windows.Forms.dll + 2008-09-10 07:51:01 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_95e22dba\System.Windows.Forms.dll + 2008-09-10 07:51:29 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_676bf2b6\System.Xml.dll + 2008-09-10 07:51:06 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_dce23924\System.Xml.dll + 2008-09-10 07:51:22 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_0431bfaf\System.dll + 2008-09-10 07:50:54 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_ccfa4b7a\System.dll + 2008-03-24 22:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe + 2008-03-24 22:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe + 2005-10-20 23:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe + 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll + 2008-06-11 23:10:55 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-v2-IE7\vgx.dll + 2008-08-30 11:27:16 77,610 ----a-r C:\WINDOWS\Installer\{43602F34-1AA3-44FB-AEB2-D08C2C73743F}\_6FEFF9B68218417F98F549.exe + 2008-08-29 04:33:51 22,486 ----a-r C:\WINDOWS\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\ARPPRODUCTICON.exe - 2008-08-14 06:05:10 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-09-10 07:52:02 593,920 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-08-14 06:05:10 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-09-10 07:52:02 12,288 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-08-14 06:05:10 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-09-10 07:52:02 86,016 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-08-14 06:05:10 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-09-10 07:52:02 135,168 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-08-14 06:05:10 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-09-10 07:52:02 11,264 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-08-14 06:05:10 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-09-10 07:52:02 27,136 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-08-14 06:05:10 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-09-10 07:52:02 4,096 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-08-14 06:05:10 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-09-10 07:52:03 794,624 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-08-14 06:05:10 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-09-10 07:52:02 249,856 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-08-14 06:05:10 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-09-10 07:52:02 61,440 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-08-14 06:05:11 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-09-10 07:52:03 23,040 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-08-14 06:05:10 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-09-10 07:52:02 286,720 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-08-14 06:05:09 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-09-10 07:52:01 409,600 ----a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-09-23 18:44:43 38,926 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat.exe + 2008-09-23 18:44:43 38,926 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_3D.exe + 2008-09-23 18:44:43 36,294 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat_Standard.exe + 2008-09-23 18:44:43 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Distiller.exe + 2008-09-23 18:44:43 7,278 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_ELEMENTS_DT.exe + 2008-09-23 18:44:43 335,872 ----a-r C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe - 2008-07-16 15:04:18 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe + 2008-09-10 08:06:34 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe + 2008-08-29 16:45:43 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe - 1998-10-29 19:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe + 1998-10-29 18:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe + 2003-02-21 05:59:44 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll + 2003-02-21 06:55:06 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll + 2003-02-21 06:02:16 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll + 2003-02-21 08:04:20 155,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll + 2003-03-26 18:51:38 19,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1046\alinkui.dll + 2003-03-26 18:51:36 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1046\cscompui.dll + 2003-03-26 18:51:30 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1046\vbc7ui.dll + 2003-03-26 18:50:14 172,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1046\Vsavb7rtUI.dll + 2003-02-21 10:24:08 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll + 2003-02-21 08:00:36 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll + 2003-02-20 22:19:42 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll + 2007-04-14 00:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2003-02-20 22:19:22 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll + 2004-07-15 04:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe + 2004-07-15 04:49:26 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe + 2007-04-14 00:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2002-07-29 14:11:50 219,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll + 2003-02-21 10:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe + 2003-02-21 10:24:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe + 2007-04-13 23:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2004-07-15 14:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe + 2004-07-15 14:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll + 2003-02-21 10:24:34 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll + 2003-02-21 10:24:36 33,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll + 2003-02-21 07:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe + 2003-02-21 13:21:40 524,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll + 2003-02-20 22:16:32 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll + 2004-07-15 03:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll + 2003-10-08 17:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe + 2003-02-21 10:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe + 2004-07-15 17:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll + 2004-07-15 17:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll + 2003-02-21 10:24:40 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll + 2004-07-15 03:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe + 2003-02-21 10:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe + 2003-02-20 22:22:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll + 2003-02-21 10:24:44 26,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll + 2003-02-21 10:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe + 2004-07-15 17:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll + 2004-07-15 17:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll + 2003-02-21 10:24:54 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll + 2003-02-21 10:25:02 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll + 2003-02-21 10:24:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll + 2003-02-21 10:25:06 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2003-02-21 10:25:02 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll + 2004-07-15 17:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe + 2004-07-15 17:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe + 2003-02-21 10:25:06 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll + 2004-07-15 03:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll + 2004-07-15 03:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll + 2007-04-13 23:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2007-04-13 23:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2007-04-13 23:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2007-04-13 23:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2003-02-20 21:43:52 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll + 2003-02-20 22:06:34 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll + 2004-07-15 03:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll + 2004-07-15 03:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll + 2007-04-13 23:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll + 2007-04-13 23:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2003-02-20 22:09:24 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll + 2007-04-13 23:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll + 2003-02-21 07:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll + 2003-02-20 22:18:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll + 2003-02-20 21:43:36 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll + 2003-03-26 18:50:56 23,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0416\mscorsecr.dll + 2007-01-15 19:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe + 2003-02-20 22:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe + 2004-07-15 03:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll + 2003-03-26 18:50:18 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\aspnet_rc.dll + 2003-03-26 18:55:08 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\caspol.resources.dll + 2003-03-26 18:56:50 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\ConfigWizards.resources.dll + 2003-03-26 18:56:50 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\InstallUtil.resources.dll + 2003-03-26 18:56:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\JSC.resources.dll + 2003-03-26 19:03:30 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\Microsoft.JScript.resources.dll + 2003-03-26 19:01:50 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\Microsoft.VisualBasic.resources.dll + 2003-03-26 18:56:58 778,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\mscorcfg.resources.dll + 2003-03-26 19:01:52 229,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\mscorlib.resources.dll + 2003-03-26 18:50:20 163,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\mscorrc.dll + 2003-03-26 18:57:00 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\Regasm.Resources.dll + 2003-03-26 18:55:42 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\RegCode.resources.dll + 2003-03-26 18:50:40 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\ShFusRes.dll + 2003-03-26 19:03:38 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Configuration.Install.resources.dll + 2003-03-26 19:03:40 118,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Data.resources.dll + 2003-03-26 18:57:36 139,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Design.resources.dll + 2003-03-26 19:03:56 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.DirectoryServices.resources.dll + 2003-03-26 19:02:30 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Drawing.Design.resources.dll + 2003-03-26 19:04:02 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Drawing.resources.dll + 2003-03-26 19:02:32 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.EnterpriseServices.resources.dll + 2003-03-26 18:57:44 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Management.resources.dll + 2003-03-26 19:01:10 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Messaging.resources.dll + 2003-03-26 18:57:54 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\system.resources.dll + 2003-03-26 19:01:14 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Runtime.Remoting.resources.dll + 2003-03-26 18:57:58 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Runtime.Serialization.Formatters.Soap.resources.dll + 2003-03-26 19:04:14 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Security.resources.dll + 2003-03-26 18:58:00 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.ServiceProcess.resources.dll + 2003-03-26 19:04:30 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Web.Mobile.resources.dll + 2003-03-26 19:02:58 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Web.resources.dll + 2003-03-26 19:04:32 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Web.Services.resources.dll + 2003-03-26 18:56:20 184,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.Windows.Forms.resources.dll + 2003-03-26 19:04:34 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\pt-BR\System.xml.resources.dll + 2003-02-21 10:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe + 2004-07-15 17:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll + 2003-02-21 10:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe + 2004-07-15 04:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_aspnet_isapi.dll + 2004-07-15 03:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_CORPerfMonExt.dll + 2004-07-15 03:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_fusion.dll + 2004-07-15 03:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorjit.dll + 2004-07-15 17:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorlib.dll + 2003-02-20 22:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorsn.dll + 2004-07-15 03:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorsvr.dll + 2004-07-15 03:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_mscorwks.dll + 2003-02-21 07:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_msvcr71.dll + 2004-07-15 03:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4016\_PerfCounter.dll + 2003-02-20 22:09:34 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll + 2003-02-20 22:09:34 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll + 2004-07-15 03:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll + 2003-02-21 10:26:38 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll + 2004-07-15 17:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll + 2004-07-15 17:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll + 2004-07-15 17:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll + 2004-07-15 17:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll + 2007-04-14 00:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll + 2003-02-21 10:26:48 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll + 2004-07-15 17:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll + 2004-07-15 17:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll + 2004-07-15 03:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll + 2004-07-15 17:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll + 2004-07-15 17:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll + 2004-07-15 17:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll + 2004-07-15 17:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll + 2004-07-15 17:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll + 2004-07-15 17:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll + 2007-04-14 00:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll + 2004-07-15 17:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll + 2004-07-15 17:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll + 2004-07-15 17:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll + 2004-07-15 17:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll + 2004-07-15 17:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll + 2004-06-22 16:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe + 2004-07-15 14:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe + 2004-07-15 11:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll + 2004-07-15 05:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll + 2005-12-09 13:45:40 609,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.exe + 2005-12-09 13:45:40 82,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\install.res.1046.dll + 2005-12-09 15:26:10 245,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - PTB\unicows.dll + 2008-04-07 08:38:06 45,392 ----a-r C:\WINDOWS\system32\AdobePDF.dll - 2008-07-20 16:50:05 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll + 2008-09-14 09:25:47 10,752 ----a-w C:\WINDOWS\system32\BASSMOD.dll - 2007-07-30 22:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll + 2008-07-19 01:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-10-12 18:14:00 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll + 2008-03-05 18:56:58 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll + 2008-05-30 17:11:46 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll + 2008-07-12 11:18:52 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll + 2007-10-02 12:56:34 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll + 2008-02-06 02:07:36 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll + 2008-05-30 17:11:46 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll + 2008-07-12 11:18:52 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll + 2007-10-12 18:14:00 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll + 2008-03-05 18:56:58 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll + 2008-05-30 17:11:46 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll + 2008-07-12 11:18:52 3,851,784 ----a-w C:\WINDOWS\system32\D3DX9_39.dll - 2007-07-30 22:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-19 01:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2008-04-14 11:00:00 29,696 -c--a-w C:\WINDOWS\system32\dllcache\mimefilt.dll + 2008-03-07 17:02:08 29,696 -c--a-w C:\WINDOWS\system32\dllcache\mimefilt.dll - 2008-04-14 11:00:00 98,304 -c--a-w C:\WINDOWS\system32\dllcache\nlhtml.dll + 2008-03-07 17:02:08 98,304 -c--a-w C:\WINDOWS\system32\dllcache\nlhtml.dll - 2008-04-14 11:00:00 192,000 -c--a-w C:\WINDOWS\system32\dllcache\offfilt.dll + 2008-03-07 17:02:08 192,000 -c--a-w C:\WINDOWS\system32\dllcache\offfilt.dll - 2008-06-11 23:10:55 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll + 2008-05-27 17:25:04 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll - 2007-07-30 22:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-19 01:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 22:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-19 01:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 22:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-19 01:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 22:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-19 01:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 22:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-19 01:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 22:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 01:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2002-09-16 20:14:32 4,228 ----a-w C:\WINDOWS\system32\drivers\PQNTDRV.sys - 2008-08-15 14:20:07 127,704 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-09-23 19:22:09 135,664 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-03-20 21:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll - 2008-08-05 00:27:40 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-09-14 15:15:12 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe - 2008-07-16 17:07:52 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe + 2008-09-03 15:18:01 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe - 2008-04-14 11:00:00 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll + 2008-03-07 17:02:08 29,696 ----a-w C:\WINDOWS\system32\mimefilt.dll - 2008-08-05 14:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-07-30 22:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll + 2008-07-19 01:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll + 2003-02-20 21:43:36 4,096 ----a-w C:\WINDOWS\system32\mui\0409\mscoreer.dll + 2003-03-26 18:50:52 4,096 ----a-w C:\WINDOWS\system32\mui\0416\mscoreer.dll - 2007-07-30 22:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll + 2008-07-19 01:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll - 2008-04-14 11:00:00 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll + 2008-03-07 17:02:08 98,304 ----a-w C:\WINDOWS\system32\nlhtml.dll + 2007-02-20 19:04:02 2,463,976 ----a-w C:\WINDOWS\system32\NPSWF32.dll + 2007-02-20 19:04:04 190,696 ----a-w C:\WINDOWS\system32\NPSWF32_FlashUtil.exe - 2007-09-17 05:10:36 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE + 2008-07-23 18:24:40 446,464 ----a-w C:\WINDOWS\system32\NVUNINST.EXE - 2008-04-14 11:00:00 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll + 2008-03-07 17:02:08 192,000 ----a-w C:\WINDOWS\system32\offfilt.dll - 2008-08-11 11:24:31 75,040 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-27 23:12:32 78,730 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-11 11:24:31 83,758 ----a-w C:\WINDOWS\system32\perfc016.dat + 2008-09-27 23:12:32 87,448 ----a-w C:\WINDOWS\system32\perfc016.dat - 2008-08-11 11:24:31 450,822 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-27 23:12:32 459,150 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-08-11 11:24:31 483,816 ----a-w C:\WINDOWS\system32\perfh016.dat + 2008-09-27 23:12:32 492,144 ----a-w C:\WINDOWS\system32\perfh016.dat + 2002-03-19 20:30:00 21,504 ----a-w C:\WINDOWS\system32\phototoys.dll - 2008-07-26 05:24:05 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-09-01 13:29:56 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe + 2008-07-19 01:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 01:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll + 2008-04-07 08:38:06 45,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\AdobePdf.dll + 2008-04-07 08:38:12 22,872 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\AdobePDFUI.dll + 2008-04-28 08:30:46 29,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADREGP.DLL + 2008-04-07 08:37:36 193,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\ADUIGP.DLL + 2008-04-13 22:20:38 728,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL + 2008-04-13 22:20:38 543,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL - 2005-06-28 13:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2007-09-27 13:48:36 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2003-02-21 08:16:08 49,152 ----a-w C:\WINDOWS\system32\URTTEMP\regtlib.exe + 2004-08-17 23:14:36 442,368 ----a-r C:\WINDOWS\system32\vp6vfw.dll - 2008-06-11 23:09:06 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll + 2008-06-24 21:12:58 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll - 2007-07-30 22:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll + 2008-07-19 01:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll - 2007-07-30 22:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2008-07-19 01:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2007-07-30 22:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2008-07-19 01:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2007-07-30 22:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll + 2008-07-19 01:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll - 2007-07-30 22:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll + 2008-07-19 01:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll - 2007-07-30 22:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll + 2008-07-19 01:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll - 2007-07-30 22:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll + 2008-07-19 01:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll - 2007-07-20 03:54:28 18,280 ----a-w C:\WINDOWS\system32\x3daudio1_2.dll + 2007-10-22 06:37:16 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll + 2008-03-05 19:00:06 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll + 2008-05-30 17:17:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll + 2007-10-22 06:39:54 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll + 2008-03-05 19:03:20 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll + 2008-05-30 17:18:52 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll + 2008-07-31 13:41:54 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll + 2008-05-30 17:17:30 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll + 2008-07-31 13:41:52 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll + 2008-03-05 19:03:54 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll + 2008-05-30 17:19:18 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll + 2008-07-31 13:40:32 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll + 2002-09-16 20:16:48 1,357,032 ----a-w C:\WINDOWS\system32\XMNT2002.exe + 2008-08-28 18:57:06 491,768 ----a-w C:\WINDOWS\Windows Update Setup Files\ie6setup.exe + 2008-07-29 08:23:06 59,904 ----a-w C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_bdb5a47a\vcomp90.dll + 2008-07-29 11:05:08 54,272 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_8babbe9a\vcomp90.dll + 2008-04-15 17:49:32 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CGFLoader"="C:\Arquivos de programas\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984] "CalibrizeResume"="C:\Arquivos de programas\Calibrize\CalibrizeResume.exe" [2007-11-26 413696] "TuneUp MemOptimizer"="C:\Arquivos de programas\TuneUp Utilities 2008\MemOptimizer.exe" [2008-02-29 196864] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-16 8491008] "egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "LogMeIn GUI"="C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048] "nwiz"="nwiz.exe" [2007-09-16 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\ No-IP DUC.lnk - C:\Arquivos de programas\No-IP\DUC20.exe [2008-07-25 1172992] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "GreyMSIAds"= 0 (0x0) "NoInstrumentation"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2008-07-23 366664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2008-07-23 15:12 366664 C:\Arquivos de programas\GbPlugin\gbiehcef.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^Thi&Cissa^Menu Iniciar^Programas^Inicializar^Sidebar.lnk] path=C:\Documents and Settings\Thi&Cissa\Menu Iniciar\Programas\Inicializar\Sidebar.lnk backup=C:\WINDOWS\pss\Sidebar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App] --a------ 2008-07-07 13:12 675935 C:\Arquivos de programas\SAMSUNG\FW LiveUpdate\FWManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2006-11-14 02:33 1249280 C:\Arquivos de programas\Windows Sidebar\sidebar_clear.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-09-23 12:41 860160 C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-07-16 15:25 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 18:33 36352 C:\Arquivos de programas\Winamp\winampa.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe "Google Update"="C:\Documents and Settings\Thi&Cissa\Configuraes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Ad-Watch"=C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-Watch.exe "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz"=nwiz.exe /install "SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe "googletalk"=C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart "Adobe Acrobat Speed Launcher"="C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" "Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"= "C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"= "C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "19957:TCP"= 19957:TCP:BitCometBeta 19957 TCP "19957:UDP"= 19957:UDP:BitCometBeta 19957 UDP R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 17408] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys [2008-02-28 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848] R2 PSI_SVC_2;Protexis Licensing V2;c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2008-02-28 12192] S2 gupdate1c91e25195095c;Google Update Service (gupdate1c91e25195095c);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2008-09-02 133104] S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2008-04-14 3584] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-03 307968] S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1ef32a-7b80-11dd-a8f3-0016ec1d2134}] \Shell\AutoRun\command - I:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1ef330-7b80-11dd-a8f3-0016ec1d2134}] \Shell\AutoRun\command - I:\start.exe *Newly Created Service* - GBPSV . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Mozilla\Firefox\Profiles\j156pnhj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://g1.globo.com/Noticias/Tecnologia/0,,6174,00.html FF -: plugin - C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll FF -: plugin - C:\Arquivos de programas\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Documents and Settings\Thi&Cissa\Configuraes locais\Dados de aplicativos\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Documents and Settings\Thi&Cissa\Dados de aplicativos\Mozilla\Firefox\Profiles\j156pnhj.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-03 06:27:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GbpSv] "ImagePath"="C:\ARQUIV~1\GbPlugin\GbpSv.exe" . ------------------------ Other Running Processes ------------------------ . C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\Arquivos de programas\Bonjour\mDNSResponder.exe C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Arquivos de programas\LogMeIn\x86\ramaint.exe C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe C:\xampp\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe . ************************************************************************** . Completion time: 2008-10-03 6:30:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-03 09:30:44 ComboFix2.txt 2008-08-19 00:11:29 ComboFix3.txt 2008-08-16 20:52:38 Pre-Run: 16 pasta(s) 256.117.702.656 bytes disponveis Post-Run: 18 pasta(s) 256,104,730,624 bytes disponveis 677 --- E O F --- 2008-09-10 07:53:38 Compartilhar este post Link para o post Compartilhar em outros sites
jgarcia 1 Denunciar post Postado Outubro 6, 2008 Opa ~TiuTalk~, 1. Baixe o BankerFix 3.0. 2. Desative o seu anti-vírus temporariamente. 3. Dê um duplo-clique sobre o bankerfix.exe. A janela do Banker Fix 3.0 abrir-se-á com a seguinte pergunta Instalar o BankerFix 3.0 / Install BankerFix 3.0 ? >> clique em SIM. 4. Uma janela informando que o BankerFix 3.0 será baixado via internet abrir-se-á >> clique sobre OK e aguarde. Na próxima janela clique em OK mais uma vez, a fim de que o BankerFix 3.0 seja iniciado. 5. Pressione qualquer tecla para dar continuidade ao processo e aguarde até que a varredura se complete. Tenha paciência, pois ela pode demorar alguns minutos. 6. Terminado o scan, leia a mensagem na tela e aperte Enter. 7. Habilite o seu anti-vírus. 8. Retorne com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\). 9. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C. Abraços. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Novembro 6, 2008 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites