[Resolvido!] Erro no Explorer.EXE

[ItaloCCSL 0]

Queridos analistas, moderadores e veteranos nessa área,

 

Venho através desse incrível fórum pedir novamente o auxílio de vocês. Desde o começo dessa semana o meu PC vem exibindo uma mensagem que disse o seguinte: "O Explorer.EXE encontrou um problema e precisa ser fechado" e pede para "Depurar", "Enviar relatório de erros" e "Não enviar".

Inicialmente selecionei em "Não enviar" e a tela ficou somente com o meu papel de parede e só depois de um tempo (O tempo que eu fui beber água) a tela voltou ao normal, mas voltou consigo a janela do erro pedindo para selecionar uma das opções citadas anterior. Dessa vez resolvi esconder a caixa no canto da tela, porque acharia que se eu selecionasse qualquer outra opção a tela iria ficar só com meu papel de parede novamente.

 

Após aquele dia, não liguei muito o meu PC e não me lembro se a mensagem aparecia quando eu ligava e algumas das vezes o PC já estava ligado (Só para não deixar mal entendido, alguém da minha casa deve ter ligado). Ontem, apareceram uma série de vírus no meu PC e basicamente eles vinham com esse nome "skp6.exe" que estava na minha pasta de documento (Muitos dele vinha com o mesmo nome e somente com um colchetes e um número dentro tipo [1] tipo para poder salvar mais de um deles, vocês sabem como é e na hora eu estava acessando a internet pelo meu provedor da velox e iria abrir a minha janela do Firefox e eles foram encontrados simultaneamente. Na hora eu optei em "deter acesso" meu anti vírus é o "AntiVir PE Classic". E via que não tinha resolvido e que quando eu iria fazer isso novamente eles voltava a aparecer e resolvi ativar o procurador de vírus dele e ele só encontrou dois suspeitos, mas não os identificaram como vírus. Hoje eu passei o "Malwarebytes' Anti-Malware" e ele encontrou quatro arquivo infectados ai executei a limpeza e um dele pediu para reiniciar o computador pois era uma "Key" e fiz isso e quando ele retornou ao normal veio junto com esse problema no "Explorer.EXE" (Na primeira vez que eu liguei o computador ele também apareceu e somente botei ele de lado.

 

Outros pontos que eu gostaria de focar é que quando vou ligar o computador ele demora muito para sair da tela "Bem vindo" e aparecer minha área de trabalho, também notei que ontem a velocidade dos meus downloads estavam lentos, porque era para estarem numa média de 15 kb/seg e estava em 2 ou 1 kb/seg (absurdo!) e para terminar o meu computador pede muito para se conectar na internet, alguns eu sei que querem procurar por atualização mas outros são duvidosos.

 

 

Em quando eu escrevia esse tópico apareceram algumas das coisas que eu mencionei.

E aqui seguem os links das imagens:

 

-Problema:

Visite meu site

-Vírus:

Visite meu site

Visite meu site

-Tentativa de acessar a internet:

Visite meu site

PS.: A seta era só para mostra onde o escondia a janela do erro.

 

Bom... Espero que vocês entendam o meu problema.

Acho que vocês querem um log do HijackThis.

Vou fechar os meus programas e gerar o logo para vocês analisarem.

 

Abraços,

 

:thumbsup:

[ItaloCCSL 0]

Eis o log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:09:12, on 17/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wscntfy.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Fantasy Codecs\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [filehippo.com] "C:\Arquivos de programas\filehippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: Domain = @

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8432 bytes

 

 

 

PS.: Quando me conectei a internet novamente para mandar esse log, três vírus foram encontrado e são de nomes parecido como eu já tinha mencionado.

 

Aqui está o link da imagem deles:

Visite meu site

 

Eu selecionei o "delete".

 

 

Por favor me ajudem :unsure:

[Silas Martins 0]

Baixe o Malwarebytes Anti-Malware

 

 

* Inicie a instalação clique em "mbam-setup.exe";

* Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir.

* Marque "Verificação Rápida" e depois clique em Verificar.

* Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;

* Se algo for detectado, veja se tudo está marcado e clique em "Remover";

* O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;

* Copie e cole esse log, juntamente com o novo log do hijacktihis .

Aguado o retorno.

[ItaloCCSL 0]

Olá amigo Silas,

 

Não creio que você se lembre de mim mas você já resolveu dois tópicos meus. Você é uma grande amigo.

Aqui está o que você me pediu:

 

Malwarebytes' Anti-Malware 1.29

Versão do banco de dados: 1286

Windows 5.1.2600 Service Pack 2

 

18/10/2008 19:36:28

mbam-log-2008-10-18 (19-36-28).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 57022

Tempo decorrido: 12 minute(s), 17 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Delete on reboot.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Delete on reboot.

 

Arquivos infectados:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe (Trojan.Agent) -> Delete on reboot.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:44:56, on 18/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Arquivos de programas\FlashGet\jccatch.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Arquivos de programas\FlashGet\getflash.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Fantasy Codecs\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] C:\Arquivos de programas\FlashGet\FlashGet.exe /min

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [filehippo.com] "C:\Arquivos de programas\filehippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Descarregar tudo com o FlashGet - C:\Arquivos de programas\FlashGet\jc_all.htm

O8 - Extra context menu item: &Descarregar utilizando o FlashGet - C:\Arquivos de programas\FlashGet\jc_link.htm

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Arquivos de programas\FlashGet\FlashGet.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: Domain = @

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8395 bytes

[Silas Martins 0]

Baixe o ComboFix em:

ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta.

 

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

 

 

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

 

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

 

Aguardo o retorno

[ItaloCCSL 0]

Aqui está:

 

ComboFix 08-10-21.06 - Ítalo César 2008-10-22 20:08:20.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.59 [GMT -3:00]

Executando de: C:\Documents and Settings\Ítalo César.HOME\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-22 to 2008-10-22 ))))))))))))))))))))))))))))

.

 

2008-10-21 08:06 . 2008-10-21 08:06 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Desktopicon

2008-10-21 08:06 . 2008-10-21 08:17 <DIR> d----c--- C:\Arquivos de programas\VDOWNLOADER

2008-10-19 07:21 . 2008-10-20 07:52 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Spybot - Search & Destroy

2008-10-19 07:21 . 2008-10-20 07:51 <DIR> d----c--- C:\Arquivos de programas\Spybot - Search & Destroy

2008-10-16 07:13 . 2008-10-16 07:21 1,393 --a--c--- C:\WINDOWS\imsins.BAK

2008-10-09 06:57 . 2008-10-22 19:57 <DIR> dr-h-c--- C:\Documents and Settings\Ítalo César.HOME\Recent

2008-10-09 06:57 . 2008-10-22 19:57 <DIR> dr-h-c--- C:\Documents and Settings\Ítalo César.HOME\Recent

2008-10-08 23:29 . 2006-11-29 13:06 3,426,072 --a--c--- C:\WINDOWS\system32\d3dx9_32.dll

2008-10-08 23:26 . 2008-10-08 23:26 <DIR> d----c--- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-10-08 11:15 . 2008-10-08 11:15 48,156 --ah-c--- C:\WINDOWS\system32\mlfcache.dat

2008-10-08 07:53 . 2008-10-08 22:12 <DIR> d----c--- C:\Arquivos de programas\MessengerDiscovery

2008-10-08 07:53 . 2004-03-09 00:00 609,824 --a--c--- C:\WINDOWS\system32\COMCTL32.ocx

2008-10-08 07:53 . 2004-03-08 22:00 152,848 --a--c--- C:\WINDOWS\system32\comdlg32.OCX

2008-10-06 20:29 . 2008-10-13 20:43 <DIR> d----c--- C:\Arquivos de programas\Picasa2

2008-10-06 20:29 . 2008-10-06 20:33 <DIR> d----c--- C:\Arquivos de programas\PhotoFiltre

2008-10-05 10:51 . 2008-10-08 21:28 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Tracing

2008-10-05 10:51 . 2008-10-08 21:28 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Tracing

2008-10-05 10:42 . 2008-10-05 10:42 <DIR> d----c--- C:\Arquivos de programas\Microsoft

2008-10-04 21:38 . 2008-10-04 21:38 <DIR> d----c--- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-10-04 15:39 . 2008-10-04 15:40 42 --a--c--- C:\WINDOWS\boxworld.ini

2008-10-04 15:36 . 2008-10-04 15:36 45,056 --a--c--- C:\WINDOWS\NCUNINST.EXE

2008-10-01 22:13 . 2008-10-06 10:50 50 --a--c--- C:\WINDOWS\MegaManager.INI

2008-10-01 08:06 . 2008-10-01 08:06 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Megaupload

2008-10-01 08:05 . 2008-10-01 08:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Megaupload

2008-10-01 08:05 . 2008-10-01 08:05 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\EmailNotifier

2008-10-01 08:05 . 2008-10-01 08:05 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\EmailNotifier

2008-09-29 11:03 . 2008-09-29 11:03 <DIR> d----c--- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Apple Computer

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-19 10:20 --------- dc----w C:\Arquivos de programas\FlashGet

2008-10-18 22:18 --------- dc----w C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-10-16 23:25 38,496 -c--a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-16 23:25 15,504 -c--a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-10-09 22:03 --------- dc----w C:\Arquivos de programas\Windows Live

2008-10-09 01:51 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\WLInstaller

2008-10-05 15:16 --------- dc----w C:\Arquivos de programas\Messenger Plus! Live

2008-10-01 11:04 --------- dc-h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-26 23:33 --------- dc----w C:\Arquivos de programas\eMule

2008-09-15 15:40 1,846,144 -c--a-w C:\WINDOWS\system32\win32k.sys

2008-08-31 14:32 --------- dc----w C:\Arquivos de programas\Ares

2008-08-31 13:23 --------- dc----w C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\LimeWire

2008-08-28 10:04 333,056 -c--a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-27 13:45 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Apple Computer

2008-08-27 13:45 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Apple

2008-08-27 13:45 --------- dc----w C:\Arquivos de programas\Apple Software Update

2008-08-27 13:29 --------- dc----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-08-27 13:25 --------- dc----w C:\Arquivos de programas\7-Zip

2008-08-27 12:02 --------- dc----w C:\Arquivos de programas\filehippo.com

2008-08-20 05:37 661,504 -c--a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:45 2,184,576 -c--a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:45 2,061,952 -c--a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 09:23 2,560 -c--a-w C:\WINDOWS\_MSRSTRT.EXE

2007-07-20 04:19 855,886 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19 800,467 -c--a-w C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19 1,803,760 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18 44,684 -c--a-w C:\Arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18 201,696 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18 156,612 -c--a-w C:\Arquivos de programas\AUG2007_XACT_x86.cab

2007-07-20 04:18 1,711,752 -c--a-w C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-03 01:43 171,008 -c--a-w C:\Arquivos de programas\FLV PlayerRCSetup.exe

2004-10-01 18:00 40,960 -c--a-w C:\Arquivos de programas\Uninstall_CDS.exe

.

 

------- Sigcheck -------

 

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\explorer.exe

2007-06-13 10:10 1035264 45d521506825a10b80833b4e9621ccf6 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

2008-04-13 23:20 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\explorer.exe

2007-06-13 10:21 1697280 07a1a28907a5f2a251b3b2564884d730 C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 10:21 1035264 dccbf18e94d651393a3ffa060f88e0a0 C:\WINDOWS\XPize Darkside\Backup\explorer.exe

 

2008-04-13 23:20 15360 4e486adfe3a0b9ed0eb0639902e9f64f C:\WINDOWS\SoftwareDistribution\Download\0bd93937a84337966dcbb1c34e8c1b2f\ctfmon.exe

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\ctfmon.exe

2004-08-04 00:45 30208 c44b39505116f6961988b8681793e572 C:\WINDOWS\system32\dllcache\ctfmon.exe

2004-08-04 00:45 15360 f40bc97996b8e53799eef1d63996674b C:\WINDOWS\XPize Darkside\Backup\ctfmon.exe

.

((((((((((((((((((((((((((((( snapshot@2008-07-11_18.54.33.89 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB938464\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB938464\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB938464\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB938464\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB938464\update\updspapi.dll

+ 2008-05-02 13:33:05 83,968 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll

+ 2008-05-02 14:01:56 83,968 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll

+ 2008-05-02 13:44:58 83,968 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll

+ 2008-07-07 20:18:39 253,952 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:28:46 253,952 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:25:26 253,952 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:38:57 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-04-11 18:40:54 683,520 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll

+ 2008-04-11 19:05:45 691,712 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll

+ 2008-04-12 03:23:28 691,712 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll

+ 2007-12-03 15:25:15 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll

+ 2008-07-14 11:03:00 62,976 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe

+ 2008-07-11 12:42:28 62,976 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe

+ 2008-07-11 12:51:51 62,976 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2007-11-30 11:18:16 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll

+ 2007-11-30 11:18:16 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe

+ 2007-11-30 11:18:16 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll

+ 2008-05-01 15:06:19 331,776 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll

+ 2008-05-01 14:36:56 331,776 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll

+ 2008-05-01 14:39:19 331,776 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll

+ 2007-11-30 11:18:16 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll

+ 2007-11-30 11:18:16 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe

+ 2007-11-30 11:18:16 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe

+ 2007-11-30 11:18:17 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll

+ 2008-06-24 16:30:35 74,240 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:43:36 74,240 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:53:55 74,240 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-06-23 16:15:24 1,024,512 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll

+ 2008-06-23 16:15:24 151,552 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll

+ 2008-06-23 16:15:29 1,055,744 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll

+ 2008-06-23 16:15:29 357,888 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll

+ 2008-06-23 16:15:29 205,312 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll

+ 2008-06-23 16:15:29 55,808 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll

+ 2008-06-23 09:53:58 18,432 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe

+ 2008-06-23 16:15:29 251,904 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll

+ 2008-06-23 16:15:29 96,768 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll

+ 2008-06-23 16:15:29 16,384 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll

+ 2008-06-23 16:15:31 3,088,384 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll

+ 2008-06-23 16:15:32 449,024 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll

+ 2008-06-23 16:15:32 146,432 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll

+ 2008-06-23 16:15:32 532,480 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll

+ 2008-06-23 16:15:32 39,424 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll

+ 2008-06-23 16:15:34 1,499,136 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll

+ 2008-06-23 16:15:34 474,112 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll

+ 2008-07-03 09:42:22 360,448 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\spru0416.dll

+ 2008-06-23 16:15:35 619,520 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll

+ 2008-06-23 16:15:36 669,184 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll

+ 2008-06-23 15:11:15 3,088,384 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll

+ 2008-06-26 08:14:06 1,499,136 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll

+ 2008-06-26 08:14:06 619,520 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll

+ 2008-06-23 15:11:15 668,160 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll

+ 2008-06-25 04:26:28 3,088,896 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll

+ 2008-06-26 08:00:50 1,499,136 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll

+ 2008-06-26 08:00:50 619,520 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll

+ 2008-06-23 14:56:27 668,672 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe

+ 2007-11-30 12:38:57 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll

+ 2007-11-30 12:39:04 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll

+ 2007-11-30 12:39:04 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe

+ 2007-11-30 12:39:04 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll

+ 2008-08-20 05:34:00 1,024,512 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\browseui.dll

+ 2008-08-20 05:33:52 151,552 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\cdfview.dll

+ 2008-08-20 05:33:53 1,055,744 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\danim.dll

+ 2008-08-20 05:33:53 357,888 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\dxtmsft.dll

+ 2008-08-20 05:33:53 205,312 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\dxtrans.dll

+ 2008-08-20 05:33:53 55,808 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\extmgr.dll

+ 2008-08-19 09:38:57 18,432 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\iedw.exe

+ 2008-08-20 05:33:54 251,904 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\iepeers.dll

+ 2008-08-20 05:33:54 96,768 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\inseng.dll

+ 2008-08-20 05:33:58 16,384 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\jsproxy.dll

+ 2008-08-20 05:34:05 3,088,384 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\mshtml.dll

+ 2008-08-20 05:33:58 449,024 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\mshtmled.dll

+ 2008-08-20 05:33:54 146,432 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\msrating.dll

+ 2008-08-20 05:33:54 532,480 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\mstime.dll

+ 2008-08-20 05:33:54 39,424 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\pngfilt.dll

+ 2008-08-20 05:33:56 1,499,136 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\shdocvw.dll

+ 2008-08-20 05:33:58 474,112 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\shlwapi.dll

+ 2008-08-19 09:51:24 360,448 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\spru0416.dll

+ 2008-08-20 05:34:00 620,032 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\urlmon.dll

+ 2008-08-20 05:33:57 669,696 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP2QFE\wininet.dll

+ 2008-08-20 05:09:54 3,088,896 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3GDR\mshtml.dll

+ 2008-08-20 05:09:53 1,499,136 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3GDR\shdocvw.dll

+ 2008-08-20 05:09:53 619,520 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3GDR\urlmon.dll

+ 2008-08-20 05:09:53 668,160 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3GDR\wininet.dll

+ 2008-08-20 05:07:35 3,088,896 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\mshtml.dll

+ 2008-08-20 05:07:32 1,499,136 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\shdocvw.dll

+ 2008-08-20 05:07:33 620,032 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\urlmon.dll

+ 2008-08-20 05:07:33 668,672 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\wininet.dll

+ 2007-11-30 11:18:16 18,296 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\spmsg.dll

+ 2007-11-30 11:18:16 233,336 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\spuninst.exe

+ 2007-11-30 11:18:16 26,488 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\update\update.exe

+ 2007-11-30 12:39:05 395,128 -c--a-w C:\WINDOWS\$hf_mig$\KB956390\update\updspapi.dll

+ 2008-08-14 09:23:25 2,560 -c--a-w C:\WINDOWS\_MSRSTRT.EXE

+ 2008-09-09 22:19:06 110,592 -c--a-w C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

+ 2008-09-09 22:19:56 91,488 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-09-09 22:19:52 103,776 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2008-09-09 22:19:29 66,936 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-09-09 22:19:08 4,096 -c--a-w C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

+ 2008-09-09 22:19:24 226,656 -c--a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-09-09 22:19:08 16,384 -c--a-w C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

+ 2008-08-27 11:57:43 68,608 -c--a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-08-27 11:57:59 72,192 -c--a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-08-27 11:58:01 4,308,992 -c--a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-08-27 11:58:04 482,304 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-08-27 11:57:54 2,878,976 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-08-27 11:57:36 258,048 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-08-27 11:57:36 114,176 -c--a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-08-27 11:58:13 260,096 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-08-27 11:57:49 5,025,792 -c--a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-08-27 11:57:42 10,752 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-08-27 11:57:35 503,808 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-08-27 11:57:37 13,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-08-27 11:57:56 8,192 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-08-27 11:57:57 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-08-27 11:57:58 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-08-27 11:57:39 413,696 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-08-27 11:57:39 36,864 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-08-27 11:57:40 647,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-08-27 11:57:41 73,728 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-08-27 11:57:37 745,472 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-08-27 11:58:15 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-08-27 11:58:15 372,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-08-27 11:57:32 28,672 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-08-27 11:58:14 667,648 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-08-27 11:58:15 5,632 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-08-27 11:57:34 12,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-08-27 11:57:34 32,768 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-08-27 11:57:34 7,168 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-08-27 11:58:08 110,592 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-08-27 11:57:44 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-08-27 11:58:08 389,120 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-10-09 02:26:34 236,392 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlServerCe\9.0.242.0__89845dcd8080cc91\System.Data.SqlServerCe.dll

+ 2008-08-27 11:58:05 716,800 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-08-27 11:57:37 884,736 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-08-27 11:57:56 5,050,368 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-08-27 11:57:45 188,416 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-08-27 11:57:44 397,312 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-08-27 11:57:46 81,920 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-08-27 11:58:11 700,416 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-08-27 11:58:06 368,640 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-08-27 11:58:12 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-08-27 11:58:07 299,008 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-08-27 11:58:07 131,072 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-08-27 11:57:43 258,048 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-08-27 11:57:46 114,688 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-08-27 11:58:13 835,584 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-08-27 11:57:49 86,016 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-08-27 11:57:50 823,296 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-08-27 11:57:52 5,316,608 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-08-27 11:57:53 2,035,712 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-08-27 11:58:10 3,018,752 -c--a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-08-27 12:13:40 26,624 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\f29e3d26f757f249b9da9a5c59cf0836\Accessibility.ni.dll

+ 2008-08-27 12:13:44 860,160 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\45cced04aa1d4e478af95cd9b2d32ab6\AspNetMMCExt.ni.dll

+ 2008-08-27 12:13:46 237,568 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7f4912b391e70146bb2f3a63cd2ce2f0\CustomMarshalers.ni.dll

+ 2008-08-27 12:13:45 15,360 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\fb3272d1483e27439e7b28d094d80b9e\dfsvc.ni.exe

+ 2008-08-27 12:13:50 880,640 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce89f3c0f0144c4cbefc14f8bde8c6cf\Microsoft.Build.Engine.ni.dll

+ 2008-08-27 12:13:50 81,920 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66f5f405d12e29498fe863b9ea30af4e\Microsoft.Build.Framework.ni.dll

+ 2008-08-27 12:13:57 1,691,648 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6ca22dad4627004eaa04065d5a565754\Microsoft.Build.Tasks.ni.dll

+ 2008-08-27 12:13:59 163,840 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9d966fe17c9c684abef1965fe8df426e\Microsoft.Build.Utilities.ni.dll

+ 2008-08-27 12:14:04 1,724,416 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b6d255262bafe14b96cbb60efd962bab\Microsoft.VisualBasic.ni.dll

+ 2008-08-27 11:59:21 11,411,456 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e0bc79a33a095a4897c463bff37c03dd\mscorlib.ni.dll

+ 2008-08-27 12:14:08 962,560 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\76ec1bf2b1ba7b4ea34e02450b74afee\System.Configuration.ni.dll

+ 2008-08-27 12:01:28 6,688,768 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\69e0a7e35bcfc948989a531c11841465\System.Data.ni.dll

+ 2008-08-27 12:14:11 1,712,128 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\eff7049bd43b054ea57236a31474add4\System.Deployment.ni.dll

+ 2008-08-27 12:01:59 10,723,328 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\a7ea7cede3df654392bc0a75ede93d94\System.Design.ni.dll

+ 2008-08-27 12:14:15 1,220,608 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0a5b8f460a0212489c3173008c7fd634\System.DirectoryServices.ni.dll

+ 2008-08-27 12:14:18 512,000 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c3741c8854726f4080c5b25db48ccaac\System.DirectoryServices.Protocols.ni.dll

+ 2008-08-27 12:00:07 229,376 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\a15f534728d4c744936cc34261b8bfd3\System.Drawing.Design.ni.dll

+ 2008-08-27 12:00:14 1,626,112 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\db82351cd964c04dbdfaafaa9dd0a193\System.Drawing.ni.dll

+ 2008-08-27 12:14:20 659,456 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\bd949c64904c4649bad731dfcb200122\System.EnterpriseServices.ni.dll

+ 2008-08-27 12:14:20 294,912 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\bd949c64904c4649bad731dfcb200122\System.EnterpriseServices.Wrapper.dll

+ 2008-08-27 12:14:23 729,088 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\9db3895b0346824e8931daa012d5ee66\System.Security.ni.dll

+ 2008-08-27 12:14:25 684,032 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\4b7806925d43a84a8aad8ed566128830\System.Transactions.ni.dll

+ 2008-08-27 12:15:26 2,310,144 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\94528d5d6db9f94a88c29af4fa511ccb\System.Web.Mobile.ni.dll

+ 2008-08-27 12:15:28 237,568 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\32fd067618360440b7bb3725b21024b9\System.Web.RegularExpressions.ni.dll

+ 2008-08-27 12:15:35 1,945,600 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e51cbaca2da2f044a073a8c0cfd139ba\System.Web.Services.ni.dll

+ 2008-08-27 12:15:05 11,808,768 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f20210a9fab72f45bb5bda8f83d3b985\System.Web.ni.dll

+ 2008-08-27 12:00:47 13,107,200 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2c19687ba220d841a6f6506fb7944c05\System.Windows.Forms.ni.dll

+ 2008-08-27 12:01:07 5,640,192 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\39cd90aac64819409b1457d303008d92\System.Xml.ni.dll

+ 2008-08-27 12:00:00 8,093,696 -c--a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f27904f9abb9f346b812b9c681ee8ca4\System.ni.dll

- 2007-02-28 16:02:20 2,140,160 -c----w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:45:20 2,140,160 -c----w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe

- 2007-02-28 16:02:34 2,061,824 -c----w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:45:24 2,061,952 -c----w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe

- 2007-02-28 16:02:18 2,019,840 -c----w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:45:20 2,019,840 -c----w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe

- 2007-02-28 16:02:28 2,184,576 -c----w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2008-08-14 13:45:25 2,184,576 -c----w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe

+ 2007-05-31 16:35:22 6,420,320 -c--a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6140110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE

+ 2008-08-27 13:45:28 27,136 -c--a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe

+ 2008-10-09 22:04:34 123,008 -c--a-r C:\WINDOWS\Installer\{839DE877-7F50-4EA5-9A57-8164157F540F}\WLXPhotoGalleryIcon.exe

- 2008-03-29 18:39:05 29,926 -c--a-r C:\WINDOWS\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

+ 2008-10-09 02:15:18 29,926 -c--a-r C:\WINDOWS\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

- 2008-07-09 23:44:17 593,920 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-10-16 10:20:01 593,920 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-07-09 23:44:17 12,288 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-16 10:20:01 12,288 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-07-09 23:44:17 86,016 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-16 10:20:01 86,016 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-07-09 23:44:16 135,168 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-16 10:20:00 135,168 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-07-09 23:44:17 11,264 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-16 10:20:01 11,264 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-07-09 23:44:17 27,136 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-16 10:20:01 27,136 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-07-09 23:44:17 4,096 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-10-16 10:20:01 4,096 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-07-09 23:44:17 794,624 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-16 10:20:01 794,624 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-07-09 23:44:16 249,856 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-16 10:20:00 249,856 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-07-09 23:44:16 61,440 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-16 10:20:00 61,440 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-07-09 23:44:17 23,040 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-16 10:20:01 23,040 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-07-09 23:44:16 286,720 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-10-16 10:20:00 286,720 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-07-09 23:44:16 409,600 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-16 10:20:00 409,600 -c--a-r C:\WINDOWS\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-05 13:44:39 86,746 -c--a-r C:\WINDOWS\Installer\{98883B07-35DF-45D6-AA3F-7BD507E0F655}\wlmail.exe

+ 2007-12-12 18:06:42 295,606 -c--a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe

+ 2005-09-23 10:28:52 72,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2005-09-23 10:29:04 5,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll

+ 2005-09-23 10:29:04 5,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2005-09-23 10:28:52 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

+ 2005-09-23 10:28:56 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2005-09-23 10:28:58 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2005-09-23 10:28:56 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

+ 2005-09-23 10:28:52 86,528 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2005-09-23 10:28:36 18,944 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2005-09-23 10:28:42 136,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2005-09-23 10:28:44 4,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2005-09-23 10:29:04 183,808 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2005-09-23 10:28:28 208,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2005-09-23 10:28:56 10,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2005-09-23 10:28:58 138,240 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2005-09-23 10:28:36 87,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2005-09-23 10:28:58 55,488 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2005-09-23 10:28:32 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2005-09-23 10:28:32 10,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2005-09-23 10:28:32 8,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2005-09-23 10:28:32 23,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2005-09-23 10:28:32 70,656 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2005-09-23 10:28:32 13,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2005-09-23 10:28:32 26,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2005-09-23 10:28:32 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2005-09-23 10:28:32 29,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2005-09-23 10:28:32 29,888 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2005-09-23 10:28:32 503,808 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2005-09-23 10:28:56 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2005-09-23 10:28:56 88,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2005-09-23 10:28:42 76,984 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2005-09-23 10:28:42 1,144,832 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2005-09-23 10:28:42 13,312 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2005-09-23 10:28:58 17,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2005-09-23 10:28:56 68,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2005-09-23 10:28:44 31,936 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2005-09-23 10:28:38 52,736 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2005-09-23 10:28:38 4,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2005-09-23 10:29:12 547,840 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2005-09-23 10:28:56 788,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2005-09-23 10:28:50 9,216 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2005-09-23 10:28:56 9,728 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2005-09-23 10:28:56 8,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2005-09-23 10:28:56 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2005-09-23 10:28:56 5,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2005-09-23 10:28:56 224,952 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2005-09-23 10:28:56 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2005-09-23 10:28:56 55,296 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2005-09-23 10:28:56 72,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2005-09-23 10:28:48 40,960 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2005-09-23 10:01:16 609,472 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

+ 2005-09-23 09:29:48 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll

+ 2005-09-23 09:32:24 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll

+ 2005-09-23 09:34:10 82,944 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll

+ 2005-09-23 09:34:12 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll

+ 2005-09-23 09:34:44 85,504 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll

+ 2005-09-23 09:36:24 87,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll

+ 2005-09-23 06:46:14 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll

+ 2005-09-23 09:38:26 81,408 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll

+ 2005-09-23 09:38:52 86,016 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll

+ 2005-09-23 09:40:30 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll

+ 2005-09-23 09:40:32 83,968 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll

+ 2005-09-23 09:40:56 84,480 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll

+ 2005-09-23 09:42:58 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll

+ 2005-09-23 09:44:58 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll

+ 2005-09-23 09:46:38 83,456 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll

+ 2005-09-23 09:46:38 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll

+ 2005-09-23 09:46:40 83,456 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll

+ 2005-09-23 09:47:04 82,432 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll

+ 2005-09-23 09:47:30 82,432 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll

+ 2005-09-23 09:47:32 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll

+ 2005-09-23 09:47:32 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll

+ 2005-09-23 09:30:18 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll

+ 2005-09-23 09:47:06 84,480 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll

+ 2005-09-23 09:29:50 80,896 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll

+ 2005-09-23 09:36:48 85,504 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll

+ 2005-09-23 10:57:06 245,408 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll

+ 2005-09-23 10:28:48 413,696 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2005-09-23 10:28:48 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2005-09-23 10:28:48 647,168 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2005-09-23 10:28:48 73,728 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2005-09-23 10:28:48 745,472 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2005-09-23 10:29:10 110,592 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2005-09-23 10:29:10 372,736 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2005-09-23 10:29:08 667,648 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2005-09-23 10:28:30 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2005-09-23 10:29:10 5,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2005-09-23 10:28:30 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2005-09-23 10:28:30 12,800 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2005-09-23 10:28:30 7,168 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2005-09-23 10:28:32 87,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2005-09-23 10:28:48 69,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2005-09-23 10:28:56 800,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2005-09-23 10:28:56 73,216 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2005-09-23 10:28:56 288,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2005-09-23 10:28:56 36,864 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2005-09-23 10:28:56 326,144 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2005-09-23 10:28:56 81,408 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2005-09-23 10:28:56 4,308,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2005-09-23 10:28:56 102,400 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2005-09-23 10:29:00 330,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2005-09-23 10:28:56 67,072 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2005-09-23 10:28:50 9,216 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2005-09-23 10:28:56 226,816 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2005-09-23 10:28:56 66,240 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2005-09-23 10:28:56 10,240 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2005-09-23 10:28:50 5,615,616 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2005-09-23 10:29:00 22,528 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2005-09-23 10:28:56 96,440 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2005-09-23 10:28:56 14,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2005-09-23 10:28:56 78,336 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2005-09-23 10:28:50 136,192 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2005-09-23 10:28:56 53,248 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2005-09-23 10:28:56 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2005-09-23 10:29:02 59,072 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2005-09-23 10:28:58 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2005-09-23 10:28:56 107,520 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2005-09-23 10:29:00 85,504 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2005-09-23 10:28:56 377,344 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2005-09-23 10:28:56 110,592 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2005-09-23 10:28:58 389,120 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2005-09-23 10:28:56 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2005-09-23 10:28:56 2,878,976 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2005-09-23 10:28:56 482,304 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2005-09-23 10:28:56 716,800 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2005-09-23 10:28:38 884,736 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2005-09-23 10:28:56 5,050,368 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2005-09-23 10:28:56 397,312 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2005-09-23 10:28:56 188,416 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2005-09-23 10:28:56 3,018,752 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2005-09-23 10:28:56 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2005-09-23 10:28:56 700,416 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2005-09-23 10:28:56 258,048 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2005-09-23 10:28:56 47,616 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2005-09-23 10:28:56 114,176 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2005-09-23 10:28:56 368,640 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2005-09-23 10:28:56 258,048 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2005-09-23 10:28:56 299,008 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2005-09-23 10:28:56 131,072 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2005-09-23 10:28:56 258,048 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2005-09-23 10:28:56 114,688 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2005-09-23 10:28:56 260,096 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2005-09-23 10:28:56 5,025,792 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2005-09-23 10:28:56 835,584 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2005-09-23 10:28:56 86,016 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2005-09-23 10:28:56 823,296 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2005-09-23 10:28:56 5,316,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2005-09-23 10:28:56 2,035,712 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2005-09-23 10:28:56 71,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2005-09-23 10:29:06 1,140,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2005-09-23 10:28:30 1,306,624 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2005-09-23 10:28:32 298,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2005-09-23 10:28:56 28,160 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

- 2008-04-21 07:02:31 1,026,048 -c--a-w C:\WINDOWS\system32\browseui.dll

+ 2008-08-20 05:37:26 1,026,048 -c--a-w C:\WINDOWS\system32\browseui.dll

- 2008-04-21 07:02:31 323,072 -c--a-w C:\WINDOWS\system32\cdfview.dll

+ 2008-08-20 05:37:17 323,072 -c--a-w C:\WINDOWS\system32\cdfview.dll

- 2007-07-30 22:19:20 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll

+ 2008-07-19 01:10:48 94,920 -c--a-w C:\WINDOWS\system32\cdm.dll

- 2008-04-21 07:02:33 1,055,744 -c--a-w C:\WINDOWS\system32\danim.dll

+ 2008-08-20 05:37:18 1,055,744 -c--a-w C:\WINDOWS\system32\danim.dll

+ 2005-09-23 10:28:38 83,456 -c--a-w C:\WINDOWS\system32\dfshim.dll

- 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

+ 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys

- 2008-04-21 07:02:31 1,026,048 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll

+ 2008-08-20 05:37:26 1,026,048 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll

- 2008-04-21 07:02:31 323,072 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll

+ 2008-08-20 05:37:17 323,072 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll

- 2007-07-30 22:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

+ 2008-07-19 01:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll

- 2008-04-21 07:02:33 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

+ 2008-08-20 05:37:18 1,055,744 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll

- 2008-04-21 07:02:33 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-08-20 05:37:19 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2008-04-21 07:02:33 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-08-20 05:37:19 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2005-07-26 04:40:30 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll

+ 2008-07-07 20:31:58 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll

- 2008-04-21 07:02:34 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-08-20 05:37:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

+ 2008-08-19 09:30:39 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe

- 2008-04-21 07:02:34 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

+ 2008-08-20 05:37:19 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll

- 2007-08-21 06:17:40 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:51:08 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll

- 2008-04-21 07:02:34 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

+ 2008-08-20 05:37:19 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll

- 2008-04-21 07:02:34 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-08-20 05:37:24 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2004-08-04 03:45:24 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll

+ 2008-05-01 14:32:24 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll

- 2005-06-29 01:49:48 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll

+ 2008-06-24 16:24:13 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll

- 2008-04-21 07:02:39 3,151,360 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-08-20 05:37:30 3,151,872 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2008-04-21 07:02:39 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-08-20 05:37:24 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2008-04-21 07:02:39 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-08-20 05:37:20 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2008-04-21 07:02:40 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-08-20 05:37:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-02-28 16:02:20 2,140,160 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

+ 2008-08-14 13:45:20 2,140,160 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

- 2007-02-28 16:02:34 2,061,824 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

+ 2008-08-14 13:45:24 2,061,952 -c--a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

- 2007-02-28 16:02:18 2,019,840 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

+ 2008-08-14 13:45:20 2,019,840 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

- 2007-02-28 16:02:28 2,184,576 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

+ 2008-08-14 13:45:25 2,184,576 -c--a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

- 2008-04-21 07:02:40 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-08-20 05:37:20 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2008-04-21 07:02:41 2,166,784 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2008-08-20 05:37:23 2,166,784 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

- 2008-04-21 07:02:42 477,696 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

+ 2008-08-20 05:37:25 477,696 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

- 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys

+ 2008-08-28 10:04:17 333,056 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys

- 2008-04-21 07:02:42 627,200 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-20 05:37:27 627,200 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-03-20 08:09:41 1,845,376 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

+ 2008-09-15 15:40:06 1,846,144 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys

- 2008-04-21 07:02:42 661,504 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-20 05:37:24 661,504 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2007-07-30 22:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

+ 2008-07-19 01:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll

- 2007-07-30 22:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

+ 2008-07-19 01:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe

- 2007-07-30 22:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

+ 2008-07-19 01:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll

- 2007-07-30 22:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

+ 2008-07-19 01:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll

- 2007-07-30 22:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

+ 2008-07-19 01:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll

- 2007-07-30 22:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

+ 2008-07-19 01:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll

- 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys

+ 2008-08-14 09:51:43 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys

- 2008-04-30 16:37:38 79,424 -c--a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2008-07-18 00:47:26 75,072 -c--a-w C:\WINDOWS\system32\drivers\avipbb.sys

- 2006-09-27 21:53:22 36,560 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys

+ 2008-02-23 02:38:33 43,872 -c----w C:\WINDOWS\system32\drivers\pxhelp20.sys

- 2008-04-21 07:02:33 357,888 -c--a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-08-20 05:37:19 357,888 -c--a-w C:\WINDOWS\system32\dxtmsft.dll

- 2008-04-21 07:02:33 205,312 -c--a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-08-20 05:37:19 205,312 -c--a-w C:\WINDOWS\system32\dxtrans.dll

- 2005-07-26 04:40:30 243,200 -c--a-w C:\WINDOWS\system32\es.dll

+ 2008-07-07 20:31:58 253,952 -c--a-w C:\WINDOWS\system32\es.dll

- 2008-04-21 07:02:34 55,808 -c--a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-08-20 05:37:19 55,808 -c--a-w C:\WINDOWS\system32\extmgr.dll

- 2008-06-26 09:29:46 241,536 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-10-16 15:41:52 244,720 -c--a-w C:\WINDOWS\system32\FNTCACHE.DAT

- 2008-04-21 07:02:34 251,392 -c--a-w C:\WINDOWS\system32\iepeers.dll

+ 2008-08-20 05:37:19 251,392 -c--a-w C:\WINDOWS\system32\iepeers.dll

- 2007-08-21 06:17:40 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll

+ 2008-04-11 18:51:08 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll

- 2008-04-21 07:02:34 96,768 -c--a-w C:\WINDOWS\system32\inseng.dll

+ 2008-08-20 05:37:19 96,768 -c--a-w C:\WINDOWS\system32\inseng.dll

- 2008-02-22 04:23:35 135,168 -c--a-w C:\WINDOWS\system32\java.exe

+ 2008-06-10 04:21:01 135,168 -c--a-w C:\WINDOWS\system32\java.exe

- 2008-02-22 04:23:39 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-10 04:21:04 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe

- 2008-02-22 05:33:32 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 05:32:34 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe

- 2008-04-21 07:02:34 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-08-20 05:37:24 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-03-25 02:32:44 218,496 -c--a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe

- 2007-11-21 00:52:38 2,884,992 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:18 2,889,088 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

- 2007-11-21 00:52:40 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-03-25 03:21:20 218,496 -c--a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-08-27 13:39:59 74,137 -c--a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

- 2008-01-26 18:39:37 70,264 -c--a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

+ 2008-08-27 13:40:14 70,264 -c--a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-05-29 23:35:11 17,486,968 -c--a-w C:\WINDOWS\system32\MRT.exe

+ 2008-10-07 19:19:40 16,721,856 -c--a-w C:\WINDOWS\system32\MRT.exe

- 2005-06-29 01:49:48 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll

+ 2008-06-24 16:24:13 74,240 -c--a-w C:\WINDOWS\system32\mscms.dll

+ 2005-09-23 10:28:52 270,848 -c--a-w C:\WINDOWS\system32\mscoree.dll

+ 2005-09-23 10:28:52 150,016 -c--a-w C:\WINDOWS\system32\mscorier.dll

+ 2005-09-23 10:28:52 74,240 -c--a-w C:\WINDOWS\system32\mscories.dll

- 2008-04-21 07:02:39 3,151,360 -c--a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-20 05:37:30 3,151,872 -c--a-w C:\WINDOWS\system32\mshtml.dll

- 2008-04-21 07:02:39 449,024 -c--a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-08-20 05:37:24 449,024 -c--a-w C:\WINDOWS\system32\mshtmled.dll

- 2008-04-21 07:02:39 146,432 -c--a-w C:\WINDOWS\system32\msrating.dll

+ 2008-08-20 05:37:20 146,432 -c--a-w C:\WINDOWS\system32\msrating.dll

- 2008-04-21 07:02:40 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll

+ 2008-08-20 05:37:20 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll

- 2003-02-21 02:42:00 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll

+ 2003-02-21 03:42:22 348,160 -c--a-w C:\WINDOWS\system32\msvcr71.dll

+ 2000-10-20 04:05:42 25,088 -c--a-w C:\WINDOWS\system32\msxml3a.dll

- 2007-07-30 22:19:10 271,224 -c--a-w C:\WINDOWS\system32\mucltui.dll

+ 2008-07-19 01:07:34 270,880 -c--a-w C:\WINDOWS\system32\mucltui.dll

+ 2005-09-23 10:29:00 6,144 -c--a-w C:\WINDOWS\system32\mui\0409\mscorees.dll

- 2007-07-30 22:19:04 207,736 -c--a-w C:\WINDOWS\system32\muweb.dll

+ 2008-07-19 01:07:32 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll

+ 2005-09-23 10:28:56 32,768 -c--a-w C:\WINDOWS\system32\netfxperf.dll

- 2008-02-17 11:13:49 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-08-27 12:02:12 58,596 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-02-17 11:13:49 48,628 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-08-27 12:02:12 67,232 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-02-17 11:13:49 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-08-27 12:02:12 392,296 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-02-17 11:13:49 344,380 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-08-27 12:02:12 425,072 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2006-10-24 15:30:20 412,160 -c----w C:\WINDOWS\system32\photometadatahandler.dll

- 2008-04-21 07:02:40 39,424 -c--a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-08-20 05:37:20 39,424 -c--a-w C:\WINDOWS\system32\pngfilt.dll

- 2008-04-21 07:02:41 2,166,784 -c--a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-08-20 05:37:23 2,166,784 -c--a-w C:\WINDOWS\system32\shdocvw.dll

- 2008-04-21 07:02:42 477,696 -c--a-w C:\WINDOWS\system32\shlwapi.dll

+ 2008-08-20 05:37:25 477,696 -c--a-w C:\WINDOWS\system32\shlwapi.dll

+ 2008-07-19 01:10:20 36,552 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll

+ 2008-07-19 01:10:40 45,768 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll

- 2007-11-30 12:39:04 18,296 -c----w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:18:16 18,296 -c----w C:\WINDOWS\system32\spmsg.dll

- 2006-09-16 06:02:34 23,856 -c--a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2006-10-16 19:10:58 23,856 -c--a-w C:\WINDOWS\system32\spupdsvc.exe

- 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\system32\tzchange.exe

+ 2008-07-14 11:09:18 62,976 -c----w C:\WINDOWS\system32\tzchange.exe

- 2008-04-21 07:02:42 627,200 -c--a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-20 05:37:27 627,200 -c--a-w C:\WINDOWS\system32\urlmon.dll

+ 2006-10-24 15:30:06 716,288 -c----w C:\WINDOWS\system32\WindowsCodecs.dll

+ 2006-10-24 15:29:50 352,256 -c----w C:\WINDOWS\system32\WindowsCodecsExt.dll

- 2006-10-19 00:47:20 295,936 -c----w C:\WINDOWS\system32\wmpeffects.dll

+ 2008-06-24 21:12:58 295,936 -c--a-w C:\WINDOWS\system32\wmpeffects.dll

+ 2006-10-24 15:30:00 276,992 -c----w C:\WINDOWS\system32\WMPhoto.dll

- 2007-07-30 22:19:36 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll

+ 2008-07-19 01:09:44 563,912 -c--a-w C:\WINDOWS\system32\wuapi.dll

- 2007-07-30 22:19:16 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe

+ 2008-07-19 01:10:42 53,448 -c--a-w C:\WINDOWS\system32\wuauclt.exe

- 2007-07-30 22:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\wuaueng.dll

+ 2008-07-19 01:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\wuaueng.dll

- 2007-07-30 22:19:32 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll

+ 2008-07-19 01:09:46 325,832 -c--a-w C:\WINDOWS\system32\wucltui.dll

- 2007-07-30 22:18:40 33,624 -c--a-w C:\WINDOWS\system32\wups.dll

+ 2008-07-19 01:10:20 36,552 -c--a-w C:\WINDOWS\system32\wups.dll

- 2007-07-30 22:19:12 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll

+ 2008-07-19 01:10:40 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll

- 2007-07-30 22:19:28 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll

+ 2008-07-19 01:09:44 205,000 -c--a-w C:\WINDOWS\system32\wuweb.dll

- 2008-04-17 11:03:33 360,448 -c--a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2008-08-19 09:51:24 360,448 -c--a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2005-09-23 10:29:16 479,232 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2005-09-23 10:29:16 548,864 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-23 10:29:16 626,688 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2008-04-15 17:59:06 1,724,416 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

+ 2008-08-27 11:57:36 258,048 -c--a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-08-27 11:57:36 114,176 -c--a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2008-02-01 14:17:16 587,264 -c--a-w C:\WINDOWS\WLXPGSS.SCR

- 2006-05-14 04:23:00 140,288 -c--a-w C:\WINDOWS\XPize Darkside\Backup\7z.dll

+ 2007-12-06 08:37:32 599,552 -c--a-w C:\WINDOWS\XPize Darkside\Backup\7z.dll

- 2008-04-21 07:02:31 1,024,000 -c--a-w C:\WINDOWS\XPize Darkside\Backup\browseui.dll

+ 2008-08-20 05:37:26 1,024,000 -c--a-w C:\WINDOWS\XPize Darkside\Backup\browseui.dll

- 2008-04-21 07:02:31 151,552 -c--a-w C:\WINDOWS\XPize Darkside\Backup\cdfview.dll

+ 2008-08-20 05:37:17 151,552 -c--a-w C:\WINDOWS\XPize Darkside\Backup\cdfview.dll

- 2008-04-21 07:02:39 3,080,704 -c--a-w C:\WINDOWS\XPize Darkside\Backup\mshtml.dll

+ 2008-08-20 05:37:30 3,081,216 -c--a-w C:\WINDOWS\XPize Darkside\Backup\mshtml.dll

- 2008-04-21 07:02:41 1,494,528 -c--a-w C:\WINDOWS\XPize Darkside\Backup\shdocvw.dll

+ 2008-08-20 05:37:23 1,494,528 -c--a-w C:\WINDOWS\XPize Darkside\Backup\shdocvw.dll

- 2008-04-21 07:02:42 474,112 -c--a-w C:\WINDOWS\XPize Darkside\Backup\shlwapi.dll

+ 2008-08-20 05:37:25 474,112 -c--a-w C:\WINDOWS\XPize Darkside\Backup\shlwapi.dll

- 2008-04-21 07:02:42 616,960 -c--a-w C:\WINDOWS\XPize Darkside\Backup\urlmon.dll

+ 2008-08-20 05:37:27 616,960 -c--a-w C:\WINDOWS\XPize Darkside\Backup\urlmon.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XPize Darkside Reloader"="C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe" [2007-10-12 112737]

"filehippo.com"="C:\Arquivos de programas\filehippo.com\UpdateChecker.exe" [2008-07-03 137216]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 30208]

"SpybotSD TeaTimer"="C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"PC Suite Tray"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-07 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-07 126976]

"QuickTime Task"="C:\Program Files\Fantasy Codecs\QTTask.exe" [2008-05-27 413696]

"avgnt"="C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"SoundMan"="SOUNDMAN.EXE" [2005-12-14 C:\WINDOWS\Soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-07-05 C:\WINDOWS\sm56hlpr.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

--a--c--- 2008-08-21 12:45 888832 C:\Arquivos de programas\Ares\Ares.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\desp2k]

--a--c--- 2006-08-03 16:05 65536 C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a--c--- 2007-12-10 09:12 695808 C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\eMule\\eMule.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"34162:TCP"= 34162:TCP:AresChatServer

 

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 61440]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

WebBrowser-{21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)

 

 

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\4mbzb1yt.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://g1.globo.com/

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

FF -: plugin - C:\Arquivos de programas\Picasa2\npPicasa2.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\nppl3260.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin2.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin3.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin4.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin5.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin6.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\npqtplugin7.dll

FF -: plugin - C:\Program Files\Fantasy Codecs\Plugins\nprpjplug.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-22 20:14:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

Tempo para conclusão: 2008-10-22 20:20:33

ComboFix-quarantined-files.txt 2008-10-22 23:20:25

ComboFix2.txt 2008-07-13 12:33:54

ComboFix3.txt 2008-07-11 21:56:38

 

Pré-execução: 18 pasta(s) 38.233.726.976 bytes disponíveis

Pós execução: 18 pasta(s) 38,259,023,872 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

808 --- E O F --- 2008-10-16 10:21:23

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:38:26, on 22/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Fantasy Codecs\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [filehippo.com] "C:\Arquivos de programas\filehippo.com\UpdateChecker.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: Domain = @

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8492 bytes

[Silas Martins 0]

Faça um scan em http://www.kaspersky.com/virusscanner e poste o resultado aqui.

Clique em Kaspersky Online Scanner e "Accept". Quando perguntado se permite que o Java seja executado, permita.

Aguardo o log do scaner, juntamente com um novo log do hijackthis

[ItaloCCSL 0]

Faça um scan em http://www.kaspersky.com/virusscanner e poste o resultado aqui.

Clique em Kaspersky Online Scanner e "Accept". Quando perguntado se permite que o Java seja executado, permita.

Aguardo o log do scaner, juntamente com um novo log do hijackthis

 

 

Quando eu fiz o que você me pediu deu um erro no java e ele só fez foi atualizar, mas não scaniou.

Então eu foi no scanner e ele foi executado até o fim e ele não encontrou nenhum vírus nem nada e eu botei para ele scanear meu computador. A pagina não gerou nenhum log.

 

O que eu fiz de errado?

Devo tentar repetir?

[Silas Martins 0]

Faça o Scan com o Panda Active Scan

E poste o relatório gerado, juntamente com um novo log do hijackthis.

[ItaloCCSL 0]

Pronto aqui estão:

 

;*******************************************************************************

*********************************************************************************

*******************

ANALYSIS: 2008-11-01 20:48:46

PROTECTIONS: 1

MALWARE: 8

SUSPECTS: 3

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Avira AntiVir PersonalEdition 8.0.1.30 Yes Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ítalo César.HOME\Cookies\ítalo césar@serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ítalo César.HOME\Cookies\ítalo césar@bs.serving-sys[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ítalo César.HOME\Cookies\ítalo césar@ads.pointroll[2].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ítalo César.HOME\Cookies\ítalo césar@terra.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ítalo César.HOME\Cookies\ítalo césar@uol.com[1].txt

03442637 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8D3467F6-DE70-4CB6-B1EA-F40DB09B0F2C}\RP107\A0033145.dll

03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{FEBDBD40-C60D-4481-AC4D-EF35DC5B3CF0}\RP399\A0066355.sys

03997197 Trj/Nabload.ACN Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1390067357-117609710-725345543-1004\Dc2.zip[convite.com]

03997197 Trj/Nabload.ACN Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1390067357-117609710-725345543-1004\Dc1.zip[convite.com]

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location

;===============================================================================

=================================================================================

===================

No C:\System Volume Information\_restore{8D3467F6-DE70-4CB6-B1EA-F40DB09B0F2C}\RP107\A0031483.exe

No C:\System Volume Information\_restore{8D3467F6-DE70-4CB6-B1EA-F40DB09B0F2C}\RP119\A0041961.exe[²èÇ]

No C:\WINDOWS\system32\cmpe.exe

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:04:18, on 1/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avwsc.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: Domain = @

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8340 bytes

[Silas Martins 0]

Baixe o Bankerfix.

desative o seu antivírus temporariamente, para não haver conflitos e para uma melhor detecção.

Clique duas vezes sobre bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

Habilite o seu antivírus. e gere um novo log do hijackthis, e poste juntamente com o relatório .txt do Bankerfix.

 

Aguardo o Retorno

[ItaloCCSL 0]

Silas, meu amigo eu fiz o que você me pediu, mas o Bankerfix disse que não encontrou nada e não gerou nenhum relatório.

 

De qualquer forma o logo do Hijackthis segue a seguir:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:29:01, on 7/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [XPize Darkside Reloader] C:\WINDOWS\XPize Darkside\XPize Darkside Reloader.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Arquivos de programas\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0FDA29-8843-46BE-A4B8-15F1CE65190C}: Domain = @

O17 - HKLM\System\CS2\Services\Tcpip\..\{34BD16B8-3235-463F-AF47-A34F1D4535A4}: NameServer = 200.165.132.155 200.149.55.140

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 8250 bytes

[Silas Martins 0]

Faça o download do CCleaner:

Abra o programa e clique em Executar Limpeza;

Após isto, clique em Erros > Procurar erros > Corrigir Erros

- Desative e ative novamente a Restauração do Sistema

Algum problema persiste?

[ItaloCCSL 0]

Amigo Silas,

 

Eu efetuei a última ação que você me pediu e já faz alguns dias que o erro não aparece. Creio que ele já está resolvido.

Eu lhe agradeço muito, por ter mais uma vez me ajudado.

 

Obrigado meu amigo.

Valeu.

Você é fera nisso! :thumbsup:

[Silas Martins 0]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.