Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Lucied

[Resolvido!] Win32/Heur e derivados (Win32/Virut, SHeur2.AMSD) in

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Lucied    0

Lucied
Postado

PedroN,

 

criei o arquivo texto com as informações em seu quote como instruído, e o arrastei para o ComboFix no modo de segurança. O programa acusou, porém, que o AVG ainda estava ativo e isso poderia causar problemas e danificar o computador. Como por alguma razão não consegui abrir o AVG no modo de segurança, reiniciei o PC em modo normal e desativei seu Resident Shield.

 

Voltei ao modo de segurança. Quando tentei arrastar o CFScript.txt para o ComboFix.exe novamente, voltou a ocorrer o erro que descrevi em meu terceiro post - uma mensagem acusando que o conteúdo do ComboFix foi comprometido e que eu posso estar infectado com um Virut.

 

Refiz o download da ferramenta, tentei novamente, mesma coisa. Tentei também em modo normal e o mesmo erro acontece. Tentei de diversas maneiras, mas nada funciona.

 

O que fazer?

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Execute novamente o Kaspersky Virus Removal Tool e logo em seguida refaça os procedimentos com o CFScript.txt e sobre o aviso do AVG:

 

o AVG ainda estava ativo e isso poderia causar problemas e danificar o computador

 

Ignore esta mensagem e continua-se com os procedimento com o comboFix.

 

Abraços;

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

Olá PedroN.

 

Anteontem o Kaspersky Virus Removal Tool passou 6 horas fazendo o scan, apenas para trancar em um arquivo e ficar mais de 3 horas sem progresso. Tive de cancelar e não fiz mais nada no dia. Ontem, após 7 horas e meia ele terminou o scan, e eu desinfectei, deletei e mandei alguns arquivos para quarentena. Em seguida executei o ComboFix com o CFScript que você escreveu.

 

Ontem, porém, o fórum estava fora do ar quando tentei responder, portanto tive de esperar até hoje. Segue o log:

 

-------------------------------------------------

ComboFix 09-07-13.01 - Jorge 14/07/2009 21:27.2.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.3048 [GMT -3:00]

Executando de: h:\documents and settings\Jorge\Desktop\ComboFix.exe

Comandos utilizados :: h:\documents and settings\Jorge\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

 

FILE ::

"h:\windows\PSEXESVC.EXE"

"h:\windows\system32\10.tmp"

"h:\windows\system32\11.tmp"

"h:\windows\system32\12.tmp"

"h:\windows\system32\13.tmp"

"h:\windows\system32\14.tmp"

"h:\windows\system32\15.tmp"

"h:\windows\system32\16.tmp"

"h:\windows\system32\17.tmp"

"h:\windows\system32\18.tmp"

"h:\windows\system32\19.tmp"

"h:\windows\system32\1A.tmp"

"h:\windows\system32\1B.tmp"

"h:\windows\system32\1C.tmp"

"h:\windows\system32\1D.tmp"

"h:\windows\system32\1E.tmp"

"h:\windows\system32\1F.tmp"

"h:\windows\system32\2.tmp"

"h:\windows\system32\20.tmp"

"h:\windows\system32\21.tmp"

"h:\windows\system32\22.tmp"

"h:\windows\system32\23.tmp"

"h:\windows\system32\24.tmp"

"h:\windows\system32\25.tmp"

"h:\windows\system32\26.tmp"

"h:\windows\system32\27.tmp"

"h:\windows\system32\28.tmp"

"h:\windows\system32\29.tmp"

"h:\windows\system32\2A.tmp"

"h:\windows\system32\2B.tmp"

"h:\windows\system32\2C.tmp"

"h:\windows\system32\2D.tmp"

"h:\windows\system32\2E.tmp"

"h:\windows\system32\2F.tmp"

"h:\windows\system32\30.tmp"

"h:\windows\system32\31.tmp"

"h:\windows\system32\32.tmp"

"h:\windows\system32\33.tmp"

"h:\windows\system32\34.tmp"

"h:\windows\system32\35.tmp"

"h:\windows\system32\36.tmp"

"h:\windows\system32\37.tmp"

"h:\windows\system32\38.tmp"

"h:\windows\system32\39.tmp"

"h:\windows\system32\3B.tmp"

"h:\windows\system32\5.tmp"

"h:\windows\system32\7.tmp"

"h:\windows\system32\8.tmp"

"h:\windows\system32\C.tmp"

"h:\windows\system32\D.tmp"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

h:\windows\system32\10.tmp

h:\windows\system32\11.tmp

h:\windows\system32\12.tmp

h:\windows\system32\13.tmp

h:\windows\system32\14.tmp

h:\windows\system32\15.tmp

h:\windows\system32\16.tmp

h:\windows\system32\17.tmp

h:\windows\system32\18.tmp

h:\windows\system32\19.tmp

h:\windows\system32\1A.tmp

h:\windows\system32\1B.tmp

h:\windows\system32\1C.tmp

h:\windows\system32\1D.tmp

h:\windows\system32\1E.tmp

h:\windows\system32\1F.tmp

h:\windows\system32\2.tmp

h:\windows\system32\20.tmp

h:\windows\system32\21.tmp

h:\windows\system32\22.tmp

h:\windows\system32\24.tmp

h:\windows\system32\25.tmp

h:\windows\system32\26.tmp

h:\windows\system32\28.tmp

h:\windows\system32\29.tmp

h:\windows\system32\2A.tmp

h:\windows\system32\2C.tmp

h:\windows\system32\2D.tmp

h:\windows\system32\2F.tmp

h:\windows\system32\30.tmp

h:\windows\system32\31.tmp

h:\windows\system32\32.tmp

h:\windows\system32\33.tmp

h:\windows\system32\34.tmp

h:\windows\system32\35.tmp

h:\windows\system32\36.tmp

h:\windows\system32\37.tmp

h:\windows\system32\38.tmp

h:\windows\system32\39.tmp

h:\windows\system32\5.tmp

h:\windows\system32\7.tmp

h:\windows\system32\8.tmp

h:\windows\system32\9.tmp

h:\windows\system32\Ati2mdxx.exe

h:\windows\system32\C.tmp

h:\windows\system32\D.tmp

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))

.

 

2009-07-14 16:21 . 2009-07-14 16:21 -------- d-----w- h:\windows\LastGood

2009-07-14 16:21 . 2008-07-08 17:54 148496 ----a-w- h:\windows\system32\drivers\65491658.sys

2009-07-13 22:43 . 2008-07-08 17:54 148496 ----a-w- h:\windows\system32\drivers\18238059.sys

2009-07-13 12:30 . 2009-07-13 12:35 84467 ----a-w- h:\windows\sc.exe

2009-07-13 12:30 . 2009-07-13 12:35 -------- d-----w- h:\arquivos de programas\Protection System

2009-07-13 05:04 . 2009-07-13 05:04 212224 -c--a-w- h:\windows\system32\dllcache\ndis.sys

2009-07-12 19:47 . 2008-10-15 16:36 337408 -c----w- h:\windows\system32\dllcache\netapi32.dll

2009-07-09 23:45 . 2009-07-09 23:45 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\Malwarebytes

2009-07-09 23:45 . 2009-06-17 14:27 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys

2009-07-09 23:45 . 2009-07-09 23:45 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-09 23:45 . 2009-07-09 23:45 -------- d-----w- h:\arquivos de programas\Malwarebytes' Anti-Malware

2009-07-09 23:45 . 2009-06-17 14:27 19096 ----a-w- h:\windows\system32\drivers\mbam.sys

2009-07-09 20:21 . 2009-07-09 20:21 -------- d-----w- H:\Virut

2009-07-08 23:43 . 2009-07-09 00:57 -------- d-----w- h:\documents and settings\Jorge\DoctorWeb

2009-07-08 19:23 . 2009-07-14 16:22 23793696 --sha-w- h:\windows\system32\drivers\fidbox.dat

2009-07-08 19:23 . 2008-07-08 17:54 148496 ----a-w- h:\windows\system32\drivers\02786923.sys

2009-07-08 00:13 . 2008-04-13 22:20 579072 -c--a-w- h:\windows\system32\dllcache\user32.dll

2009-07-08 00:11 . 2009-07-08 00:12 -------- d-----w- h:\windows\ERUNT

2009-07-08 00:07 . 2009-07-08 00:26 -------- d-----w- H:\SDFix

2009-07-07 20:52 . 2009-07-07 20:52 664 ----a-w- h:\windows\system32\d3d9caps.dat

2009-07-07 01:23 . 2009-07-07 01:23 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\GetRightToGo

2009-07-07 00:25 . 2005-05-10 21:54 258352 ----a-w- h:\windows\system32\unicows.dll

2009-07-06 23:47 . 2009-07-08 01:45 -------- d-----w- h:\arquivos de programas\Perfect World International

2009-06-25 20:39 . 2009-06-25 20:39 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\Locktime

2009-06-25 20:33 . 2009-06-25 20:33 107888 ----a-w- h:\windows\system32\CmdLineExt.dll

2009-06-24 19:26 . 2009-06-25 20:41 -------- d-----w- h:\arquivos de programas\Rockstar Games

2009-06-24 18:55 . 2009-06-24 18:55 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\DAEMON Tools Pro

2009-06-24 18:55 . 2009-06-24 18:55 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\DAEMON Tools

2009-06-24 18:54 . 2009-06-24 18:54 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-06-24 18:50 . 2009-06-24 19:24 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\DAEMON Tools Lite

2009-06-18 23:19 . 2009-06-18 23:19 162432 ----a-w- h:\windows\system32\drivers\ithsgt.sys

2009-06-18 23:19 . 2009-06-18 23:19 12032 ----a-w- h:\windows\system32\drivers\lilsgt.sys

2009-06-16 00:37 . 2009-06-16 00:37 -------- d-----w- h:\arquivos de programas\NVIDIA Corporation

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-15 00:15 . 2008-10-02 13:30 196608 ----a-w- h:\windows\system32\wbem\wmiadap.exe

2009-07-15 00:15 . 2008-10-02 13:30 17408 ----a-w- h:\windows\system32\wbem\unsecapp.exe

2009-07-15 00:15 . 2008-10-02 13:30 118784 ----a-w- h:\windows\system32\wbem\wbemtest.exe

2009-07-15 00:15 . 2008-10-02 13:30 365056 ----a-w- h:\windows\system32\wbem\wmic.exe

2009-07-15 00:15 . 2008-10-02 13:30 218112 ----a-w- h:\windows\system32\wbem\wmiprvse.exe

2009-07-15 00:15 . 2008-10-02 13:30 36352 ----a-w- h:\windows\system32\wbem\scrcons.exe

2009-07-15 00:15 . 2008-10-02 13:30 16896 ----a-w- h:\windows\system32\wbem\mofcomp.exe

2009-07-15 00:09 . 2008-10-02 13:32 151040 ----a-w- h:\windows\PCHealth\UploadLB\Binaries\uploadm.exe

2009-07-15 00:08 . 2008-10-02 13:32 35840 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\notiflag.exe

2009-07-15 00:08 . 2008-10-02 13:31 744448 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2009-07-15 00:08 . 2008-10-02 13:31 18944 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe

2009-07-15 00:08 . 2008-10-02 13:32 99840 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\HelpHost.exe

2009-07-15 00:06 . 2008-11-14 20:52 86016 ----a-w- h:\windows\unvise32.exe

2009-07-15 00:06 . 2008-10-02 13:25 15360 ----a-w- h:\windows\TASKMAN.EXE

2009-07-15 00:06 . 2001-10-28 12:07 25600 ----a-w- h:\windows\twunk_32.exe

2009-07-15 00:06 . 2008-10-02 14:28 32768 ----a-w- h:\windows\slrundll.exe

2009-07-15 00:06 . 2008-10-02 13:49 413696 ----a-w- h:\windows\sttray.exe

2009-07-15 00:05 . 2008-10-08 22:27 306688 ----a-w- h:\windows\IsUninst.exe

2009-07-15 00:05 . 2009-05-10 23:04 52736 ----a-w- h:\windows\ipuninst.exe

2009-07-15 00:05 . 2009-05-04 23:59 304128 ----a-w- h:\windows\IsUn0411.exe

2009-07-15 00:05 . 2009-04-23 23:12 250368 ----a-w- h:\windows\eiunin21.exe

2009-07-14 23:55 . 2009-03-22 02:52 45056 ----a-r- h:\documents and settings\Jorge\Dados de aplicativos\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe

2009-07-14 23:55 . 2009-03-24 20:34 335872 ----a-w- h:\documents and settings\Jorge\Dados de aplicativos\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe

2009-07-14 20:48 . 2008-05-15 01:59 585728 ----a-w- h:\windows\system32\ati2evxx.exe

2009-07-14 16:22 . 2009-07-08 19:23 279908 --sha-w- h:\windows\system32\drivers\fidbox.idx

2009-07-14 00:16 . 2008-10-02 14:28 346112 ----a-w- h:\windows\system32\mspaint.exe

2009-07-14 00:16 . 2008-10-02 14:34 598016 ----a-w- h:\windows\system32\ati2sgag.exe

2009-07-14 00:16 . 2008-10-02 14:28 188416 ----a-w- h:\windows\system32\accwiz.exe

2009-07-14 00:16 . 2008-10-02 14:28 105472 ----a-w- h:\windows\system32\clipbrd.exe

2009-07-13 12:29 . 2008-10-08 21:22 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-13 12:28 . 2009-07-13 12:28 0 ----a-w- h:\windows\system32\E.tmp

2009-07-13 12:28 . 2009-07-13 12:28 0 ----a-w- h:\windows\system32\A.tmp

2009-07-13 05:26 . 2009-07-13 05:26 84 ----a-w- h:\windows\system32\3.tmp

2009-07-13 05:04 . 2002-08-29 02:09 212224 ----a-w- h:\windows\system32\drivers\ndis.sys

2009-07-12 18:27 . 2001-10-28 12:07 98486 ----a-w- h:\windows\system32\perfc016.dat

2009-07-12 18:27 . 2001-10-28 12:07 523582 ----a-w- h:\windows\system32\perfh016.dat

2009-07-12 04:13 . 2002-08-29 01:58 361600 ----a-w- h:\windows\system32\drivers\TCPIP.SYS

2009-07-09 22:25 . 2008-10-02 14:34 -------- d-----w- h:\arquivos de programas\ATI Technologies

2009-07-08 23:46 . 2008-10-02 13:30 13312 ----a-w- h:\windows\system32\wbem\winmgmt.exe

2009-07-08 23:46 . 2001-10-28 12:07 34304 ----a-w- h:\windows\system32\svchost.exe

2009-07-08 23:45 . 2002-09-09 14:08 514560 ----a-w- h:\windows\system32\logonui.exe

2009-07-08 23:45 . 2002-09-09 14:08 1055744 ----a-w- h:\windows\explorer.exe

2009-07-08 19:52 . 2001-10-28 12:06 5632 ----a-w- h:\windows\system32\cisvc.exe

2009-07-07 22:18 . 2008-10-02 14:46 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\avg8

2009-07-07 00:41 . 2009-02-19 20:05 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\codeblocks

2009-07-06 18:59 . 2009-07-06 18:59 361600 ----a-w- h:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2009-07-05 23:00 . 2008-10-08 22:13 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-06-25 20:11 . 2008-10-02 13:44 -------- d--h--w- h:\arquivos de programas\InstallShield Installation Information

2009-06-25 19:06 . 2008-10-02 14:46 11952 ----a-w- h:\windows\system32\avgrsstx.dll

2009-06-25 19:06 . 2008-10-02 14:46 327688 ----a-w- h:\windows\system32\drivers\avgldx86.sys

2009-06-25 19:06 . 2008-10-02 14:46 27784 ----a-w- h:\windows\system32\drivers\avgmfx86.sys

2009-06-24 18:50 . 2008-10-08 22:45 717296 ----a-w- h:\windows\system32\drivers\sptd.sys

2009-06-18 00:00 . 2009-04-08 01:14 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\gtk-2.0

2009-06-05 21:58 . 2009-06-05 21:58 -------- d-----w- h:\arquivos de programas\Bethesda Softworks

2009-06-04 01:10 . 2009-03-31 21:13 -------- d-----w- h:\arquivos de programas\NGZoom

2009-05-31 22:38 . 2008-11-13 01:23 -------- d-----w- h:\arquivos de programas\Arquivos comuns\BioWare

2009-05-04 16:43 . 2008-10-02 14:46 108552 ----a-w- h:\windows\system32\drivers\avgtdix.sys

2009-05-02 09:53 . 2009-05-02 09:53 152576 ----a-w- h:\documents and settings\Jorge\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-08 01:33 . 2008-10-20 21:07 134648 ----a-w- h:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

.

 

------- Sigcheck -------

 

[-] 2009-07-15 00:08 14336 E031C4B1550A94D3C66AAE65398B4C8F h:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2009-07-15 00:10 14336 5575B62D28F25B927D07E2D2961EC9F4 h:\windows\ServicePackFiles\i386\svchost.exe

[-] 2009-07-08 23:46 34304 CA84E82B8C847CB2AFFF3C864E2DF621 h:\windows\system32\svchost.exe

 

[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E h:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C h:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-04-13 15:20 361344 93EA8D04EC73A85DB02EB8805988F733 h:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2008-04-13 15:20 361344 93EA8D04EC73A85DB02EB8805988F733 h:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2009-07-12 04:13 361600 A29E1209F925A0E9B330E11DA5FC7BAB h:\windows\system32\dllcache\TCPIP.SYS

[-] 2009-07-12 04:13 361600 A29E1209F925A0E9B330E11DA5FC7BAB h:\windows\system32\drivers\TCPIP.SYS

 

[7] 2004-08-04 02:14 182912 558635D3AF1C7546D26067D5D9B6959E h:\windows\$NtServicePackUninstall$\ndis.sys

[7] 2008-04-13 15:20 182656 1DF7F42665C94B825322FAE71721130D h:\windows\ServicePackFiles\i386\ndis.sys

[-] 2009-07-13 05:04 212224 9DC1CE03E1F1800F659BBE9A3AD00AF3 h:\windows\system32\dllcache\ndis.sys

[-] 2009-07-13 05:04 212224 9DC1CE03E1F1800F659BBE9A3AD00AF3 h:\windows\system32\drivers\ndis.sys

 

[-] 2009-07-08 23:45 1055744 F670A6D4F076B89B0B7A90C0D9D557D8 h:\windows\explorer.exe

[-] 2009-07-15 00:07 1034752 3D47C7A0572EB5152C9A1A6E0E7B2297 h:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2009-07-15 00:09 1036288 1E1BF03F1FEF0958E27EC5823330B095 h:\windows\ServicePackFiles\i386\explorer.exe

 

[-] 2009-07-15 00:07 15360 0FF6B14F77794EBED8B92C6BE7C2586E h:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2009-07-15 00:09 15360 E1BD8BC9E8B028BF758FF853D4711799 h:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2009-07-08 19:52 15360 E1BD8BC9E8B028BF758FF853D4711799 h:\windows\system32\ctfmon.exe

 

[-] 2009-07-15 00:08 58368 5B8F98DEC609DEF563D6CB05E752FFA6 h:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2009-07-15 00:10 57856 58DD8B3CD3BCDBC924C1D669C33EE933 h:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2009-07-08 19:53 57856 58DD8B3CD3BCDBC924C1D669C33EE933 h:\windows\system32\spoolsv.exe

 

[-] 2009-07-15 00:08 25088 25CF03C339056A62E590A95F5859E090 h:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-07-15 00:10 26112 7E5592D37395E0112638B2B38A1ACB71 h:\windows\ServicePackFiles\i386\userinit.exe

[-] 2009-07-08 19:52 26624 EACC136918EFCB89094675D26A303885 h:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( SnapShot@2009-07-13_05.19.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-13 16:19 . 2009-07-15 00:08 53248 h:\windows\WinSxS\MSIL_MOM_90ba9c70f846762e_2.0.0.0_x-ww_a60193a8\MOM.EXE

+ 2008-11-13 16:19 . 2009-07-15 00:08 49152 h:\windows\WinSxS\MSIL_CLI_90ba9c70f846762e_2.0.0.0_x-ww_42656733\CLI.EXE

+ 2008-11-13 16:19 . 2009-07-15 00:08 49152 h:\windows\WinSxS\MSIL_CCC_90ba9c70f846762e_2.0.0.0_x-ww_c7ed2bb0\CCC.EXE

+ 2001-10-28 12:07 . 2009-07-15 00:13 30720 h:\windows\system32\xcopy.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 32256 h:\windows\system32\wupdmgr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 13824 h:\windows\system32\wscntfy.exe

+ 2006-10-18 23:00 . 2009-07-15 00:13 17408 h:\windows\system32\wpdshextautoplay.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 32256 h:\windows\system32\wpabaln.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 77824 h:\windows\system32\wmpstub.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 11776 h:\windows\system32\winmsd.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 66048 h:\windows\system32\wextract.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 51200 h:\windows\system32\w32tm.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 34816 h:\windows\system32\vssadmin.exe

+ 2008-10-02 15:17 . 2009-07-15 00:13 28672 h:\windows\system32\verclsid.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 50176 h:\windows\system32\utilman.exe

+ 2001-09-05 23:50 . 2009-07-15 00:13 73728 h:\windows\system32\usrshuta.exe

+ 2001-09-05 23:50 . 2009-07-15 00:13 65536 h:\windows\system32\usrprbda.exe

+ 2001-09-05 23:50 . 2009-07-15 00:13 77824 h:\windows\system32\usrmlnka.exe

+ 2003-02-21 08:16 . 2009-07-15 00:15 49152 h:\windows\system32\URTTEMP\regtlib.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 16896 h:\windows\system32\upnpcont.exe

+ 2008-10-02 15:17 . 2009-07-15 00:13 62976 h:\windows\system32\tzchange.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 36864 h:\windows\system32\typeperf.exe

+ 2007-10-09 15:58 . 2009-07-15 00:13 16896 h:\windows\system32\tswpfwrp.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 17920 h:\windows\system32\tsshutdn.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 16384 h:\windows\system32\tskill.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 15360 h:\windows\system32\tsdiscon.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 45056 h:\windows\system32\tscupgrd.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 15872 h:\windows\system32\tscon.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 32768 h:\windows\system32\tracert6.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 12800 h:\windows\system32\tracert.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 78848 h:\windows\system32\tlntsess.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 62976 h:\windows\system32\tlntadmn.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 17920 h:\windows\system32\tftp.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 77824 h:\windows\system32\telnet.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 19456 h:\windows\system32\tcpsvcs.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 12800 h:\windows\system32\tcmsetup.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 15360 h:\windows\system32\taskman.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 79360 h:\windows\system32\tasklist.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 77824 h:\windows\system32\taskkill.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 73216 h:\windows\system32\systeminfo.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 37376 h:\windows\system32\syskey.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 51200 h:\windows\system32\syncapp.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 14848 h:\windows\system32\stimon.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 14336 h:\windows\system32\ssstars.scr

+ 2002-09-09 14:08 . 2009-07-15 00:13 18944 h:\windows\system32\ssmyst.scr

+ 2001-10-28 12:07 . 2009-07-15 00:13 47104 h:\windows\system32\ssmypics.scr

+ 2002-09-09 14:08 . 2009-07-15 00:13 20992 h:\windows\system32\ssmarque.scr

+ 2002-09-09 14:08 . 2009-07-15 00:13 20480 h:\windows\system32\ssbezier.scr

+ 2004-08-04 03:45 . 2009-07-15 00:13 21504 h:\windows\system32\spupdwxp.exe

+ 2008-10-08 22:41 . 2009-07-15 00:15 77824 h:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

+ 2004-08-04 03:45 . 2009-07-15 00:13 11264 h:\windows\system32\spnpinst.exe

+ 2002-08-29 01:48 . 2009-07-15 00:13 12800 h:\windows\system32\spiisupd.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 26112 h:\windows\system32\sort.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 57344 h:\windows\system32\sol.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 77824 h:\windows\system32\slserv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 32768 h:\windows\system32\slrundll.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 26624 h:\windows\system32\skeys.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 71680 h:\windows\system32\sigverif.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 20480 h:\windows\system32\shutdown.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 78336 h:\windows\system32\shrpubw.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 15360 h:\windows\system32\shadow.exe

+ 2008-10-02 15:17 . 2009-07-15 00:13 32768 h:\windows\system32\setupn.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 23040 h:\windows\system32\setup.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 32768 h:\windows\system32\sethc.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 19456 h:\windows\system32\secedit.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 77824 h:\windows\system32\sdbinst.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 31744 h:\windows\system32\sc.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 14336 h:\windows\system32\savedump.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 16384 h:\windows\system32\rwinsta.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 14336 h:\windows\system32\runonce.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 16896 h:\windows\system32\runas.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 78336 h:\windows\system32\rtcshare.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 63488 h:\windows\system32\rsopprov.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 49664 h:\windows\system32\rsmui.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 24576 h:\windows\system32\rsmsink.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 50688 h:\windows\system32\rsm.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 16384 h:\windows\system32\rsh.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 25600 h:\windows\system32\routemon.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 20992 h:\windows\system32\route.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 14848 h:\windows\system32\rexec.exe

+ 2008-10-02 13:32 . 2009-07-15 00:15 47616 h:\windows\system32\Restore\srdiag.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 13312 h:\windows\system32\replace.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 33792 h:\windows\system32\relog.exe

+ 2008-11-13 16:15 . 2009-07-15 00:15 49152 h:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIODCLI.exe

+ 2008-11-13 16:15 . 2009-07-15 00:15 26624 h:\windows\system32\ReinstallBackups\0000\DriverFiles\Ati2mdxx.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 33792 h:\windows\system32\regini.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 51200 h:\windows\system32\reg.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 67072 h:\windows\system32\rdshost.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 14336 h:\windows\system32\rdsaddin.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 62976 h:\windows\system32\rdpclip.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 23552 h:\windows\system32\rcp.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 36352 h:\windows\system32\rcimlby.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 11776 h:\windows\system32\rasdial.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 12288 h:\windows\system32\rasautou.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 22528 h:\windows\system32\qwinsta.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 20480 h:\windows\system32\qprocess.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 17408 h:\windows\system32\qappsrv.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 50688 h:\windows\system32\proquota.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 49152 h:\windows\system32\powercfg.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 33792 h:\windows\system32\ping6.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 19456 h:\windows\system32\ping.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 15360 h:\windows\system32\pentnt.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 23040 h:\windows\system32\pathping.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 58880 h:\windows\system32\packager.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 40960 h:\windows\system32\osuninst.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 70656 h:\windows\system32\openfiles.exe

+ 2008-10-02 13:31 . 2009-07-15 00:15 51712 h:\windows\system32\oobe\oobebaln.exe

+ 2008-10-02 13:32 . 2009-07-15 00:15 29696 h:\windows\system32\oobe\msoobe.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 69632 h:\windows\system32\odbcconf.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 36864 h:\windows\system32\odbcad32.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 79360 h:\windows\system32\nslookup.exe

+ 2002-09-09 14:08 . 2009-07-15 00:15 15872 h:\windows\system32\npp\nppagent.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 37376 h:\windows\system32\netstat.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 87040 h:\windows\system32\netsh.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 43008 h:\windows\system32\net.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 21504 h:\windows\system32\nbtstat.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 53760 h:\windows\system32\narrator.exe

+ 2008-10-02 13:31 . 2009-07-15 00:13 12288 h:\windows\system32\mstinit.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 22016 h:\windows\system32\msg.exe

+ 2007-08-13 21:36 . 2009-07-15 00:13 12288 h:\windows\system32\msfeedssync.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 13824 h:\windows\system32\mrinfo.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 19968 h:\windows\system32\mqbkup.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 22016 h:\windows\system32\mpnotify.exe

+ 2008-10-02 15:17 . 2009-07-15 00:13 34816 h:\windows\system32\mmcperf.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 52224 h:\windows\system32\migpwd.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 57344 h:\windows\system32\makecab.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 72192 h:\windows\system32\magnify.exe

+ 2004-09-09 03:09 . 2009-07-15 00:15 77824 h:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2006-01-21 19:01 . 2009-07-15 00:15 25600 h:\windows\system32\Macromed\Flash\genuinst.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 16384 h:\windows\system32\logoff.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 60928 h:\windows\system32\logman.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 26624 h:\windows\system32\lnkstub.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 29696 h:\windows\system32\lights.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 10240 h:\windows\system32\label.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 15360 h:\windows\system32\jdbgmgr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 24064 h:\windows\system32\ipxroute.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 54272 h:\windows\system32\ipv6.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 45568 h:\windows\system32\ipsec6.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 56832 h:\windows\system32\ipconfig.exe

+ 2008-10-02 14:28 . 2009-07-15 00:15 44032 h:\windows\system32\IME\TINTLGNT\TINTLPHR.EXE

+ 2008-10-02 14:28 . 2009-07-15 00:15 70656 h:\windows\system32\IME\PINTLGNT\PINTLPHR.EXE

+ 2008-10-08 22:27 . 2009-07-15 00:13 65536 h:\windows\system32\HPZinw12.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 16384 h:\windows\system32\help.exe

+ 2005-01-07 20:07 . 2009-07-15 00:13 61952 h:\windows\system32\HdAShCut.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 39424 h:\windows\system32\grpconv.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 58368 h:\windows\system32\gpupdate.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 61440 h:\windows\system32\getmac.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 45568 h:\windows\system32\ftp.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 60416 h:\windows\system32\fsutil.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 56320 h:\windows\system32\freecell.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 23040 h:\windows\system32\fltmc.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 28672 h:\windows\system32\findstr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 15360 h:\windows\system32\fc.exe

+ 2004-08-04 03:45 . 2009-07-15 00:13 20992 h:\windows\system32\faxpatch.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 24064 h:\windows\system32\extrac32.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 16896 h:\windows\system32\expand.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 84992 h:\windows\system32\eventtriggers.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 52224 h:\windows\system32\eventcreate.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 39424 h:\windows\system32\esentutl.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 17920 h:\windows\system32\dvdupgrd.exe

+ 2001-09-05 23:50 . 2009-07-15 00:13 57344 h:\windows\system32\dvdplay.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 11264 h:\windows\system32\dumprep.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 47104 h:\windows\system32\drwtsn32.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 65024 h:\windows\system32\driverquery.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 83968 h:\windows\system32\dpvsetup.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 17920 h:\windows\system32\dpnsvr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 30208 h:\windows\system32\dplaysvr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 10752 h:\windows\system32\doskey.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 15872 h:\windows\system32\dmremote.exe

+ 2008-10-02 13:31 . 2009-07-15 00:14 36864 h:\windows\system32\dllcache\zclientm.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 32256 h:\windows\system32\dllcache\wupdmgr.exe

+ 2002-09-09 14:08 . 2009-07-15 00:14 77824 h:\windows\system32\dllcache\wmpstub.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 11776 h:\windows\system32\dllcache\winmsd.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 13824 h:\windows\system32\dllcache\winmgmt.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 12288 h:\windows\system32\dllcache\wb32.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 51712 h:\windows\system32\dllcache\w32tm.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 34304 h:\windows\system32\dllcache\vssadmin.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 16896 h:\windows\system32\dllcache\unsecapp.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 36864 h:\windows\system32\dllcache\typeperf.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 26112 h:\windows\system32\dllcache\twunk_32.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 17920 h:\windows\system32\dllcache\tsshutdn.exe

+ 2008-10-02 13:35 . 2009-07-15 00:14 14848 h:\windows\system32\dllcache\tsprof.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 16384 h:\windows\system32\dllcache\tskill.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 15360 h:\windows\system32\dllcache\tsdiscon.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 15872 h:\windows\system32\dllcache\tscon.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 32256 h:\windows\system32\dllcache\tracert6.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 44544 h:\windows\system32\dllcache\tintlphr.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 17408 h:\windows\system32\dllcache\tftp.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 19456 h:\windows\system32\dllcache\tcpsvcs.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 12800 h:\windows\system32\dllcache\tcmsetup.exe

+ 2008-10-02 13:25 . 2009-07-15 00:14 15360 h:\windows\system32\dllcache\taskman.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 37376 h:\windows\system32\dllcache\syskey.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 51200 h:\windows\system32\dllcache\syncapp.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 47104 h:\windows\system32\dllcache\srdiag.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 57344 h:\windows\system32\dllcache\sol.exe

+ 2008-10-02 13:31 . 2009-07-15 00:14 42496 h:\windows\system32\dllcache\shvlzm.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 15872 h:\windows\system32\dllcache\shadow.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 10240 h:\windows\system32\dllcache\sfc.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 31744 h:\windows\system32\dllcache\sc.exe

+ 2008-10-02 13:26 . 2009-07-15 00:14 36864 h:\windows\system32\dllcache\sapisvr.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 16896 h:\windows\system32\dllcache\rwinsta.exe

+ 2008-10-02 13:31 . 2009-07-15 00:14 43008 h:\windows\system32\dllcache\rvsezm.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 16896 h:\windows\system32\dllcache\runas.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 62976 h:\windows\system32\dllcache\rsopprov.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 49664 h:\windows\system32\dllcache\rsmui.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 24576 h:\windows\system32\dllcache\rsmsink.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 51200 h:\windows\system32\dllcache\rsm.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 25600 h:\windows\system32\dllcache\routemon.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 20992 h:\windows\system32\dllcache\route.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 12800 h:\windows\system32\dllcache\replace.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 33792 h:\windows\system32\dllcache\relog.exe

+ 2008-10-02 13:35 . 2009-07-15 00:14 14848 h:\windows\system32\dllcache\register.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 33792 h:\windows\system32\dllcache\regini.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 11776 h:\windows\system32\dllcache\rasdial.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 11776 h:\windows\system32\dllcache\rasautou.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 22528 h:\windows\system32\dllcache\qwinsta.exe

+ 2008-10-02 13:35 . 2009-07-15 00:14 16896 h:\windows\system32\dllcache\quser.exe

+ 2008-10-02 13:35 . 2009-07-15 00:14 10240 h:\windows\system32\dllcache\query.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 17920 h:\windows\system32\dllcache\qappsrv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 70144 h:\windows\system32\dllcache\pintlphr.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 33792 h:\windows\system32\dllcache\ping6.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 15360 h:\windows\system32\dllcache\pentnt.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 23040 h:\windows\system32\dllcache\pathping.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 40960 h:\windows\system32\dllcache\osuninst.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 32256 h:\windows\system32\dllcache\ntsd.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 35840 h:\windows\system32\dllcache\notiflag.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 21504 h:\windows\system32\dllcache\nbtstat.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 40448 h:\windows\system32\dllcache\msinfo32.exe

+ 2007-08-13 21:32 . 2009-07-15 00:14 46080 h:\windows\system32\dllcache\mshta.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 22016 h:\windows\system32\dllcache\msg.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 13824 h:\windows\system32\dllcache\mrinfo.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 22528 h:\windows\system32\dllcache\mpnotify.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 34816 h:\windows\system32\dllcache\migisol.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 16384 h:\windows\system32\dllcache\logoff.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 26624 h:\windows\system32\dllcache\lnkstub.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 29696 h:\windows\system32\dllcache\lights.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 20480 h:\windows\system32\dllcache\isignup.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 45568 h:\windows\system32\dllcache\ipsec6.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 67072 h:\windows\system32\dllcache\imscinst.exe

+ 2008-10-08 22:23 . 2009-07-15 00:14 60416 h:\windows\system32\dllcache\imkrinst.exe

+ 2008-10-08 22:23 . 2009-07-15 00:14 49152 h:\windows\system32\dllcache\imjpuex.exe

+ 2008-10-08 22:23 . 2009-07-15 00:14 61440 h:\windows\system32\dllcache\imjpdadm.exe

+ 2008-10-08 22:23 . 2009-07-15 00:14 44032 h:\windows\system32\dllcache\imekrmig.exe

+ 2008-10-02 13:34 . 2009-07-15 00:14 15360 h:\windows\system32\dllcache\iisreset.exe

+ 2008-10-02 17:20 . 2009-07-15 00:14 14336 h:\windows\system32\dllcache\ieudinit.exe

+ 2007-08-13 21:44 . 2009-07-15 00:14 69120 h:\windows\system32\dllcache\iedw.exe

+ 2007-08-13 21:39 . 2009-07-15 00:14 70656 h:\windows\system32\dllcache\ie4uinit.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 73728 h:\windows\system32\dllcache\icwtutor.exe

+ 2008-10-02 13:31 . 2009-07-15 00:14 42496 h:\windows\system32\dllcache\hrtzzm.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 58368 h:\windows\system32\dllcache\gpupdate.exe

+ 2008-10-02 13:34 . 2009-07-15 00:14 11264 h:\windows\system32\dllcache\fxssend.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 60416 h:\windows\system32\dllcache\fsutil.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 55808 h:\windows\system32\dllcache\freecell.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 15360 h:\windows\system32\dllcache\flattemp.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 15360 h:\windows\system32\dllcache\fc.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 16384 h:\windows\system32\dllcache\expand.exe

+ 2008-10-02 13:35 . 2009-07-15 00:13 23040 h:\windows\system32\dllcache\EXCH_regtrace.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 39424 h:\windows\system32\dllcache\esentutl.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 47104 h:\windows\system32\dllcache\drwtsn32.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 10752 h:\windows\system32\dllcache\doskey.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 19456 h:\windows\system32\dllcache\diskperf.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 19456 h:\windows\system32\dllcache\cprofile.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 57344 h:\windows\system32\dllcache\cplexe.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 57344 h:\windows\system32\dllcache\convlog.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 13824 h:\windows\system32\dllcache\convert.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 18432 h:\windows\system32\dllcache\compact.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 15872 h:\windows\system32\dllcache\comp.exe

+ 2008-10-02 13:31 . 2009-07-15 00:13 42496 h:\windows\system32\dllcache\chkrzm.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 11264 h:\windows\system32\dllcache\chkntfs.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 11776 h:\windows\system32\dllcache\chkdsk.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 14848 h:\windows\system32\dllcache\chgusr.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 16384 h:\windows\system32\dllcache\chgport.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 13824 h:\windows\system32\dllcache\chglogon.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 81408 h:\windows\system32\dllcache\charmap.exe

+ 2008-10-02 13:34 . 2009-07-15 00:13 10240 h:\windows\system32\dllcache\change.exe

+ 2008-10-02 13:32 . 2009-07-15 00:13 12288 h:\windows\system32\dllcache\cb32.exe

+ 2008-10-02 13:31 . 2009-07-15 00:13 42496 h:\windows\system32\dllcache\bckgzm.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 34816 h:\windows\system32\dllcache\asr_ldm.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 20480 h:\windows\system32\dllcache\arp.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 19456 h:\windows\system32\diskperf.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 87040 h:\windows\system32\diantz.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 82944 h:\windows\system32\dfrgfat.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 25600 h:\windows\system32\defrag.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 32256 h:\windows\system32\ddeshare.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 14336 h:\windows\system32\convert.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 27648 h:\windows\system32\conime.exe

+ 2008-10-02 13:35 . 2009-07-14 16:24 32768 h:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-10-02 13:35 . 2009-07-13 05:05 32768 h:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-10-02 13:35 . 2009-07-14 16:24 32768 h:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2001-10-28 12:06 . 2009-07-15 00:13 17920 h:\windows\system32\compact.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 15872 h:\windows\system32\comp.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 65024 h:\windows\system32\cmstp.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 39936 h:\windows\system32\cmmon32.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 26112 h:\windows\system32\cmdl32.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 49152 h:\windows\system32\clspack.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 24576 h:\windows\system32\cliconfg.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 64512 h:\windows\system32\cleanmgr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 57856 h:\windows\system32\cipher.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 11264 h:\windows\system32\chkntfs.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 11776 h:\windows\system32\chkdsk.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 80896 h:\windows\system32\charmap.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 20480 h:\windows\system32\cacls.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 71680 h:\windows\system32\blastcln.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 14336 h:\windows\system32\auditusr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 12288 h:\windows\system32\attrib.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 11776 h:\windows\system32\atmadm.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 25600 h:\windows\system32\at.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 32768 h:\windows\system32\asr_pfu.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 34816 h:\windows\system32\asr_ldm.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 30720 h:\windows\system32\asr_fmt.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 20480 h:\windows\system32\arp.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 98304 h:\windows\system32\ahui.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 30720 h:\windows\ServicePackFiles\i386\xcopy.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 13824 h:\windows\ServicePackFiles\i386\wscntfy.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 11776 h:\windows\ServicePackFiles\i386\wpnpinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 32256 h:\windows\ServicePackFiles\i386\wpabaln.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 73728 h:\windows\ServicePackFiles\i386\wmplayer.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 66560 h:\windows\ServicePackFiles\i386\wextract.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 30208 h:\windows\ServicePackFiles\i386\wabmig.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 46592 h:\windows\ServicePackFiles\i386\wab.exe

+ 2008-10-02 15:16 . 2009-07-15 00:10 28672 h:\windows\ServicePackFiles\i386\verclsid.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 50688 h:\windows\ServicePackFiles\i386\utilman.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 18432 h:\windows\ServicePackFiles\i386\ups.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 16896 h:\windows\ServicePackFiles\i386\upnpcont.exe

+ 2008-10-02 15:16 . 2009-07-15 00:10 60416 h:\windows\ServicePackFiles\i386\tzchange.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 44544 h:\windows\ServicePackFiles\i386\tscupgrd.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 13312 h:\windows\ServicePackFiles\i386\tracert.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 82944 h:\windows\ServicePackFiles\i386\tp4mon.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 73728 h:\windows\ServicePackFiles\i386\tlntsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 78848 h:\windows\ServicePackFiles\i386\tlntsess.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 62976 h:\windows\ServicePackFiles\i386\tlntadmn.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 77312 h:\windows\ServicePackFiles\i386\telnet.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 32768 h:\windows\ServicePackFiles\i386\tcptest.exe

+ 2008-10-02 15:17 . 2009-07-15 00:10 79360 h:\windows\ServicePackFiles\i386\tasklist.exe

+ 2008-10-02 15:17 . 2009-07-15 00:10 77824 h:\windows\ServicePackFiles\i386\taskkill.exe

+ 2008-10-02 15:17 . 2009-07-15 00:10 73216 h:\windows\ServicePackFiles\i386\sysinfo.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 69632 h:\windows\ServicePackFiles\i386\stub_fpsrvwin.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 20480 h:\windows\ServicePackFiles\i386\stub_fpsrvadm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 14848 h:\windows\ServicePackFiles\i386\stimon.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 14336 h:\windows\ServicePackFiles\i386\ssstars.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 19456 h:\windows\ServicePackFiles\i386\ssmyst.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 47104 h:\windows\ServicePackFiles\i386\ssmypics.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 20992 h:\windows\ServicePackFiles\i386\ssmarque.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 20480 h:\windows\ServicePackFiles\i386\ssbezier.scr

+ 2004-08-04 03:45 . 2009-07-15 00:10 20992 h:\windows\ServicePackFiles\i386\spupdwxp.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 11264 h:\windows\ServicePackFiles\i386\spnpinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 12800 h:\windows\ServicePackFiles\i386\spiisupd.exe

+ 2008-10-02 15:17 . 2009-07-15 00:10 25600 h:\windows\ServicePackFiles\i386\sort.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 33280 h:\windows\ServicePackFiles\i386\snmp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 90624 h:\windows\ServicePackFiles\i386\smlogsvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 73728 h:\windows\ServicePackFiles\i386\slserv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 32768 h:\windows\ServicePackFiles\i386\slrundll.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 26112 h:\windows\ServicePackFiles\i386\skeys.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 71168 h:\windows\ServicePackFiles\i386\sigverif.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 20992 h:\windows\ServicePackFiles\i386\shutdown.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 16384 h:\windows\ServicePackFiles\i386\shtml.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 78336 h:\windows\ServicePackFiles\i386\shrpubw.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 45056 h:\windows\ServicePackFiles\i386\shmgrate.exe

+ 2008-10-02 15:16 . 2009-07-15 00:10 32768 h:\windows\ServicePackFiles\i386\setupn.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 74240 h:\windows\ServicePackFiles\i386\setup50.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 23040 h:\windows\ServicePackFiles\i386\setup.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 32768 h:\windows\ServicePackFiles\i386\sethc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 19456 h:\windows\ServicePackFiles\i386\secedit.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 78336 h:\windows\ServicePackFiles\i386\sdbinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 36864 h:\windows\ServicePackFiles\i386\scrcons.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 99328 h:\windows\ServicePackFiles\i386\scardsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 13824 h:\windows\ServicePackFiles\i386\savedump.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 14336 h:\windows\ServicePackFiles\i386\runonce.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 33280 h:\windows\ServicePackFiles\i386\rundll32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 78848 h:\windows\ServicePackFiles\i386\rtcshare.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 16384 h:\windows\ServicePackFiles\i386\rsh.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 14848 h:\windows\ServicePackFiles\i386\rexec.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 11776 h:\windows\ServicePackFiles\i386\regsvr32.exe

+ 2004-07-19 21:54 . 2009-07-15 00:09 11264 h:\windows\ServicePackFiles\i386\regsvcs.exe

+ 2004-07-19 21:54 . 2009-07-15 00:09 32768 h:\windows\ServicePackFiles\i386\regasm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 51712 h:\windows\ServicePackFiles\i386\reg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 67072 h:\windows\ServicePackFiles\i386\rdshost.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 13824 h:\windows\ServicePackFiles\i386\rdsaddin.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 63488 h:\windows\ServicePackFiles\i386\rdpclip.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 23040 h:\windows\ServicePackFiles\i386\rcp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 36352 h:\windows\ServicePackFiles\i386\rcimlby.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 57344 h:\windows\ServicePackFiles\i386\rasphone.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 20480 h:\windows\ServicePackFiles\i386\qprocess.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 50688 h:\windows\ServicePackFiles\i386\proquota.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 49152 h:\windows\ServicePackFiles\i386\powercfg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 19968 h:\windows\ServicePackFiles\i386\ping.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 15872 h:\windows\ServicePackFiles\i386\perfmon.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 58880 h:\windows\ServicePackFiles\i386\packager.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 70656 h:\windows\ServicePackFiles\i386\opnfiles.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 52224 h:\windows\ServicePackFiles\i386\oobebaln.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 60928 h:\windows\ServicePackFiles\i386\oemig50.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 73728 h:\windows\ServicePackFiles\i386\odbcconf.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 36864 h:\windows\ServicePackFiles\i386\odbcad32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 79872 h:\windows\ServicePackFiles\i386\nslookup.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 15360 h:\windows\ServicePackFiles\i386\nppagent.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 70144 h:\windows\ServicePackFiles\i386\notepad.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 37376 h:\windows\ServicePackFiles\i386\netstat.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 87040 h:\windows\ServicePackFiles\i386\netsh.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 42496 h:\windows\ServicePackFiles\i386\net.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 53760 h:\windows\ServicePackFiles\i386\narrator.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 12288 h:\windows\ServicePackFiles\i386\mstinit.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 29696 h:\windows\ServicePackFiles\i386\msoobe.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 40960 h:\windows\ServicePackFiles\i386\msiregmv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 60416 h:\windows\ServicePackFiles\i386\msimn.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 78848 h:\windows\ServicePackFiles\i386\msiexec.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 29184 h:\windows\ServicePackFiles\i386\mshta.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 19968 h:\windows\ServicePackFiles\i386\mqbkup.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 16896 h:\windows\ServicePackFiles\i386\mofcomp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 32768 h:\windows\ServicePackFiles\i386\mnmsrvc.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 34304 h:\windows\ServicePackFiles\i386\mmcperf.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 57856 h:\windows\ServicePackFiles\i386\makecab.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 72704 h:\windows\ServicePackFiles\i386\magnify.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 13824 h:\windows\ServicePackFiles\i386\lsass.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 61440 h:\windows\ServicePackFiles\i386\logman.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 75264 h:\windows\ServicePackFiles\i386\locator.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 44544 h:\windows\ServicePackFiles\i386\lang\tintlphr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 70656 h:\windows\ServicePackFiles\i386\lang\pintlphr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 67072 h:\windows\ServicePackFiles\i386\lang\imscinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 61440 h:\windows\ServicePackFiles\i386\lang\cplexe.exe

+ 2004-07-19 21:54 . 2009-07-15 00:09 45056 h:\windows\ServicePackFiles\i386\jsc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 24576 h:\windows\ServicePackFiles\i386\ipxroute.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 53760 h:\windows\ServicePackFiles\i386\ipv6.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 57344 h:\windows\ServicePackFiles\i386\ipconfig.exe

+ 2004-07-19 21:54 . 2009-07-15 00:09 28672 h:\windows\ServicePackFiles\i386\installutil.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 24576 h:\windows\ServicePackFiles\i386\inetwiz.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 15872 h:\windows\ServicePackFiles\i386\inetin51.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 31232 h:\windows\ServicePackFiles\i386\iisrstas.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 93184 h:\windows\ServicePackFiles\i386\iexplore.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 18432 h:\windows\ServicePackFiles\i386\iedw.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 34816 h:\windows\ServicePackFiles\i386\ie4uinit.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 28672 h:\windows\ServicePackFiles\i386\icwrmind.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 86016 h:\windows\ServicePackFiles\i386\icwconn2.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 18432 h:\windows\ServicePackFiles\i386\hscupd.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 11264 h:\windows\ServicePackFiles\i386\hh.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 16384 h:\windows\ServicePackFiles\i386\help.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 39424 h:\windows\ServicePackFiles\i386\grpconv.exe

+ 2008-10-02 15:17 . 2009-07-15 00:09 61440 h:\windows\ServicePackFiles\i386\getmac.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 45056 h:\windows\ServicePackFiles\i386\ftp.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 28672 h:\windows\ServicePackFiles\i386\fpsrvadm.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 20480 h:\windows\ServicePackFiles\i386\fpremadm.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 28672 h:\windows\ServicePackFiles\i386\fpadmcgi.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 15360 h:\windows\ServicePackFiles\i386\fp98sadm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 22016 h:\windows\ServicePackFiles\i386\fontview.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 23040 h:\windows\ServicePackFiles\i386\fltmc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 28672 h:\windows\ServicePackFiles\i386\findstr.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 20992 h:\windows\ServicePackFiles\i386\faxpatch.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 24064 h:\windows\ServicePackFiles\i386\extrac32.exe

+ 2008-10-02 15:17 . 2009-07-15 00:09 84992 h:\windows\ServicePackFiles\i386\evtrig.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 93696 h:\windows\ServicePackFiles\i386\evntwin.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 24576 h:\windows\ServicePackFiles\i386\evntcmd.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 52736 h:\windows\ServicePackFiles\i386\evcreate.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 17920 h:\windows\ServicePackFiles\i386\dvdupgrd.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 11264 h:\windows\ServicePackFiles\i386\dumprep.exe

+ 2008-10-02 15:17 . 2009-07-15 00:09 64512 h:\windows\ServicePackFiles\i386\drvqry.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 83456 h:\windows\ServicePackFiles\i386\dpvsetup.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 18432 h:\windows\ServicePackFiles\i386\dpnsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 30208 h:\windows\ServicePackFiles\i386\dplaysvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 15872 h:\windows\ServicePackFiles\i386\dmremote.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 87552 h:\windows\ServicePackFiles\i386\diantz.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 82944 h:\windows\ServicePackFiles\i386\dfrgfat.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 25088 h:\windows\ServicePackFiles\i386\defrag.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 32256 h:\windows\ServicePackFiles\i386\ddeshare.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 43008 h:\windows\ServicePackFiles\i386\davcdata.exe

+ 2004-08-04 01:11 . 2009-07-15 00:09 49152 h:\windows\ServicePackFiles\i386\csc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 27648 h:\windows\ServicePackFiles\i386\conime.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 65024 h:\windows\ServicePackFiles\i386\cmstp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 39936 h:\windows\ServicePackFiles\i386\cmmon32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 25600 h:\windows\ServicePackFiles\i386\cmdl32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 33792 h:\windows\ServicePackFiles\i386\clipsrv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 24576 h:\windows\ServicePackFiles\i386\cliconfg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 65024 h:\windows\ServicePackFiles\i386\cleanmgr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 57856 h:\windows\ServicePackFiles\i386\cipher.exe

+ 2004-07-19 21:54 . 2009-07-15 00:09 94208 h:\windows\ServicePackFiles\i386\caspol.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 20992 h:\windows\ServicePackFiles\i386\cacls.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 72192 h:\windows\ServicePackFiles\i386\blastcln.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 16384 h:\windows\ServicePackFiles\i386\author.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 14848 h:\windows\ServicePackFiles\i386\auditusr.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 12288 h:\windows\ServicePackFiles\i386\attrib.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 12288 h:\windows\ServicePackFiles\i386\atmadm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 25600 h:\windows\ServicePackFiles\i386\at.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 32768 h:\windows\ServicePackFiles\i386\asr_pfu.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 30208 h:\windows\ServicePackFiles\i386\asr_fmt.exe

+ 2004-08-04 01:11 . 2009-07-15 00:09 32768 h:\windows\ServicePackFiles\i386\aspnet_wp.exe

+ 2008-04-13 12:10 . 2009-07-15 00:09 36864 h:\windows\ServicePackFiles\i386\aspnet_state.exe

+ 2004-08-04 01:11 . 2009-07-15 00:09 24576 h:\windows\ServicePackFiles\i386\aspnet_regiis.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 44544 h:\windows\ServicePackFiles\i386\alg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 98816 h:\windows\ServicePackFiles\i386\ahui.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 20480 h:\windows\ServicePackFiles\i386\admin.exe

+ 2007-10-09 15:58 . 2009-07-15 00:08 14848 h:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe

+ 2007-10-11 12:55 . 2009-07-15 00:08 61440 h:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 32768 h:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 53248 h:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 73728 h:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 40960 h:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 32768 h:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 10240 h:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 28672 h:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 36864 h:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2003-02-21 10:25 . 2009-07-15 00:08 12288 h:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe

+ 2003-02-21 10:25 . 2009-07-15 00:08 32768 h:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe

+ 2003-02-20 22:09 . 2009-07-15 00:08 77824 h:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe

+ 2003-02-21 10:25 . 2009-07-15 00:08 49152 h:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe

+ 2003-02-21 10:25 . 2009-07-15 00:08 53248 h:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe

+ 2003-02-21 10:24 . 2009-07-15 00:08 40960 h:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe

+ 2003-02-21 10:24 . 2009-07-15 00:08 15872 h:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe

+ 2003-02-21 07:12 . 2009-07-15 00:08 32768 h:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe

+ 2003-02-21 13:20 . 2009-07-15 00:08 49152 h:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe

+ 2003-02-21 10:24 . 2009-07-15 00:08 49152 h:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe

+ 2003-02-21 10:24 . 2009-07-15 00:08 94208 h:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe

+ 2003-02-20 22:19 . 2009-07-15 00:08 32768 h:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2003-02-20 22:19 . 2009-07-15 00:08 36864 h:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

+ 2003-02-20 22:19 . 2009-07-15 00:08 20480 h:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe

+ 2009-03-22 02:54 . 2009-07-15 00:08 45056 h:\windows\Installer\{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe

+ 2009-03-22 02:54 . 2009-07-15 00:08 40960 h:\windows\Installer\{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 23552 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 61440 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 27136 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 11776 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 90112 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 12288 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-08 22:31 . 2009-07-15 00:08 65536 h:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut7_856D48883B484D0C99D439AA7CF9DB2E.exe

+ 2008-10-08 22:31 . 2009-07-15 00:08 65536 h:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut3_D7CAE58E26DE49B7A75DEAEDF76726BE_3.exe

+ 2008-10-08 22:31 . 2009-07-15 00:08 65536 h:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\NewShortcut2_D7CAE58E26DE49B7A75DEAEDF76726BE.exe

+ 2008-10-08 22:31 . 2009-07-15 00:08 69632 h:\windows\Installer\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}\ARPPRODUCTICON.exe

+ 2008-10-08 22:23 . 2009-07-15 00:08 60416 h:\windows\ime\imkr6_1\imkrinst.exe

+ 2008-10-08 22:23 . 2009-07-15 00:08 44032 h:\windows\ime\imkr6_1\imekrmig.exe

+ 2008-10-08 22:23 . 2009-07-15 00:08 45056 h:\windows\ime\imjp8_1\imjpuex.exe

+ 2008-10-08 22:23 . 2009-07-15 00:08 57344 h:\windows\ime\imjp8_1\imjpdadm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 57344 h:\windows\ime\imjp8_1\cplexe.exe

+ 2008-10-02 17:20 . 2009-07-15 00:08 13312 h:\windows\ie7updates\KB953838-IE7\ieudinit.exe

+ 2008-10-02 17:20 . 2009-07-15 00:08 54784 h:\windows\ie7updates\KB953838-IE7\ie4uinit.exe

+ 2008-10-02 17:20 . 2009-07-15 00:08 66048 h:\windows\ie7\spuninst\ieResetIcons.exe

+ 2008-10-02 17:19 . 2009-07-15 00:08 29184 h:\windows\ie7\mshta.exe

+ 2008-10-02 17:19 . 2009-07-15 00:08 93184 h:\windows\ie7\iexplore.exe

+ 2008-10-02 17:19 . 2009-07-15 00:08 18432 h:\windows\ie7\iedw.exe

+ 2008-10-02 17:19 . 2009-07-15 00:08 34816 h:\windows\ie7\ie4uinit.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 58368 h:\windows\EHome\medctrro.exe

+ 2008-11-13 16:19 . 2009-07-15 00:08 53248 h:\windows\assembly\GAC_MSIL\MOM\2.0.0.0__90ba9c70f846762e\MOM.EXE

+ 2008-11-13 16:19 . 2009-07-15 00:08 86016 h:\windows\assembly\GAC_MSIL\LOG\2.0.3223.36952__90ba9c70f846762e\LOG.EXE

+ 2008-11-13 16:19 . 2009-07-15 00:08 49152 h:\windows\assembly\GAC_MSIL\CLI\2.0.0.0__90ba9c70f846762e\CLI.EXE

+ 2008-11-13 16:19 . 2009-07-15 00:08 49152 h:\windows\assembly\GAC_MSIL\CCC\2.0.0.0__90ba9c70f846762e\CCC.EXE

+ 2003-06-13 20:23 . 2009-07-15 00:08 50176 h:\windows\AppPatch\AppLoc.exe

+ 2008-10-02 14:54 . 2009-07-15 00:08 77824 h:\windows\$NtUninstallwmp11$\wmplayer.exe

+ 2008-10-02 17:21 . 2009-07-15 00:08 60416 h:\windows\$NtUninstallKB951072-v2$\tzchange.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 31232 h:\windows\$NtServicePackUninstall$\xcopy.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 13824 h:\windows\$NtServicePackUninstall$\wscntfy.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 32768 h:\windows\$NtServicePackUninstall$\wpnpinst.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 32256 h:\windows\$NtServicePackUninstall$\wpabaln.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 66048 h:\windows\$NtServicePackUninstall$\wextract.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 30208 h:\windows\$NtServicePackUninstall$\wabmig.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 46080 h:\windows\$NtServicePackUninstall$\wab.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 50176 h:\windows\$NtServicePackUninstall$\utilman.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 25088 h:\windows\$NtServicePackUninstall$\userinit.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 18432 h:\windows\$NtServicePackUninstall$\ups.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 17408 h:\windows\$NtServicePackUninstall$\upnpcont.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 12800 h:\windows\$NtServicePackUninstall$\tracert.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 82944 h:\windows\$NtServicePackUninstall$\tp4mon.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 73728 h:\windows\$NtServicePackUninstall$\tlntsvr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 79360 h:\windows\$NtServicePackUninstall$\tlntsess.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 63488 h:\windows\$NtServicePackUninstall$\tlntadmn.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 77312 h:\windows\$NtServicePackUninstall$\telnet.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 36864 h:\windows\$NtServicePackUninstall$\tcptest.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 73216 h:\windows\$NtServicePackUninstall$\tasklist.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 73728 h:\windows\$NtServicePackUninstall$\taskkill.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 69632 h:\windows\$NtServicePackUninstall$\systeminfo.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 69632 h:\windows\$NtServicePackUninstall$\sysinfo.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 14336 h:\windows\$NtServicePackUninstall$\svchost.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 65536 h:\windows\$NtServicePackUninstall$\stub_fpsrvwin.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 20480 h:\windows\$NtServicePackUninstall$\stub_fpsrvadm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 15360 h:\windows\$NtServicePackUninstall$\stimon.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 14848 h:\windows\$NtServicePackUninstall$\ssstars.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 18944 h:\windows\$NtServicePackUninstall$\ssmyst.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 47104 h:\windows\$NtServicePackUninstall$\ssmypics.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 21504 h:\windows\$NtServicePackUninstall$\ssmarque.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 19968 h:\windows\$NtServicePackUninstall$\ssbezier.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 21504 h:\windows\$NtServicePackUninstall$\spupdwxp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 58368 h:\windows\$NtServicePackUninstall$\spoolsv.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 11776 h:\windows\$NtServicePackUninstall$\spnpinst.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 12800 h:\windows\$NtServicePackUninstall$\spiisupd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 24576 h:\windows\$NtServicePackUninstall$\sort.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 32768 h:\windows\$NtServicePackUninstall$\snmp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 91136 h:\windows\$NtServicePackUninstall$\smlogsvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 73728 h:\windows\$NtServicePackUninstall$\slserv.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 36864 h:\windows\$NtServicePackUninstall$\slrundll.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 26112 h:\windows\$NtServicePackUninstall$\skeys.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 71680 h:\windows\$NtServicePackUninstall$\sigverif.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 20480 h:\windows\$NtServicePackUninstall$\shutdown.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 16384 h:\windows\$NtServicePackUninstall$\shtml.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 78336 h:\windows\$NtServicePackUninstall$\shrpubw.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 42496 h:\windows\$NtServicePackUninstall$\shmgrate.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 73728 h:\windows\$NtServicePackUninstall$\setup50.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 23040 h:\windows\$NtServicePackUninstall$\setup.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 32768 h:\windows\$NtServicePackUninstall$\sethc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 19456 h:\windows\$NtServicePackUninstall$\secedit.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 78336 h:\windows\$NtServicePackUninstall$\sdbinst.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 36864 h:\windows\$NtServicePackUninstall$\scrcons.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 99328 h:\windows\$NtServicePackUninstall$\scardsvr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 14336 h:\windows\$NtServicePackUninstall$\savedump.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 14848 h:\windows\$NtServicePackUninstall$\runonce.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 33280 h:\windows\$NtServicePackUninstall$\rundll32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 78848 h:\windows\$NtServicePackUninstall$\rtcshare.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 15872 h:\windows\$NtServicePackUninstall$\rsh.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 14848 h:\windows\$NtServicePackUninstall$\rexec.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 11776 h:\windows\$NtServicePackUninstall$\regsvr32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 51200 h:\windows\$NtServicePackUninstall$\reg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 67072 h:\windows\$NtServicePackUninstall$\rdshost.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 13824 h:\windows\$NtServicePackUninstall$\rdsaddin.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 62976 h:\windows\$NtServicePackUninstall$\rdpclip.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 23552 h:\windows\$NtServicePackUninstall$\rcp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 35840 h:\windows\$NtServicePackUninstall$\rcimlby.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 57344 h:\windows\$NtServicePackUninstall$\rasphone.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 20480 h:\windows\$NtServicePackUninstall$\qprocess.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 51200 h:\windows\$NtServicePackUninstall$\proquota.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 49152 h:\windows\$NtServicePackUninstall$\powercfg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 70656 h:\windows\$NtServicePackUninstall$\pintlphr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 19456 h:\windows\$NtServicePackUninstall$\ping.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 15872 h:\windows\$NtServicePackUninstall$\perfmon.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 58880 h:\windows\$NtServicePackUninstall$\packager.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 70144 h:\windows\$NtServicePackUninstall$\opnfiles.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 70144 h:\windows\$NtServicePackUninstall$\openfiles.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 51712 h:\windows\$NtServicePackUninstall$\oobebaln.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 60928 h:\windows\$NtServicePackUninstall$\oemig50.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 73728 h:\windows\$NtServicePackUninstall$\odbcconf.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 32768 h:\windows\$NtServicePackUninstall$\odbcad32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 79360 h:\windows\$NtServicePackUninstall$\nslookup.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 15360 h:\windows\$NtServicePackUninstall$\nppagent.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 70144 h:\windows\$NtServicePackUninstall$\notepad.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 37376 h:\windows\$NtServicePackUninstall$\netstat.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 87040 h:\windows\$NtServicePackUninstall$\netsh.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 42496 h:\windows\$NtServicePackUninstall$\net.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 53760 h:\windows\$NtServicePackUninstall$\narrator.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 12288 h:\windows\$NtServicePackUninstall$\mstinit.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 28160 h:\windows\$NtServicePackUninstall$\msoobe.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 41472 h:\windows\$NtServicePackUninstall$\msiregmv.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 60416 h:\windows\$NtServicePackUninstall$\msimn.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 78848 h:\windows\$NtServicePackUninstall$\msiexec.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 29184 h:\windows\$NtServicePackUninstall$\mshta.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 19968 h:\windows\$NtServicePackUninstall$\mqbkup.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 16384 h:\windows\$NtServicePackUninstall$\mofcomp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 32768 h:\windows\$NtServicePackUninstall$\mnmsrvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 58880 h:\windows\$NtServicePackUninstall$\medctrro.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 85504 h:\windows\$NtServicePackUninstall$\makecab.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 72704 h:\windows\$NtServicePackUninstall$\magnify.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 13312 h:\windows\$NtServicePackUninstall$\lsass.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 60928 h:\windows\$NtServicePackUninstall$\logman.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 75264 h:\windows\$NtServicePackUninstall$\locator.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 24064 h:\windows\$NtServicePackUninstall$\ipxroute.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 54272 h:\windows\$NtServicePackUninstall$\ipv6.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 56832 h:\windows\$NtServicePackUninstall$\ipconfig.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 20480 h:\windows\$NtServicePackUninstall$\inetwiz.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 16384 h:\windows\$NtServicePackUninstall$\inetin51.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 31232 h:\windows\$NtServicePackUninstall$\iisrstas.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 93184 h:\windows\$NtServicePackUninstall$\iexplore.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 18432 h:\windows\$NtServicePackUninstall$\iedw.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 34304 h:\windows\$NtServicePackUninstall$\ie4uinit.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 28672 h:\windows\$NtServicePackUninstall$\icwrmind.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 86016 h:\windows\$NtServicePackUninstall$\icwconn2.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 19456 h:\windows\$NtServicePackUninstall$\hscupd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 10752 h:\windows\$NtServicePackUninstall$\hh.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 15360 h:\windows\$NtServicePackUninstall$\help.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 39424 h:\windows\$NtServicePackUninstall$\grpconv.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 56832 h:\windows\$NtServicePackUninstall$\getmac.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 45056 h:\windows\$NtServicePackUninstall$\ftp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 28672 h:\windows\$NtServicePackUninstall$\fpsrvadm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 24576 h:\windows\$NtServicePackUninstall$\fpremadm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 24576 h:\windows\$NtServicePackUninstall$\fpadmcgi.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 15360 h:\windows\$NtServicePackUninstall$\fp98sadm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 22016 h:\windows\$NtServicePackUninstall$\fontview.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 22528 h:\windows\$NtServicePackUninstall$\fltmc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 28672 h:\windows\$NtServicePackUninstall$\findstr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 20992 h:\windows\$NtServicePackUninstall$\faxpatch.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 45568 h:\windows\$NtServicePackUninstall$\extrac32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 79872 h:\windows\$NtServicePackUninstall$\evtrig.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 93696 h:\windows\$NtServicePackUninstall$\evntwin.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 25088 h:\windows\$NtServicePackUninstall$\evntcmd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 79872 h:\windows\$NtServicePackUninstall$\eventtriggers.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 51712 h:\windows\$NtServicePackUninstall$\eventcreate.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 52224 h:\windows\$NtServicePackUninstall$\evcreate.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 17920 h:\windows\$NtServicePackUninstall$\dvdupgrd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 10752 h:\windows\$NtServicePackUninstall$\dumprep.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 60416 h:\windows\$NtServicePackUninstall$\drvqry.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 60416 h:\windows\$NtServicePackUninstall$\driverquery.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 83456 h:\windows\$NtServicePackUninstall$\dpvsetup.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 18432 h:\windows\$NtServicePackUninstall$\dpnsvr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 30720 h:\windows\$NtServicePackUninstall$\dplaysvr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 16384 h:\windows\$NtServicePackUninstall$\dmremote.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 86016 h:\windows\$NtServicePackUninstall$\diantz.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 82944 h:\windows\$NtServicePackUninstall$\dfrgfat.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 25088 h:\windows\$NtServicePackUninstall$\defrag.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 32768 h:\windows\$NtServicePackUninstall$\ddeshare.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 43008 h:\windows\$NtServicePackUninstall$\davcdata.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 15360 h:\windows\$NtServicePackUninstall$\ctfmon.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 98304 h:\windows\$NtServicePackUninstall$\cscript.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 27648 h:\windows\$NtServicePackUninstall$\conime.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 10240 h:\windows\$NtServicePackUninstall$\comsdupd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 65024 h:\windows\$NtServicePackUninstall$\cmstp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 40448 h:\windows\$NtServicePackUninstall$\cmmon32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 47104 h:\windows\$NtServicePackUninstall$\cmdl32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 33280 h:\windows\$NtServicePackUninstall$\clipsrv.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 24576 h:\windows\$NtServicePackUninstall$\cliconfg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 64512 h:\windows\$NtServicePackUninstall$\cleanmgr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 57856 h:\windows\$NtServicePackUninstall$\cipher.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 18944 h:\windows\$NtServicePackUninstall$\cacls.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 71680 h:\windows\$NtServicePackUninstall$\blastcln.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 20480 h:\windows\$NtServicePackUninstall$\author.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 14336 h:\windows\$NtServicePackUninstall$\auditusr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 11776 h:\windows\$NtServicePackUninstall$\attrib.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 12288 h:\windows\$NtServicePackUninstall$\atmadm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 26112 h:\windows\$NtServicePackUninstall$\at.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 32768 h:\windows\$NtServicePackUninstall$\asr_pfu.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 30208 h:\windows\$NtServicePackUninstall$\asr_fmt.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 36864 h:\windows\$NtServicePackUninstall$\aspnet_wp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 24576 h:\windows\$NtServicePackUninstall$\aspnet_regiis.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 44544 h:\windows\$NtServicePackUninstall$\alg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 98816 h:\windows\$NtServicePackUninstall$\ahui.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 16384 h:\windows\$NtServicePackUninstall$\admin.exe

+ 2008-10-02 14:35 . 2009-07-15 00:06 77312 h:\windows\$MSI31Uninstall_KB893803v2$\msiexec.exe

+ 2008-10-02 17:20 . 2009-07-15 00:06 13824 h:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe

+ 2008-10-02 17:20 . 2009-07-15 00:06 70656 h:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe

+ 2008-07-11 12:51 . 2009-07-15 00:06 63488 h:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 6144 h:\windows\system32\write.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 6144 h:\windows\system32\winver.exe

+ 2006-10-19 00:58 . 2009-07-15 00:13 8704 h:\windows\system32\wdfmgr.exe

+ 2006-10-19 00:58 . 2009-07-15 00:13 8704 h:\windows\system32\uwdf.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 4096 h:\windows\system32\unlodctr.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 3072 h:\windows\system32\systray.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 9216 h:\windows\system32\subst.exe

+ 2004-08-04 03:45 . 2009-07-15 00:13 7680 h:\windows\system32\spdwnwxp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 8192 h:\windows\system32\smbinst.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 9728 h:\windows\system32\sfc.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 9728 h:\windows\system32\scrnsave.scr

+ 2008-10-02 13:30 . 2009-07-15 00:13 9728 h:\windows\system32\reset.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 4608 h:\windows\system32\regwiz.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 3584 h:\windows\system32\regedt32.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 7168 h:\windows\system32\recover.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 9728 h:\windows\system32\proxycfg.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 9216 h:\windows\system32\print.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 4608 h:\windows\system32\nddeapir.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 6656 h:\windows\system32\msswchx.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 5120 h:\windows\system32\mqsvc.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 8192 h:\windows\system32\mountvol.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 8704 h:\windows\system32\lpr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 6144 h:\windows\system32\lpq.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 5120 h:\windows\system32\lodctr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 8704 h:\windows\system32\hostname.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 7680 h:\windows\system32\forcedos.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 3584 h:\windows\system32\fixmapi.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 9728 h:\windows\system32\finger.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 9728 h:\windows\system32\find.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 9728 h:\windows\system32\eventvwr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 4608 h:\windows\system32\dllhst3g.exe

+ 2008-10-02 13:31 . 2009-07-15 00:14 5632 h:\windows\system32\dllcache\write.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 8704 h:\windows\system32\dllcache\winhstb.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 4096 h:\windows\system32\dllcache\unlodctr.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 3072 h:\windows\system32\dllcache\systray.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 9216 h:\windows\system32\dllcache\subst.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 9728 h:\windows\system32\dllcache\reset.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 4608 h:\windows\system32\dllcache\regwiz.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 4096 h:\windows\system32\dllcache\regedt32.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 7168 h:\windows\system32\dllcache\recover.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 9728 h:\windows\system32\dllcache\print.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 7168 h:\windows\system32\dllcache\msswchx.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 8192 h:\windows\system32\dllcache\mountvol.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 9216 h:\windows\system32\dllcache\lpr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 6144 h:\windows\system32\dllcache\lpq.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 5120 h:\windows\system32\dllcache\lodctr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 9728 h:\windows\system32\dllcache\label.exe

+ 2008-10-02 13:34 . 2009-07-15 00:14 7680 h:\windows\system32\dllcache\inetmgr.exe

+ 2008-10-02 13:34 . 2009-07-15 00:14 6656 h:\windows\system32\dllcache\iissync.exe

+ 2001-10-28 12:06 . 2009-07-15 00:14 8704 h:\windows\system32\dllcache\hostname.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 3584 h:\windows\system32\dllcache\fixmapi.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 9728 h:\windows\system32\dllcache\finger.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 9216 h:\windows\system32\dllcache\find.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 9728 h:\windows\system32\dllcache\eventvwr.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 5120 h:\windows\system32\dllcache\dllhst3g.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 8704 h:\windows\system32\dllcache\control.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 7680 h:\windows\system32\dllcache\ckcnv.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 8192 h:\windows\system32\dllcache\cidaemon.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 5632 h:\windows\system32\dllcache\bootvrfy.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 4608 h:\windows\system32\dllcache\bootok.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 6144 h:\windows\system32\dcomcnfg.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 8192 h:\windows\system32\control.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 9728 h:\windows\system32\comsdupd.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 6144 h:\windows\system32\Com\comrereg.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 9728 h:\windows\system32\Com\comrepl.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 7680 h:\windows\system32\ckcnv.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 8192 h:\windows\system32\cidaemon.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 5120 h:\windows\system32\bootvrfy.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 5120 h:\windows\system32\bootok.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 4096 h:\windows\system32\actmovie.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 5632 h:\windows\ServicePackFiles\i386\winver.exe

+ 2004-08-04 03:45 . 2009-07-15 00:10 7680 h:\windows\ServicePackFiles\i386\spdwnwxp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 8704 h:\windows\ServicePackFiles\i386\snmptrap.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 8704 h:\windows\ServicePackFiles\i386\smbinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 9216 h:\windows\ServicePackFiles\i386\scrnsave.scr

+ 2008-10-02 14:28 . 2009-07-15 00:09 9728 h:\windows\ServicePackFiles\i386\proxycfg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 4096 h:\windows\ServicePackFiles\i386\nddeapir.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 6656 h:\windows\ServicePackFiles\i386\msdtc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 4608 h:\windows\ServicePackFiles\i386\mqsvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 4608 h:\windows\ServicePackFiles\i386\mplayer2.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 7680 h:\windows\ServicePackFiles\i386\migregdb.exe

+ 2004-07-19 21:54 . 2009-07-15 00:09 8192 h:\windows\ServicePackFiles\i386\ieexec.exe

+ 2008-10-02 15:15 . 2009-07-15 00:09 7680 h:\windows\ServicePackFiles\i386\forcedos.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 5632 h:\windows\ServicePackFiles\i386\dllhost.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 6656 h:\windows\ServicePackFiles\i386\dcomcnfg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 9728 h:\windows\ServicePackFiles\i386\comsdupd.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 6144 h:\windows\ServicePackFiles\i386\comrereg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 9728 h:\windows\ServicePackFiles\i386\comrepl.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 6144 h:\windows\ServicePackFiles\i386\cisvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 4096 h:\windows\ServicePackFiles\i386\actmovie.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 5120 h:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2003-02-21 10:24 . 2009-07-15 00:08 7680 h:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 4096 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 6144 h:\windows\$NtServicePackUninstall$\winver.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 8192 h:\windows\$NtServicePackUninstall$\spdwnwxp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 8704 h:\windows\$NtServicePackUninstall$\snmptrap.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 8192 h:\windows\$NtServicePackUninstall$\smbinst.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 9728 h:\windows\$NtServicePackUninstall$\scrnsave.scr

+ 2008-10-02 15:13 . 2009-07-15 00:07 9728 h:\windows\$NtServicePackUninstall$\proxycfg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 4096 h:\windows\$NtServicePackUninstall$\nddeapir.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 6656 h:\windows\$NtServicePackUninstall$\msdtc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 5120 h:\windows\$NtServicePackUninstall$\mqsvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 5120 h:\windows\$NtServicePackUninstall$\mplayer2.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 7680 h:\windows\$NtServicePackUninstall$\migregdb.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 7680 h:\windows\$NtServicePackUninstall$\ieexec.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 7168 h:\windows\$NtServicePackUninstall$\forcedos.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 5120 h:\windows\$NtServicePackUninstall$\dllhost.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 5120 h:\windows\$NtServicePackUninstall$\dcomcnfg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 5632 h:\windows\$NtServicePackUninstall$\comrereg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 9728 h:\windows\$NtServicePackUninstall$\comrepl.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 5632 h:\windows\$NtServicePackUninstall$\cisvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 4096 h:\windows\$NtServicePackUninstall$\actmovie.exe

+ 2006-09-28 21:56 . 2009-07-15 00:13 146432 h:\windows\system32\WudfHost.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 167936 h:\windows\system32\wuauclt1.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 171520 h:\windows\system32\wjview.exe

+ 2002-08-21 08:13 . 2009-07-15 00:13 189952 h:\windows\system32\WISPTIS.EXE

+ 2009-07-12 18:27 . 2009-07-15 00:13 119808 h:\windows\system32\winmine.exe

+ 2007-08-13 21:45 . 2009-07-15 00:13 206336 h:\windows\system32\WinFXDocObj.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 434688 h:\windows\system32\wiaacmgr.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 102912 h:\windows\system32\verifier.exe

+ 2008-10-02 15:17 . 2009-07-15 00:15 241664 h:\windows\system32\usmt\migwiza.exe

+ 2002-09-09 14:08 . 2009-07-15 00:15 241664 h:\windows\system32\usmt\migwiz_a.exe

+ 2002-09-09 14:08 . 2009-07-15 00:15 104448 h:\windows\system32\usmt\migload.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 260096 h:\windows\system32\tracerpt.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 347648 h:\windows\system32\tourstart.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 370688 h:\windows\system32\Tools\RunRegexe.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 409088 h:\windows\system32\Tools\Restart.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 370688 h:\windows\system32\Tools\RegClean.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 382976 h:\windows\system32\Tools\DirectSetup.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 374784 h:\windows\system32\Tools\DelFolders.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 407552 h:\windows\system32\Tools\Counter.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 579584 h:\windows\system32\Tools\CheckPath.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 372736 h:\windows\system32\Tools\Change.exe

+ 2008-10-02 13:39 . 2009-07-15 00:15 395776 h:\windows\system32\Tools\All.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 141312 h:\windows\system32\taskmgr.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 107520 h:\windows\system32\sysocmgr.exe

+ 2008-10-02 13:49 . 2009-07-15 00:13 212992 h:\windows\system32\stacsv.exe

+ 2002-09-09 14:09 . 2009-07-15 00:13 684032 h:\windows\system32\sstext3d.scr

+ 2002-09-09 14:08 . 2009-07-15 00:13 610304 h:\windows\system32\sspipes.scr

+ 2002-09-09 14:08 . 2009-07-15 00:13 393216 h:\windows\system32\ssflwbox.scr

+ 2002-09-09 14:08 . 2009-07-15 00:13 708608 h:\windows\system32\ss3dfo.scr

+ 2006-10-14 19:44 . 2009-07-15 00:15 677376 h:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 539136 h:\windows\system32\spider.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 139264 h:\windows\system32\sndvol32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 133120 h:\windows\system32\sndrec32.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 126976 h:\windows\system32\schtasks.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 108032 h:\windows\system32\rsnotify.exe

+ 2008-10-02 13:31 . 2009-07-15 00:15 383488 h:\windows\system32\Restore\rstrui.exe

+ 2008-11-13 16:15 . 2009-07-15 00:15 102400 h:\windows\system32\ReinstallBackups\0000\DriverFiles\ATIODE.exe

+ 2009-07-09 22:24 . 2009-07-15 00:15 118784 h:\windows\system32\ReinstallBackups\0000\DriverFiles\atibrtmon.exe

+ 2008-11-13 16:15 . 2009-07-15 00:15 544768 h:\windows\system32\ReinstallBackups\0000\DriverFiles\ati2evxx.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 216576 h:\windows\system32\osk.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 129024 h:\windows\system32\nwscript.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 421888 h:\windows\system32\ntvdm.exe

+ 2002-09-09 14:11 . 2009-07-15 00:13 335872 h:\windows\system32\netsetup.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 124928 h:\windows\system32\net1.exe

+ 2008-10-02 15:17 . 2009-07-15 00:13 176640 h:\windows\system32\napstat.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 678400 h:\windows\system32\mstsc.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 128512 h:\windows\system32\mshearts.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 117248 h:\windows\system32\mqtgsvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 124928 h:\windows\system32\mplay32.exe

+ 2001-10-28 12:07 . 2009-07-15 00:13 143872 h:\windows\system32\mobsync.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 100864 h:\windows\system32\logagent.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 172032 h:\windows\system32\jview.exe

+ 2008-10-02 14:28 . 2009-07-15 00:15 480256 h:\windows\system32\IME\CINTLGNT\CINTSETP.EXE

+ 2001-10-28 12:06 . 2009-07-15 00:13 114688 h:\windows\system32\iexpress.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 123392 h:\windows\system32\gpresult.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 193024 h:\windows\system32\fsquirt.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 195072 h:\windows\system32\eudcedit.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 184320 h:\windows\system32\dwwin.exe

+ 2006-10-18 23:00 . 2009-07-15 00:13 249856 h:\windows\system32\drmupgds.exe

+ 2008-10-02 17:03 . 2009-07-15 00:14 155648 h:\windows\system32\dllcache\wscript.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 119808 h:\windows\system32\dllcache\winmine.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 102400 h:\windows\system32\dllcache\verifier.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 455168 h:\windows\system32\dllcache\tintsetp.exe

+ 2008-10-02 13:31 . 2009-07-15 00:14 139776 h:\windows\system32\dllcache\sndvol32.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 132608 h:\windows\system32\dllcache\rsvp.exe

+ 2006-10-14 19:44 . 2009-07-15 00:14 677888 h:\windows\system32\dllcache\PrintFilterPipelineSvc.exe

+ 2001-10-28 12:07 . 2009-07-15 00:14 129536 h:\windows\system32\dllcache\nwscript.exe

+ 2008-10-02 13:30 . 2009-07-15 00:14 128000 h:\windows\system32\dllcache\mshearts.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 262144 h:\windows\system32\dllcache\imjputy.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 233472 h:\windows\system32\dllcache\imjprw.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 208896 h:\windows\system32\dllcache\imjpmig.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 208896 h:\windows\system32\dllcache\imjpinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 155648 h:\windows\system32\dllcache\imjpdsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:14 307200 h:\windows\system32\dllcache\imjpdct.exe

+ 2008-10-08 22:23 . 2009-07-15 00:14 311296 h:\windows\system32\dllcache\imepadsv.exe

+ 2007-08-13 21:43 . 2009-07-15 00:14 626176 h:\windows\system32\dllcache\iexplore.exe

+ 2008-10-02 13:32 . 2009-07-15 00:14 100352 h:\windows\system32\dllcache\helphost.exe

+ 2008-10-02 17:03 . 2009-07-15 00:13 139264 h:\windows\system32\dllcache\cscript.exe

+ 2008-10-02 14:28 . 2009-07-15 00:13 480768 h:\windows\system32\dllcache\cintsetp.exe

+ 2008-10-02 13:30 . 2009-07-15 00:13 115200 h:\windows\system32\dllcache\calc.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 165376 h:\windows\system32\diskpart.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 105984 h:\windows\system32\dfrgntfs.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 135168 h:\windows\system32\cscript.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 401408 h:\windows\system32\cmd.exe

+ 2009-07-12 18:27 . 2009-07-15 00:13 115712 h:\windows\system32\calc.exe

+ 2001-10-28 12:06 . 2009-07-15 00:13 153600 h:\windows\system32\bootcfg.exe

+ 2008-10-21 17:51 . 2009-07-15 00:13 118784 h:\windows\system32\atibrtmon.exe

+ 2009-03-19 15:43 . 2009-07-15 00:13 114688 h:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-10-02 15:16 . 2009-07-15 00:10 558080 h:\windows\ServicePackFiles\i386\xpnetdg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 167936 h:\windows\ServicePackFiles\i386\wuauclt1.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 111616 h:\windows\ServicePackFiles\i386\wuauclt.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 155648 h:\windows\ServicePackFiles\i386\wscript.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 215040 h:\windows\ServicePackFiles\i386\wordpad.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 218624 h:\windows\ServicePackFiles\i386\wmiprvse.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 365056 h:\windows\ServicePackFiles\i386\wmic.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 126464 h:\windows\ServicePackFiles\i386\wmiapsrv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 197120 h:\windows\ServicePackFiles\i386\wmiadap.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 509952 h:\windows\ServicePackFiles\i386\winlogon.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 287744 h:\windows\ServicePackFiles\i386\winhlp32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 435200 h:\windows\ServicePackFiles\i386\wiaacmgr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 119296 h:\windows\ServicePackFiles\i386\wbemtest.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 293376 h:\windows\ServicePackFiles\i386\vssvc.exe

+ 2004-07-19 21:54 . 2009-07-15 00:10 716800 h:\windows\ServicePackFiles\i386\vbc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 151040 h:\windows\ServicePackFiles\i386\uploadm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 212992 h:\windows\ServicePackFiles\i386\unregmp2.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 260096 h:\windows\ServicePackFiles\i386\tracerpt.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 347136 h:\windows\ServicePackFiles\i386\tourstrt.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 141824 h:\windows\ServicePackFiles\i386\taskmgr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 107520 h:\windows\ServicePackFiles\i386\sysocmgr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 684032 h:\windows\ServicePackFiles\i386\sstext3d.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 610304 h:\windows\ServicePackFiles\i386\sspipes.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 397312 h:\windows\ServicePackFiles\i386\ssflwbox.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 712704 h:\windows\ServicePackFiles\i386\ss3dfo.scr

+ 2008-10-02 14:28 . 2009-07-15 00:10 539136 h:\windows\ServicePackFiles\i386\spider.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 133120 h:\windows\ServicePackFiles\i386\sndrec32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 236544 h:\windows\ServicePackFiles\i386\smi2smir.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 774144 h:\windows\ServicePackFiles\i386\setup_wm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 143360 h:\windows\ServicePackFiles\i386\sessmgr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 109056 h:\windows\ServicePackFiles\i386\services.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 126976 h:\windows\ServicePackFiles\i386\sctasks.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 382976 h:\windows\ServicePackFiles\i386\rstrui.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 108032 h:\windows\ServicePackFiles\i386\rsnotify.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 151040 h:\windows\ServicePackFiles\i386\regedit.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 109568 h:\windows\ServicePackFiles\i386\progman.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 284160 h:\windows\ServicePackFiles\i386\pinball.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 216576 h:\windows\ServicePackFiles\i386\osk.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 421376 h:\windows\ServicePackFiles\i386\ntvdm.exe

+ 2004-08-04 01:12 . 2009-07-15 00:09 147456 h:\windows\ServicePackFiles\i386\ngen.exe

+ 2004-08-04 03:48 . 2009-07-15 00:09 335872 h:\windows\ServicePackFiles\i386\netsetup.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 114176 h:\windows\ServicePackFiles\i386\netdde.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 124928 h:\windows\ServicePackFiles\i386\net1.exe

+ 2008-10-02 15:15 . 2009-07-15 00:09 176640 h:\windows\ServicePackFiles\i386\napstat.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 120320 h:\windows\ServicePackFiles\i386\mtstocom.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 409600 h:\windows\ServicePackFiles\i386\mstsc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 346112 h:\windows\ServicePackFiles\i386\mspaint.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 171520 h:\windows\ServicePackFiles\i386\msconfig.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 117248 h:\windows\ServicePackFiles\i386\mqtgsvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 124928 h:\windows\ServicePackFiles\i386\mplay32.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 144384 h:\windows\ServicePackFiles\i386\mobsync.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 241664 h:\windows\ServicePackFiles\i386\migwiza.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 241152 h:\windows\ServicePackFiles\i386\migwiz_a.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 250880 h:\windows\ServicePackFiles\i386\migwiz.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 786432 h:\windows\ServicePackFiles\i386\migrate.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 104960 h:\windows\ServicePackFiles\i386\migload.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 515584 h:\windows\ServicePackFiles\i386\logonui.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 221184 h:\windows\ServicePackFiles\i386\logon.scr

+ 2008-10-02 14:28 . 2009-07-15 00:09 103936 h:\windows\ServicePackFiles\i386\logagent.exe

+ 2008-10-02 15:16 . 2009-07-15 00:09 677888 h:\windows\ServicePackFiles\i386\lhmstsc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 455168 h:\windows\ServicePackFiles\i386\lang\tintsetp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 262144 h:\windows\ServicePackFiles\i386\lang\imjputy.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 233472 h:\windows\ServicePackFiles\i386\lang\imjprw.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 208896 h:\windows\ServicePackFiles\i386\lang\imjpmig.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 208896 h:\windows\ServicePackFiles\i386\lang\imjpinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 155648 h:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 307200 h:\windows\ServicePackFiles\i386\lang\imjpdct.exe

+ 2008-10-02 14:28 . 2009-07-15 00:10 480768 h:\windows\ServicePackFiles\i386\lang\cintsetp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 152576 h:\windows\ServicePackFiles\i386\irftp.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 150528 h:\windows\ServicePackFiles\i386\imapi.exe

+ 2004-08-04 01:11 . 2009-07-15 00:09 188416 h:\windows\ServicePackFiles\i386\ilasm.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 115200 h:\windows\ServicePackFiles\i386\iexpress.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 218112 h:\windows\ServicePackFiles\i386\icwconn1.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 744960 h:\windows\ServicePackFiles\i386\helpsvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 769536 h:\windows\ServicePackFiles\i386\helpctr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 123904 h:\windows\ServicePackFiles\i386\gprslt.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 268288 h:\windows\ServicePackFiles\i386\fxssvc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 235008 h:\windows\ServicePackFiles\i386\fxscover.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 143360 h:\windows\ServicePackFiles\i386\fxsclnt.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 193536 h:\windows\ServicePackFiles\i386\fsquirt.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 188416 h:\windows\ServicePackFiles\i386\fpcount.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 110080 h:\windows\ServicePackFiles\i386\fp98swin.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 194560 h:\windows\ServicePackFiles\i386\eudcedit.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 184320 h:\windows\ServicePackFiles\i386\dwwin.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 225280 h:\windows\ServicePackFiles\i386\dmadmin.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 294912 h:\windows\ServicePackFiles\i386\dlimport.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 165888 h:\windows\ServicePackFiles\i386\diskpart.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 545280 h:\windows\ServicePackFiles\i386\dialer.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 105472 h:\windows\ServicePackFiles\i386\dfrgntfs.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 139264 h:\windows\ServicePackFiles\i386\cscript.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 400896 h:\windows\ServicePackFiles\i386\cmd.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 105472 h:\windows\ServicePackFiles\i386\clipbrd.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 188416 h:\windows\ServicePackFiles\i386\cfgwiz.exe

+ 2008-10-02 15:17 . 2009-07-15 00:09 154112 h:\windows\ServicePackFiles\i386\bootcfg.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 256512 h:\windows\ServicePackFiles\i386\agentsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 188416 h:\windows\ServicePackFiles\i386\accwiz.exe

+ 2001-10-28 12:06 . 2009-07-15 00:08 256512 h:\windows\msagent\agentsvr.exe

+ 2007-10-11 12:55 . 2009-07-15 00:08 147456 h:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2007-10-11 12:55 . 2009-07-15 00:08 163840 h:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 110592 h:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2007-10-24 04:47 . 2009-07-15 00:08 110592 h:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2003-02-21 13:20 . 2009-07-15 00:08 741376 h:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe

+ 2003-02-20 22:09 . 2009-07-15 00:08 196608 h:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe

+ 2009-07-14 16:21 . 2008-07-08 17:54 148496 h:\windows\LastGood\system32\DRIVERS\65491658.sys

+ 2008-10-02 14:44 . 2009-07-15 00:08 409600 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 290816 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 249856 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 798720 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 139264 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-02 14:44 . 2009-07-15 00:08 593920 h:\windows\Installer\{90110416-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-10-02 13:37 . 2009-07-15 00:08 166912 h:\windows\Installer\{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe

+ 2008-10-08 22:23 . 2009-07-15 00:08 311296 h:\windows\ime\shared\imepadsv.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 262144 h:\windows\ime\imjp8_1\imjputy.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 233472 h:\windows\ime\imjp8_1\imjprw.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 204800 h:\windows\ime\imjp8_1\imjpinst.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 155648 h:\windows\ime\imjp8_1\imjpdsvr.exe

+ 2008-10-02 14:28 . 2009-07-15 00:08 307200 h:\windows\ime\imjp8_1\imjpdct.exe

+ 2008-10-02 17:20 . 2009-07-15 00:08 622080 h:\windows\ie7updates\KB953838-IE7\iexplore.exe

+ 2009-07-08 00:12 . 2009-07-15 00:08 167424 h:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2009-07-08 00:12 . 2009-07-15 00:08 167424 h:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2008-10-02 14:54 . 2009-07-15 00:08 212992 h:\windows\$NtUninstallwmp11$\unregmp2.exe

+ 2008-10-02 14:54 . 2009-07-15 00:08 774144 h:\windows\$NtUninstallwmp11$\setup_wm.exe

+ 2008-10-02 14:54 . 2009-07-15 00:08 103936 h:\windows\$NtUninstallWMFDist11$\logagent.exe

+ 2008-10-02 17:20 . 2009-07-15 00:08 159744 h:\windows\$NtUninstallKB951978$\wscript.exe

+ 2008-10-02 17:20 . 2009-07-15 00:08 143360 h:\windows\$NtUninstallKB951978$\cscript.exe

+ 2008-10-02 17:21 . 2009-07-15 00:08 316928 h:\windows\$NtUninstallKB939683$\unregmp2.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 168448 h:\windows\$NtServicePackUninstall$\wuauclt1.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 111616 h:\windows\$NtServicePackUninstall$\wuauclt.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 114688 h:\windows\$NtServicePackUninstall$\wscript.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 215552 h:\windows\$NtServicePackUninstall$\wordpad.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 218112 h:\windows\$NtServicePackUninstall$\wmiprvse.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 365056 h:\windows\$NtServicePackUninstall$\wmic.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 126464 h:\windows\$NtServicePackUninstall$\wmiapsrv.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 196608 h:\windows\$NtServicePackUninstall$\wmiadap.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 504320 h:\windows\$NtServicePackUninstall$\winlogon.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 288256 h:\windows\$NtServicePackUninstall$\winhlp32.exe

+ 2008-10-02 14:26 . 2009-07-15 00:08 434688 h:\windows\$NtServicePackUninstall$\wiaacmgr.exe

+ 2008-10-02 14:27 . 2009-07-15 00:08 119296 h:\windows\$NtServicePackUninstall$\wbemtest.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 293376 h:\windows\$NtServicePackUninstall$\vssvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 151040 h:\windows\$NtServicePackUninstall$\uploadm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 260096 h:\windows\$NtServicePackUninstall$\tracerpt.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 347648 h:\windows\$NtServicePackUninstall$\tourstrt.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 347136 h:\windows\$NtServicePackUninstall$\tourstart.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 122880 h:\windows\$NtServicePackUninstall$\togac.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 141824 h:\windows\$NtServicePackUninstall$\taskmgr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 107520 h:\windows\$NtServicePackUninstall$\sysocmgr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 684032 h:\windows\$NtServicePackUninstall$\sstext3d.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 610304 h:\windows\$NtServicePackUninstall$\sspipes.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 393216 h:\windows\$NtServicePackUninstall$\ssflwbox.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 708608 h:\windows\$NtServicePackUninstall$\ss3dfo.scr

+ 2008-10-02 15:13 . 2009-07-15 00:08 539136 h:\windows\$NtServicePackUninstall$\spider.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 133120 h:\windows\$NtServicePackUninstall$\sndrec32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 237056 h:\windows\$NtServicePackUninstall$\smi2smir.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 106496 h:\windows\$NtServicePackUninstall$\setregni.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 142336 h:\windows\$NtServicePackUninstall$\sessmgr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 109056 h:\windows\$NtServicePackUninstall$\services.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 126976 h:\windows\$NtServicePackUninstall$\sctasks.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 126976 h:\windows\$NtServicePackUninstall$\schtasks.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 382976 h:\windows\$NtServicePackUninstall$\rstrui.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 107520 h:\windows\$NtServicePackUninstall$\rsnotify.exe

+ 2008-10-02 15:13 . 2009-07-15 00:08 150528 h:\windows\$NtServicePackUninstall$\regedit.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 110080 h:\windows\$NtServicePackUninstall$\progman.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 284160 h:\windows\$NtServicePackUninstall$\pinball.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 216064 h:\windows\$NtServicePackUninstall$\osk.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 420352 h:\windows\$NtServicePackUninstall$\ntvdm.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 335872 h:\windows\$NtServicePackUninstall$\netsetup.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 106496 h:\windows\$NtServicePackUninstall$\netfxupdate.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 114176 h:\windows\$NtServicePackUninstall$\netdde.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 124928 h:\windows\$NtServicePackUninstall$\net1.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 111616 h:\windows\$NtServicePackUninstall$\mtstocom.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 409088 h:\windows\$NtServicePackUninstall$\mstsc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 346112 h:\windows\$NtServicePackUninstall$\mspaint.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 159744 h:\windows\$NtServicePackUninstall$\msconfig.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 117248 h:\windows\$NtServicePackUninstall$\mqtgsvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 124928 h:\windows\$NtServicePackUninstall$\mplay32.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 143872 h:\windows\$NtServicePackUninstall$\mobsync.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 815616 h:\windows\$NtServicePackUninstall$\mmc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 245248 h:\windows\$NtServicePackUninstall$\migwiz.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 103936 h:\windows\$NtServicePackUninstall$\migload.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 515072 h:\windows\$NtServicePackUninstall$\logonui.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 221184 h:\windows\$NtServicePackUninstall$\logon.scr

+ 2008-10-02 15:13 . 2009-07-15 00:07 154112 h:\windows\$NtServicePackUninstall$\irftp.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 150528 h:\windows\$NtServicePackUninstall$\imapi.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 114688 h:\windows\$NtServicePackUninstall$\iexpress.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 217600 h:\windows\$NtServicePackUninstall$\icwconn1.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 743936 h:\windows\$NtServicePackUninstall$\helpsvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 769024 h:\windows\$NtServicePackUninstall$\helpctr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 122880 h:\windows\$NtServicePackUninstall$\gprslt.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 122368 h:\windows\$NtServicePackUninstall$\gpresult.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 268288 h:\windows\$NtServicePackUninstall$\fxssvc.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 234496 h:\windows\$NtServicePackUninstall$\fxscover.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 143360 h:\windows\$NtServicePackUninstall$\fxsclnt.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 193024 h:\windows\$NtServicePackUninstall$\fsquirt.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 188416 h:\windows\$NtServicePackUninstall$\fpcount.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 110080 h:\windows\$NtServicePackUninstall$\fp98swin.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 195072 h:\windows\$NtServicePackUninstall$\eudcedit.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 180224 h:\windows\$NtServicePackUninstall$\dwwin.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 225792 h:\windows\$NtServicePackUninstall$\dmadmin.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 294912 h:\windows\$NtServicePackUninstall$\dlimport.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 165376 h:\windows\$NtServicePackUninstall$\diskpart.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 545280 h:\windows\$NtServicePackUninstall$\dialer.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 105472 h:\windows\$NtServicePackUninstall$\dfrgntfs.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 400384 h:\windows\$NtServicePackUninstall$\cmd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 104960 h:\windows\$NtServicePackUninstall$\clipbrd.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 188416 h:\windows\$NtServicePackUninstall$\cfgwiz.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 147968 h:\windows\$NtServicePackUninstall$\bootcfg.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 256512 h:\windows\$NtServicePackUninstall$\agentsvr.exe

+ 2008-10-02 15:13 . 2009-07-15 00:06 188416 h:\windows\$NtServicePackUninstall$\accwiz.exe

+ 2008-10-02 17:20 . 2009-07-15 00:06 625664 h:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe

+ 2008-10-02 17:03 . 2009-07-15 00:06 155648 h:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe

+ 2008-10-02 17:03 . 2009-07-15 00:06 139264 h:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe

+ 2002-09-09 14:08 . 2009-07-15 00:13 1302528 h:\windows\system32\dxdiag.exe

+ 2008-04-13 22:21 . 2009-07-15 00:10 1695232 h:\windows\ServicePackFiles\ServicePackCache\i386\msmsgs.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 1219072 h:\windows\ServicePackFiles\i386\ntbackup.exe

+ 2004-08-04 03:45 . 2009-07-15 00:09 1695232 h:\windows\ServicePackFiles\i386\msmsgs.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 3558912 h:\windows\ServicePackFiles\i386\moviemk.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 1415168 h:\windows\ServicePackFiles\i386\mmc.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 1302528 h:\windows\ServicePackFiles\i386\dxdiag.exe

+ 2008-10-02 14:28 . 2009-07-15 00:09 1044480 h:\windows\ServicePackFiles\i386\conf.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 1218560 h:\windows\$NtServicePackUninstall$\ntbackup.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 1667584 h:\windows\$NtServicePackUninstall$\msmsgs.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 3555840 h:\windows\$NtServicePackUninstall$\moviemk.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 1034752 h:\windows\$NtServicePackUninstall$\explorer.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 1298432 h:\windows\$NtServicePackUninstall$\dxdiag.exe

+ 2008-10-02 15:13 . 2009-07-15 00:07 1044480 h:\windows\$NtServicePackUninstall$\conf.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2009-07-08 15360]

"SpybotSD TeaTimer"="h:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-07-08 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-25 19:06 11952 ----a-w- h:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"h:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"h:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"h:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"h:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"h:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"h:\\Arquivos de programas\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"h:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"h:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"h:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"=

 

S1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2/10/2008 11:46 327688]

S1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2/10/2008 11:46 108552]

S1 is-5D4GDdrv;is-5D4GDdrv;h:\windows\system32\drivers\18238059.sys [13/7/2009 19:43 148496]

S1 is-C5IBDdrv;is-C5IBDdrv;h:\windows\system32\drivers\02786923.sys [8/7/2009 16:23 148496]

S1 is-N06ULdrv;is-N06ULdrv;h:\windows\system32\drivers\65491658.sys [14/7/2009 13:21 148496]

S2 avg8emc;AVG Free8 E-mail Scanner;h:\arquiv~1\AVG\AVG8\avgemc.exe [2/10/2008 11:46 906520]

S2 avg8wd;AVG Free8 WatchDog;h:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2/10/2008 11:46 298776]

S3 ASPI;Advanced SCSI Programming Interface Driver;h:\windows\system32\drivers\ASPI32.SYS [27/1/2009 13:20 16512]

S3 AtiHdmiService;ATI Function Driver for HDMI Service;h:\windows\system32\drivers\AtiHdmi.sys [2/10/2008 11:27 93696]

S3 genmcmnUSB;USB Scroll Mouse Driver;h:\windows\system32\DRIVERS\gflmouhid.sys --> h:\windows\system32\DRIVERS\gflmouhid.sys [?]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-19088 - h:\windows\system32\6.tmp.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Baixar com &BitComet - h:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos com BitComet - h:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Download all videos using BitComet - h:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - h:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ƒŠƒ“ƒNæ‚ð &BitComet ‚Ń_ƒEƒ“ƒ[ƒh‚·‚é

IE: ‘S‚ẴŠƒ“ƒN‚ð BitComet ‚Ń_ƒEƒ“ƒ[ƒh‚·‚é

IE: ????? &BitComet ?????????

IE: ??????? BitComet ?????????

TCP: {11E93C6D-F3FB-419F-BF96-60586D109CC7} = 201.10.1.2,201.10.120.3

DPF: DirectAnimation Java Classes - file://h:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://h:\windows\Java\classes\xmldso.cab

FF - ProfilePath - h:\documents and settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

 

---- FIREFOX POLICIES ----

h:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-14 21:38

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]

"DisplayName"="???\17?\11\09"

"DeviceDesc"="???\17?\11\09"

"ProviderName"="?;?\11???\11??"

"MFG"="???????"

"ReinstallString"=".10.1000.8"

"DeviceInstanceIds"=multi:"g:\\chipset\\xp3264\\smbus\\smbusati.inf\00"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(248)

h:\windows\system32\Ati2evxx.dll

.

Tempo para conclusão: 2009-07-15 21:42

ComboFix-quarantined-files.txt 2009-07-15 00:42

 

Pré-execução: 10 pasta(s) 122.066.833.408 bytes disponíveis

Pós execução: 10 pasta(s) 122.038.591.488 bytes disponíveis

 

1476 --- E O F --- 2008-10-16 09:54

-------------------------------------------------

 

...e o log do HijackThis atualizado:

 

-------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 21:55:29, on 14/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

H:\Arquivos de programas\Java\jre6\bin\jqs.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

H:\ARQUIV~1\AVG\AVG8\avgrsx.exe

H:\ARQUIV~1\AVG\AVG8\avgnsx.exe

H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

H:\WINDOWS\System32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgemc.exe

H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

H:\WINDOWS\system32\wscntfy.exe

H:\Arquivos de programas\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Arquivos de programas\BitComet\tools\BitCometBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conex? do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: is-5D4GD.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-5D4GD\startup.exe

O4 - Startup: is-C5IBD.lnk = H:\Arquivos de programas\Kaspersky Virus Removal Tool\is-C5IBD\startup.exe

O4 - Startup: is-N06UL.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-N06UL\startup.exe

O8 - Extra context menu item: Baixar com &BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos com BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224693924984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - h:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-------------------------------------------------

 

Após a execução do ComboFix, um erro diferente de script aparece na inicialização, acusando problemas de leitura em um arquivo chamado "ati2sgag.exe". A restauração do sistema ainda está desativada e não tentei reconectar a internet no PC infectado desde que a desabilitei - acho que ainda não estou livre de vírus, portanto provavelmente só pioraria a situação.

 

Qual o próximo passo? Obrigado.

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Execute novamente o Malwarebytes.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

Olá.

 

Executei novamente o MalwareBytes e deletei os 5 arquivos infectados que o mesmo encontrou. Segue o log:

 

-----------------------------------------

Malwarebytes' Anti-Malware 1.38

Versão do banco de dados: 2297

Windows 5.1.2600 Service Pack 3

 

16/7/2009 15:59:01

mbam-log-2009-07-16 (15-59-01).txt

 

Tipo de Verificação: Completa (H:\|)

Objetos verificados: 176359

Tempo decorrido: 1 hour(s), 15 minute(s), 54 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 1

Arquivos infectados: 4

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

H:\Arquivos de programas\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

 

Arquivos infectados:

h:\arquivos de programas\protection system\psystem.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

h:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

h:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

h:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------

 

Quando poderei acessar a internet novamente no PC infectado? Tenho medo de fazê-lo neste momento e adquirir novas infecções, mas fico ansioso por fazê-lo exatamente para saber se ainda estou baixando vírus online. E quanto ao "services.exe" identificado novamente no último log do HijackThis? É um processo comum do sistema ou de fato é um malware que ainda não foi removido?

 

Obrigado até agora.

~Lucied

 

PS: O erro com o "ati2sgag.exe" perdura. Consegui o disco de instalação da placa de vídeo, mas ainda não reinstalei o software gráfico da mesma pois pretendo fazê-lo apenas quando o computador estiver livre de problemas. Espero que a reinstalação desse software corrija esse erro que é mostrado em toda inicialização.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Olá Lucied

 

Estou com dificuldade de ver o seu log devido a problemas em minhas máquina. Não sei o que houve, mais acho que alguém mexeu aqui e colocou malware(s). :angry:

 

O que você escreve eu estou conseguindo ver normalmente. Vou fazer uma limpeza aqui, mais antes faça o que eu vou dizer abaixo:

 

Quando poderei acessar a internet novamente no PC infectado? Tenho medo de fazê-lo neste momento e adquirir novas infecções, mas fico ansioso por fazê-lo exatamente para saber se ainda estou baixando vírus online. E quanto ao "services.exe" identificado novamente no último log do HijackThis? É um processo comum do sistema ou de fato é um malware que ainda não foi removido?

 

O processo é um malware, poderia dizer o caminho completo do arquivo? Por exemplo h:\WINDOWS\system32\3.tmp.

Não estou conseguindo visualizar o seu log, preciso saber se este arquivo estar na pasta system ou system32.

 

PS: O erro com o "ati2sgag.exe" perdura. Consegui o disco de instalação da placa de vídeo, mas ainda não reinstalei o software gráfico da mesma pois pretendo fazê-lo apenas quando o computador estiver livre de problemas. Espero que a reinstalação desse software corrija esse erro que é mostrado em toda inicialização
.

 

ótimo, faça isso mesmo.

 

Um abraço e espero sua resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

PedroN,

 

o caminho do arquivo "services.exe" de acordo com o log do HijackThis é

H:\WINDOWS\system32\services.exe

 

Segue o log para você averiguar:

 

----------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 17:29:46, on 16/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.exe

H:\WINDOWS\system32\csrcs.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

H:\Arquivos de programas\Java\jre6\bin\jqs.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

H:\ARQUIV~1\AVG\AVG8\avgrsx.exe

H:\ARQUIV~1\AVG\AVG8\avgnsx.exe

H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

H:\WINDOWS\System32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgemc.exe

H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

H:\Arquivos de programas\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Arquivos de programas\BitComet\tools\BitCometBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conex? do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: is-5D4GD.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-5D4GD\startup.exe

O4 - Startup: is-C5IBD.lnk = H:\Arquivos de programas\Kaspersky Virus Removal Tool\is-C5IBD\startup.exe

O4 - Startup: is-N06UL.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-N06UL\startup.exe

O8 - Extra context menu item: Baixar com &BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos com BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224693924984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - h:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-----------------------------------------------------

 

Boa sorte com seu PC e aguardo a próxima instrução quanto ao meu.

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Que estranho, as infecções estão voltando parece. Execute novamente o SDFIX como descrito acima.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

PedroN,

 

aí está o log do SDFix, parece que não encontrou infecções:

 

-----------------------------------------------

SDFix: Version 1.153

 

Run by Jorge on qui 16/07/2009 at 23:18

 

Microsoft Windows XP [versão 5.1.2600]

Running From: H:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-16 23:39:50

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:3b5f89e3

"s2"=dword:f3a3dbc7

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="H:\Arquivos de programas\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:5f,22,85,7c,fe,d0,3e,07,01,b4,3c,3f,30,04,42,8d,95,92,a6,bd,b5,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:32,85,68,ca,6b,60,44,5d,01,c1,40,0d,8e,dd,e8,9e,67,71,96,7a,13,..

"p0"="H:\Arquivos de programas\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:5c,a4,a5,39,c9,9d,98,8c,38,97,47,f9,3e,91,0f,a7,57,3d,ab,6b,e7,..

"a0"=hex:20,01,00,00,fa,36,ae,03,03,7f,6b,b6,c6,da,d0,49,4a,de,f7,9a,3c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:c9,80,1d,2b,96,8c,3f,a9,e5,ba,bc,07,24,ff,06,cd,d9,e4,5b,59,33,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:b2,b1,60,5e,c3,30,9a,73,8c,c6,99,46,fe,9e,d2,0d,ec,fe,f6,ba,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="H:\Arquivos de programas\Alcohol Soft\Alcohol 120\"

"h0"=dword:00000000

"ujdew"=hex:5f,22,85,7c,fe,d0,3e,07,01,b4,3c,3f,30,04,42,8d,95,92,a6,bd,b5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000001

"khjeh"=hex:32,85,68,ca,6b,60,44,5d,01,c1,40,0d,8e,dd,e8,9e,67,71,96,7a,13,..

"p0"="H:\Arquivos de programas\DAEMON Tools Lite\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:5c,a4,a5,39,c9,9d,98,8c,38,97,47,f9,3e,91,0f,a7,57,3d,ab,6b,e7,..

"a0"=hex:20,01,00,00,fa,36,ae,03,03,7f,6b,b6,c6,da,d0,49,4a,de,f7,9a,3c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:c9,80,1d,2b,96,8c,3f,a9,e5,ba,bc,07,24,ff,06,cd,d9,e4,5b,59,33,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:b2,b1,60,5e,c3,30,9a,73,8c,c6,99,46,fe,9e,d2,0d,ec,fe,f6,ba,06,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\27:\xf5wjY\1]

"DisplayName"="\x3da2\x7665\x1200\27\x1340\21\t"

"DeviceDesc"="\x3da2\x7665\x1200\27\x1340\21\t"

"ProviderName"="\xea70\x37e\x24dc\21\xfcb0\x1e2\x2808\21\x9005\x77f7"

"MFG"="\xffff\xffff\x3dbf\x7665\x654f\x7665\x900"

"ReinstallString"=".10.1000.8"

"DeviceInstanceIds"=str(7):"g:\chipset\xp3264\smbus\smbusati.inf"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\17_\xe8\x90]

"Order"=hex:08,00,00,00,02,00,00,00,80,00,00,00,01,00,00,00,01,00,00,00,74,..

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\17_\xe8\x90\DEVIL FORCE]

"Order"=hex:08,00,00,00,02,00,00,00,02,02,00,00,01,00,00,00,04,00,00,00,80,..

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"H:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"="H:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

"H:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"="H:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"H:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"="H:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"H:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"="H:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe:*:Enabled:Fireworks MX"

"H:\\Arquivos de programas\\BitComet\\BitComet.exe"="H:\\Arquivos de programas\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"H:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="H:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"H:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"H:\\Arquivos de programas\\Unreal Tournament 3\\Binaries\\UT3.exe"="H:\\Arquivos de programas\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="H:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"H:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="H:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"

"H:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="H:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"

"H:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"="H:\\WINDOWS\\System32\\wbem\\wmiprvse.exe:*:enabled:@shell32.dll,-1"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"H:\\Arquivos de programas\\MSN Messenger\\livecall.exe"="H:\\Arquivos de programas\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"H:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="H:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"

"H:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="H:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Wed 22 Oct 2008 949,072 A.SHR --- H:\ARQUIV~1\SPYBOT~1\ADVCHECK.DLL

Mon 15 Sep 2008 1,562,960 A.SHR --- H:\ARQUIV~1\SPYBOT~1\SDHELPER.DLL

Thu 14 Aug 2008 1,429,840 A.SHR --- H:\ARQUIV~1\SPYBOT~1\SDUPDATE.EXE

Wed 30 Jul 2008 4,891,984 A.SHR --- H:\ARQUIV~1\SPYBOT~1\SPYBOTSD.EXE

Wed 8 Jul 2009 2,260,480 A.SHR --- H:\ARQUIV~1\SPYBOT~1\TEATIMER.EXE

Wed 22 Oct 2008 962,896 A.SHR --- H:\ARQUIV~1\SPYBOT~1\TOOLS.DLL

Tue 16 Sep 2008 1,833,296 A.SHR --- H:\ARQUIV~1\TEATIM~1\TEATIMER.EXE

Sun 13 Apr 2008 713,010 A.SHR --- H:\WINDOWS\SYSTEM32\CSRCS.EXE

Tue 14 Jul 2009 6,656 A..H. --- H:\SYSTEM~1\_RESTO~1\RP1\A0000414.EXE

Tue 14 Jul 2009 6,656 A..H. --- H:\SYSTEM~1\_RESTO~1\RP1\A0001477.EXE

Tue 14 Jul 2009 6,656 A..H. --- H:\SYSTEM~1\_RESTO~1\RP1\A0001611.EXE

Thu 2 Oct 2008 0 A.SH. --- H:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP

Sun 24 Feb 2008 190,976 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL0003.TMP

Tue 4 Mar 2008 191,488 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL0005.TMP

Sun 2 Mar 2008 51,712 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL0250.TMP

Tue 4 Mar 2008 191,488 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL0570.TMP

Tue 4 Mar 2008 194,560 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL0841.TMP

Tue 4 Mar 2008 51,712 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL1187.TMP

Sat 14 Jul 2007 97,280 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL1255.TMP

Tue 4 Mar 2008 192,512 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL1957.TMP

Tue 4 Mar 2008 193,536 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\~WRL2140.TMP

Thu 23 Aug 2007 48,128 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL0118.TMP

Wed 18 Jul 2007 27,136 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL0141.TMP

Wed 22 Aug 2007 47,616 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL0253.TMP

Wed 18 Jul 2007 31,232 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL0379.TMP

Wed 22 Aug 2007 47,616 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL0785.TMP

Thu 23 Aug 2007 53,248 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL0812.TMP

Thu 23 Aug 2007 49,664 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL1101.TMP

Wed 18 Jul 2007 28,160 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL1804.TMP

Thu 23 Aug 2007 48,128 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL2698.TMP

Thu 23 Aug 2007 49,664 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL2877.TMP

Wed 22 Aug 2007 44,544 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL3062.TMP

Wed 18 Jul 2007 30,208 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL3313.TMP

Wed 18 Jul 2007 31,744 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL3412.TMP

Wed 18 Jul 2007 31,744 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\SISTEM~1\~WRL3552.TMP

Wed 18 Jul 2007 155,136 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\STORYL~1\~WRL0535.TMP

Sun 31 Dec 2006 301,568 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\STORYL~1\~WRL1073.TMP

Sun 31 Dec 2006 300,032 ...H. --- H:\TIGERH~1\_IRUCA~2\TEXTS\STORYL~1\~WRL2924.TMP

Thu 16 Oct 2008 1,471,528 A..H. --- H:\WINDOWS\SOFTWA~1\DOWNLOAD\162671~1\BIT30.TMP

Thu 2 Oct 2008 0 A..H. --- H:\WINDOWS\SOFTWA~1\DOWNLOAD\DB4AF1~1\BIT5.TMP

Fri 17 Oct 2008 2,874,920 A..H. --- H:\WINDOWS\SOFTWA~1\DOWNLOAD\F2EEA5~1\BIT2F.TMP

Wed 24 Jun 2009 4,520 ...HR --- H:\DOCUME~1\JORGE\DADOSD~1\SECUROM\USERDATA\SECURO~1.BAK

Thu 23 Aug 2007 48,128 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL0118.TMP

Wed 18 Jul 2007 27,136 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL0141.TMP

Wed 22 Aug 2007 47,616 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL0253.TMP

Wed 18 Jul 2007 31,232 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL0379.TMP

Wed 22 Aug 2007 47,616 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL0785.TMP

Thu 23 Aug 2007 53,248 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL0812.TMP

Thu 23 Aug 2007 49,664 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL1101.TMP

Wed 18 Jul 2007 28,160 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL1804.TMP

Thu 23 Aug 2007 48,128 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL2698.TMP

Thu 23 Aug 2007 49,664 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL2877.TMP

Wed 22 Aug 2007 44,544 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL3062.TMP

Wed 18 Jul 2007 30,208 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL3313.TMP

Wed 18 Jul 2007 31,744 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL3412.TMP

Wed 18 Jul 2007 31,744 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\SISTEM~1\~WRL3552.TMP

Wed 18 Jul 2007 155,136 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\STORYL~1\~WRL0535.TMP

Sun 31 Dec 2006 301,568 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\STORYL~1\~WRL1073.TMP

Sun 31 Dec 2006 300,032 A..H. --- H:\DOCUME~1\JORGE\MEUSDO~1\NOVAPA~1\STORYL~1\~WRL2924.TMP

Thu 16 Oct 2008 1,847,941 A..H. --- H:\WINDOWS\SOFTWA~1\DOWNLOAD\C7B96A~1\DOWNLOAD\BIT37.TMP

 

Finished!

-----------------------------------------------

 

Se as infecções estão voltando, a única explicação seria um arquivo criando as mesmas. Não reabilitei a internet nenhuma vez desde o primeiro scan com o ComboFix, nem reativei a restauração do sistema.

 

Abraços.

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Esqueceu de postar um novo log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

Desculpe-me, de fato esqueci. Aí está o mais atualizado:

 

-----------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 13:58:44, on 17/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

H:\Arquivos de programas\Java\jre6\bin\jqs.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

H:\ARQUIV~1\AVG\AVG8\avgrsx.exe

H:\ARQUIV~1\AVG\AVG8\avgnsx.exe

H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

H:\WINDOWS\System32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgemc.exe

H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

H:\Arquivos de programas\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Arquivos de programas\BitComet\tools\BitCometBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conex? do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: is-5D4GD.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-5D4GD\startup.exe

O4 - Startup: is-C5IBD.lnk = H:\Arquivos de programas\Kaspersky Virus Removal Tool\is-C5IBD\startup.exe

O4 - Startup: is-N06UL.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-N06UL\startup.exe

O8 - Extra context menu item: Baixar com &BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos com BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224693924984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - h:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-----------------------------------------

 

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

O log não apresenta entradas relacionadas a malwares. Algum problema ainda? Para termos uma análise mais detalhada do seu sistema, execute novamente o comboFix e poste o log atualizado do programa.

 

Abraços.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

PedroN,

 

resolvi reconectar a internet, já que aparentemente o PC estava livre de infecções, mas logo que o fiz, a transmissão de dados intermitente do modem recomeçou. Estou recebendo cinco vezes mais pacotes do que envio, isso sem estar acessando página alguma nem fazendo o download de nenhum arquivo (não por conta própria pelo menos, um malware pode estar baixando centenas). Pior que isso, antes a internet estava lenta, mas agora nem ao menos consigo abrir a página do Google - também não consegui fazer o update do AVG, pois a conexão está totalmente ocupada com este recebimento de dados misteriosos.

 

De qualquer maneira, também reabilitei o Resident Shield do AVG, mas por alguma razão ele não está mais inicializando junto ao Windows, como costumava fazer. Dei uma olhada nas configurações, mas não achei nada que influenciasse nisto. Acredito que se estivesse fazendo o startup junto ao sistema, encontraria os mesmos vírus que encontrava sempre (Win32/Heur e SHeur2.AMSD) antes de ter seu Resident Shield desabilitado.

 

O único erro que está sendo acusado ainda é o do arquivo "ati2sgag.exe", o qual acredito que será solucionado com a reinstalação do software gráfico da placa de vídeo... Mas vendo que provavelmente ainda não estou livre de infecções, não farei isso tão cedo. A propósito, e quanto ao "services.exe"? O HijackThis ainda afirma que ele está rodando junto a todos os outros processos do sistema. Não seria necessário tomar alguma providência a respeito de sua exclusão?

 

Segue o log do último scan do ComboFix:

 

------------------------------------------------

ComboFix 09-07-13.01 - Jorge 17/07/2009 16:22.3.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3327.2962 [GMT -3:00]

Executando de: h:\documents and settings\Jorge\Desktop\Virus Removal Tools\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

h:\windows\system32\csrcs.exe

h:\windows\system32\drivers\beep.sys

h:\windows\system32\drivers\null.sys

 

estava faltando h:\windows\system32\drivers\null.sys

Cópia restaurada de - h:\windows\system32\dllcache\null.sys

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-06-17 to 2009-07-17 ))))))))))))))))))))))))))))

.

 

2009-07-17 19:20 . 2009-07-17 19:21 -------- d-----w- H:\32788R22FWJFW

2009-07-14 16:21 . 2008-07-08 17:54 148496 ----a-w- h:\windows\system32\drivers\65491658.sys

2009-07-13 22:43 . 2008-07-08 17:54 148496 ----a-w- h:\windows\system32\drivers\18238059.sys

2009-07-13 12:30 . 2009-07-13 12:35 84467 ----a-w- h:\windows\sc.exe

2009-07-13 05:04 . 2009-07-13 05:04 212224 -c--a-w- h:\windows\system32\dllcache\ndis.sys

2009-07-12 19:47 . 2008-10-15 16:36 337408 -c----w- h:\windows\system32\dllcache\netapi32.dll

2009-07-09 23:45 . 2009-07-09 23:45 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\Malwarebytes

2009-07-09 23:45 . 2009-06-17 14:27 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys

2009-07-09 23:45 . 2009-07-09 23:45 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-07-09 23:45 . 2009-07-09 23:45 -------- d-----w- h:\arquivos de programas\Malwarebytes' Anti-Malware

2009-07-09 23:45 . 2009-06-17 14:27 19096 ----a-w- h:\windows\system32\drivers\mbam.sys

2009-07-09 20:21 . 2009-07-09 20:21 -------- d-----w- H:\Virut

2009-07-08 23:43 . 2009-07-09 00:57 -------- d-----w- h:\documents and settings\Jorge\DoctorWeb

2009-07-08 19:23 . 2009-07-17 19:36 24174624 --sha-w- h:\windows\system32\drivers\fidbox.dat

2009-07-08 19:23 . 2008-07-08 17:54 148496 ----a-w- h:\windows\system32\drivers\02786923.sys

2009-07-08 00:13 . 2008-04-13 22:20 579072 -c--a-w- h:\windows\system32\dllcache\user32.dll

2009-07-08 00:11 . 2009-07-08 00:12 -------- d-----w- h:\windows\ERUNT

2009-07-08 00:07 . 2009-07-17 02:42 -------- d-----w- H:\SDFix

2009-07-07 20:52 . 2009-07-07 20:52 664 ----a-w- h:\windows\system32\d3d9caps.dat

2009-07-07 01:23 . 2009-07-07 01:23 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\GetRightToGo

2009-07-07 00:25 . 2005-05-10 21:54 258352 ----a-w- h:\windows\system32\unicows.dll

2009-07-06 23:47 . 2009-07-08 01:45 -------- d-----w- h:\arquivos de programas\Perfect World International

2009-06-25 20:39 . 2009-06-25 20:39 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\Locktime

2009-06-25 20:33 . 2009-06-25 20:33 107888 ----a-w- h:\windows\system32\CmdLineExt.dll

2009-06-24 19:26 . 2009-06-25 20:41 -------- d-----w- h:\arquivos de programas\Rockstar Games

2009-06-24 18:55 . 2009-06-24 18:55 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\DAEMON Tools Pro

2009-06-24 18:55 . 2009-06-24 18:55 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\DAEMON Tools

2009-06-24 18:54 . 2009-06-24 18:54 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-06-24 18:50 . 2009-06-24 19:24 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\DAEMON Tools Lite

2009-06-18 23:19 . 2009-06-18 23:19 162432 ----a-w- h:\windows\system32\drivers\ithsgt.sys

2009-06-18 23:19 . 2009-06-18 23:19 12032 ----a-w- h:\windows\system32\drivers\lilsgt.sys

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-17 19:18 . 2009-07-08 19:23 282644 --sha-w- h:\windows\system32\drivers\fidbox.idx

2009-07-15 00:15 . 2008-10-02 13:30 196608 ----a-w- h:\windows\system32\wbem\wmiadap.exe

2009-07-15 00:15 . 2008-10-02 13:30 17408 ----a-w- h:\windows\system32\wbem\unsecapp.exe

2009-07-15 00:15 . 2008-10-02 13:30 118784 ----a-w- h:\windows\system32\wbem\wbemtest.exe

2009-07-15 00:15 . 2008-10-02 13:30 365056 ----a-w- h:\windows\system32\wbem\wmic.exe

2009-07-15 00:15 . 2008-10-02 13:30 218112 ----a-w- h:\windows\system32\wbem\wmiprvse.exe

2009-07-15 00:15 . 2008-10-02 13:30 36352 ----a-w- h:\windows\system32\wbem\scrcons.exe

2009-07-15 00:15 . 2008-10-02 13:30 16896 ----a-w- h:\windows\system32\wbem\mofcomp.exe

2009-07-15 00:09 . 2008-10-02 13:32 151040 ----a-w- h:\windows\PCHealth\UploadLB\Binaries\uploadm.exe

2009-07-15 00:08 . 2008-10-02 13:32 35840 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\notiflag.exe

2009-07-15 00:08 . 2008-10-02 13:31 744448 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe

2009-07-15 00:08 . 2008-10-02 13:31 18944 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe

2009-07-15 00:08 . 2008-10-02 13:32 99840 ----a-w- h:\windows\PCHealth\HelpCtr\Binaries\HelpHost.exe

2009-07-15 00:06 . 2008-11-14 20:52 86016 ----a-w- h:\windows\unvise32.exe

2009-07-15 00:06 . 2008-10-02 13:25 15360 ----a-w- h:\windows\TASKMAN.EXE

2009-07-15 00:06 . 2001-10-28 12:07 25600 ----a-w- h:\windows\twunk_32.exe

2009-07-15 00:06 . 2008-10-02 14:28 32768 ----a-w- h:\windows\slrundll.exe

2009-07-15 00:06 . 2008-10-02 13:49 413696 ----a-w- h:\windows\sttray.exe

2009-07-15 00:05 . 2008-10-08 22:27 306688 ----a-w- h:\windows\IsUninst.exe

2009-07-15 00:05 . 2009-05-10 23:04 52736 ----a-w- h:\windows\ipuninst.exe

2009-07-15 00:05 . 2009-05-04 23:59 304128 ----a-w- h:\windows\IsUn0411.exe

2009-07-15 00:05 . 2009-04-23 23:12 250368 ----a-w- h:\windows\eiunin21.exe

2009-07-14 23:55 . 2009-03-22 02:52 45056 ----a-r- h:\documents and settings\Jorge\Dados de aplicativos\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe

2009-07-14 23:55 . 2009-03-24 20:34 335872 ----a-w- h:\documents and settings\Jorge\Dados de aplicativos\InstallShield Installation Information\{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}\SetupUT3.exe

2009-07-14 20:48 . 2008-05-15 01:59 585728 ----a-w- h:\windows\system32\ati2evxx.exe

2009-07-14 00:16 . 2008-10-02 14:28 346112 ----a-w- h:\windows\system32\mspaint.exe

2009-07-14 00:16 . 2008-10-02 14:34 598016 ----a-w- h:\windows\system32\ati2sgag.exe

2009-07-14 00:16 . 2008-10-02 14:28 188416 ----a-w- h:\windows\system32\accwiz.exe

2009-07-14 00:16 . 2008-10-02 14:28 105472 ----a-w- h:\windows\system32\clipbrd.exe

2009-07-13 12:29 . 2008-10-08 21:22 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-07-13 05:04 . 2002-08-29 02:09 212224 ----a-w- h:\windows\system32\drivers\ndis.sys

2009-07-12 18:27 . 2001-10-28 12:07 98486 ----a-w- h:\windows\system32\perfc016.dat

2009-07-12 18:27 . 2001-10-28 12:07 523582 ----a-w- h:\windows\system32\perfh016.dat

2009-07-12 04:13 . 2002-08-29 01:58 361600 ----a-w- h:\windows\system32\drivers\TCPIP.SYS

2009-07-09 22:25 . 2008-10-02 14:34 -------- d-----w- h:\arquivos de programas\ATI Technologies

2009-07-08 23:46 . 2008-10-02 13:30 13312 ----a-w- h:\windows\system32\wbem\winmgmt.exe

2009-07-08 23:46 . 2001-10-28 12:07 34304 ----a-w- h:\windows\system32\svchost.exe

2009-07-08 23:45 . 2002-09-09 14:08 514560 ----a-w- h:\windows\system32\logonui.exe

2009-07-08 23:45 . 2002-09-09 14:08 1055744 ----a-w- h:\windows\explorer.exe

2009-07-08 19:52 . 2001-10-28 12:06 5632 ----a-w- h:\windows\system32\cisvc.exe

2009-07-07 22:18 . 2008-10-02 14:46 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\avg8

2009-07-07 00:41 . 2009-02-19 20:05 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\codeblocks

2009-07-06 18:59 . 2009-07-06 18:59 361600 ----a-w- h:\windows\system32\drivers\TCPIP.SYS.ORIGINAL

2009-07-05 23:00 . 2008-10-08 22:13 -------- d-----w- h:\documents and settings\All Users\Dados de aplicativos\DVD Shrink

2009-06-25 20:11 . 2008-10-02 13:44 -------- d--h--w- h:\arquivos de programas\InstallShield Installation Information

2009-06-25 19:06 . 2008-10-02 14:46 11952 ----a-w- h:\windows\system32\avgrsstx.dll

2009-06-25 19:06 . 2008-10-02 14:46 327688 ----a-w- h:\windows\system32\drivers\avgldx86.sys

2009-06-25 19:06 . 2008-10-02 14:46 27784 ----a-w- h:\windows\system32\drivers\avgmfx86.sys

2009-06-24 18:50 . 2008-10-08 22:45 717296 ----a-w- h:\windows\system32\drivers\sptd.sys

2009-06-18 00:00 . 2009-04-08 01:14 -------- d-----w- h:\documents and settings\Jorge\Dados de aplicativos\gtk-2.0

2009-06-16 00:37 . 2009-06-16 00:37 -------- d-----w- h:\arquivos de programas\NVIDIA Corporation

2009-06-05 21:58 . 2009-06-05 21:58 -------- d-----w- h:\arquivos de programas\Bethesda Softworks

2009-06-04 01:10 . 2009-03-31 21:13 -------- d-----w- h:\arquivos de programas\NGZoom

2009-05-31 22:38 . 2008-11-13 01:23 -------- d-----w- h:\arquivos de programas\Arquivos comuns\BioWare

2009-05-04 16:43 . 2008-10-02 14:46 108552 ----a-w- h:\windows\system32\drivers\avgtdix.sys

2009-05-02 09:53 . 2009-05-02 09:53 152576 ----a-w- h:\documents and settings\Jorge\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-08 01:33 . 2008-10-20 21:07 134648 ----a-w- h:\arquivos de programas\mozilla firefox\components\brwsrcmp.dll

.

 

------- Sigcheck -------

 

[-] 2009-07-15 00:08 14336 E031C4B1550A94D3C66AAE65398B4C8F h:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2009-07-15 00:10 14336 5575B62D28F25B927D07E2D2961EC9F4 h:\windows\ServicePackFiles\i386\svchost.exe

[-] 2009-07-08 23:46 34304 CA84E82B8C847CB2AFFF3C864E2DF621 h:\windows\system32\svchost.exe

 

[-] 2004-08-04 03:45 577536 E0FF28447D1038DE106D1F2FDF851647 h:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-13 22:20 579072 54907DB28872A7A6D3EE2B4747A23828 h:\windows\ServicePackFiles\i386\user32.dll

[-] 2008-04-13 22:20 579072 54907DB28872A7A6D3EE2B4747A23828 h:\windows\system32\user32.dll

[-] 2008-04-13 22:20 579072 54907DB28872A7A6D3EE2B4747A23828 h:\windows\system32\dllcache\user32.dll

[-] 2008-04-13 22:20 579072 54907DB28872A7A6D3EE2B4747A23828 h:\windows\system32\dllcache\cache\user32.dll

 

[-] 2004-08-04 03:45 82944 A5163442377D3C305BBFF612F80047D7 h:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-13 22:20 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 h:\windows\ServicePackFiles\i386\ws2_32.dll

[-] 2008-04-13 22:20 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 h:\windows\system32\ws2_32.dll

[-] 2008-04-13 22:20 82432 1FA3C4B2D7E35176E65FB69AB597B0F0 h:\windows\system32\dllcache\cache\ws2_32.dll

 

[-] 2008-06-23 15:40 827904 8CFD66CC90F966333CFA8D8161E185DF h:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

[-] 2004-08-04 03:45 658432 398A619CE60090303042D1F8CC68F712 h:\windows\$NtServicePackUninstall$\wininet.dll

[-] 2008-04-13 22:20 668160 DF6D0F37A71883BE3505DD517EB8AD83 h:\windows\ie7\wininet.dll

[-] 2007-08-13 21:54 818688 A4A0FC92358F39538A6494C42EF99FE9 h:\windows\ie7updates\KB953838-IE7\wininet.dll

[-] 2008-04-13 22:20 668160 DF6D0F37A71883BE3505DD517EB8AD83 h:\windows\ServicePackFiles\i386\wininet.dll

[-] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B h:\windows\SoftwareDistribution\Download\2292f0368e10e2cf774ece2f02bb7283\SP2GDR\wininet.dll

[-] 2008-06-23 15:40 827904 8CFD66CC90F966333CFA8D8161E185DF h:\windows\SoftwareDistribution\Download\2292f0368e10e2cf774ece2f02bb7283\SP2QFE\wininet.dll

[-] 2008-06-23 15:11 668160 4E6461EC1C5296EE5F4A9F0581569563 h:\windows\SoftwareDistribution\Download\5d59711dc70007e595000d947a3406c8\sp3gdr\wininet.dll

[-] 2008-06-23 14:56 668672 E1640D81CA8D86691E3D3C5319628AAE h:\windows\SoftwareDistribution\Download\5d59711dc70007e595000d947a3406c8\sp3qfe\wininet.dll

[-] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B h:\windows\SoftwareDistribution\Download\c7b96a8ff73602b374d2372d8abec80c\backup\sp2gdr\wininet.dll

[-] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B h:\windows\SoftwareDistribution\Download\c7b96a8ff73602b374d2372d8abec80c\backup\sp2qfe\wininet.dll

[-] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B h:\windows\system32\wininet.dll

[-] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B h:\windows\system32\dllcache\wininet.dll

[-] 2008-06-23 16:29 826368 FB820C977C8249358D54FA9324B5E92B h:\windows\system32\dllcache\cache\wininet.dll

 

[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E h:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2004-08-04 02:14 359040 9F4B36614A0FC234525BA224957DE55C h:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2008-04-13 15:20 361344 93EA8D04EC73A85DB02EB8805988F733 h:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-13 15:20 361344 93EA8D04EC73A85DB02EB8805988F733 h:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2009-07-12 04:13 361600 A29E1209F925A0E9B330E11DA5FC7BAB h:\windows\system32\dllcache\TCPIP.SYS

[-] 2009-07-12 04:13 361600 A29E1209F925A0E9B330E11DA5FC7BAB h:\windows\system32\drivers\TCPIP.SYS

 

[-] 2009-07-15 00:08 504320 CE7222B5DB919057DA3B874EA4BBD95B h:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2009-07-15 00:10 509952 1660706130239765A6F69D3BBACAF5EA h:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-13 22:21 509952 71D440F79B711627B12B567FB2EADB42 h:\windows\system32\winlogon.exe

[-] 2008-04-13 22:21 509952 71D440F79B711627B12B567FB2EADB42 h:\windows\system32\dllcache\cache\winlogon.exe

 

[-] 2004-08-04 02:14 182912 558635D3AF1C7546D26067D5D9B6959E h:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2008-04-13 15:20 182656 1DF7F42665C94B825322FAE71721130D h:\windows\ServicePackFiles\i386\ndis.sys

[-] 2009-07-13 05:04 212224 9DC1CE03E1F1800F659BBE9A3AD00AF3 h:\windows\system32\dllcache\ndis.sys

[-] 2009-07-13 05:04 212224 9DC1CE03E1F1800F659BBE9A3AD00AF3 h:\windows\system32\drivers\ndis.sys

 

[-] 2004-08-04 02:00 29056 4448006B6BC60E6C027932CFC38D6855 h:\windows\$NtServicePackUninstall$\ip6fw.sys

[-] 2008-04-13 14:53 36608 3BB22519A194418D5FEC05D800A19AD0 h:\windows\ServicePackFiles\i386\ip6fw.sys

[-] 2008-04-13 14:53 36608 3BB22519A194418D5FEC05D800A19AD0 h:\windows\system32\dllcache\cache\ip6fw.sys

[-] 2008-04-13 14:53 36608 3BB22519A194418D5FEC05D800A19AD0 h:\windows\system32\drivers\ip6fw.sys

 

[-] 2004-08-04 03:40 2019328 31DFE96B6B6FA4C9CA098CEAF21B29A5 h:\windows\$NtServicePackUninstall$\ntkrnlpa.exe

[-] 2008-04-13 22:00 2070144 F84054BFD1D688B901AD907499879BBD h:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[-] 2008-04-13 22:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 h:\windows\system32\ntkrnlpa.exe

[-] 2008-04-13 22:00 2028032 763EE1C250EC83EFD11FBF51AC4A6D82 h:\windows\system32\dllcache\cache\ntkrnlpa.exe

 

[-] 2004-08-04 03:40 2152448 91448D27F6DFAF50DD1D5FD3D8C1F3BD h:\windows\$NtServicePackUninstall$\ntoskrnl.exe

[-] 2008-04-13 22:01 2193280 185F6C64734019E7E9F626E53CC37FB4 h:\windows\ServicePackFiles\i386\ntoskrnl.exe

[-] 2008-04-13 22:00 2149376 0ED0AB8E279126064A46A73A5ED59069 h:\windows\system32\ntoskrnl.exe

[-] 2008-04-13 22:00 2149376 0ED0AB8E279126064A46A73A5ED59069 h:\windows\system32\dllcache\cache\ntoskrnl.exe

 

[-] 2009-07-08 23:45 1055744 F670A6D4F076B89B0B7A90C0D9D557D8 h:\windows\explorer.exe

[-] 2009-07-15 00:07 1034752 3D47C7A0572EB5152C9A1A6E0E7B2297 h:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2009-07-15 00:09 1036288 1E1BF03F1FEF0958E27EC5823330B095 h:\windows\ServicePackFiles\i386\explorer.exe

 

[-] 2009-07-15 00:08 109056 88E13B2799427244419836DBF3743DD0 h:\windows\$NtServicePackUninstall$\services.exe

[-] 2009-07-15 00:10 109056 4D1DD704787BF783038B2155599174C2 h:\windows\ServicePackFiles\i386\services.exe

[-] 2008-04-13 22:21 109056 EE7999BAACA84CFAA03726E677EE2A33 h:\windows\system32\services.exe

[-] 2008-04-13 22:21 109056 EE7999BAACA84CFAA03726E677EE2A33 h:\windows\system32\dllcache\cache\services.exe

 

[-] 2009-07-15 00:07 13312 DEC5E82722146B0FE1DD7C43F0B309F2 h:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2009-07-15 00:09 13824 EFE860EB34F515C97F61BBCEFC16F932 h:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-13 22:21 13312 9607142710D3B64AB7FCCE4BE4E30D37 h:\windows\system32\lsass.exe

[-] 2008-04-13 22:21 13312 9607142710D3B64AB7FCCE4BE4E30D37 h:\windows\system32\dllcache\cache\lsass.exe

 

[-] 2009-07-15 00:07 15360 0FF6B14F77794EBED8B92C6BE7C2586E h:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2009-07-15 00:09 15360 E1BD8BC9E8B028BF758FF853D4711799 h:\windows\ServicePackFiles\i386\ctfmon.exe

[-] 2009-07-08 19:52 15360 E1BD8BC9E8B028BF758FF853D4711799 h:\windows\system32\ctfmon.exe

 

[-] 2009-07-15 00:08 58368 5B8F98DEC609DEF563D6CB05E752FFA6 h:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2009-07-15 00:10 57856 58DD8B3CD3BCDBC924C1D669C33EE933 h:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2009-07-08 19:53 57856 58DD8B3CD3BCDBC924C1D669C33EE933 h:\windows\system32\spoolsv.exe

 

[-] 2009-07-15 00:08 25088 25CF03C339056A62E590A95F5859E090 h:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-07-15 00:10 26112 7E5592D37395E0112638B2B38A1ACB71 h:\windows\ServicePackFiles\i386\userinit.exe

[-] 2009-07-08 19:52 26624 EACC136918EFCB89094675D26A303885 h:\windows\system32\userinit.exe

 

[-] 2004-08-04 03:45 296960 23DFF6DAA7565CC5802E057A6B9F585E h:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2008-04-13 22:20 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 h:\windows\ServicePackFiles\i386\termsrv.dll

[-] 2008-04-13 22:20 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 h:\windows\system32\termsrv.dll

[-] 2008-04-13 22:20 296960 0F4DB70DCE17B9DC1A5D835B1A5EE469 h:\windows\system32\dllcache\cache\termsrv.dll

 

[-] 2004-08-04 03:45 1022464 AD72A244955E89EBBB8FABF02F8041C6 h:\windows\$NtServicePackUninstall$\kernel32.dll

[-] 2008-04-13 22:20 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 h:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2008-04-13 22:20 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 h:\windows\system32\kernel32.dll

[-] 2008-04-13 22:20 1028608 68ECDAD8AE2768DE61C20C41A28CC0B0 h:\windows\system32\dllcache\cache\kernel32.dll

 

[-] 2004-08-04 03:45 17408 0F81EB414DE1D77DD315F4A3D324BC1E h:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-13 22:20 17408 C008BBC88156E0EE109C7FF445CD9555 h:\windows\ServicePackFiles\i386\powrprof.dll

[-] 2008-04-13 22:20 17408 C008BBC88156E0EE109C7FF445CD9555 h:\windows\system32\powrprof.dll

[-] 2008-04-13 22:20 17408 C008BBC88156E0EE109C7FF445CD9555 h:\windows\system32\dllcache\cache\powrprof.dll

 

[-] 2004-08-04 03:45 110080 602B88592E0690D0DFB5E5F44A9EF820 h:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-13 22:20 110080 05C621EAA979D33A12F3B510FF4C6F9F h:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-13 22:20 110080 05C621EAA979D33A12F3B510FF4C6F9F h:\windows\system32\imm32.dll

[-] 2008-04-13 22:20 110080 05C621EAA979D33A12F3B510FF4C6F9F h:\windows\system32\dllcache\cache\imm32.dll

 

[-] 2004-08-04 03:45 1548288 1DD4FC7EEE3A45257528A34FDF7BC689 h:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-13 22:20 1571840 698F9583D1EB213B09F12DD5826A46E2 h:\windows\ServicePackFiles\i386\sfcfiles.dll

[-] 2008-04-13 22:20 1571840 698F9583D1EB213B09F12DD5826A46E2 h:\windows\system32\sfcfiles.dll

[-] 2008-04-13 22:20 1571840 698F9583D1EB213B09F12DD5826A46E2 h:\windows\system32\dllcache\cache\sfcfiles.dll

 

[-] 2004-08-04 03:45 172032 2E131621557A6EF486FC86D738CBC8B6 h:\windows\$NtServicePackUninstall$\appmgmts.dll

[-] 2008-04-13 22:20 172032 27683D3EE8FCB7E620B25C8A84B329D6 h:\windows\ServicePackFiles\i386\appmgmts.dll

[-] 2008-04-13 22:20 172032 27683D3EE8FCB7E620B25C8A84B329D6 h:\windows\system32\appmgmts.dll

[-] 2008-04-13 22:20 172032 27683D3EE8FCB7E620B25C8A84B329D6 h:\windows\system32\dllcache\cache\appmgmts.dll

 

[-] 2004-08-04 03:39 25088 7FC1E330386610D5EB3E7C4C7893CA93 h:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 21:58 25088 D3D4832B494CBF9A87CF86D7517013CB h:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-13 21:58 25088 D3D4832B494CBF9A87CF86D7517013CB h:\windows\system32\dllcache\cache\kbdclass.sys

[-] 2008-04-13 21:58 25088 D3D4832B494CBF9A87CF86D7517013CB h:\windows\system32\drivers\kbdclass.sys

 

[-] 2004-08-04 03:45 821760 FB93B504600DA3EC407ED0252EEF97AB h:\windows\$NtServicePackUninstall$\comres.dll

[-] 2008-04-13 22:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 h:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-13 22:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 h:\windows\system32\comres.dll

[-] 2008-04-13 22:20 821760 D3F8E8DBE93A80440CAC78B305B40A67 h:\windows\system32\dllcache\cache\comres.dll

 

[-] 2004-08-04 03:45 22016 CFFC7F8E8F898BE4561887EF301F8BF3 h:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-13 22:20 22016 5F6337EAC9EA401AA0F9040CB6F16C80 h:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-13 22:20 22016 5F6337EAC9EA401AA0F9040CB6F16C80 h:\windows\system32\lpk.dll

[-] 2008-04-13 22:20 22016 5F6337EAC9EA401AA0F9040CB6F16C80 h:\windows\system32\dllcache\cache\lpk.dll

 

[-] 2001-10-28 12:06 4224 DA1F27D85E0D1525F6621372E7B685E9 h:\windows\system32\dllcache\beep.sys

[-] 2001-10-28 12:06 4224 DA1F27D85E0D1525F6621372E7B685E9 h:\windows\system32\dllcache\cache\beep.sys

 

[-] 2001-10-28 12:07 2944 73C1E1F395918BC2C6DD67AF7591A3AD h:\windows\system32\dllcache\null.sys

[-] 2001-10-28 12:07 2944 73C1E1F395918BC2C6DD67AF7591A3AD h:\windows\system32\dllcache\cache\null.sys

 

[-] 2001-10-28 12:06 924432 168C72C281EC3BE3201AC95F42A577CF h:\windows\$NtServicePackUninstall$\mfc40u.dll

[-] 2008-04-13 22:20 927504 DAE8EC624824A8AD8660C2EF5F1ECE0B h:\windows\ServicePackFiles\i386\mfc40u.dll

[-] 2008-04-13 22:20 927504 DAE8EC624824A8AD8660C2EF5F1ECE0B h:\windows\system32\mfc40u.dll

[-] 2008-04-13 22:20 927504 DAE8EC624824A8AD8660C2EF5F1ECE0B h:\windows\system32\dllcache\cache\mfc40u.dll

 

[-] 2004-08-04 03:45 395776 7461E79FD81D467A03CD35091D384D2B h:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2008-04-13 22:20 399360 E34A1B6160A90C7CB90BF2EE8D6AD921 h:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2008-04-13 22:20 399360 E34A1B6160A90C7CB90BF2EE8D6AD921 h:\windows\system32\rpcss.dll

[-] 2008-04-13 22:20 399360 E34A1B6160A90C7CB90BF2EE8D6AD921 h:\windows\system32\dllcache\cache\rpcss.dll

 

[-] 2004-08-04 03:45 33792 0B572FBB16E7E10D7DAB749CD390017C h:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2008-04-13 22:20 33792 1DCE231F3E55B71B66AA0B7B8FD9BD97 h:\windows\ServicePackFiles\i386\msgsvc.dll

[-] 2008-04-13 22:20 33792 1DCE231F3E55B71B66AA0B7B8FD9BD97 h:\windows\system32\msgsvc.dll

[-] 2008-04-13 22:20 33792 1DCE231F3E55B71B66AA0B7B8FD9BD97 h:\windows\system32\dllcache\cache\msgsvc.dll

 

[-] 2004-08-04 03:45 611328 021631D9D0729D9E52300CCEACE4F054 h:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2008-04-13 22:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 h:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2008-04-13 22:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 h:\windows\system32\comctl32.dll

[-] 2008-04-13 22:20 617472 085C5892D9C1E19B3CEFD1B79F5BBF13 h:\windows\system32\dllcache\cache\comctl32.dll

[-] 2001-10-28 12:06 921088 AEF3D788DBF40C7C4D204EA45EB0C505 h:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2002-09-09 14:06 921600 04EBAD33039E208ACBA1D305C82E9680 h:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll

[-] 2004-08-04 03:44 1050624 3680CF24C64348BFDC89E290790398E7 h:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-13 22:17 1054208 3356DF9145BC1AD45B43C528F9F7527C h:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

[-] 2001-10-28 12:06 11904 EBD5CF43AD9526EAB9B2A15A54760EA9 h:\windows\system32\dllcache\cache\acpiec.sys

[-] 2001-10-28 12:06 11904 EBD5CF43AD9526EAB9B2A15A54760EA9 h:\windows\system32\drivers\acpiec.sys

 

[-] 2004-08-04 03:45 5120 FA7EE4A359AE09930904881982D22AB8 h:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-13 22:20 5120 39FD0DD101277F7261C7D602462C9A95 h:\windows\ServicePackFiles\i386\sfc.dll

[-] 2008-04-13 22:20 5120 39FD0DD101277F7261C7D602462C9A95 h:\windows\system32\sfc.dll

[-] 2008-04-13 22:20 5120 39FD0DD101277F7261C7D602462C9A95 h:\windows\system32\dllcache\cache\sfc.dll

.

((((((((((((((((((((((((((((( SnapShot_2009-07-15_00.39.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-17 19:34 . 2009-07-17 19:34 16384 h:\windows\temp\Perflib_Perfdata_a84.dat

+ 2009-07-17 02:16 . 2009-07-17 02:16 229376 h:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

- 2009-07-08 00:12 . 2009-07-08 00:12 229376 h:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2009-07-17 02:16 . 2008-03-05 05:36 163328 h:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2009-07-17 02:16 . 2009-07-17 02:16 9154560 h:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2009-07-08 15360]

"SpybotSD TeaTimer"="h:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-07-08 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-06-25 19:06 11952 ----a-w- h:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"h:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"h:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"=

"h:\\Arquivos de programas\\BitComet\\BitComet.exe"=

"h:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"h:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"h:\\Arquivos de programas\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"h:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=

"h:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

"h:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

"h:\\Arquivos de programas\\MSN Messenger\\livecall.exe"= h:\arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"h:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= h:\arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

"h:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= h:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"DoNotAllowExceptions"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

"h:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"= h:\arquivos de programas\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe

"h:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"= h:\arquivos de programas\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

"h:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"= h:\arquivos de programas\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD

"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

"h:\\Arquivos de programas\\Macromedia\\Fireworks MX\\Fireworks.exe"= h:\arquivos de programas\Macromedia\Fireworks MX\Fireworks.exe:*:Enabled:Fireworks MX

"h:\\Arquivos de programas\\BitComet\\BitComet.exe"= h:\arquivos de programas\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client

"h:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= h:\arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

"h:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= h:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

"h:\\Arquivos de programas\\Unreal Tournament 3\\Binaries\\UT3.exe"= h:\arquivos de programas\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe

"h:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= h:\arquivos de programas\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

"h:\\Arquivos de programas\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= h:\arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club

"h:\\Arquivos de programas\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= h:\arquivos de programas\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV

"h:\\WINDOWS\\System32\\wbem\\wmiprvse.exe"= h:\windows\System32\wbem\wmiprvse.exe:*:enabled:@shell32.dll,-1

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2/10/2008 11:46 327688]

R1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2/10/2008 11:46 108552]

R1 is-5D4GDdrv;is-5D4GDdrv;h:\windows\system32\drivers\18238059.sys [13/7/2009 19:43 148496]

R1 is-C5IBDdrv;is-C5IBDdrv;h:\windows\system32\drivers\02786923.sys [8/7/2009 16:23 148496]

R2 avg8emc;AVG Free8 E-mail Scanner;h:\arquiv~1\AVG\AVG8\avgemc.exe [2/10/2008 11:46 906520]

R2 avg8wd;AVG Free8 WatchDog;h:\arquiv~1\AVG\AVG8\avgwdsvc.exe [2/10/2008 11:46 298776]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;h:\windows\system32\drivers\AtiHdmi.sys [2/10/2008 11:27 93696]

S1 is-N06ULdrv;is-N06ULdrv;h:\windows\system32\drivers\65491658.sys [14/7/2009 13:21 148496]

S3 ASPI;Advanced SCSI Programming Interface Driver;h:\windows\system32\drivers\ASPI32.SYS [27/1/2009 13:20 16512]

S3 genmcmnUSB;USB Scroll Mouse Driver;h:\windows\system32\DRIVERS\gflmouhid.sys --> h:\windows\system32\DRIVERS\gflmouhid.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter

DcomLaunch REG_MULTI_SZ DcomLaunch TermService

WudfServiceGroup REG_MULTI_SZ WUDFSvc

eapsvcs REG_MULTI_SZ eaphost

dot3svc REG_MULTI_SZ dot3svc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

Alerter

LmHosts

 

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: Baixar com &BitComet - h:\arquivos de programas\BitComet\BitComet.exe/AddLink.htm

IE: Baixar todos com BitComet - h:\arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

IE: Download all videos using BitComet - h:\arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

IE: E&xportar para o Microsoft Excel - h:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ƒŠƒ“ƒNæ‚ð &BitComet ‚Ń_ƒEƒ“ƒ[ƒh‚·‚é

IE: ‘S‚ẴŠƒ“ƒN‚ð BitComet ‚Ń_ƒEƒ“ƒ[ƒh‚·‚é

IE: ????? &BitComet ?????????

IE: ??????? BitComet ?????????

TCP: {11E93C6D-F3FB-419F-BF96-60586D109CC7} = 201.10.1.2,201.10.120.3

DPF: DirectAnimation Java Classes - file://h:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://h:\windows\Java\classes\xmldso.cab

FF - ProfilePath - h:\documents and settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

 

---- FIREFOX POLICIES ----

h:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-17 16:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="h:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]

@Denied: (A) (Everyone)

@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="h:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="h:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="h:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="h:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

 

[HKEY_LOCAL_MACHINE\softwareSoftware\Microsoft\Windows\CurrentVersion\Reinstall\:õwjY*]

"DisplayName"="???\17?\11\09"

"DeviceDesc"="???\17?\11\09"

"ProviderName"="?;?\11???\11??"

"MFG"="???????"

"ReinstallString"=".10.1000.8"

"DeviceInstanceIds"=multi:"g:\\chipset\\xp3264\\smbus\\smbusati.inf\00"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(724)

h:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(5500)

h:\windows\system32\WPDShServiceObj.dll

h:\windows\system32\PortableDeviceTypes.dll

h:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

h:\windows\system32\ati2evxx.exe

h:\windows\system32\ati2evxx.exe

h:\arquivos de programas\Java\jre6\bin\jqs.exe

h:\arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

h:\windows\system32\HPZipm12.exe

h:\arquivos de programas\AVG\AVG8\avgrsx.exe

h:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe

h:\arquiv~1\AVG\AVG8\avgnsx.exe

h:\arquivos de programas\IDT\ECSXPV_5762_010208\WDM\stacsv.exe

h:\arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

h:\arquivos de programas\AVG\AVG8\avgcsrvx.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-07-17 16:40 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-07-17 19:40

ComboFix2.txt 2009-07-15 00:42

 

Pré-execução: 10 pasta(s) 122.629.644.288 bytes disponíveis

Pós execução: 10 pasta(s) 122.618.212.352 bytes disponíveis

 

488 --- E O F --- 2008-10-16 09:54

------------------------------------------------

 

...e o novo log do HijackThis:

 

------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 17:09:19, on 17/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

 

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\System32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\system32\ctfmon.exe

H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

H:\Arquivos de programas\Java\jre6\bin\jqs.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

H:\ARQUIV~1\AVG\AVG8\avgrsx.exe

H:\ARQUIV~1\AVG\AVG8\avgnsx.exe

h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

H:\WINDOWS\System32\svchost.exe

H:\ARQUIV~1\AVG\AVG8\avgemc.exe

H:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

H:\Arquivos de programas\AVG\AVG8\avgtray.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\Arquivos de programas\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - H:\Arquivos de programas\BitComet\tools\BitCometBHO.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conex? do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] H:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: is-5D4GD.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-5D4GD\startup.exe

O4 - Startup: is-C5IBD.lnk = H:\Arquivos de programas\Kaspersky Virus Removal Tool\is-C5IBD\startup.exe

O4 - Startup: is-N06UL.lnk = H:\Documents and Settings\Jorge\Desktop\Virus Removal Tool\is-N06UL\startup.exe

O8 - Extra context menu item: Baixar com &BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos com BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://H:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://H:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224693924984

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{11E93C6D-F3FB-419F-BF96-60586D109CC7}: NameServer = 201.10.1.2,201.10.120.3

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\ARQUIV~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - H:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "H:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - h:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NMIndexingService - Unknown owner - H:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - H:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - h:\arquivos de programas\idt\ecsxpv_5762_010208\wdm\STacSV.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - H:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

------------------------------------------------

 

Alguma idéia do que pode estar acontecendo? Começo a me preparar para uma formatação, pois apesar de não querer isso nem um pouco, está cada vez mais me parecendo a única solução...

 

...Agradecidíssimo por toda sua ajuda durante as últimas duas semanas. Aguardo resposta.

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Esse tópico estar sendo monitorado pela equipe de moderação.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

Atualizando o estado do PC. O AVG identificou uma nova ameaça, 2 vezes seguidas:

 

threat.png

 

Também não estou conseguindo desligar o computador normalmente. Tento desativar pelo menu Iniciar mas ele acusa um erro com o "Generic Host Process Win32 Services" e fica travado sem nenhum ícone nem barra na tela, apenas o wallpaper. Gerenciador de tarefas não abre e o mouse não responde, sou obrigado a desligá-lo pelo botão Power da torre.

 

O que significa este tópico sendo monitorado pela equipe de moderação?

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado
O que significa este tópico sendo monitorado pela equipe de moderação?

 

Que mais membros da equipe estar tentando dar dicas para solucionar o seu caso.

 

infecções pelo Virut, nem sempre são bem sucedidas e não obtendo resultados pode gerar a formatação.

 

• Desabilite a restauração do sistema.

 

1- Passo:

 

Faça o download do Flash_Disinfector.exe e salve no seu desktop (Ambiente de Trabalho):

 

• Primeiramente conecte seu pendrive infectado ao computador

• Duplo clique em Flash_Disinfector.exe.

• Ao aparecer uma mensagem na tela, confirme no OK

• Aguarde, o desktop irá sumir por alguns segundos.

• Quando a execução concluir, irá aparecer na tela a mensagem "Done"

• Reinicie o seu computador.

 

2- Passo:

 

Baixar, novamente, e execute: DrWebCureIt <-- Em Modo Seguro

 

3- Passo:

 

Baixar e executar: a-squared <-- AntiMalware! <-- Em Modo Seguro!

< a2ppf_banner.jpg >

4- Passo:

 

Baixar e executar: Norman Malware Cleaner (veja como usar a ferramenta no tutorial abaixo)

 

< Tutorial >

 

5- Passo:

 

Execute dois escaneamentos online. O primeiro com o BitDefender e depois com o Eset Nod32

 

- Faça um escaneamento de desinfecção,em: < BitDefender >

- Ps: Utilize o navegador Internet Explorer!

- Abrirá a página: < BitDefender OnLine Scanner >

 

- Clique em: < agree2.gif >

 

- Aguarde e aceite a instalação do ActiveX,para que possa ocorrer o scan.

- Terminando,poste o relatório: C:\Windows\BDOSCAN8\bdoscan.log <--

---------------------

- Faça um escaneamento,online,em: < Eset Nod32 >

- Utilize o navegador Internet Explorer.

- Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

- Marque a caixa: "YES, I accept the Terms of Use" --> Start.

- Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

 

Poste os resultados na sua próxima resposta.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

PedroN,

 

acredito que o PC tenha chegado ao seu fim. Baixei todas as ferramentas e executei o Flash Disinfector e Dr.Web CureIt, mas após 14 horas de scan com o a-Squared Anti-Malware, no qual uma centena de arquivos infectados foram detectados e mandados para a quarentena, o computador não mais inicia completamente. Tanto em modo normal quanto em modo seguro, ele passa da tela de boas vindas e fica trancado, mostrando apenas a tela de fundo - só o gerenciador de tarefas responde.

 

Não tenho como fazer mais nada, muito menos continuar com os próximos passos ou postar os logs do que havia conseguido fazer. Agora a formatação é a única escolha.

 

Obrigado por toda a ajuda.

~Lucied

--------------

Moderação! ( Uma mãozinha... )

 

- Antes da formatação,vá ao Gerenciador de tarefas.

- Clique na aba "Aplicativos"

- Clique em "Nova tarefa..."

- Digite na caixa,que surgiu: explorer.exe

- Clique OK.

- Vá a quarentena do a-squared,e restaure tudo o que está lá.

- Ps: Aguarde o retorno do Analista PedroN,para algum outro procedimento.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Abra o Gerenciador de tarefas > Clique em arquivo > executar nova tarefa > Digite --> explorer.exe

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

Olá.

 

Não consegui executar o explorer.exe pois este mesmo havia sido um dos arquivos infectados, mas consegui através do Gerenciador de Tarefas executar o próprio a-Squared e restaurar todos os arquivos em quarentena. O PC voltou a funcionar, mas sendo os arquivos restaurados, as infecções não voltaram todas também?

 

Não vou postar o log do Dr.Web CureIt pois o mesmo só encontrou e moveu (não deletou, declarou como "Incurável") um único arquivo:

 

H:\WINDOWS\system32\csrcs.exe (Win32.HLLW.Autohit.3438)

 

Vou postar apenas o log do a-Squared (lembrando que todos os arquivos enviados para a quarentena foram restaurados):

 

---------------------------------------------

a-squared Free - Versão 4.5

Última atualização N/A

 

Configurações da análise:

 

Scan type: deep

Objetos: Memória, Rastros, Cookies, H:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 18/7/2009 14:54:06

 

[880] H:\WINDOWS\Explorer.EXE detectado: Trojan.Win32.Patched!IK

H:\Documents and Settings\Jorge\Cookies\jorge@atdmt[2].txt detectado: Trace.TrackingCookie.atdmt!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1238784279171875 detectado: Trace.TrackingCookie.humanclick!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1238784282281250 detectado: Trace.TrackingCookie.humanclick!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1239317613140625 detectado: Trace.TrackingCookie.com!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1239411449500000 detectado: Trace.TrackingCookie.humanclick!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1242863241296875 detectado: Trace.TrackingCookie.webtrends!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1245888947828125 detectado: Trace.TrackingCookie.com!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1246316339921877 detectado: Trace.TrackingCookie.gator!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1247189100890625 detectado: Trace.TrackingCookie.link!A2

H:\Documents and Settings\Jorge\Dados de aplicativos\Mozilla\Firefox\Profiles\halnwp14.default\cookies.sqlite:1247425022250000 detectado: Trace.TrackingCookie.humanclick!A2

H:\Arquivos de programas\Arquivos comuns\Ahead\Uninstall\Setup.exe detectado: Virus.Win32.Virut!IK

H:\Arquivos de programas\CyberLink\PowerProducer\Producer.exe detectado: Trojan-Spy.Win32.Bancos.yq!IK

H:\Arquivos de programas\Game Maker 7.0 Pro\GM70_DrXJ.exe detectado: Backdoor.Win32.Rbot!IK

H:\Arquivos de programas\HijackThis\HijackThis.exe detectado: Trojan.Win32.KillFiles!IK

H:\Arquivos de programas\IrfanView\i_view32.exe detectado: Virus.Win32.Virut!IK

H:\Arquivos de programas\Movie Maker\moviemk.exe detectado: Trojan-Downloader.Win32.Banload!IK

H:\Arquivos de programas\MSN\MSNCoreFiles\msn6.exe detectado: Virus.Win32.Sality!IK

H:\Arquivos de programas\msn gaming zone\windows\hrtzzm.exe detectado: Trojan-Downloader.Win32.Dadobra!IK

H:\Arquivos de programas\msn gaming zone\windows\Rvsezm.exe detectado: Virus.Win32.Agent!IK

H:\Arquivos de programas\Perfect World International\element\elementclient.exe detectado: Virus.Win32.Neptunia!IK

H:\Arquivos de programas\Perfect World International\launcher\Launcher.exe detectado: Virus.Win32.Neptunia!IK

H:\Arquivos de programas\Perfect World International\patcher\patcher.exe detectado: Virus.Win32.Neptunia!IK

H:\Arquivos de programas\Real\RealPlayer\realplay.exe detectado: Virus.Win32.Virut!IK

H:\Arquivos de programas\Rockstar Games\Grand Theft Auto IV\1911.dll detectado: Worm.Win32.AutoRun!IK

H:\Arquivos de programas\Winamp\winampa.exe detectado: Virus.Win32.Virut.q!IK

H:\Arquivos de programas\Windows Media Player\dlimport.exe detectado: Win32.Cadoiac.A!IK

H:\Arquivos de programas\Windows NT\hypertrm.exe detectado: Hoax.Win32.RolCardGen!IK

H:\Arquivos de programas\Windows NT\Pinball\PINBALL.EXE detectado: Virus.Win32.Virut.n!IK

H:\Documents and Settings\Jorge\Desktop\Virus Removal Tools\avenger.exe detectado: Trojan.Win32.Agent.cbzc!A2

H:\Documents and Settings\Jorge\DoctorWeb\Quarantine\SDFix.exe/RegDACL.exe detectado: Win32.SuspectCrc!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\Alcohol 120% Activator.rar/keymaker.exe detectado: MalwareScope.Trojan-PWS.Game!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\gmaker7.zip/GM70_DrXJ.exe detectado: Backdoor.Win32.Rbot!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\irfanview423_setup.exe detectado: Riskware.AdWare.Win32.ISearch!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\PS2 Save Builder.rar/ps2save-builder.exe detectado: Backdoor.Win32.Agobot!IK

H:\Downloads\Grand Theft Auto IV\Crack\1911.dll detectado: Worm.Win32.AutoRun!IK

H:\SDFix\apps\regedit.exe detectado: Virus.Win32.Virut!IK

H:\SDFix\apps\RestartIt!.exe detectado: Trojan.Win32.KillFiles!IK

H:\Tigerhart\[irucardia] THE HEART OF [irucardia] A GREAT GAME\RPG Maker Files\Project1\Projeto1\RPG_RT.exe detectado: Backdoor.Win32.Prorat!IK

H:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe detectado: Virus.Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\admin.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\alg.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\author.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\comrereg.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\dlimport.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\explorer.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\iexplore.exe detectado: Trojan.Win32.Banker!IK

H:\WINDOWS\$NtServicePackUninstall$\logon.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\magnify.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\medctrro.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\mmc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\$NtServicePackUninstall$\moviemk.exe detectado: Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe detectado: Backdoor.Win32.Frauder!IK

H:\WINDOWS\$NtServicePackUninstall$\msiexec.exe detectado: Virus.Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\narrator.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\$NtServicePackUninstall$\net.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\notepad.exe detectado: Virus.Win32.Hupigon!IK

H:\WINDOWS\$NtServicePackUninstall$\osk.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\$NtServicePackUninstall$\pinball.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\$NtServicePackUninstall$\powercfg.exe detectado: Virus.Win32.Socks.BA!IK

H:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\shtml.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe detectado: Virus.Win32.DeadCode!IK

H:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr detectado: Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\sspipes.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\ssstars.scr detectado: Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\tcptest.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\ups.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\vssvc.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe detectado: Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\wordpad.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\explorer.exe detectado: Trojan.Win32.Patched!IK

H:\WINDOWS\ie7\iexplore.exe detectado: Trojan.Win32.Banker!IK

H:\WINDOWS\ime\imjp8_1\imjpdct.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ime\imjp8_1\imjputy.exe detectado: Virus.Win32.SillyW.1459!IK

H:\WINDOWS\inf\unregmp2.exe detectado: Virus.Win32.Virut.ai!IK

H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\msagent\agentsvr.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\notepad.exe detectado: Virus.Win32.Hupigon!IK

H:\WINDOWS\ServicePackFiles\i386\accwiz.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\ServicePackFiles\i386\admin.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\agentsvr.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\alg.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\author.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\dlimport.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\dwwin.exe detectado: Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\explorer.exe detectado: Trojan.Win32.Patched!IK

H:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\iexplore.exe detectado: Trojan.Win32.Banker!IK

H:\WINDOWS\ServicePackFiles\i386\ilasm.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe detectado: Virus.Win32.SillyW.1459!IK

H:\WINDOWS\ServicePackFiles\i386\logon.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\magnify.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\migwiza.exe detectado: Win32.Virtob.2!IK

H:\WINDOWS\ServicePackFiles\i386\mmc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\ServicePackFiles\i386\moviemk.exe detectado: Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\ServicePackFiles\i386\mplayer2.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\ServicePackFiles\i386\mqsvc.exe detectado: Backdoor.Win32.Frauder!IK

H:\WINDOWS\ServicePackFiles\i386\msdtc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\msiexec.exe detectado: Virus.Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\notepad.exe detectado: Virus.Win32.Hupigon!IK

H:\WINDOWS\ServicePackFiles\i386\pinball.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\ServicePackFiles\i386\powercfg.exe detectado: Virus.Win32.Socks.BA!IK

H:\WINDOWS\ServicePackFiles\i386\scrnsave.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\sessmgr.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\shtml.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\sndrec32.exe detectado: Virus.Win32.DeadCode!IK

H:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\ssbezier.scr detectado: Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\ssmarque.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\ssmyst.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\sspipes.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\ssstars.scr detectado: Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\sstext3d.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\tcptest.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\vbc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\vssvc.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe detectado: Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\ServicePackFiles\i386\wmplayer.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\accwiz.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\system32\alg.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\charmap.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\system32\chkntfs.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\cidaemon.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\convert.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\charmap.exe detectado: Virus.Win32.Radja!IK

H:\WINDOWS\system32\dllcache\chkntfs.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\cidaemon.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\convert.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\hrtzzm.exe detectado: Trojan-Downloader.Win32.Dadobra!IK

H:\WINDOWS\system32\dllcache\imjpdct.exe detectado: Win32.Cadoiac.A!IK

H:\WINDOWS\system32\dllcache\imjputy.exe detectado: Virus.Win32.SillyW.1459!IK

H:\WINDOWS\system32\dllcache\rsmui.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\dllcache\rvsezm.exe detectado: Virus.Win32.Agent!IK

H:\WINDOWS\system32\dwwin.exe detectado: Win32.Virtob!IK

H:\WINDOWS\system32\logon.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\magnify.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\mmc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\mnmsrvc.exe detectado: Virus.Win32.Virut.n!IK

H:\WINDOWS\system32\mqsvc.exe detectado: Backdoor.Win32.Frauder!IK

H:\WINDOWS\system32\msdtc.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\msiexec.exe detectado: Virus.Win32.Virtob!IK

H:\WINDOWS\system32\NeroCheck.exe detectado: Trojan.Win32.Patched.af!IK

H:\WINDOWS\system32\notepad.exe detectado: Virus.Win32.Hupigon!IK

H:\WINDOWS\system32\powercfg.exe detectado: Virus.Win32.Socks.BA!IK

H:\WINDOWS\system32\rsmui.exe detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\scrnsave.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\sessmgr.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\sndrec32.exe detectado: Virus.Win32.DeadCode!IK

H:\WINDOWS\system32\ss3dfo.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\ssbezier.scr detectado: Win32.Virtob!IK

H:\WINDOWS\system32\ssflwbox.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\ssmarque.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\ssmyst.scr detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\sspipes.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\ssstars.scr detectado: Win32.Virtob!IK

H:\WINDOWS\system32\sstext3d.scr detectado: Virus.Win32.Virut!IK

H:\WINDOWS\system32\usmt\migwiza.exe detectado: Win32.Virtob.2!IK

H:\WINDOWS\system32\vssvc.exe detectado: Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\wbem\unsecapp.exe detectado: W32.Virut!IK

H:\WINDOWS\system32\wiaacmgr.exe detectado: Trojan-Downloader.Win32.Banload!IK

 

Analisado

 

Arquivos: 169298

Objetos: 380276

Cookies: 2964

Processos: 10

 

Encontrado

 

Arquivos: 168

Objetos: 0

Cookies: 10

Processos: 1

Chaves do registro: 0

 

Fim da análise: 19/7/2009 11:02:12

Duração da análise: 20:08:06

 

H:\WINDOWS\system32\wbem\unsecapp.exe Em quarentena W32.Virut!IK

H:\WINDOWS\system32\NeroCheck.exe Em quarentena Trojan.Win32.Patched.af!IK

H:\WINDOWS\ServicePackFiles\i386\migwiza.exe Em quarentena Win32.Virtob.2!IK

H:\WINDOWS\system32\usmt\migwiza.exe Em quarentena Win32.Virtob.2!IK

H:\WINDOWS\inf\unregmp2.exe Em quarentena Virus.Win32.Virut.ai!IK

H:\WINDOWS\ime\imjp8_1\imjputy.exe Em quarentena Virus.Win32.SillyW.1459!IK

H:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe Em quarentena Virus.Win32.SillyW.1459!IK

H:\WINDOWS\system32\dllcache\imjputy.exe Em quarentena Virus.Win32.SillyW.1459!IK

H:\WINDOWS\$NtServicePackUninstall$\ssbezier.scr Em quarentena Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\ssstars.scr Em quarentena Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\dwwin.exe Em quarentena Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\ssbezier.scr Em quarentena Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\ssstars.scr Em quarentena Win32.Virtob!IK

H:\WINDOWS\system32\dwwin.exe Em quarentena Win32.Virtob!IK

H:\WINDOWS\system32\ssbezier.scr Em quarentena Win32.Virtob!IK

H:\WINDOWS\system32\ssstars.scr Em quarentena Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe Em quarentena Virus.Win32.DeadCode!IK

H:\WINDOWS\ServicePackFiles\i386\sndrec32.exe Em quarentena Virus.Win32.DeadCode!IK

H:\WINDOWS\system32\sndrec32.exe Em quarentena Virus.Win32.DeadCode!IK

H:\WINDOWS\$NtServicePackUninstall$\powercfg.exe Em quarentena Virus.Win32.Socks.BA!IK

H:\WINDOWS\ServicePackFiles\i386\powercfg.exe Em quarentena Virus.Win32.Socks.BA!IK

H:\WINDOWS\system32\powercfg.exe Em quarentena Virus.Win32.Socks.BA!IK

H:\WINDOWS\$NtServicePackUninstall$\notepad.exe Em quarentena Virus.Win32.Hupigon!IK

H:\WINDOWS\notepad.exe Em quarentena Virus.Win32.Hupigon!IK

H:\WINDOWS\ServicePackFiles\i386\notepad.exe Em quarentena Virus.Win32.Hupigon!IK

H:\WINDOWS\system32\notepad.exe Em quarentena Virus.Win32.Hupigon!IK

H:\WINDOWS\$NtServicePackUninstall$\narrator.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\$NtServicePackUninstall$\osk.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\$NtServicePackUninstall$\wordpad.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\ServicePackFiles\i386\accwiz.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\system32\accwiz.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\system32\charmap.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\system32\dllcache\charmap.exe Em quarentena Virus.Win32.Radja!IK

H:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe Em quarentena Backdoor.Win32.Frauder!IK

H:\WINDOWS\ServicePackFiles\i386\mqsvc.exe Em quarentena Backdoor.Win32.Frauder!IK

H:\WINDOWS\system32\mqsvc.exe Em quarentena Backdoor.Win32.Frauder!IK

H:\WINDOWS\$NtServicePackUninstall$\iexplore.exe Em quarentena Trojan.Win32.Banker!IK

H:\WINDOWS\ie7\iexplore.exe Em quarentena Trojan.Win32.Banker!IK

H:\WINDOWS\ServicePackFiles\i386\iexplore.exe Em quarentena Trojan.Win32.Banker!IK

H:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe Em quarentena Virus.Win32.Virtob!IK

H:\WINDOWS\$NtServicePackUninstall$\msiexec.exe Em quarentena Virus.Win32.Virtob!IK

H:\WINDOWS\ServicePackFiles\i386\msiexec.exe Em quarentena Virus.Win32.Virtob!IK

H:\WINDOWS\system32\msiexec.exe Em quarentena Virus.Win32.Virtob!IK

H:\Tigerhart\[irucardia] THE HEART OF [irucardia] A GREAT GAME\RPG Maker Files\Project1\Projeto1\RPG_RT.exe Em quarentena Backdoor.Win32.Prorat!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\PS2 Save Builder.rar/ps2save-builder.exe Em quarentena Backdoor.Win32.Agobot!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\irfanview423_setup.exe Em quarentena Riskware.AdWare.Win32.ISearch!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\Alcohol 120% Activator.rar/keymaker.exe Em quarentena MalwareScope.Trojan-PWS.Game!IK

H:\Documents and Settings\Jorge\DoctorWeb\Quarantine\SDFix.exe/RegDACL.exe Em quarentena Win32.SuspectCrc!IK

H:\Documents and Settings\Jorge\Desktop\Virus Removal Tools\avenger.exe Em quarentena Trojan.Win32.Agent.cbzc!A2

H:\Arquivos de programas\Windows NT\Pinball\PINBALL.EXE Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\$NtServicePackUninstall$\pinball.exe Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\ServicePackFiles\i386\mplayer2.exe Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\ServicePackFiles\i386\pinball.exe Em quarentena Virus.Win32.Virut.n!IK

H:\WINDOWS\system32\mnmsrvc.exe Em quarentena Virus.Win32.Virut.n!IK

H:\Arquivos de programas\Windows NT\hypertrm.exe Em quarentena Hoax.Win32.RolCardGen!IK

H:\Arquivos de programas\Windows Media Player\dlimport.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\admin.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\author.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\dlimport.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\$NtServicePackUninstall$\tcptest.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ime\imjp8_1\imjpdct.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\admin.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\author.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\dlimport.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\ilasm.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\ServicePackFiles\i386\tcptest.exe Em quarentena Win32.Cadoiac.A!IK

H:\WINDOWS\system32\dllcache\imjpdct.exe Em quarentena Win32.Cadoiac.A!IK

H:\Arquivos de programas\Winamp\winampa.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\explorer.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\logon.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\medctrro.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\shtml.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\smi2smir.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\ssmarque.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\ssmyst.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\vssvc.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\logon.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\sessmgr.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\shtml.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\ssmarque.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\ssmyst.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\ServicePackFiles\i386\vssvc.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\chkntfs.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\cidaemon.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\convert.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\chkntfs.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\cidaemon.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\dllcache\convert.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\logon.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\sessmgr.exe Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\ssmarque.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\ssmyst.scr Em quarentena Virus.Win32.Virut.q!IK

H:\WINDOWS\system32\vssvc.exe Em quarentena Virus.Win32.Virut.q!IK

H:\Arquivos de programas\Rockstar Games\Grand Theft Auto IV\1911.dll Em quarentena Worm.Win32.AutoRun!IK

H:\Downloads\Grand Theft Auto IV\Crack\1911.dll Em quarentena Worm.Win32.AutoRun!IK

H:\Arquivos de programas\Perfect World International\element\elementclient.exe Em quarentena Virus.Win32.Neptunia!IK

H:\Arquivos de programas\Perfect World International\launcher\Launcher.exe Em quarentena Virus.Win32.Neptunia!IK

H:\Arquivos de programas\Perfect World International\patcher\patcher.exe Em quarentena Virus.Win32.Neptunia!IK

H:\Arquivos de programas\msn gaming zone\windows\Rvsezm.exe Em quarentena Virus.Win32.Agent!IK

H:\WINDOWS\system32\dllcache\rvsezm.exe Em quarentena Virus.Win32.Agent!IK

H:\Arquivos de programas\msn gaming zone\windows\hrtzzm.exe Em quarentena Trojan-Downloader.Win32.Dadobra!IK

H:\WINDOWS\system32\dllcache\hrtzzm.exe Em quarentena Trojan-Downloader.Win32.Dadobra!IK

H:\Arquivos de programas\MSN\MSNCoreFiles\msn6.exe Em quarentena Virus.Win32.Sality!IK

H:\Arquivos de programas\Movie Maker\moviemk.exe Em quarentena Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\$NtServicePackUninstall$\moviemk.exe Em quarentena Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe Em quarentena Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\ServicePackFiles\i386\moviemk.exe Em quarentena Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe Em quarentena Trojan-Downloader.Win32.Banload!IK

H:\WINDOWS\system32\wiaacmgr.exe Em quarentena Trojan-Downloader.Win32.Banload!IK

H:\Arquivos de programas\HijackThis\HijackThis.exe Em quarentena Trojan.Win32.KillFiles!IK

H:\SDFix\apps\RestartIt!.exe Em quarentena Trojan.Win32.KillFiles!IK

H:\Arquivos de programas\Game Maker 7.0 Pro\GM70_DrXJ.exe Em quarentena Backdoor.Win32.Rbot!IK

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\gmaker7.zip/GM70_DrXJ.exe Em quarentena Backdoor.Win32.Rbot!IK

H:\Arquivos de programas\CyberLink\PowerProducer\Producer.exe Em quarentena Trojan-Spy.Win32.Bancos.yq!IK

H:\Arquivos de programas\Arquivos comuns\Ahead\Uninstall\Setup.exe Em quarentena Virus.Win32.Virut!IK

H:\Arquivos de programas\IrfanView\i_view32.exe Em quarentena Virus.Win32.Virut!IK

H:\Arquivos de programas\Real\RealPlayer\realplay.exe Em quarentena Virus.Win32.Virut!IK

H:\SDFix\apps\regedit.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\alg.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\comrereg.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\magnify.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\mmc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\net.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\scrnsave.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\ss3dfo.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\ssflwbox.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\sspipes.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\sstext3d.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtServicePackUninstall$\ups.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\msagent\agentsvr.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\agentsvr.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\alg.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\magnify.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\mmc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\msdtc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\scrnsave.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\sspipes.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\sstext3d.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\vbc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\ServicePackFiles\i386\wmplayer.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\alg.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\dllcache\rsmui.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\magnify.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\mmc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\msdtc.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\rsmui.exe Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\scrnsave.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\ss3dfo.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\ssflwbox.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\sspipes.scr Em quarentena Virus.Win32.Virut!IK

H:\WINDOWS\system32\sstext3d.scr Em quarentena Virus.Win32.Virut!IK

[880] H:\WINDOWS\Explorer.EXE Em quarentena Trojan.Win32.Patched!IK

H:\WINDOWS\explorer.exe Em quarentena Trojan.Win32.Patched!IK

H:\WINDOWS\ServicePackFiles\i386\explorer.exe Em quarentena Trojan.Win32.Patched!IK

 

Em quarentena

 

Arquivos: 168

Objetos: 0

Cookies: 0

---------------------------------------------

 

Vou continuar com os próximos passos (não sei se vou conseguir fazer aqueles 2 scans online, sendo que a última vez que tentei não consegui nem ao menos abrir o Google) e editar este post com os resultados de seus logs mais tarde.

 

Obrigado por me salvarem de quase formatar definitivamente o PC.

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites

Lucied    0

Lucied
Postado

Olá, não encontrei a opção para editar o post anterior, então estou colocando um novo.

 

Como esperado, não conseguir fazer nenhum dos dois scans onlines recomendados - pior que isso, o vírus parece ter sumido completamente com minhas Conexões de Rede. Não há mais ícone no menu de conexões, como se não existisse um modem configurado para aquele PC. Tentei até reinstalar a conexão através do CD do provedor mas não houve jeito, mesmo com todos os cabos conectados corretamente.

 

Segue o log do Norman Malware Cleaner, o último que consegui executar:

 

-----------------------------------------------

Norman Malware Cleaner

Copyright © 1990 - 2009, Norman ASA. Built 2009/07/16 22:43:13

 

Norman Scanner Engine Version: 6.01.09

Nvcbin.def Version: 6.01.00, Date: 2009/07/16 22:43:13, Variants: 3525158

 

Scan started: 19/07/2009 19:19:10

 

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3

Logged on user: COMPUTADOR\Jorge

 

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "58 21 1B 05 10 D6 90 7C 00 D5 90 7C 95 12 90 7C 0D F6 90 7C D0 CF 90 7C 00 00 " -> ""

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

 

 

Scanning running processes and process memory...

 

H:\WINDOWS\System32\Drivers\NDIS.sys (Infected with W32/Protector. B)

Repaired file

 

H:\WINDOWS\system32\DRIVERS\ithsgt.sys (Infected with W32/Vundo.FTH)

Removed driver: ithsgt

Deleted file

 

H:\WINDOWS\system32\DRIVERS\lilsgt.sys (Infected with W32/Vundo.FTI)

Removed driver: lilsgt

Deleted file

 

Number of processes/threads found: 2378

Number of processes/threads scanned: 2378

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 40s

 

 

Scanning file system...

 

Scanning: H:\*.*

 

H:\Documents and Settings\Jorge\Desktop\Virus Removal Tools\sophos_conficker_cleanup_tool_10_sfx.exe (Infected with Malware.GDEP)

Deleted file

 

H:\Documents and Settings\Jorge\DoctorWeb\Quarantine\csrcs.exe (Infected with Smalltroj.PANG)

Deleted file

 

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\Alcohol 120% Activator.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

H:\Documents and Settings\Jorge\Meus documentos\NEW PROGRAMS\WinIso V5.3 + Serial.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

 

 

Running post-scan cleanup routine:

 

Number of files found: 120675

Number of archives unpacked: 707

Number of files scanned: 120655

Number of files not scanned: 20

Number of files skipped due to exclude list: 0

Number of infected files found: 2

Number of infected files repaired/deleted: 2

Number of infections removed: 2

Total scanning time: 20m 17s

-----------------------------------------------

 

PedroN e equipe de moderação, o reinício de semestre da faculdade se aproxima para mim, e eu vou precisar daquele computador funcionando. Já me acostumei com a idéia da formatação e não mais me importo em fazê-la, contanto que possa ao menos salvar arquivos importantes dos quais não fiz backup. Gostaria que me recomendassem algo para ter certeza de que, assim que fizer backup dos arquivos atuais do PC, não vou reinfectá-lo durante a transferência devolta, após a formatação. Executar o Kaspersky AVP Tool e salvar os arquivos imediatamente depois adiantaria?

 

Não possuo HD externo, portanto vou precisar enviar o PC para uma assistência técnica para a formatação, mas acredito que se fizer isso semana que vem, até o recomeço das aulas já tenho ele devolta. Não quero arriscar começar o semestre sem a máquina, que é muito importante no desenvolvimento dos meus trabalhos (meu curso envolve programação e modelagem 3D, com aplicativos que o Notebook não suporta).

 

Obrigado por tentarem me ajudar durante todos esses dias, mas acho que fui derrotado por esse vírus. Se puderem me aconselhar uma maneira de fazer um backup seguro, ficaria muito grato.

~Lucied

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito