[Resolvido!] Virus MSN

[marceloparreiras 0]

Cometi o erro de emprestar meu notebook a um amigo, e ele clicou num link que mandaram pra ele no msn, agora esse virus manda links pra todos os meus contatos...

Aqui vai o log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:04:23, on 1/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\vsnpstd.exe

C:\Arquivos de programas\Search Settings\SearchSettings.exe

C:\Documents and Settings\All Users\Dados de aplicativos\MziXys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Marcelo\mstsc.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Marcelo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Marcelo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Marcelo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Marcelo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb128\SearchSettings.dll

O1 - Hosts: 198.106.198.170 www.visanet.com.br

O1 - Hosts: 198.106.198.170 www.openbank.es

O1 - Hosts: 198.106.198.170 openbank.es

O1 - Hosts: 198.106.198.170 www.lacaixa.es

O1 - Hosts: 198.106.198.170 lacaixa.es

O1 - Hosts: 198.106.198.170 www.bancoreal.com.br

O1 - Hosts: 198.106.198.170 www.real.com.br

O1 - Hosts: 198.106.198.170 www.real.com.br

O1 - Hosts: 198.106.198.170 www.itau.com.br

O1 - Hosts: 198.106.198.170 itau.com.br

O1 - Hosts: 198.106.198.170 www.itaupersonnalite.com.br

O1 - Hosts: 198.106.198.170 itaupersonnalite.com.br

O1 - Hosts: 198.106.198.170 www.itauprivatebank.com.br

O1 - Hosts: 198.106.198.170 itauprivatebank.com.br

O1 - Hosts: 198.106.198.170 www.bb.com.br

O1 - Hosts: 198.106.198.170 bb.com.br

O1 - Hosts: 198.106.198.170 www.bb.gov.br

O1 - Hosts: 198.106.198.170 bb.gov.br

O1 - Hosts: 198.106.198.170 bradesco.com.br

O1 - Hosts: 198.106.198.170 www.bradesco.com.br

O1 - Hosts: 198.106.198.170 www.bradescoprime.com.br

O1 - Hosts: 198.106.198.170 bradescoprime.com.br

O1 - Hosts: 198.106.198.170 bradescojuridico.com.br

O1 - Hosts: 198.106.198.170 www.checktudo.com.br

O1 - Hosts: 198.106.198.170 checktudo.com.br

O1 - Hosts: 198.106.198.170 www.infoseg.gov.br

O1 - Hosts: 198.106.198.170 infoseg.gov.br

O1 - Hosts: 198.106.198.170 www.real.com.br

O1 - Hosts: 198.106.198.170 real.com.br

O1 - Hosts: 198.106.198.170 www.bradescojuridico.com.br

O1 - Hosts: 198.106.198.170 santander.com.br

O1 - Hosts: 198.106.198.170 www.santander.com.br

O1 - Hosts: 198.106.198.170 banespa.com.br

O1 - Hosts: 198.106.198.170 www.nossacaixa.com.br

O1 - Hosts: 198.106.198.170 nossacaixa.com.br

O1 - Hosts: 198.106.198.170 www.unibanco.com.br

O1 - Hosts: 198.106.198.170 unibanco.com.br

O1 - Hosts: 198.106.198.170 www.banespa.com.br

O1 - Hosts: 198.106.198.170 banespa.com.br

O1 - Hosts: 198.106.198.170 www.itauprivatebank.com.br

O1 - Hosts: 198.106.198.170 itauprivatebank.com.br

O1 - Hosts: 198.106.198.170 caixacatalunya.es

O1 - Hosts: 198.106.198.170 www.caixacatalunya.es

O1 - Hosts: 198.106.198.170 banesto.es

O1 - Hosts: 198.106.198.170 www.banesto.es

O1 - Hosts: 198.106.198.170 www.cajamadrid.es

O1 - Hosts: 198.106.198.170 cajamadrid.es

O1 - Hosts: 198.106.198.170 www.bbva.es

O1 - Hosts: 198.106.198.170 bbva.es

O1 - Hosts: 198.106.198.170 serasa.com.br

O1 - Hosts: 198.106.198.170 www.serasa.com.br

O1 - Hosts: 198.106.198.170 www.cam.es

O1 - Hosts: 198.106.198.170 cam.es

O1 - Hosts: 198.106.198.170 portal.lacaixa.es

O1 - Hosts: 198.106.198.170 www.banespa.com.br

O1 - Hosts: 198.106.198.170 www.caixa.com.br

O1 - Hosts: 198.106.198.170 caixa.com.br

O1 - Hosts: 198.106.198.170 www.caixaeconomicafederal.com.br

O1 - Hosts: 198.106.198.170 caixaeconomicafederal.com.br

O1 - Hosts: 198.106.198.170 www.cef.com.br

O1 - Hosts: 198.106.198.170 cef.com.br

O1 - Hosts: 198.106.198.170 www.caixa.gov.br

O1 - Hosts: 198.106.198.170 caixa.gov.br

O1 - Hosts: 198.106.198.170 www.caixaeconomica.gov.br

O1 - Hosts: 198.106.198.170 caixaeconomica.gov.br

O1 - Hosts: 198.106.198.170 www.cef.gov.br

O1 - Hosts: 198.106.198.170 www.caixaeconomicafederal.gov.br

O1 - Hosts: 198.106.198.170 caixaeconomicafederal.gov.br

O1 - Hosts: 198.106.198.170 cetelem.com.br

O1 - Hosts: 198.106.198.170 www.cetelem.com.br

O1 - Hosts: 198.106.198.170 citibank.com.br

O1 - Hosts: 198.106.198.170 www.citibank.com.br

O1 - Hosts: 198.106.198.170 www.pagamentodigital.com.br

O1 - Hosts: 198.106.198.170 pagamentodigital.com.br

O1 - Hosts: 198.106.198.170 www.cartaobndes.gov.br

O1 - Hosts: 198.106.198.170 cartaobndes.gov.br

O1 - Hosts: 198.106.198.170 americanas.com.br

O1 - Hosts: 198.106.198.170 www.americanas.com.br

O1 - Hosts: 198.106.198.170 americanas.com

O1 - Hosts: 198.106.198.170 www.americanas.com

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Arquivos de programas\VersalSoft\InternetDownload\VDTB.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SQM Cliente API - {934CED57-7EB2-416A-B36B-B009C57F01E5} - C:\ARQUIV~1\WI1F86~1\Sync\msgsres.dll (file missing)

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: (no name) - {d9ad1747-7b19-4dea-bc02-0ab12c4fc468} - C:\WINDOWS\system32\GbpDist.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\Search Settings\kb128\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Arquivos de programas\VersalSoft\InternetDownload\VDTB.dll (file missing)

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [internetDownload_upgrade] "C:\Arquivos de programas\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade

O4 - HKLM\..\Run: [searchSettings] C:\Arquivos de programas\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [MziXys.exe] C:\Documents and Settings\All Users\Dados de aplicativos\MziXys.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Power Off Monitor] C:\Arquivos de programas\Power Monitor Off\PowerMonitorOff.exe :silent

O4 - HKCU\..\Run: [GoogleUpdate] "C:\DOCUME~1\Marcelo\CONFIG~1\Temp\GoogleUpdate.exe"

O4 - HKCU\..\Run: [mstsc] C:\Documents and Settings\Marcelo\mstsc.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Arquivos de programas\VersalSoft\InternetDownload\adddownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7565C233-AC96-4B29-9553-FA959E764F65}: NameServer = 200.175.5.139,200.175.182.139

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 13501 bytes

[wings 22]

1.

*Baixe o HostsXpert e salve-o no desktop

*Extraia o seu conteúdo para o desktop e execute-o. Clique em > [Restore Microsoft's Hosts File]

 

2.

*Baixe o AD-Remover e salve-o no desktop

*Duplo clique em AD-R.exe e instale o programa.

*Duplo clique no ícone criado no desktop e clique em [Oui]

*Tecle L > [ENTER]

 

3.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop:

*Instale o programa

*Ao finalizar, se alguma atualização existir,o download será automático. Aguarde...

*Terminada a atualização, o programa será aberto automaticamente. Feche-o.

*Reinicie o PC em Modo de Segurança (aperte F8 de forma intermitente durante a inicialização do PC e selecione "Modo Seguro)

*Execute o programa através do ícone criado no desktop e na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as unidades a serem examinadas

*Remova o que for encontrado

*Ao término do scan poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] e finalmente clique em [OK]. Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC. Caso não seja solicitado, reinicie o PC manualmente.

*Abra novamente o programa Malwarebytes e na aba [Logs] clique no arquivo mbam-log-ano-mês-data.txt

*Clique em [Abrir], copie, cole-o na sua próxima resposta junto com o relatório criado em C:\Ad-Report-CLEAN.log

[marceloparreiras 0]

Log do AD-Report:

 

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 25.11.2009 at 18:47

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 17:57:07, ter 01/12/2009 | Normal Boot | Option: CLEAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 3 versÆo 5.1.2600

Computer Name: PARTICUL-03F89D | Current user: Marcelo

.

============== NEUTRALIZED ELEMENT(S) ==============

.

C:\DOCUME~1\Marcelo\DADOSD~1\Dealio

C:\DOCUME~1\Marcelo\DADOSD~1\Mozilla\Firefox\Profiles\7i2zjo5v.default\extensions\toolbar@ask.com

C:\DOCUME~1\Marcelo\DADOSD~1\Search Settings

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\Arquivos de programas\Ask.com

C:\Arquivos de programas\Dealio Toolbar

C:\Arquivos de programas\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

C:\Arquivos de programas\Mozilla Firefox\extensions\search@searchsettings.com

C:\Arquivos de programas\Search Settings

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\Windows\Installer\7644a1.msi

C:\Windows\Installer\7644a8.msi

C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-36520774.pf

C:\DOCUME~1\Marcelo\Cookies\marcelo@ask[1].txt

.

HKCU\software\Ask.com

HKCU\software\AskToolbar

HKCU\software\Dealio

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

HKCU\software\Search Settings

HKLM\software\AskBarDis

HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\software\classes\appid\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

HKLM\software\classes\GenericAskToolbar.ToolbarWnd

HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1

HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\software\classes\SearchSettings.BHO

HKLM\software\classes\SearchSettings.BHO.1

HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}

HKLM\software\Dealio

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings

HKLM\software\microsoft\windows\currentversion\uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}

HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

HKLM\software\microsoft\windows\currentversion\uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}

HKLM\software\Search Settings

 

(!) -- Temp files deleted.

 

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.3 [pt-BR] *

.

ProfilePath: 7i2zjo5v.default (Marcelo)

.

(Marcelo, prefs.js) Browser.download.lastDir, D:\Marcelo\Imagens

(Marcelo, prefs.js) Browser.search.defaultenginename, Yahoo

(Marcelo, prefs.js) Browser.search.selectedEngine, Yahoo

(Marcelo, prefs.js) Browser.startup.homepage, www.g1.com.br

.

(Marcelo, prefs.js) ERASED - Extensions.asktb.cbid, VY

(Marcelo, prefs.js) ERASED - Extensions.asktb.default-channel-url-mask, hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}

(Marcelo, prefs.js) ERASED - Extensions.asktb.fresh-install, false

(Marcelo, prefs.js) ERASED - Extensions.asktb.l, dis

(Marcelo, prefs.js) ERASED - Extensions.asktb.last-config-req, 1259516356524

(Marcelo, prefs.js) ERASED - Extensions.asktb.locale, pt_BR

(Marcelo, prefs.js) ERASED - Extensions.asktb.o, 14782

(Marcelo, prefs.js) ERASED - Extensions.asktb.overlay-reloaded-using-restart, true

(Marcelo, prefs.js) ERASED - Extensions.asktb.qsrc, 2871

(Marcelo, prefs.js) ERASED - Extensions.asktb.r, 7

(Marcelo, prefs.js) ERASED - Extensions.enabledItems, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.20090701.0,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,search@searchsettings.com:1.2.2,{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}:4.0.1,toolbar@ask.com:3.4.3.105,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

.

.

* Internet Explorer Version 7.0.5730.11 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Start Page: hxxp://fr.msn.com/

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

============== Suspect (Cracks, Serials, ...) ==============

.

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\Medieval II Total War + Kingdoms\Crack\kingdoms.exe

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\Medieval II Total War + Kingdoms\Crack\medieval2.exe

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\Medieval II Total War + Kingdoms\Patches\Medieval II Kingdoms Patch.rar

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\Medieval II Total War + Kingdoms\Patches\Medieval II Patch 1.2.exe

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\Medieval II Total War + Kingdoms\Patches\Medieval II Patch 1.3.rar

.

===================================

.

6894 Byte(s) - C:\Ad-Report-CLEAN[1].log

.

141 File(s) - C:\DOCUME~1\Marcelo\CONFIG~1\Temp

1 File(s) - C:\WINDOWS\Temp

.

17 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

172 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 18:02:32 | ter 01/12/2009 - CLEAN[1]

.

============== E.O.F ==============

.

 

Log do Malware Bytes:

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3268

Windows 5.1.2600 Service Pack 3

 

1/12/2009 18:11:44

mbam-log-2009-12-01 (18-11-44).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 109061

Tempo decorrido: 4 minute(s), 45 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 4

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{934ced57-7eb2-416a-b36b-b009c57f01e5} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d9ad1747-7b19-4dea-bc02-0ab12c4fc468} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{934ced57-7eb2-416a-b36b-b009c57f01e5} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9ad1747-7b19-4dea-bc02-0ab12c4fc468} (Trojan.Banker) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[wings 22]

Por favor....novo log do hijack.

[marceloparreiras 0]

Segue o novo log do HJT:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:29:39, on 1/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\vsnpstd.exe

C:\Documents and Settings\All Users\Dados de aplicativos\MziXys.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Marcelo\mstsc.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Arquivos de programas\VersalSoft\InternetDownload\VDTB.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Arquivos de programas\VersalSoft\InternetDownload\VDTB.dll (file missing)

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [internetDownload_upgrade] "C:\Arquivos de programas\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade

O4 - HKLM\..\Run: [MziXys.exe] C:\Documents and Settings\All Users\Dados de aplicativos\MziXys.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Power Off Monitor] C:\Arquivos de programas\Power Monitor Off\PowerMonitorOff.exe :silent

O4 - HKCU\..\Run: [GoogleUpdate] "C:\DOCUME~1\Marcelo\CONFIG~1\Temp\GoogleUpdate.exe"

O4 - HKCU\..\Run: [mstsc] C:\Documents and Settings\Marcelo\mstsc.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Arquivos de programas\VersalSoft\InternetDownload\adddownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7565C233-AC96-4B29-9553-FA959E764F65}: NameServer = 200.175.5.139,200.175.182.139

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 8139 bytes

[wings 22]

1.

*Execute novamente o AD-Remover

*Tecle D > [ENTER]

 

2.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

3.

*Execute o hijack, clique em [Do a system scan only], selecione as entradas abaixo e clique em [Fix checked]

 

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Toolbar\DealioToolbarIE.dll (file missing)

O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Arquivos de programas\VersalSoft\InternetDownload\VDTB.dll (file missing)

O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Arquivos de programas\VersalSoft\InternetDownload\VDTB.dll (file missing)

*Feche o hijack

 

4.

*Desative temporariamente seu antivírus

*Baixe o ComboFix e salve-o no desktop

*Duplo-clique no arquivo Combofix.exe

*Aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix irá continuar o processo automaticamente. Caso não, aceite a instalação do mesmo.

 

*Após a instalação, clique em [sim] para continuar.

 

*Importante: enquanto o ComboFix estiver em execução, não use o mouse nem o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

 

*O programa será fechado automaticamente

*Cole o relatório criado em C:\combofix.txt

[marceloparreiras 0]

ComboFix 09-12-01.01 - Marcelo 01/12/2009 19:04.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.766.473 [GMT -2:00]

Executando de: c:\documents and settings\Marcelo\Meus documentos\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 632 bytes in 2 streams.

ADS - WINDOWS: deleted 48 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini

c:\documents and settings\Marcelo\Menu Iniciar\Windows Live Messenger .lnk

C:\PARTICUL-03F89D.txt

c:\windows\26488187.exe

c:\windows\83466593.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-01 to 2009-12-01 ))))))))))))))))))))))))))))

.

 

2009-12-01 19:56 . 2009-12-01 20:46 -------- d-----w- c:\arquivos de programas\Ad-Remover

2009-12-01 19:33 . 2009-12-01 19:33 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Malwarebytes

2009-12-01 19:33 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-01 19:33 . 2009-12-01 19:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-01 19:33 . 2009-12-01 19:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-01 19:33 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 18:43 . 2009-12-01 18:43 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Codemonster

2009-12-01 18:41 . 2009-12-01 18:41 -------- d-----w- c:\arquivos de programas\Codemonster

2009-12-01 18:25 . 2009-12-01 18:26 -------- d-----w- C:\MSNCleaner

2009-12-01 18:21 . 2009-12-01 18:21 -------- d-----w- c:\arquivos de programas\AxBx

2009-12-01 18:19 . 2009-12-01 18:19 4 ----a-w- c:\windows\83466593.dat

2009-12-01 17:58 . 2009-12-01 17:59 234496 --sh--w- c:\documents and settings\All Users\Dados de aplicativos\MziXys.exe

2009-12-01 17:57 . 2009-12-01 17:57 236032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe

2009-11-30 16:27 . 2009-11-30 16:27 -------- d-----w- c:\arquivos de programas\uTorrent

2009-11-30 16:26 . 2009-12-01 21:00 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\uTorrent

2009-11-30 16:05 . 2009-11-30 16:05 -------- d-----w- c:\arquivos de programas\Total War

2009-11-30 16:05 . 1998-10-29 18:45 306688 ----a-w- c:\windows\IsUninst.exe

2009-11-29 14:22 . 2009-11-29 14:22 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\VitySoft

2009-11-29 02:18 . 2009-11-29 02:18 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-11-29 02:18 . 2009-11-29 02:18 -------- d-----w- c:\documents and settings\Marcelo\SystemRequirementsLab

2009-11-27 21:56 . 2009-11-30 18:14 -------- d-----w- c:\arquivos de programas\PokerStars

2009-11-26 00:08 . 2009-11-26 00:08 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\DivX

2009-11-24 21:30 . 2009-11-24 21:30 -------- d-----w- c:\documents and settings\Ednir\Dados de aplicativos\Search Settings

2009-11-24 21:30 . 2009-11-24 21:30 -------- d-----w- c:\documents and settings\Ednir\Dados de aplicativos\Dealio

2009-11-23 12:43 . 2009-11-23 12:43 270 ----a-w- c:\windows\26488187.dat

2009-11-23 04:36 . 2009-12-01 18:32 376 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll

2009-11-23 04:00 . 2009-11-23 04:01 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-11-22 02:26 . 2009-11-22 02:26 -------- d-----w- c:\windows\system32\custom matrices

2009-11-22 02:26 . 2009-11-22 02:26 -------- d-----w- c:\windows\system32\C2MP

2009-11-22 02:26 . 2009-11-22 02:26 -------- d-----w- c:\windows\system32\QuickTime

2009-11-17 20:13 . 2009-11-17 20:19 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\sqlitestudio

2009-11-17 20:03 . 2009-11-17 20:03 -------- d-----w- c:\arquivos de programas\SQL Editor

2009-11-12 21:30 . 2009-11-16 00:19 -------- d-----w- c:\arquivos de programas\NightCAM

2009-11-10 22:28 . 2009-11-10 22:28 -------- d-----w- c:\arquivos de programas\Nightmare

2009-11-10 17:47 . 2009-12-01 18:51 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-11-10 16:59 . 2009-11-23 12:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-11-10 16:59 . 2009-11-10 17:19 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-01 18:38 . 2001-10-28 11:07 65246 ----a-w- c:\windows\system32\perfc016.dat

2009-12-01 18:38 . 2001-10-28 11:07 419524 ----a-w- c:\windows\system32\perfh016.dat

2009-11-30 16:30 . 2009-06-30 20:48 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\FrostWire

2009-11-27 15:51 . 2009-05-16 17:42 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-11-23 05:19 . 2009-07-22 21:01 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-11-17 21:05 . 2009-07-15 03:43 -------- d-----w- c:\arquivos de programas\Steam

2009-11-14 00:22 . 2009-06-26 18:34 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Tibia

2009-11-01 18:46 . 2009-08-06 19:16 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-11-01 15:03 . 2009-11-01 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-11-01 14:57 . 2009-11-01 14:57 98304 ---h--w- c:\documents and settings\Marcelo\mstsc.exe

2009-11-01 14:56 . 2009-11-01 14:56 20480 ----a-w- c:\documents and settings\Marcelo\t.tmp

2009-11-01 14:52 . 2009-11-01 14:52 -------- d-----w- c:\arquivos de programas\EA GAMES

2009-11-01 14:50 . 2009-08-06 19:11 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\DAEMON Tools Lite

2009-10-27 23:22 . 2009-10-27 23:22 4835652 ----a-w- c:\windows\system32\libavcodec.dll

2009-10-27 23:16 . 2009-10-27 23:16 1632375 ----a-w- c:\windows\system32\ffmpegmt.dll

2009-10-27 23:16 . 2009-10-27 23:16 611638 ----a-w- c:\windows\system32\libmplayer.dll

2009-10-27 23:10 . 2009-10-27 23:10 143872 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll

2009-10-27 22:28 . 2009-10-27 22:28 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2009-10-20 17:09 . 2009-10-20 17:09 598 ----a-w- C:\fsys.bat

2009-10-18 15:56 . 2009-10-18 15:56 -------- d-----w- c:\arquivos de programas\Wisdom-soft ScreenHunter 5 Free

2009-10-18 01:04 . 2009-10-18 01:04 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-10-18 00:01 . 2009-10-18 00:01 -------- d-----w- c:\arquivos de programas\MSECache

2009-10-16 23:58 . 2009-10-16 23:58 183296 ----a-w- c:\windows\system32\ff_samplerate.dll

2009-10-16 23:57 . 2009-10-16 23:57 146944 ----a-w- c:\windows\system32\ff_tremor.dll

2009-10-16 23:04 . 2009-10-16 23:04 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2009-10-16 23:04 . 2009-10-16 23:04 113152 ----a-w- c:\windows\system32\ff_unrar.dll

2009-10-16 23:03 . 2009-10-16 23:03 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2009-10-16 23:03 . 2009-10-16 23:03 142848 ----a-w- c:\windows\system32\ff_liba52.dll

2009-10-16 23:03 . 2009-10-16 23:03 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2009-10-16 20:53 . 2009-10-16 20:53 100864 ----a-w- c:\windows\system32\ff_wmv9.dll

2009-10-16 20:53 . 2009-10-16 20:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-16 19:40 . 2009-10-16 19:40 957047 ----a-w- c:\windows\system32\ff_x264.dll

2009-10-16 19:38 . 2009-10-16 19:38 914464 ----a-w- c:\windows\system32\xvidcore.dll

2009-10-10 13:54 . 2009-05-16 12:11 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-10-08 23:30 . 2009-10-08 23:30 -------- d-----w- c:\arquivos de programas\DVD Decrypter

2009-10-08 23:27 . 2009-10-08 23:27 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2009-10-05 03:21 . 2009-07-22 21:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-05 00:14 . 2009-07-27 22:38 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Skype

2009-10-04 21:39 . 2009-07-27 22:40 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\skypePM

2009-10-03 01:11 . 2009-10-03 01:11 -------- d-----w- c:\arquivos de programas\PluginLetras

2009-09-04 20:01 . 2009-07-22 21:01 26776 ----a-w- c:\windows\system32\drivers\gbpkm.sys

.

 

------- Sigcheck -------

 

[-] 2008-05-12 . CAE2A2EC19F2F334ED47BA1A30912198 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-06-23_21.56.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-30 18:33 . 2004-02-23 18:19 20480 c:\windows\usnpstd.exe

+ 2009-10-17 05:16 . 1999-12-17 12:13 86016 c:\windows\unvise32.exe

+ 2009-06-30 18:25 . 2004-06-10 16:49 49152 c:\windows\twain_32\SNPSTD\TwainUI.dll

+ 2009-12-01 21:02 . 2009-12-01 21:02 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat

+ 2009-08-06 19:23 . 2005-12-05 21:07 61136 c:\windows\system32\xinput9_1_0.dll

+ 2009-08-06 19:24 . 2007-04-04 21:53 81768 c:\windows\system32\xinput1_3.dll

+ 2009-08-06 19:23 . 2006-07-28 12:30 62744 c:\windows\system32\xinput1_2.dll

+ 2009-08-06 19:23 . 2006-03-31 15:39 62672 c:\windows\system32\xinput1_1.dll

+ 2009-08-06 19:23 . 2007-03-05 15:42 15128 c:\windows\system32\x3daudio1_1.dll

+ 2009-08-06 19:23 . 2006-02-03 11:41 14032 c:\windows\system32\x3daudio1_0.dll

+ 2008-10-16 17:09 . 2008-10-16 17:09 43544 c:\windows\system32\wups2.dll

+ 2009-05-16 11:59 . 2008-10-16 17:08 34328 c:\windows\system32\wups.dll

+ 2009-05-16 11:59 . 2008-10-16 17:09 51224 c:\windows\system32\wuauclt.exe

- 2008-04-13 22:20 . 2008-04-13 22:20 90112 c:\windows\system32\wshext.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 90112 c:\windows\system32\wshext.dll

+ 2009-06-30 18:25 . 2004-05-25 20:21 36864 c:\windows\system32\vsnpstd.dll

+ 2009-06-30 18:36 . 2008-04-13 22:20 54784 c:\windows\system32\vfwwdm32.dll

+ 1998-06-18 08:00 . 1998-06-18 08:00 89360 c:\windows\system32\VB5DB.dll

+ 2008-04-13 22:21 . 2008-10-23 10:06 62976 c:\windows\system32\tzchange.exe

+ 2009-05-16 12:06 . 2008-07-09 07:34 26488 c:\windows\system32\spupdsvc.exe

+ 2009-05-16 12:07 . 2007-11-30 11:18 18296 c:\windows\system32\spmsg.dll

+ 2009-08-05 22:55 . 2008-10-16 17:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll

+ 2009-07-26 19:44 . 2009-07-26 19:44 48448 c:\windows\system32\sirenacm.dll

+ 2008-04-13 22:20 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll

+ 2001-10-28 11:07 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe

+ 2009-06-30 18:25 . 2004-06-23 19:13 57344 c:\windows\system32\rsnpstd.dll

+ 2008-06-08 22:58 . 2008-06-08 22:58 60273 c:\windows\system32\pthreadGC2.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 44544 c:\windows\system32\pngfilt.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 44544 c:\windows\system32\pngfilt.dll

- 2001-10-28 11:07 . 2009-05-30 15:15 56698 c:\windows\system32\perfc009.dat

+ 2001-10-28 11:07 . 2009-12-01 18:38 56698 c:\windows\system32\perfc009.dat

+ 2009-05-16 11:56 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 91648 c:\windows\system32\mtxoci.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 66560 c:\windows\system32\mtxclu.dll

+ 2008-04-13 22:20 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 52224 c:\windows\system32\msfeedsbs.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 58880 c:\windows\system32\msdtclog.dll

+ 2008-04-13 22:20 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll

+ 2009-01-10 22:14 . 2009-01-10 22:14 79360 c:\windows\system32\mkzlib.dll

+ 2009-01-10 22:14 . 2009-01-10 22:14 23552 c:\windows\system32\mkunicode.dll

+ 1999-04-26 22:42 . 1999-04-26 22:42 39184 c:\windows\system32\MAPISRVR.EXE

- 2009-05-16 17:52 . 2009-05-16 17:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-05-16 17:52 . 2009-10-17 02:48 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-06-19 15:45 . 2009-08-23 03:56 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-05-12 14:37 . 2009-06-29 15:58 27648 c:\windows\system32\jsproxy.dll

+ 2008-05-12 14:37 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe

+ 2008-04-13 22:20 . 2009-06-29 15:58 44544 c:\windows\system32\iernonce.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 78336 c:\windows\system32\ieencode.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 78336 c:\windows\system32\ieencode.dll

+ 2008-05-12 14:36 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe

+ 2008-05-12 14:36 . 2009-06-29 15:58 63488 c:\windows\system32\icardie.dll

+ 2009-07-08 20:14 . 2001-01-05 11:57 69632 c:\windows\system32\GkSui18.EXE

+ 2008-04-13 22:20 . 2009-06-16 14:39 81920 c:\windows\system32\fontsub.dll

+ 2009-02-17 13:33 . 2009-02-17 13:33 89256 c:\windows\system32\ElbyCDIO.dll

+ 2009-06-30 18:34 . 2004-05-06 14:22 53248 c:\windows\system32\dsnpstd.dll

+ 2009-08-25 19:39 . 2007-06-18 17:18 23680 c:\windows\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\motport.sys

+ 2009-08-25 19:39 . 2007-11-02 17:41 22272 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\Motousbnet.sys

+ 2009-08-25 19:39 . 2007-10-10 19:41 42112 c:\windows\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\motodrv.sys

+ 2009-08-25 19:39 . 2007-06-18 17:18 23680 c:\windows\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\motmodem.sys

+ 2009-08-25 19:39 . 2007-11-02 17:36 18176 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgp.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 19200 c:\windows\system32\drivers\WSTCODEC.SYS

+ 2006-11-02 10:22 . 2006-11-02 10:22 32224 c:\windows\system32\drivers\wdfldr.sys

+ 2009-08-25 19:19 . 2008-04-13 14:45 32128 c:\windows\system32\drivers\usbccgp.sys

+ 2009-06-27 02:26 . 2009-06-27 02:26 36400 c:\windows\system32\drivers\SymIM.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 15232 c:\windows\system32\drivers\StreamIP.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 11136 c:\windows\system32\drivers\SLIP.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 10880 c:\windows\system32\drivers\NdisIP.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 85248 c:\windows\system32\drivers\NABTSFEC.sys

+ 2009-08-25 19:39 . 2007-10-10 19:41 42112 c:\windows\system32\drivers\motodrv.sys

+ 2009-08-25 19:39 . 2007-06-18 17:18 23680 c:\windows\system32\drivers\motmodem.sys

+ 2009-02-17 17:11 . 2009-02-17 17:11 24232 c:\windows\system32\drivers\ElbyCDIO.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 17024 c:\windows\system32\drivers\CCDECODE.sys

+ 2009-05-16 12:12 . 2009-08-17 16:04 51376 c:\windows\system32\drivers\aswTdi.sys

- 2009-05-16 12:12 . 2008-03-29 18:29 23152 c:\windows\system32\drivers\aswRdr.sys

+ 2009-05-16 12:12 . 2009-08-17 16:04 23152 c:\windows\system32\drivers\aswRdr.sys

+ 2009-05-16 12:12 . 2009-08-17 16:06 94160 c:\windows\system32\drivers\aswmon2.sys

+ 2009-05-16 12:12 . 2009-08-17 16:06 93392 c:\windows\system32\drivers\aswmon.sys

- 2009-05-16 12:12 . 2008-03-29 18:35 20560 c:\windows\system32\drivers\aswFsBlk.sys

+ 2009-05-16 12:12 . 2009-08-17 16:05 20560 c:\windows\system32\drivers\aswFsBlk.sys

+ 2009-05-16 12:12 . 2009-08-17 16:03 26944 c:\windows\system32\drivers\aavmker4.sys

- 2009-05-16 12:12 . 2008-03-29 18:26 26944 c:\windows\system32\drivers\aavmker4.sys

+ 2008-08-05 21:59 . 2008-08-05 21:59 57344 c:\windows\system32\dpv11.dll

+ 2009-05-01 21:02 . 2009-05-01 21:02 90112 c:\windows\system32\dpl100.dll

+ 2009-05-16 11:59 . 2008-10-16 17:08 34328 c:\windows\system32\dllcache\wups.dll

+ 2009-05-16 11:59 . 2008-10-16 17:09 51224 c:\windows\system32\dllcache\wuauclt.exe

+ 2009-06-30 18:37 . 2008-04-13 14:46 19200 c:\windows\system32\dllcache\wstcodec.sys

- 2008-04-13 22:20 . 2008-04-13 22:20 90112 c:\windows\system32\dllcache\wshext.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 90112 c:\windows\system32\dllcache\wshext.dll

+ 2009-06-30 18:36 . 2008-04-13 22:20 54784 c:\windows\system32\dllcache\vfwwdm32.dll

+ 2009-08-25 19:19 . 2008-04-13 14:45 32128 c:\windows\system32\dllcache\usbccgp.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 15232 c:\windows\system32\dllcache\streamip.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 11136 c:\windows\system32\dllcache\slip.sys

+ 2008-04-13 22:20 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll

+ 2001-10-28 11:07 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe

+ 2008-05-12 14:37 . 2009-06-29 15:58 44544 c:\windows\system32\dllcache\pngfilt.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-06-30 18:37 . 2008-04-13 14:46 10880 c:\windows\system32\dllcache\ndisip.sys

+ 2009-06-30 18:37 . 2008-04-13 14:46 85248 c:\windows\system32\dllcache\nabtsfec.sys

- 2009-05-16 11:56 . 2008-04-13 22:20 91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2008-04-13 22:20 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 66560 c:\windows\system32\dllcache\mtxclu.dll

+ 2009-06-29 15:58 . 2009-06-29 15:58 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2008-04-13 22:20 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-06-29 11:07 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2008-04-13 22:20 . 2009-06-29 15:58 44544 c:\windows\system32\dllcache\iernonce.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 78336 c:\windows\system32\dllcache\ieencode.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2008-05-12 14:36 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-06-29 15:58 . 2009-06-29 15:58 63488 c:\windows\system32\dllcache\icardie.dll

+ 2008-04-13 22:20 . 2009-06-16 14:39 81920 c:\windows\system32\dllcache\fontsub.dll

- 2008-05-12 14:36 . 2008-05-12 14:36 17408 c:\windows\system32\dllcache\corpol.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 17408 c:\windows\system32\dllcache\corpol.dll

+ 2008-04-13 22:20 . 2008-10-16 17:09 92696 c:\windows\system32\dllcache\cdm.dll

+ 2009-06-30 18:37 . 2008-04-13 14:46 17024 c:\windows\system32\dllcache\ccdecode.sys

+ 2009-06-23 21:57 . 2008-04-13 22:20 82432 c:\windows\system32\dllcache\cache\ws2_32.dll

+ 2009-06-23 21:57 . 2008-04-13 22:21 26112 c:\windows\system32\dllcache\cache\userinit.exe

+ 2009-06-23 21:57 . 2008-04-13 22:21 14336 c:\windows\system32\dllcache\cache\svchost.exe

+ 2009-06-23 21:57 . 2008-04-13 22:21 57856 c:\windows\system32\dllcache\cache\spoolsv.exe

+ 2009-06-23 21:57 . 2008-04-13 22:20 17408 c:\windows\system32\dllcache\cache\powrprof.dll

+ 2009-06-23 21:57 . 2008-04-13 22:21 13312 c:\windows\system32\dllcache\cache\lsass.exe

+ 2009-06-23 21:57 . 2008-04-13 21:58 25088 c:\windows\system32\dllcache\cache\kbdclass.sys

+ 2009-06-23 21:57 . 2008-04-13 14:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys

+ 2009-06-23 21:57 . 2008-04-13 22:20 15360 c:\windows\system32\dllcache\cache\ctfmon.exe

+ 2009-06-30 18:25 . 2004-02-16 16:59 61440 c:\windows\system32\csnpstd.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 17408 c:\windows\system32\corpol.dll

- 2008-05-12 14:36 . 2008-05-12 14:36 17408 c:\windows\system32\corpol.dll

+ 2009-07-26 16:26 . 2009-09-29 21:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-07-26 16:26 . 2009-09-29 21:31 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-26 16:26 . 2009-09-29 21:31 16384 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-04-13 22:20 . 2008-10-16 17:09 92696 c:\windows\system32\cdm.dll

+ 2008-05-25 14:39 . 2008-05-25 14:39 13824 c:\windows\system32\C2MP\StatsReader.exe

+ 2002-12-12 00:14 . 2002-12-12 00:14 13312 c:\windows\system32\C2MP\msdmo.dll

+ 2002-06-12 16:52 . 2002-06-12 16:52 23040 c:\windows\system32\C2MP\MiniCalc.exe

+ 2009-05-01 21:02 . 2009-05-01 21:02 69632 c:\windows\system32\C2MP\DivXConfig.exe

+ 2007-02-01 23:19 . 2007-02-01 23:19 28088 c:\windows\system32\bass_wv.dll

+ 2007-02-01 23:19 . 2007-02-01 23:19 18888 c:\windows\system32\bass_mpc.dll

+ 2007-02-01 23:19 . 2007-02-01 23:19 23616 c:\windows\system32\bass_flac.dll

+ 2007-02-01 23:19 . 2007-02-01 23:19 33240 c:\windows\system32\bass_ape.dll

+ 2007-02-01 23:19 . 2007-02-01 23:19 12784 c:\windows\system32\bass_alac.dll

+ 2007-02-01 23:19 . 2007-02-01 23:19 92728 c:\windows\system32\bass.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 97280 c:\windows\system32\avs.dll

+ 2009-05-16 12:12 . 2009-08-17 16:02 97480 c:\windows\system32\AvastSS.scr

+ 2001-01-22 06:25 . 2001-01-22 06:25 32768 c:\windows\system32\ATHPRXY.DLL

+ 2009-08-11 20:21 . 2009-08-11 20:21 87552 c:\windows\system32\ac3config.exe

+ 2009-08-06 19:23 . 2005-03-18 19:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-09-15 20:25 . 2009-09-15 20:25 27136 c:\windows\Installer\84e5af.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 83456 c:\windows\Installer\84e596.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 59904 c:\windows\Installer\84e590.msi

+ 2009-11-29 02:18 . 2009-11-29 02:18 20992 c:\windows\Installer\2bb78c.msi

+ 2009-09-15 20:26 . 2009-09-15 20:26 80395 c:\windows\Installer\{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}\MsblIco.Exe

+ 2009-10-18 01:04 . 2009-10-18 01:04 25214 c:\windows\Installer\{95120000-011C-0416-0000-0000000FF1CE}\olc_shortcut.com

+ 2009-10-18 01:04 . 2009-10-18 01:04 29316 c:\windows\Installer\{95120000-011C-0416-0000-0000000FF1CE}\olc_setup.exe

+ 2009-11-22 02:28 . 2009-11-22 02:28 10134 c:\windows\Installer\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}\ARPPRODUCTICON.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 90112 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\xlicons.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 45056 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\wordicon.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 22528 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\unbndico.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 30720 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\pptico.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 16384 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\PEicons.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 34304 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\misc.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 81920 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\fpicon.exe

+ 2009-09-15 20:25 . 2009-09-15 20:25 62304 c:\windows\Installer\{32BC546A-8AA3-4239-AE92-9CF3291C35A6}\IconWlc.exe

+ 2009-11-22 02:28 . 2009-11-22 02:28 10134 c:\windows\Installer\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}\ARPPRODUCTICON.exe

+ 2009-07-15 03:43 . 2009-07-15 03:43 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe

+ 2009-08-08 01:05 . 2008-05-12 14:37 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 50688 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 27136 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 13312 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe

+ 2009-08-08 01:05 . 2008-04-13 22:20 48640 c:\windows\ie7updates\KB972260-IE7\iernonce.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 54784 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe

+ 2009-08-08 01:05 . 2008-05-12 14:36 61952 c:\windows\ie7updates\KB972260-IE7\icardie.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 17408 c:\windows\ie7updates\KB972260-IE7\corpol.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-06-30 18:25 . 2006-07-03 13:31 94208 c:\windows\amcap.exe

+ 2009-08-25 19:41 . 2006-11-02 10:22 51680 c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll

+ 2009-08-08 01:01 . 2008-04-13 22:20 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll

+ 2009-08-08 01:07 . 2008-04-13 22:20 56320 c:\windows\$NtUninstallKB959426$\secur32.dll

+ 2009-08-08 01:06 . 2001-10-28 11:07 31232 c:\windows\$NtUninstallKB956572$\sc.exe

+ 2009-08-08 01:07 . 2008-04-13 22:21 60416 c:\windows\$NtUninstallKB955839$\tzchange.exe

+ 2009-08-08 01:07 . 2008-04-13 22:20 73728 c:\windows\$NtUninstallKB952954$\mscms.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 91648 c:\windows\$NtUninstallKB952004$\mtxoci.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 66560 c:\windows\$NtUninstallKB952004$\mtxclu.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 58880 c:\windows\$NtUninstallKB952004$\msdtclog.dll

+ 2009-08-08 01:07 . 2008-04-13 22:20 90112 c:\windows\$NtUninstallKB951978$\wshext.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB973346\spmsg.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB972260-IE7\update\spcustom.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB972260-IE7\spmsg.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\pngfilt.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 52224 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeedsbs.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 27648 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\jsproxy.dll

+ 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieudinit.exe

+ 2009-06-29 16:14 . 2009-06-29 16:14 44544 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iernonce.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 78336 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieencode.dll

+ 2009-06-29 11:28 . 2009-06-29 11:28 70656 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ie4uinit.exe

+ 2009-06-29 16:14 . 2009-06-29 16:14 63488 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\icardie.dll

+ 2009-06-29 16:13 . 2009-06-29 16:13 17408 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\corpol.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB971633\spmsg.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB970238\spmsg.dll

+ 2009-08-08 01:02 . 2008-07-09 07:34 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll

+ 2009-08-08 01:02 . 2008-07-09 07:34 18296 c:\windows\$hf_mig$\KB968537\spmsg.dll

+ 2009-08-08 01:04 . 2008-07-09 07:34 26488 c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2009-08-08 01:04 . 2008-07-09 07:34 18296 c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 18296 c:\windows\$hf_mig$\KB961501\spmsg.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB961371\spmsg.dll

+ 2009-06-16 14:44 . 2009-06-16 14:44 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB960803\update\spcustom.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB960803\spmsg.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB960225\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB960225\spmsg.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB959426\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB959426\spmsg.dll

+ 2009-08-06 17:35 . 2009-02-04 09:13 56832 c:\windows\$hf_mig$\KB959426\SP3QFE\secur32.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB958687\update\spcustom.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB958687\spmsg.dll

+ 2009-08-08 01:02 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB958644\update\spcustom.dll

+ 2009-08-08 01:02 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB958644\spmsg.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB957097\update\spcustom.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB957097\spmsg.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB956803\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB956803\spmsg.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 26488 c:\windows\$hf_mig$\KB956802\update\spcustom.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 18296 c:\windows\$hf_mig$\KB956802\spmsg.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 26488 c:\windows\$hf_mig$\KB956572\update\spcustom.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 18296 c:\windows\$hf_mig$\KB956572\spmsg.dll

+ 2009-08-06 17:35 . 2009-02-06 10:36 35328 c:\windows\$hf_mig$\KB956572\SP3QFE\sc.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB955839\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB955839\spmsg.dll

+ 2008-10-23 10:17 . 2008-10-23 10:17 62976 c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe

+ 2009-08-08 01:01 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB955069\update\spcustom.dll

+ 2009-08-08 01:01 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB955069\spmsg.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB954600\update\spcustom.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB954600\spmsg.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB954459\update\spcustom.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB954459\spmsg.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952954\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB952954\spmsg.dll

+ 2008-06-24 16:53 . 2008-06-24 16:53 74240 c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2009-08-08 01:04 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB952287\update\spcustom.dll

+ 2009-08-08 01:04 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB952287\spmsg.dll

+ 2009-08-08 01:06 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB952004\update\spcustom.dll

+ 2009-08-08 01:06 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB952004\spmsg.dll

+ 2008-06-12 14:10 . 2008-06-12 14:10 91648 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxoci.dll

+ 2008-06-12 14:10 . 2008-06-12 14:10 66560 c:\windows\$hf_mig$\KB952004\SP3QFE\mtxclu.dll

+ 2008-06-12 14:10 . 2008-06-12 14:10 58880 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtclog.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB951978\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB951978\spmsg.dll

+ 2009-08-06 17:36 . 2008-05-09 10:51 90112 c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB951748\update\spcustom.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB951748\spmsg.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 18296 c:\windows\$hf_mig$\KB951376-v2\spmsg.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB951066\update\spcustom.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB951066\spmsg.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB950974\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB950974\spmsg.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB950762\update\spcustom.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 18296 c:\windows\$hf_mig$\KB950762\spmsg.dll

+ 2009-08-08 01:07 . 2007-03-06 01:00 22752 c:\windows\$hf_mig$\KB938127-v2-IE7\update\spcustom.dll

+ 2009-08-08 01:07 . 2007-03-06 01:00 15072 c:\windows\$hf_mig$\KB938127-v2-IE7\spmsg.dll

+ 2009-08-08 01:00 . 2008-07-09 07:34 26488 c:\windows\$hf_mig$\KB923561\update\spcustom.dll

+ 2009-08-08 01:00 . 2008-07-09 07:34 18296 c:\windows\$hf_mig$\KB923561\spmsg.dll

+ 2009-08-06 17:20 . 2005-02-25 03:34 22240 c:\windows\$hf_mig$\KB898461\update\spcustom.dll

+ 2009-08-05 23:02 . 2005-02-25 03:34 22752 c:\windows\$hf_mig$\KB898461\spupdsvc.exe

+ 2009-08-06 17:20 . 2005-02-25 03:34 15072 c:\windows\$hf_mig$\KB898461\spmsg.dll

+ 2008-05-05 10:24 . 2008-05-05 10:24 3072 c:\windows\system32\xpsp4res.dll

+ 2009-09-26 13:35 . 2005-01-02 21:43 4682 c:\windows\system32\npptNT2.sys

+ 2006-07-28 10:10 . 2006-07-28 10:10 6144 c:\windows\system32\mot_ci.dll

+ 2009-08-25 19:39 . 2007-11-02 17:51 6400 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motswch.sys

+ 2009-08-25 19:39 . 2007-01-24 00:36 6016 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\motfilt.sys

+ 2009-08-25 19:39 . 2006-07-28 10:10 6144 c:\windows\system32\DRVSTORE\motodrv_3F184E5829BCAF0569D41003B75A0ECD209143B9\mot_ci.dll

+ 2009-08-25 19:39 . 2007-11-02 17:51 6400 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motswch.sys

+ 2009-08-25 19:39 . 2007-01-22 21:33 7680 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\motccgpfl.sys

+ 2009-07-04 14:02 . 2001-08-18 00:56 7552 c:\windows\system32\drivers\SONYPVU1.SYS

+ 2009-06-30 18:37 . 2008-04-13 14:39 5504 c:\windows\system32\drivers\MSTEE.sys

+ 2009-07-04 14:02 . 2001-08-18 00:56 7552 c:\windows\system32\dllcache\sonypvu1.sys

+ 2009-06-30 18:37 . 2008-04-13 14:39 5504 c:\windows\system32\dllcache\mstee.sys

+ 2003-12-26 19:26 . 2003-12-26 19:26 9216 c:\windows\system32\C2MP\OGMCalc.exe

+ 2004-03-04 20:00 . 2004-03-04 20:00 6144 c:\windows\system32\C2MP\AviC.exe

+ 2007-02-01 23:19 . 2007-02-01 23:19 8664 c:\windows\system32\bass_tta.dll

+ 2009-10-08 21:35 . 2009-10-08 21:35 9487 c:\windows\repair\wuau.{00021401-0000-0000-C000-000000000046}\ak47.bat

+ 2009-10-14 01:17 . 2009-10-18 15:32 3584 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\opwicon.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 8192 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\mspicons.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 2560 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\cagicon.exe

+ 2009-08-06 17:20 . 2008-05-05 10:24 3072 c:\windows\$hf_mig$\KB923561\SP3QFE\sprv0416.dll

+ 2008-03-04 05:17 . 2008-03-04 05:17 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcr90.dll

+ 2008-03-04 05:17 . 2008-03-04 05:17 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcp90.dll

+ 2008-03-03 23:52 . 2008-03-03 23:52 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30304.0_x-ww_003f2b36\msvcm90.dll

+ 2007-11-07 04:19 . 2007-11-07 04:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-07 04:19 . 2007-11-07 04:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

+ 2007-11-06 23:23 . 2007-11-06 23:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2006-12-02 01:54 . 2006-12-02 01:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 01:54 . 2006-12-02 01:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 01:54 . 2006-12-02 01:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2009-06-30 18:25 . 2004-06-10 16:48 286720 c:\windows\vsnpstd.exe

+ 2008-12-03 22:11 . 2008-12-03 22:11 180224 c:\windows\system32\xvidvfw.dll

+ 2009-08-06 19:24 . 2007-04-04 21:55 261480 c:\windows\system32\xactengine2_7.dll

+ 2009-08-06 19:23 . 2007-01-24 18:27 255848 c:\windows\system32\xactengine2_6.dll

+ 2009-08-06 19:23 . 2006-12-08 15:02 251672 c:\windows\system32\xactengine2_5.dll

+ 2009-08-06 19:23 . 2006-09-28 19:05 237848 c:\windows\system32\xactengine2_4.dll

+ 2009-08-06 19:23 . 2006-07-28 12:30 236824 c:\windows\system32\xactengine2_3.dll

+ 2009-08-06 19:23 . 2006-05-31 10:24 230168 c:\windows\system32\xactengine2_2.dll

+ 2009-08-06 19:23 . 2006-03-31 15:39 229584 c:\windows\system32\xactengine2_1.dll

+ 2009-08-06 19:23 . 2006-02-03 11:42 230096 c:\windows\system32\xactengine2_0.dll

+ 2009-05-16 11:59 . 2008-10-16 17:13 202776 c:\windows\system32\wuweb.dll

+ 2009-05-16 11:59 . 2008-10-16 17:12 323608 c:\windows\system32\wucltui.dll

+ 2009-05-16 11:59 . 2008-10-16 17:12 561688 c:\windows\system32\wuapi.dll

- 2008-04-13 22:21 . 2008-04-13 22:21 155648 c:\windows\system32\wscript.exe

+ 2008-04-13 22:21 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe

+ 2009-06-25 01:55 . 2008-04-13 22:20 221184 c:\windows\system32\wmpns.dll

- 2006-10-19 00:47 . 2006-10-19 00:47 295936 c:\windows\system32\wmpeffects.dll

+ 2006-10-19 00:47 . 2008-06-24 21:12 295936 c:\windows\system32\wmpeffects.dll

+ 2008-04-13 22:20 . 2008-06-18 08:03 938496 c:\windows\system32\WMNetmgr.dll

+ 2008-04-13 22:20 . 2007-10-25 12:28 222720 c:\windows\system32\wmasf.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 827392 c:\windows\system32\wininet.dll

+ 2008-04-13 22:20 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 354304 c:\windows\system32\winhttp.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 233472 c:\windows\system32\webcheck.dll

+ 2009-05-16 11:56 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2009-05-16 11:56 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2009-05-16 11:56 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll

+ 2008-08-26 22:11 . 2008-08-26 22:11 987136 c:\windows\system32\VSFilter.dll

+ 2004-12-10 09:03 . 2004-12-10 09:03 438272 c:\windows\system32\vp6vfw.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 430080 c:\windows\system32\vbscript.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 105984 c:\windows\system32\url.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 105984 c:\windows\system32\url.dll

+ 2009-06-30 18:34 . 2003-04-21 17:09 245408 c:\windows\system32\unicows.dll

+ 2009-01-10 22:17 . 2009-01-10 22:17 163840 c:\windows\system32\ts.dll

+ 2008-04-13 22:20 . 2009-06-16 14:39 119808 c:\windows\system32\t2embed.dll

+ 2008-04-13 22:20 . 2008-10-03 10:04 247326 c:\windows\system32\strmdll.dll

+ 2009-05-01 21:02 . 2009-05-01 21:02 200704 c:\windows\system32\ssldivx.dll

+ 2008-04-13 22:21 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe

+ 2008-04-13 22:20 . 2008-05-09 10:55 172032 c:\windows\system32\scrrun.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 172032 c:\windows\system32\scrrun.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 180224 c:\windows\system32\scrobj.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 180224 c:\windows\system32\scrobj.dll

+ 2008-04-13 22:20 . 2008-12-05 06:58 144896 c:\windows\system32\schannel.dll

+ 2008-04-13 22:20 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll

+ 2008-04-13 22:20 . 2009-04-15 14:53 585216 c:\windows\system32\rpcrt4.dll

- 2001-10-28 11:07 . 2009-05-30 15:15 386344 c:\windows\system32\perfh009.dat

+ 2001-10-28 11:07 . 2009-12-01 18:38 386344 c:\windows\system32\perfh009.dat

- 2008-04-13 22:20 . 2008-04-13 22:20 286208 c:\windows\system32\pdh.dll

+ 2008-04-13 22:20 . 2009-03-06 14:20 286208 c:\windows\system32\pdh.dll

+ 1998-12-09 05:53 . 1998-12-09 05:53 212480 c:\windows\system32\PCDLIB32.DLL

+ 2004-04-20 22:00 . 2004-04-20 22:00 172032 c:\windows\system32\OptimFROG.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 120832 c:\windows\system32\ogm.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 102912 c:\windows\system32\occache.dll

+ 2008-04-13 22:20 . 2009-02-09 10:53 730624 c:\windows\system32\ntdll.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 337408 c:\windows\system32\netapi32.dll

+ 2008-04-13 22:20 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 247808 c:\windows\system32\mswsock.dll

+ 2008-04-13 22:20 . 2008-06-20 17:48 247808 c:\windows\system32\mswsock.dll

+ 2009-05-16 12:12 . 2007-03-21 23:33 348160 c:\windows\system32\MSVCR71.DLL

- 2009-05-16 12:12 . 2003-02-21 03:42 348160 c:\windows\system32\MSVCR71.dll

+ 2009-05-16 12:12 . 2007-03-21 23:33 503808 c:\windows\system32\MSVCP71.DLL

+ 2008-05-12 14:37 . 2009-06-29 15:58 671232 c:\windows\system32\mstime.dll

+ 2008-04-13 22:21 . 2006-12-04 19:21 414720 c:\windows\system32\msscp.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 193024 c:\windows\system32\msrating.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 477696 c:\windows\system32\mshtmled.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 459264 c:\windows\system32\msfeeds.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 161792 c:\windows\system32\msdtcuiu.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 956928 c:\windows\system32\msdtctm.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll

+ 2009-01-10 22:16 . 2009-01-10 22:16 141312 c:\windows\system32\mp4.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 159744 c:\windows\system32\mmfinfo.dll

+ 2009-01-10 22:16 . 2009-01-10 22:16 148480 c:\windows\system32\mkx.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 135168 c:\windows\system32\mkv2vfr.exe

+ 1999-04-26 22:40 . 1999-04-26 22:40 522720 c:\windows\system32\MAPI.DLL

+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-04-13 22:20 . 2009-02-09 10:53 731648 c:\windows\system32\lsasrv.dll

- 2008-04-13 22:21 . 2006-10-18 23:03 100864 c:\windows\system32\logagent.exe

+ 2008-04-13 22:21 . 2008-06-18 04:09 100864 c:\windows\system32\logagent.exe

+ 2008-04-13 22:20 . 2009-05-07 15:33 347136 c:\windows\system32\localspl.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 512000 c:\windows\system32\jscript.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 512000 c:\windows\system32\jscript.dll

+ 2009-05-16 11:58 . 2008-04-11 19:05 691712 c:\windows\system32\inetcomm.dll

- 2009-05-16 11:58 . 2008-04-13 22:20 691712 c:\windows\system32\inetcomm.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 268288 c:\windows\system32\iertutil.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 385024 c:\windows\system32\iedkcs32.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 380928 c:\windows\system32\ieapfltr.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 380928 c:\windows\system32\ieapfltr.dll

- 2008-05-12 14:36 . 2008-05-12 14:36 161792 c:\windows\system32\ieakui.dll

+ 2008-05-12 14:36 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 230400 c:\windows\system32\ieaksie.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 153088 c:\windows\system32\ieakeng.dll

+ 2007-07-05 01:33 . 2007-07-05 01:33 892928 c:\windows\system32\iconv.dll

+ 2009-01-10 22:16 . 2009-01-10 22:16 335872 c:\windows\system32\gdsmux.exe

+ 2008-04-13 22:20 . 2008-10-23 12:37 286720 c:\windows\system32\gdi32.dll

+ 2009-05-16 08:50 . 2009-10-17 06:28 249496 c:\windows\system32\FNTCACHE.DAT

+ 2008-05-12 14:36 . 2009-06-29 15:58 133120 c:\windows\system32\extmgr.dll

+ 2008-04-13 22:20 . 2008-07-07 20:28 253952 c:\windows\system32\es.dll

- 2008-05-12 14:36 . 2008-05-12 14:36 214528 c:\windows\system32\dxtrans.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 214528 c:\windows\system32\dxtrans.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 347136 c:\windows\system32\dxtmsft.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 246784 c:\windows\system32\dxr.dll

+ 2008-08-05 21:59 . 2008-08-05 21:59 196608 c:\windows\system32\dtu100.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 103424 c:\windows\system32\dsmux.exe

+ 2006-11-02 10:22 . 2006-11-02 10:22 492000 c:\windows\system32\drivers\wdf01000.sys

+ 2008-04-13 15:00 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys

+ 2008-04-13 15:20 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys

+ 2008-04-13 15:15 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys

+ 2009-08-06 19:11 . 2009-08-06 19:11 721904 c:\windows\system32\drivers\sptd.sys

+ 2009-06-30 18:25 . 2004-06-25 14:44 331008 c:\windows\system32\drivers\snpstd.sys

+ 2008-04-13 14:55 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys

+ 2008-04-13 15:17 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys

+ 2009-08-06 17:37 . 2008-06-14 17:34 272384 c:\windows\system32\drivers\bthport.sys

+ 2009-05-16 12:12 . 2009-08-17 16:05 114768 c:\windows\system32\drivers\aswSP.sys

+ 2008-04-13 15:19 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys

+ 2008-08-05 21:59 . 2008-08-05 21:59 344064 c:\windows\system32\dpus11.dll

+ 2008-08-05 21:59 . 2008-08-05 21:59 593920 c:\windows\system32\dpuGUI11.dll

+ 2008-08-05 21:59 . 2008-08-05 21:59 294912 c:\windows\system32\dpu11.dll

+ 2008-04-13 22:20 . 2008-06-20 17:48 147968 c:\windows\system32\dnsapi.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 147968 c:\windows\system32\dnsapi.dll

+ 2009-05-16 11:59 . 2008-10-16 17:13 202776 c:\windows\system32\dllcache\wuweb.dll

+ 2009-05-16 11:59 . 2008-10-16 17:12 323608 c:\windows\system32\dllcache\wucltui.dll

+ 2009-05-16 11:59 . 2008-10-16 17:12 561688 c:\windows\system32\dllcache\wuapi.dll

- 2008-04-13 22:21 . 2008-04-13 22:21 155648 c:\windows\system32\dllcache\wscript.exe

+ 2008-04-13 22:21 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe

+ 2009-05-16 11:56 . 2008-04-21 21:15 216064 c:\windows\system32\dllcache\wordpad.exe

+ 2008-04-13 22:20 . 2008-06-18 08:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll

+ 2009-05-16 11:56 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2009-05-16 11:56 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll

+ 2008-04-13 22:20 . 2007-10-25 12:28 222720 c:\windows\system32\dllcache\wmasf.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 827392 c:\windows\system32\dllcache\wininet.dll

+ 2008-04-13 22:20 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 354304 c:\windows\system32\dllcache\winhttp.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 233472 c:\windows\system32\dllcache\webcheck.dll

+ 2009-05-16 11:59 . 2008-05-27 17:25 765952 c:\windows\system32\dllcache\vgx.dll

- 2009-05-16 11:59 . 2008-05-12 14:37 765952 c:\windows\system32\dllcache\vgx.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 430080 c:\windows\system32\dllcache\vbscript.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 105984 c:\windows\system32\dllcache\url.dll

- 2008-05-12 14:37 . 2008-05-12 14:37 105984 c:\windows\system32\dllcache\url.dll

+ 2008-04-13 15:00 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys

+ 2008-04-13 15:20 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys

+ 2008-04-13 22:20 . 2009-06-16 14:39 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2008-04-13 22:20 . 2008-10-03 10:04 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2008-04-13 15:15 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys

+ 2008-04-13 22:21 . 2009-02-09 11:25 111104 c:\windows\system32\dllcache\services.exe

+ 2008-04-13 22:20 . 2008-05-09 10:55 172032 c:\windows\system32\dllcache\scrrun.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 172032 c:\windows\system32\dllcache\scrrun.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 180224 c:\windows\system32\dllcache\scrobj.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 180224 c:\windows\system32\dllcache\scrobj.dll

+ 2008-04-13 22:20 . 2008-12-05 06:58 144896 c:\windows\system32\dllcache\schannel.dll

+ 2008-04-13 22:20 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll

+ 2008-04-13 22:20 . 2009-04-15 14:53 585216 c:\windows\system32\dllcache\rpcrt4.dll

+ 2008-04-13 14:55 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys

+ 2008-04-13 22:20 . 2009-03-06 14:20 286208 c:\windows\system32\dllcache\pdh.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 286208 c:\windows\system32\dllcache\pdh.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 102912 c:\windows\system32\dllcache\occache.dll

+ 2008-04-13 22:20 . 2009-02-09 10:53 730624 c:\windows\system32\dllcache\ntdll.dll

+ 2008-04-13 22:20 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 337408 c:\windows\system32\dllcache\netapi32.dll

+ 2008-04-13 22:20 . 2008-06-20 17:48 247808 c:\windows\system32\dllcache\mswsock.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 247808 c:\windows\system32\dllcache\mswsock.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 671232 c:\windows\system32\dllcache\mstime.dll

+ 2008-04-13 22:21 . 2006-12-04 19:21 414720 c:\windows\system32\dllcache\msscp.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 193024 c:\windows\system32\dllcache\msrating.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 477696 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-06-29 15:58 . 2009-06-29 15:58 459264 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 161792 c:\windows\system32\dllcache\msdtcuiu.dll

- 2009-05-16 11:56 . 2008-04-13 22:20 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2009-05-16 11:56 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll

+ 2009-05-16 11:58 . 2008-05-01 14:36 331776 c:\windows\system32\dllcache\msadce.dll

- 2009-05-16 11:58 . 2008-04-13 22:20 331776 c:\windows\system32\dllcache\msadce.dll

+ 2009-08-06 17:52 . 2008-10-24 11:21 455296 c:\windows\system32\dllcache\mrxsmb.sys

+ 2008-04-13 22:20 . 2009-02-09 10:53 731648 c:\windows\system32\dllcache\lsasrv.dll

+ 2008-04-13 22:21 . 2008-06-18 04:09 100864 c:\windows\system32\dllcache\logagent.exe

- 2008-04-13 22:21 . 2006-10-18 23:03 100864 c:\windows\system32\dllcache\logagent.exe

+ 2008-04-13 22:20 . 2009-05-07 15:33 347136 c:\windows\system32\dllcache\localspl.dll

+ 2008-04-13 22:20 . 2008-05-09 10:55 512000 c:\windows\system32\dllcache\jscript.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 512000 c:\windows\system32\dllcache\jscript.dll

+ 2009-05-16 11:58 . 2008-04-11 19:05 691712 c:\windows\system32\dllcache\inetcomm.dll

- 2009-05-16 11:58 . 2008-04-13 22:20 691712 c:\windows\system32\dllcache\inetcomm.dll

+ 2009-05-16 11:58 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe

+ 2009-06-29 15:58 . 2009-06-29 15:58 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2008-05-12 14:37 . 2009-06-29 15:58 385024 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-06-29 15:58 . 2009-06-29 15:58 380928 c:\windows\system32\dllcache\ieapfltr.dll

- 2008-05-12 14:36 . 2008-05-12 14:36 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2008-05-12 14:36 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2008-04-13 22:20 . 2008-10-23 12:37 286720 c:\windows\system32\dllcache\gdi32.dll

+ 2009-05-16 11:56 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2008-04-13 22:20 . 2008-07-07 20:28 253952 c:\windows\system32\dllcache\es.dll

- 2008-05-12 14:36 . 2008-05-12 14:36 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-04-13 22:20 . 2008-06-20 17:48 147968 c:\windows\system32\dllcache\dnsapi.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 147968 c:\windows\system32\dllcache\dnsapi.dll

+ 2008-04-13 22:20 . 2008-05-09 08:45 135168 c:\windows\system32\dllcache\cscript.exe

+ 2009-06-23 21:57 . 2008-04-13 22:21 111616 c:\windows\system32\dllcache\cache\wuauclt.exe

+ 2009-06-23 21:57 . 2008-04-13 22:21 509952 c:\windows\system32\dllcache\cache\winlogon.exe

+ 2009-06-23 21:57 . 2008-05-12 14:37 818688 c:\windows\system32\dllcache\cache\wininet.dll

+ 2009-06-23 21:57 . 2008-04-13 22:20 579072 c:\windows\system32\dllcache\cache\user32.dll

+ 2009-06-23 21:57 . 2008-04-13 22:20 296960 c:\windows\system32\dllcache\cache\termsrv.dll

+ 2009-06-23 21:57 . 2008-04-13 15:20 361344 c:\windows\system32\dllcache\cache\tcpip.sys

+ 2009-06-23 21:57 . 2008-04-13 22:21 109056 c:\windows\system32\dllcache\cache\services.exe

+ 2009-06-23 21:57 . 2008-04-13 15:20 182656 c:\windows\system32\dllcache\cache\ndis.sys

+ 2009-06-23 21:57 . 2008-04-13 22:20 110080 c:\windows\system32\dllcache\cache\imm32.dll

+ 2009-06-23 21:57 . 2008-04-13 22:20 172032 c:\windows\system32\dllcache\cache\appmgmts.dll

+ 2009-08-06 17:37 . 2008-06-14 17:34 272384 c:\windows\system32\dllcache\bthport.sys

+ 2008-04-13 15:19 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys

+ 2008-05-12 14:36 . 2009-06-29 15:58 124928 c:\windows\system32\dllcache\advpack.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 683520 c:\windows\system32\dllcache\advapi32.dll

+ 2008-04-13 22:20 . 2009-02-09 10:53 683520 c:\windows\system32\dllcache\advapi32.dll

+ 2009-05-01 21:03 . 2009-05-01 21:03 528384 c:\windows\system32\DivXsm.exe

+ 2009-05-01 21:02 . 2009-05-01 21:02 685056 c:\windows\system32\DivX.dll

+ 2009-08-06 19:23 . 2007-03-15 19:57 443752 c:\windows\system32\d3dx10_33.dll

+ 2008-04-13 22:20 . 2008-05-09 08:45 135168 c:\windows\system32\cscript.exe

+ 2009-08-06 19:26 . 2009-08-06 19:26 107888 c:\windows\system32\CmdLineExt.dll

+ 2009-08-04 22:13 . 2007-09-27 14:43 511328 c:\windows\system32\capicom.dll

+ 2009-11-04 01:58 . 2009-11-04 01:58 241342 c:\windows\system32\C2MP\Uninst.exe

+ 2009-11-04 01:58 . 2009-11-04 01:58 237995 c:\windows\system32\C2MP\Un_Parts.exe

+ 2009-11-04 01:56 . 2009-11-04 01:56 234691 c:\windows\system32\C2MP\Set_Defaults.exe

+ 2007-02-19 15:28 . 2007-02-19 15:28 117974 c:\windows\system32\C2MP\GSpot27.dat

+ 2007-02-22 20:08 . 2007-02-22 20:08 925696 c:\windows\system32\C2MP\GSpot.exe

+ 2007-02-01 23:19 . 2007-02-01 23:19 150520 c:\windows\system32\bass_aac.dll

+ 2009-01-10 22:15 . 2009-01-10 22:15 102400 c:\windows\system32\avss.dll

+ 2009-01-10 22:16 . 2009-01-10 22:16 108032 c:\windows\system32\avi.dll

+ 2008-05-12 14:36 . 2009-06-29 15:58 124928 c:\windows\system32\advpack.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 683520 c:\windows\system32\advapi32.dll

+ 2008-04-13 22:20 . 2009-02-09 10:53 683520 c:\windows\system32\advapi32.dll

+ 2009-07-08 02:01 . 2009-07-08 02:01 578560 c:\windows\Simple Port Forwarding\uninstall.exe

+ 2009-08-06 19:23 . 2006-03-31 14:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2006-02-03 10:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-12-05 20:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-09-28 17:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-07-22 20:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-05-26 18:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-03-18 20:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-02-05 22:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll

+ 2009-08-06 19:23 . 2005-03-18 19:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll

+ 2009-07-27 22:38 . 2009-07-27 22:38 792576 c:\windows\Installer\eec6a1.msi

+ 2009-09-15 20:26 . 2009-09-15 20:26 430080 c:\windows\Installer\84e5bd.msi

+ 2009-09-15 20:26 . 2009-09-15 20:26 155648 c:\windows\Installer\84e5b5.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 140288 c:\windows\Installer\84e5a9.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 202752 c:\windows\Installer\84e5a2.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 152576 c:\windows\Installer\84e59c.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 107008 c:\windows\Installer\84e58a.msi

+ 2009-09-15 20:25 . 2009-09-15 20:25 301056 c:\windows\Installer\84e584.msi

+ 2009-05-16 12:12 . 2009-05-16 12:12 265216 c:\windows\Installer\70495.msi

+ 2009-08-25 19:39 . 2009-08-25 19:39 113152 c:\windows\Installer\5eb2a6.msi

+ 2009-10-18 01:04 . 2009-10-18 01:04 529408 c:\windows\Installer\52a423.msi

+ 2009-05-16 13:38 . 2009-05-16 13:38 618496 c:\windows\Installer\49f49.msi

+ 2009-05-16 20:14 . 2009-05-16 20:14 598016 c:\windows\Installer\13b793f.msi

+ 2009-06-20 22:18 . 2009-06-20 22:18 112640 c:\windows\Installer\102d5ca.msi

+ 2009-07-27 22:37 . 2009-07-27 22:37 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 114688 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\outicon.exe

+ 2009-10-14 01:17 . 2009-10-18 15:32 167936 c:\windows\Installer\{90280416-6000-11D3-8CFE-0050048383C9}\accicons.exe

+ 2009-08-08 01:05 . 2008-05-12 14:37 818688 c:\windows\ie7updates\KB972260-IE7\wininet.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 231424 c:\windows\ie7updates\KB972260-IE7\webcheck.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 105984 c:\windows\ie7updates\KB972260-IE7\url.dll

+ 2009-08-08 01:05 . 2009-05-26 11:40 395128 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 233336 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe

+ 2009-08-08 01:05 . 2008-05-12 14:37 101376 c:\windows\ie7updates\KB972260-IE7\occache.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 670720 c:\windows\ie7updates\KB972260-IE7\mstime.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 192000 c:\windows\ie7updates\KB972260-IE7\msrating.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 475648 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 458752 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 622080 c:\windows\ie7updates\KB972260-IE7\iexplore.exe

+ 2009-08-08 01:05 . 2008-05-12 14:37 266752 c:\windows\ie7updates\KB972260-IE7\iertutil.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 382976 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 380928 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 229376 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 152064 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 131584 c:\windows\ie7updates\KB972260-IE7\extmgr.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 346624 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll

+ 2009-08-08 01:05 . 2008-05-12 14:36 123904 c:\windows\ie7updates\KB972260-IE7\advpack.dll

+ 2009-08-08 01:07 . 2008-05-12 14:37 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll

+ 2009-08-08 01:07 . 2007-03-06 01:02 384224 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-03-06 01:01 215264 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe

+ 2009-08-06 17:52 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2009-08-06 17:37 . 2008-06-14 17:34 272384 c:\windows\Driver Cache\i386\bthport.sys

+ 2007-02-23 02:41 . 2007-02-23 02:41 304544 c:\windows\Downloaded Program Files\MessengerStatsPAClient.dll

+ 2007-09-28 07:41 . 2007-09-28 07:41 381960 c:\windows\Downloaded Program Files\GAME_UNO1.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:26 . 2009-08-06 19:26 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-06-27 23:01 . 2009-06-27 23:01 197529 c:\windows\ADDONS SITECS (NONSTEAM) Uninstaller.exe

+ 2009-08-25 19:41 . 2006-10-09 00:51 379184 c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll

+ 2009-08-25 19:41 . 2006-10-09 00:51 221488 c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-07-08 12:58 395128 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe

+ 2009-08-08 01:02 . 2008-04-13 22:20 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll

+ 2009-08-08 01:02 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll

+ 2009-08-08 01:02 . 2008-07-09 07:34 233336 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe

+ 2009-08-08 01:04 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll

+ 2009-08-08 01:04 . 2008-07-09 07:34 233336 c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 233336 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-04-13 22:20 344576 c:\windows\$NtUninstallKB961501$\localspl.dll

+ 2009-08-08 01:01 . 2008-04-13 22:20 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll

+ 2009-08-08 01:01 . 2009-05-26 11:40 395128 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe

+ 2009-08-08 01:02 . 2008-04-13 22:20 354304 c:\windows\$NtUninstallKB960803$\winhttp.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB960803$\spuninst\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB960225$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2008-04-13 22:20 144384 c:\windows\$NtUninstallKB960225$\schannel.dll

+ 2009-08-06 17:19 . 2007-07-27 12:41 382840 c:\windows\$NtUninstallKB959772_WM11$\spuninst\updspapi.dll

+ 2009-08-06 17:19 . 2007-07-27 10:37 233336 c:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB959426$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe

+ 2009-08-08 01:05 . 2008-04-13 15:15 334848 c:\windows\$NtUninstallKB958687$\srv.sys

+ 2009-08-08 01:05 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe

+ 2009-08-08 01:02 . 2007-11-30 11:18 395128 c:\windows\$NtUninstallKB958644$\spuninst\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe

+ 2009-08-08 01:01 . 2008-04-13 22:20 337408 c:\windows\$NtUninstallKB958644$\netapi32.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 395128 c:\windows\$NtUninstallKB957097$\spuninst\updspapi.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe

+ 2009-08-08 01:05 . 2008-04-13 15:17 456576 c:\windows\$NtUninstallKB957097$\mrxsmb.sys

+ 2009-08-08 01:07 . 2007-11-30 11:18 395128 c:\windows\$NtUninstallKB956803$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2008-06-20 11:40 138496 c:\windows\$NtUninstallKB956803$\afd.sys

+ 2009-08-08 01:01 . 2008-07-08 12:58 395128 c:\windows\$NtUninstallKB956802$\spuninst\updspapi.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 233336 c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe

+ 2009-08-08 01:01 . 2008-04-13 22:20 285184 c:\windows\$NtUninstallKB956802$\gdi32.dll

+ 2009-08-08 01:06 . 2008-04-13 22:21 218112 c:\windows\$NtUninstallKB956572$\wmiprvse.exe

+ 2009-08-08 01:06 . 2008-04-13 22:20 437248 c:\windows\$NtUninstallKB956572$\wmiprvsd.dll

+ 2009-08-08 01:06 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB956572$\spuninst\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 233336 c:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-04-13 22:21 109056 c:\windows\$NtUninstallKB956572$\services.exe

+ 2009-08-08 01:06 . 2008-04-13 22:20 399360 c:\windows\$NtUninstallKB956572$\rpcss.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 286208 c:\windows\$NtUninstallKB956572$\pdh.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 721920 c:\windows\$NtUninstallKB956572$\ntdll.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 730624 c:\windows\$NtUninstallKB956572$\lsasrv.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 472064 c:\windows\$NtUninstallKB956572$\fastprox.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 683520 c:\windows\$NtUninstallKB956572$\advapi32.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB955839$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe

+ 2009-08-08 01:01 . 2008-07-09 16:05 395128 c:\windows\$NtUninstallKB955069$\spuninst\updspapi.dll

+ 2009-08-08 01:01 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe

+ 2009-08-08 01:02 . 2008-04-13 22:20 246814 c:\windows\$NtUninstallKB954600$\strmdll.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB954600$\spuninst\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe

+ 2009-08-08 01:03 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB954459$\spuninst\updspapi.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe

+ 2009-08-08 01:01 . 2006-10-19 00:47 295936 c:\windows\$NtUninstallKB954154_WM11$\wmpeffects.dll

+ 2009-08-08 01:01 . 2007-07-27 13:41 382840 c:\windows\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll

+ 2009-08-08 01:01 . 2007-07-27 11:37 233336 c:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe

+ 2009-08-08 01:04 . 2007-11-30 11:18 395128 c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll

+ 2009-08-08 01:04 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe

+ 2009-08-08 01:04 . 2008-04-13 22:20 331776 c:\windows\$NtUninstallKB952287$\msadce.dll

+ 2009-08-08 01:03 . 2006-10-19 00:47 937984 c:\windows\$NtUninstallKB952069_WM9$\wmnetmgr.dll

+ 2009-08-08 01:03 . 2007-07-27 12:41 382840 c:\windows\$NtUninstallKB952069_WM9$\spuninst\updspapi.dll

+ 2009-08-08 01:03 . 2007-07-27 10:37 233336 c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe

+ 2009-08-08 01:03 . 2006-10-18 23:03 100864 c:\windows\$NtUninstallKB952069_WM9$\logagent.exe

+ 2009-08-08 01:06 . 2007-11-30 12:38 395128 c:\windows\$NtUninstallKB952004$\spuninst\updspapi.dll

+ 2009-08-08 01:06 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-04-13 22:20 161792 c:\windows\$NtUninstallKB952004$\msdtcuiu.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 956928 c:\windows\$NtUninstallKB952004$\msdtctm.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 427008 c:\windows\$NtUninstallKB952004$\msdtcprx.dll

+ 2009-08-08 01:07 . 2008-04-13 22:21 155648 c:\windows\$NtUninstallKB951978$\wscript.exe

+ 2009-08-08 01:07 . 2008-04-13 22:20 434176 c:\windows\$NtUninstallKB951978$\vbscript.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB951978$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2008-04-13 22:20 172032 c:\windows\$NtUninstallKB951978$\scrrun.dll

+ 2009-08-08 01:07 . 2008-04-13 22:20 180224 c:\windows\$NtUninstallKB951978$\scrobj.dll

+ 2009-08-08 01:07 . 2008-04-13 22:20 512000 c:\windows\$NtUninstallKB951978$\jscript.dll

+ 2009-08-08 01:07 . 2008-04-13 22:20 139264 c:\windows\$NtUninstallKB951978$\cscript.exe

+ 2009-08-08 01:02 . 2008-04-13 15:00 225664 c:\windows\$NtUninstallKB951748$\tcpip6.sys

+ 2009-08-08 01:02 . 2008-04-13 15:20 361344 c:\windows\$NtUninstallKB951748$\tcpip.sys

+ 2009-08-08 01:02 . 2007-11-30 12:38 395128 c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe

+ 2009-08-08 01:02 . 2008-04-13 22:20 247808 c:\windows\$NtUninstallKB951748$\mswsock.dll

+ 2009-08-08 01:02 . 2008-04-13 22:20 147968 c:\windows\$NtUninstallKB951748$\dnsapi.dll

+ 2009-08-08 01:02 . 2008-04-13 15:19 138112 c:\windows\$NtUninstallKB951748$\afd.sys

+ 2009-08-08 01:07 . 2007-11-30 11:18 395128 c:\windows\$NtUninstallKB951376-v2$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe

+ 2009-08-08 01:03 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe

+ 2009-08-08 01:03 . 2008-04-13 22:20 691712 c:\windows\$NtUninstallKB951066$\inetcomm.dll

+ 2009-08-08 01:07 . 2007-11-30 12:38 395128 c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe

+ 2009-08-08 01:07 . 2008-04-13 22:20 246272 c:\windows\$NtUninstallKB950974$\es.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 395128 c:\windows\$NtUninstallKB950762$\spuninst\updspapi.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 233336 c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe

+ 2009-08-08 01:05 . 2008-04-13 14:55 202624 c:\windows\$NtUninstallKB950762$\rmcast.sys

+ 2009-08-08 01:05 . 2006-10-19 00:47 222208 c:\windows\$NtUninstallKB941569$\wmasf.dll

+ 2009-08-08 01:05 . 2005-06-28 13:23 371424 c:\windows\$NtUninstallKB941569$\spuninst\updspapi.dll

+ 2009-08-08 01:05 . 2005-06-28 13:23 215264 c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2007-11-30 11:18 395128 c:\windows\$NtUninstallKB938464-v2$\spuninst\updspapi.dll

+ 2009-08-08 01:06 . 2007-11-30 11:18 233336 c:\windows\$NtUninstallKB938464-v2$\spuninst\spuninst.exe

+ 2009-08-08 01:04 . 2005-06-28 13:23 371424 c:\windows\$NtUninstallKB929399$\spuninst\updspapi.dll

+ 2009-08-08 01:04 . 2005-06-28 13:23 213216 c:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe

+ 2009-08-08 01:04 . 2006-10-19 00:47 414208 c:\windows\$NtUninstallKB929399$\msscp.dll

+ 2009-08-08 01:00 . 2008-04-13 22:21 215040 c:\windows\$NtUninstallKB923561$\wordpad.exe

+ 2009-08-08 01:00 . 2008-07-09 07:35 395128 c:\windows\$NtUninstallKB923561$\spuninst\updspapi.dll

+ 2009-08-08 01:00 . 2008-07-09 07:34 233336 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe

+ 2009-08-06 17:20 . 2005-02-25 03:34 384736 c:\windows\$NtUninstallKB898461$\spuninst\updspapi.dll

+ 2009-08-06 17:20 . 2005-02-25 03:34 211680 c:\windows\$NtUninstallKB898461$\spuninst\spuninst.exe

+ 2009-08-08 01:06 . 2008-07-08 12:58 395128 c:\windows\$hf_mig$\KB973346\update\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-08 12:58 760696 c:\windows\$hf_mig$\KB973346\update\update.exe

+ 2009-08-08 01:06 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB973346\spuninst.exe

+ 2009-08-08 01:05 . 2009-05-26 11:40 395128 c:\windows\$hf_mig$\KB972260-IE7\update\updspapi.dll

+ 2009-08-08 01:05 . 2009-05-26 11:40 760696 c:\windows\$hf_mig$\KB972260-IE7\update\update.exe

+ 2009-08-08 01:05 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB972260-IE7\spuninst.exe

+ 2009-06-29 16:14 . 2009-06-29 16:14 828928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 233472 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\webcheck.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 105984 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\url.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 102912 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\occache.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 671232 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mstime.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 193024 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msrating.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 477696 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtmled.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 459264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\msfeeds.dll

+ 2009-06-29 07:25 . 2009-06-29 07:25 634632 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iexplore.exe

+ 2009-06-29 16:14 . 2009-06-29 16:14 268288 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iertutil.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 388608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\iedkcs32.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 380928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dll

+ 2009-06-29 07:23 . 2009-06-29 07:23 161792 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakui.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 230400 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieaksie.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 153088 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieakeng.dll

+ 2009-06-29 16:13 . 2009-06-29 16:13 132608 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\extmgr.dll

+ 2009-06-29 16:13 . 2009-06-29 16:13 214528 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtrans.dll

+ 2009-06-29 16:13 . 2009-06-29 16:13 347136 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\dxtmsft.dll

+ 2009-06-29 16:13 . 2009-06-29 16:13 124928 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\advpack.dll

+ 2009-08-08 01:06 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB971633\update\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB971633\update\update.exe

+ 2009-08-08 01:06 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB971633\spuninst.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB970238\update\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB970238\update\update.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB970238\spuninst.exe

+ 2009-08-06 17:41 . 2009-04-15 15:25 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll

+ 2009-08-08 01:02 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB968537\update\updspapi.dll

+ 2009-08-08 01:02 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB968537\update\update.exe

+ 2009-08-08 01:02 . 2008-07-09 07:34 233336 c:\windows\$hf_mig$\KB968537\spuninst.exe

+ 2009-08-08 01:04 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2009-08-08 01:04 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2009-08-08 01:04 . 2008-07-09 07:34 233336 c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2009-08-08 01:06 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB961501\update\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB961501\update\update.exe

+ 2009-08-08 01:06 . 2008-07-09 07:34 233336 c:\windows\$hf_mig$\KB961501\spuninst.exe

+ 2009-05-07 15:15 . 2009-05-07 15:15 347648 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll

+ 2009-08-08 01:01 . 2009-05-26 11:40 395128 c:\windows\$hf_mig$\KB961371\update\updspapi.dll

+ 2009-08-08 01:01 . 2009-05-26 11:40 760696 c:\windows\$hf_mig$\KB961371\update\update.exe

+ 2009-08-08 01:01 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB961371\spuninst.exe

+ 2009-06-16 14:44 . 2009-06-16 14:44 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB960803\update\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB960803\update\update.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB960803\spuninst.exe

+ 2008-12-16 12:23 . 2008-12-16 12:23 354304 c:\windows\$hf_mig$\KB960803\SP3QFE\winhttp.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB960225\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB960225\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 11:18 233336 c:\windows\$hf_mig$\KB960225\spuninst.exe

+ 2008-12-05 06:59 . 2008-12-05 06:59 144896 c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB959426\update\updspapi.dll

+ 2009-08-08 01:07 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB959426\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB959426\spuninst.exe

+ 2009-08-08 01:05 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB958687\update\updspapi.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB958687\update\update.exe

+ 2009-08-08 01:05 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB958687\spuninst.exe

+ 2009-08-06 17:29 . 2008-12-11 12:33 333952 c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys

+ 2009-08-08 01:02 . 2007-11-30 11:18 395128 c:\windows\$hf_mig$\KB958644\update\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 11:18 760696 c:\windows\$hf_mig$\KB958644\update\update.exe

+ 2009-08-08 01:02 . 2007-11-30 11:18 233336 c:\windows\$hf_mig$\KB958644\spuninst.exe

+ 2009-08-06 17:21 . 2008-10-15 16:31 339456 c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 395128 c:\windows\$hf_mig$\KB957097\update\updspapi.dll

+ 2009-08-08 01:05 . 2008-07-08 12:58 760696 c:\windows\$hf_mig$\KB957097\update\update.exe

+ 2009-08-08 01:05 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB957097\spuninst.exe

+ 2009-08-06 17:52 . 2008-10-24 11:41 455936 c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys

+ 2009-08-08 01:07 . 2007-11-30 11:18 395128 c:\windows\$hf_mig$\KB956803\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 760696 c:\windows\$hf_mig$\KB956803\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 11:18 233336 c:\windows\$hf_mig$\KB956803\spuninst.exe

+ 2009-08-06 17:36 . 2008-08-14 10:34 138496 c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys

+ 2009-08-08 01:01 . 2008-07-08 12:58 395128 c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2009-08-08 01:01 . 2008-07-08 12:58 760696 c:\windows\$hf_mig$\KB956802\update\update.exe

+ 2009-08-08 01:01 . 2008-07-08 12:58 233336 c:\windows\$hf_mig$\KB956802\spuninst.exe

+ 2009-08-06 17:21 . 2008-10-23 12:44 286720 c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll

+ 2009-08-08 01:06 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB956572\update\updspapi.dll

+ 2009-08-08 01:06 . 2008-07-09 07:34 760696 c:\windows\$hf_mig$\KB956572\update\update.exe

+ 2009-08-08 01:06 . 2008-07-09 07:34 233336 c:\windows\$hf_mig$\KB956572\spuninst.exe

+ 2009-08-06 17:35 . 2009-02-06 10:15 227840 c:\windows\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe

+ 2009-08-06 17:35 . 2009-02-09 10:56 453120 c:\windows\$hf_mig$\KB956572\SP3QFE\wmiprvsd.dll

+ 2009-08-06 17:35 . 2009-02-09 11:17 111104 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

+ 2009-08-06 17:35 . 2009-02-09 10:56 401408 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

+ 2009-08-06 17:35 . 2009-03-06 13:50 286208 c:\windows\$hf_mig$\KB956572\SP3QFE\pdh.dll

+ 2009-08-06 17:35 . 2009-02-09 10:56 731136 c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

+ 2009-08-06 17:35 . 2009-02-09 10:56 731648 c:\windows\$hf_mig$\KB956572\SP3QFE\lsasrv.dll

+ 2009-08-06 17:35 . 2009-02-09 10:56 473600 c:\windows\$hf_mig$\KB956572\SP3QFE\fastprox.dll

+ 2009-02-10 22:26 . 2009-02-10 22:26 683520 c:\windows\$hf_mig$\KB956572\SP3QFE\advapi32.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB955839\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB955839\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB955839\spuninst.exe

+ 2009-08-08 01:01 . 2008-07-09 16:05 395128 c:\windows\$hf_mig$\KB955069\update\updspapi.dll

+ 2009-08-08 01:01 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB955069\update\update.exe

+ 2009-08-08 01:01 . 2007-11-30 11:18 233336 c:\windows\$hf_mig$\KB955069\spuninst.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB954600\update\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB954600\update\update.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB954600\spuninst.exe

+ 2009-08-06 17:21 . 2008-10-03 09:50 247326 c:\windows\$hf_mig$\KB954600\SP3QFE\strmdll.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB954459\update\updspapi.dll

+ 2009-08-08 01:03 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB954459\update\update.exe

+ 2009-08-08 01:03 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB954459\spuninst.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB952954\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB952954\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB952954\spuninst.exe

+ 2009-08-08 01:04 . 2007-11-30 11:18 395128 c:\windows\$hf_mig$\KB952287\update\updspapi.dll

+ 2009-08-08 01:04 . 2007-11-30 11:18 760696 c:\windows\$hf_mig$\KB952287\update\update.exe

+ 2009-08-08 01:04 . 2007-11-30 11:18 233336 c:\windows\$hf_mig$\KB952287\spuninst.exe

+ 2009-08-06 17:29 . 2008-05-01 14:39 331776 c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll

+ 2009-08-08 01:06 . 2007-11-30 12:38 395128 c:\windows\$hf_mig$\KB952004\update\updspapi.dll

+ 2009-08-08 01:06 . 2007-11-30 12:38 760696 c:\windows\$hf_mig$\KB952004\update\update.exe

+ 2009-08-08 01:06 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB952004\spuninst.exe

+ 2008-06-12 14:10 . 2008-06-12 14:10 161792 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcuiu.dll

+ 2008-06-12 14:10 . 2008-06-12 14:10 956928 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtctm.dll

+ 2008-06-12 14:10 . 2008-06-12 14:10 428032 c:\windows\$hf_mig$\KB952004\SP3QFE\msdtcprx.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB951978\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB951978\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB951978\spuninst.exe

+ 2009-08-06 17:36 . 2008-05-08 11:24 155648 c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe

+ 2009-08-06 17:36 . 2008-05-09 10:51 430080 c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll

+ 2009-08-06 17:36 . 2008-05-09 10:51 172032 c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll

+ 2009-08-06 17:36 . 2008-05-09 10:51 180224 c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll

+ 2009-08-06 17:36 . 2008-05-09 10:51 512000 c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll

+ 2009-08-06 17:36 . 2008-05-09 08:45 135168 c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe

+ 2009-08-08 01:02 . 2007-11-30 12:38 395128 c:\windows\$hf_mig$\KB951748\update\updspapi.dll

+ 2009-08-08 01:02 . 2007-11-30 12:38 760696 c:\windows\$hf_mig$\KB951748\update\update.exe

+ 2009-08-08 01:02 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB951748\spuninst.exe

+ 2008-06-20 11:16 . 2008-06-20 11:16 225856 c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2008-06-20 11:59 . 2008-06-20 11:59 361600 c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 17:44 . 2008-06-20 17:44 247808 c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 17:44 . 2008-06-20 17:44 147968 c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 11:48 . 2008-06-20 11:48 138496 c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2009-08-08 01:07 . 2007-11-30 11:18 395128 c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 11:18 760696 c:\windows\$hf_mig$\KB951376-v2\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 11:18 233336 c:\windows\$hf_mig$\KB951376-v2\spuninst.exe

+ 2009-08-06 17:37 . 2008-06-14 17:40 272384 c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys

+ 2009-08-08 01:03 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB951066\update\updspapi.dll

+ 2009-08-08 01:03 . 2007-12-03 15:25 760696 c:\windows\$hf_mig$\KB951066\update\update.exe

+ 2009-08-08 01:03 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB951066\spuninst.exe

+ 2008-04-12 03:23 . 2008-04-12 03:23 691712 c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll

+ 2009-08-08 01:07 . 2007-11-30 12:38 395128 c:\windows\$hf_mig$\KB950974\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-11-30 12:38 760696 c:\windows\$hf_mig$\KB950974\update\update.exe

+ 2009-08-08 01:07 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB950974\spuninst.exe

+ 2008-07-07 20:25 . 2008-07-07 20:25 253952 c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 395128 c:\windows\$hf_mig$\KB950762\update\updspapi.dll

+ 2009-08-08 01:05 . 2007-11-30 12:39 760696 c:\windows\$hf_mig$\KB950762\update\update.exe

+ 2009-08-08 01:05 . 2007-11-30 12:39 233336 c:\windows\$hf_mig$\KB950762\spuninst.exe

+ 2009-08-06 17:31 . 2008-05-08 13:58 203136 c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys

+ 2009-08-08 01:07 . 2007-03-06 01:02 384224 c:\windows\$hf_mig$\KB938127-v2-IE7\update\updspapi.dll

+ 2009-08-08 01:07 . 2007-03-06 01:01 721120 c:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe

+ 2009-08-08 01:07 . 2007-03-06 01:01 215264 c:\windows\$hf_mig$\KB938127-v2-IE7\spuninst.exe

+ 2009-08-06 17:36 . 2008-05-27 17:32 765952 c:\windows\$hf_mig$\KB938127-v2-IE7\SP2QFE\vgx.dll

+ 2009-08-08 01:00 . 2008-07-09 07:35 395128 c:\windows\$hf_mig$\KB923561\update\updspapi.dll

+ 2009-08-08 01:00 . 2008-11-15 17:17 760696 c:\windows\$hf_mig$\KB923561\update\update.exe

+ 2009-08-08 01:00 . 2008-07-09 07:34 233336 c:\windows\$hf_mig$\KB923561\spuninst.exe

+ 2009-08-06 17:20 . 2008-04-21 21:11 216064 c:\windows\$hf_mig$\KB923561\SP3QFE\wordpad.exe

+ 2009-08-06 17:20 . 2005-02-25 03:34 384736 c:\windows\$hf_mig$\KB898461\update\updspapi.dll

+ 2009-08-06 17:20 . 2005-02-25 03:34 723680 c:\windows\$hf_mig$\KB898461\update\update.exe

+ 2009-08-06 17:20 . 2005-02-25 03:34 211680 c:\windows\$hf_mig$\KB898461\spuninst.exe

+ 2009-08-06 19:03 . 2008-04-15 17:49 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll

+ 2009-05-16 11:59 . 2008-10-16 17:13 1809944 c:\windows\system32\wuaueng.dll

+ 2008-04-13 22:21 . 2008-06-18 08:03 2458112 c:\windows\system32\WMVCore.dll

+ 2008-04-13 21:54 . 2009-04-19 19:50 1847296 c:\windows\system32\win32k.sys

+ 2007-01-01 10:32 . 2007-01-01 10:32 1354752 c:\windows\system32\webfldrs.msi

+ 2009-08-25 19:39 . 2006-11-13 17:45 1419232 c:\windows\system32\wdfcoinstaller01005.dll

+ 2008-11-06 16:37 . 2008-11-06 16:37 1585664 c:\windows\system32\VC80CRTRedist.msi

+ 2008-05-12 14:37 . 2009-06-29 15:58 1159680 c:\windows\system32\urlmon.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 8491008 c:\windows\system32\shell32.dll

+ 2008-04-13 22:20 . 2008-06-17 19:02 8491008 c:\windows\system32\shell32.dll

+ 2008-04-13 22:20 . 2009-06-03 19:10 1295872 c:\windows\system32\quartz.dll

+ 2008-11-06 16:37 . 2008-11-06 16:37 3596288 c:\windows\system32\qt-dx331.dll

- 2008-04-13 22:00 . 2008-04-13 22:00 2149376 c:\windows\system32\ntoskrnl.exe

+ 2008-04-13 22:00 . 2009-02-09 11:25 2149376 c:\windows\system32\ntoskrnl.exe

- 2008-04-13 22:00 . 2008-04-13 22:00 2028032 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-13 22:00 . 2009-02-09 11:25 2028032 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-13 22:20 . 2008-09-10 01:15 1307648 c:\windows\system32\msxml6.dll

+ 2008-04-13 22:20 . 2008-09-04 17:16 1106944 c:\windows\system32\msxml3.dll

+ 2004-02-23 23:42 . 2004-02-23 23:42 1386496 c:\windows\system32\MSVBVM60.DLL

+ 2008-05-12 14:37 . 2009-07-19 13:29 3597824 c:\windows\system32\mshtml.dll

+ 2003-03-18 21:12 . 2003-03-18 21:12 1047552 c:\windows\system32\mfc71u.dll

+ 2009-05-16 12:12 . 2007-03-21 23:39 1060864 c:\windows\system32\MFC71.DLL

- 2009-05-16 12:12 . 2003-03-18 20:20 1060864 c:\windows\system32\MFC71.dll

+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-05-01 21:02 . 2009-05-01 21:02 1044480 c:\windows\system32\libdivx.dll

+ 2008-04-13 22:20 . 2009-03-21 14:08 1028608 c:\windows\system32\kernel32.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 1028608 c:\windows\system32\kernel32.dll

+ 2008-05-12 14:37 . 2009-07-19 13:29 6067200 c:\windows\system32\ieframe.dll

+ 2008-05-12 14:37 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat

+ 2009-08-25 19:39 . 2006-11-13 17:45 1419232 c:\windows\system32\DRVSTORE\motport_9A5A85088EA432AA30AB62E19BFD4CEC1FF62E6D\wdfcoinstaller01005.dll

+ 2009-08-25 19:39 . 2006-11-13 17:45 1419232 c:\windows\system32\DRVSTORE\motousbnet_F1F6B8D0B008E23D15C7FB6A13B8CAA12F1AA650\wdfcoinstaller01005.dll

+ 2009-08-25 19:39 . 2006-11-13 17:45 1419232 c:\windows\system32\DRVSTORE\motmodem_77C6F3FBF2928E6DAC7B8A901D5589738CDDC62C\wdfcoinstaller01005.dll

+ 2009-08-25 19:39 . 2006-11-13 17:45 1419232 c:\windows\system32\DRVSTORE\motccgp_635EF2070D7E2D6CC6C1DFF95BA8C43191DD1F11\wdfcoinstaller01005.dll

+ 2009-05-16 11:59 . 2008-10-16 17:13 1809944 c:\windows\system32\dllcache\wuaueng.dll

+ 2008-04-13 22:21 . 2008-06-18 08:03 2458112 c:\windows\system32\dllcache\WMVCore.dll

+ 2008-04-13 21:54 . 2009-04-19 19:50 1847296 c:\windows\system32\dllcache\win32k.sys

+ 2008-05-12 14:37 . 2009-06-29 15:58 1159680 c:\windows\system32\dllcache\urlmon.dll

+ 2008-04-13 22:20 . 2008-06-17 19:02 8491008 c:\windows\system32\dllcache\shell32.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 8491008 c:\windows\system32\dllcache\shell32.dll

+ 2008-04-13 22:20 . 2009-06-03 19:10 1295872 c:\windows\system32\dllcache\quartz.dll

+ 2009-08-06 17:35 . 2009-02-09 11:25 2193280 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-08-06 17:35 . 2009-02-09 11:25 2028032 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-10 22:07 . 2009-02-10 22:07 2070272 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-08-06 17:35 . 2009-02-09 11:25 2149376 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-04-13 22:20 . 2008-09-10 01:15 1307648 c:\windows\system32\dllcache\msxml6.dll

+ 2008-04-13 22:20 . 2008-09-04 17:16 1106944 c:\windows\system32\dllcache\msxml3.dll

+ 2008-05-12 14:37 . 2009-07-19 13:29 3597824 c:\windows\system32\dllcache\mshtml.dll

- 2008-04-13 22:20 . 2008-04-13 22:20 1028608 c:\windows\system32\dllcache\kernel32.dll

+ 2008-04-13 22:20 . 2009-03-21 14:08 1028608 c:\windows\system32\dllcache\kernel32.dll

+ 2009-07-19 13:29 . 2009-07-19 13:29 6067200 c:\windows\system32\dllcache\ieframe.dll

+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat

+ 2009-06-23 21:57 . 2008-04-13 22:00 2149376 c:\windows\system32\dllcache\cache\ntoskrnl.exe

+ 2009-06-23 21:57 . 2008-04-13 22:00 2028032 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

+ 2009-06-23 21:57 . 2008-04-13 22:20 1028608 c:\windows\system32\dllcache\cache\kernel32.dll

+ 2009-06-23 21:57 . 2008-04-13 22:21 1035776 c:\windows\system32\dllcache\cache\explorer.exe

+ 2009-08-06 19:23 . 2007-03-12 19:42 3495784 c:\windows\system32\d3dx9_33.dll

+ 2009-08-06 19:23 . 2006-11-29 16:06 3426072 c:\windows\system32\d3dx9_32.dll

+ 2009-08-06 19:23 . 2006-09-28 19:05 2414360 c:\windows\system32\d3dx9_31.dll

+ 2009-08-06 19:23 . 2006-03-31 15:40 2388176 c:\windows\system32\d3dx9_30.dll

+ 2009-08-06 19:23 . 2006-02-03 11:43 2332368 c:\windows\system32\d3dx9_29.dll

+ 2009-08-06 19:23 . 2005-12-05 21:09 2323664 c:\windows\system32\d3dx9_28.dll

+ 2009-08-06 19:23 . 2005-07-22 22:59 2319568 c:\windows\system32\d3dx9_27.dll

+ 2009-08-06 19:23 . 2005-05-26 18:34 2297552 c:\windows\system32\d3dx9_26.dll

+ 2009-08-06 19:23 . 2005-03-18 20:19 2337488 c:\windows\system32\d3dx9_25.dll

+ 2009-08-06 19:23 . 2005-02-05 22:45 2222800 c:\windows\system32\d3dx9_24.dll

+ 2009-08-06 19:23 . 2007-03-12 19:42 1123696 c:\windows\system32\D3DCompiler_33.dll

+ 2009-05-12 18:46 . 2009-05-12 18:46 1650992 c:\windows\system32\C2MP\npdivx32.dll

+ 2009-05-16 12:12 . 2009-08-17 16:10 1279456 c:\windows\system32\aswBoot.exe

+ 2009-08-06 19:23 . 2004-12-01 18:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:23 . 2004-09-29 15:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll

+ 2009-07-27 22:37 . 2009-07-27 22:37 1565696 c:\windows\Installer\eec69b.msi

+ 2009-07-31 22:55 . 2009-07-31 22:55 3279360 c:\windows\Installer\d07771.msi

+ 2009-05-16 12:10 . 2009-05-16 12:10 2109440 c:\windows\Installer\c85f.msi

+ 2009-05-16 12:05 . 2009-05-16 12:05 2261504 c:\windows\Installer\c855.msi

+ 2009-05-16 12:29 . 2009-05-16 12:29 5788160 c:\windows\Installer\ae386.msi

+ 2009-07-15 03:43 . 2009-07-15 03:43 1098240 c:\windows\Installer\76da19.msi

+ 2009-11-23 04:01 . 2009-11-23 04:01 1789952 c:\windows\Installer\67517c.msi

+ 2009-10-14 01:17 . 2009-10-14 01:17 3395072 c:\windows\Installer\53c335.msi

+ 2009-05-16 13:39 . 2009-05-16 13:39 1472000 c:\windows\Installer\49f55.msi

+ 2009-05-16 13:38 . 2009-05-16 13:38 3139072 c:\windows\Installer\49f4f.msi

+ 2009-05-16 13:37 . 2009-05-16 13:37 3862016 c:\windows\Installer\49f43.msi

+ 2009-05-16 13:36 . 2009-05-16 13:36 5266944 c:\windows\Installer\49f3d.msi

+ 2009-08-08 01:05 . 2008-05-12 14:37 1162240 c:\windows\ie7updates\KB972260-IE7\urlmon.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 3577856 c:\windows\ie7updates\KB972260-IE7\mshtml.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 6049280 c:\windows\ie7updates\KB972260-IE7\ieframe.dll

+ 2009-08-08 01:05 . 2008-05-12 14:37 2451824 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat

+ 2009-08-06 17:35 . 2009-02-09 11:25 2193280 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-08-06 17:35 . 2009-02-09 11:25 2028032 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2009-02-10 22:07 . 2009-02-10 22:07 2070272 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-08-06 17:35 . 2009-02-09 11:25 2149376 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-07-31 22:55 . 2005-09-03 01:50 3279548 c:\windows\Downloaded Installations\{C136EF9A-3916-41BB-862D-6DEF428A2C25}\ActiveX Graphic & Chart Components.msi

+ 2009-08-06 19:25 . 2009-08-06 19:25 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-06 19:25 . 2009-08-06 19:25 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2009-08-08 01:06 . 2008-04-13 22:20 1292800 c:\windows\$NtUninstallKB971633$\quartz.dll

+ 2009-08-08 01:02 . 2008-04-13 21:54 1845760 c:\windows\$NtUninstallKB968537$\win32k.sys

+ 2009-08-08 01:04 . 2008-04-13 22:20 8491008 c:\windows\$NtUninstallKB967715$\shell32.dll

+ 2009-08-08 01:07 . 2008-04-13 22:20 1028608 c:\windows\$NtUninstallKB959426$\kernel32.dll

+ 2009-08-08 01:06 . 2008-04-13 22:00 2149376 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

+ 2009-08-08 01:06 . 2008-04-13 22:00 2028032 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

+ 2009-08-08 01:01 . 2008-04-13 22:20 1104896 c:\windows\$NtUninstallKB955069$\msxml3.dll

+ 2009-08-08 01:03 . 2008-04-13 22:20 1306624 c:\windows\$NtUninstallKB954459$\msxml6.dll

+ 2009-08-08 01:03 . 2006-10-19 00:47 2450944 c:\windows\$NtUninstallKB952069_WM9$\wmvcore.dll

+ 2009-06-29 16:14 . 2009-06-29 16:14 1163264 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\urlmon.dll

+ 2009-07-19 13:22 . 2009-07-19 13:22 3600384 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll

+ 2009-07-19 13:22 . 2009-07-19 13:22 6070784 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieframe.dll

+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\ieapfltr.dat

+ 2009-06-03 19:12 . 2009-06-03 19:12 1295872 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll

+ 2009-04-19 19:43 . 2009-04-19 19:43 1847936 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys

+ 2008-06-17 19:04 . 2008-06-17 19:04 8491520 c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2009-03-21 22:30 . 2009-03-21 22:30 1030656 c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

+ 2009-02-10 22:16 . 2009-02-10 22:16 2193408 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

+ 2009-08-06 17:35 . 2009-02-09 11:17 2028032 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrpamp.exe

+ 2009-08-06 17:35 . 2009-02-09 11:17 2070400 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

+ 2009-08-06 17:35 . 2009-02-09 11:17 2149376 c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlmp.exe

+ 2009-08-06 17:21 . 2008-09-04 17:12 1106944 c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll

+ 2008-09-10 01:12 . 2008-09-10 01:12 1379840 c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll

+ 2008-04-13 22:20 . 2008-11-11 21:34 10838016 c:\windows\system32\wmp.dll

+ 2008-04-13 22:20 . 2008-11-11 21:34 10838016 c:\windows\system32\dllcache\wmp.dll

+ 2005-09-23 10:48 . 2005-09-23 10:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi

+ 2009-05-16 12:08 . 2007-01-19 17:21 16841728 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.msi

+ 2009-08-06 17:19 . 2006-10-19 00:47 10834432 c:\windows\$NtUninstallKB959772_WM11$\wmp.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power Off Monitor"="c:\arquivos de programas\Power Monitor Off\PowerMonitorOff.exe :silent" [X]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"mstsc"="c:\documents and settings\Marcelo\mstsc.exe" [2009-11-01 98304]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2009-11-30 289584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-05-16 198160]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"MziXys.exe"="c:\documents and settings\All Users\Dados de aplicativos\MziXys.exe" [2009-12-01 234496]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Valve\\hl.exe"=

"d:\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\marceloparreiras\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"d:\\Marcelo\\Ocupadores\\Championship Manager 2007\\CM2007.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"d:\\Age_of_Empire_-_The_Age_Of_Kings\\empires2.exe"=

"c:\\Age Of Empire-II The Conquerors\\age2_x1.exe"=

"d:\\Marcelo\\Styller Yourots 0.6.1 Rev 01 (8.50)\\Styller Yourots (8.50).exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27015:TCP"= 27015:TCP:Counter-Strike

"27015:UDP"= 27015:UDP:Counter-Strike

"27017:TCP"= 27017:TCP:CS7

"27017:UDP"= 27017:UDP:CS72

"8767:UDP"= 8767:UDP:TeamSpeakServer

"56777:TCP"= 56777:TCP:Pando Media Booster

"56777:UDP"= 56777:UDP:Pando Media Booster

"7171:UDP"= 7171:UDP:Tibia

"7172:UDP"= 7172:UDP:Tiiiibia

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/5/2009 10:12 114768]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [10/11/2009 15:47 1858144]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/5/2009 10:12 20560]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [16/5/2009 10:37 634880]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/8/2009 17:11 721904]

S3 ddsxeiservice;ddsxeiservice2;d:\valve\cstrike\addons\sxei\dlls\sXe Injected\ddsxei.sys [21/8/2009 00:52 92544]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/8/2009 17:39 42112]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [22/7/2009 19:01 26776]

S4 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

IE: Download by VersalSoft Internet Download - c:\arquivos de programas\VersalSoft\InternetDownload\adddownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: {7565C233-AC96-4B29-9553-FA959E764F65} = 200.175.5.139,200.175.182.139

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Marcelo\Dados de aplicativos\Mozilla\Firefox\Profiles\7i2zjo5v.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.g1.com.br

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-avast! - c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe

HKLM-Run-InternetDownload_upgrade - c:\arquivos de programas\VersalSoft\InternetDownload\InternetDownload.exe

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\GbPlugin\gbiehcef.dll

Notify- GbPluginCef - c:\arquivos de programas\GbPlugin\gbiehCef.dll

AddRemove-DAEMON Tools Toolbar - c:\arquivos de programas\DAEMON Tools Toolbar\uninst.exe

AddRemove-mIRC - c:\arquivos de programas\mIRC\uninstall.exe _?=c:\arquivos de programas\mIRC

AddRemove-RealJukebox 1.0 - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

AddRemove-RealPlayer 6.0 - c:\arquivos de programas\Arquivos comuns\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

AddRemove-Steam App 5 - c:\arquivos de programas\Steam\steam.exe steam://uninstall/5

AddRemove-Steam App 80 - c:\arquivos de programas\Steam\steam.exe steam://uninstall/80

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-01 19:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2009-12-01 19:09

ComboFix-quarantined-files.txt 2009-12-01 21:09

 

Pré-execução: 13 pasta(s) 21.763.932.160 bytes disponíveis

Pós execução: 15 pasta(s) 21.795.749.888 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - F9A57EC1445E8E902434CA28289B52B6

[wings 22]

*Abra o bloco de notas, selecione, copie e cole nele todo o conteúdo do código abaixo:

 

File::

c:\documents and settings\All Users\Dados de aplicativos\MziXys.exe

c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe

C:\fsys.bat

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MziXys.exe"=-

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

 

 

*Importante: enquanto o combofix estiver em execução, não use o mouse nem o teclado!!..para interromper o processo tecle N.

 

*Cole o relatório criado em C:\combofix.txt e novo log do hijack

[marceloparreiras 0]

ComboFix 09-12-01.01 - Marcelo 01/12/2009 21:27.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.766.409 [GMT -2:00]

Executando de: c:\documents and settings\Marcelo\Meus documentos\Downloads\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Marcelo\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1351 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\documents and settings\All Users\Dados de aplicativos\MziXys.exe"

"c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe"

"C:\fsys.bat"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Dados de aplicativos\MziXys.exe

c:\documents and settings\All Users\Dados de aplicativos\Windwnx32.exe

C:\fsys.bat

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-01 to 2009-12-01 ))))))))))))))))))))))))))))

.

 

2009-12-01 19:56 . 2009-12-01 20:46 -------- d-----w- c:\arquivos de programas\Ad-Remover

2009-12-01 19:33 . 2009-12-01 19:33 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Malwarebytes

2009-12-01 19:33 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-01 19:33 . 2009-12-01 19:33 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-01 19:33 . 2009-12-01 19:33 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-12-01 19:33 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 18:43 . 2009-12-01 18:43 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Codemonster

2009-12-01 18:41 . 2009-12-01 18:41 -------- d-----w- c:\arquivos de programas\Codemonster

2009-12-01 18:25 . 2009-12-01 18:26 -------- d-----w- C:\MSNCleaner

2009-12-01 18:21 . 2009-12-01 18:21 -------- d-----w- c:\arquivos de programas\AxBx

2009-12-01 18:19 . 2009-12-01 18:19 4 ----a-w- c:\windows\83466593.dat

2009-11-30 16:27 . 2009-11-30 16:27 -------- d-----w- c:\arquivos de programas\uTorrent

2009-11-30 16:26 . 2009-12-01 23:31 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\uTorrent

2009-11-30 16:05 . 2009-11-30 16:05 -------- d-----w- c:\arquivos de programas\Total War

2009-11-30 16:05 . 1998-10-29 18:45 306688 ----a-w- c:\windows\IsUninst.exe

2009-11-29 14:22 . 2009-11-29 14:22 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\VitySoft

2009-11-29 02:18 . 2009-11-29 02:18 -------- d-----w- c:\arquivos de programas\SystemRequirementsLab

2009-11-29 02:18 . 2009-11-29 02:18 -------- d-----w- c:\documents and settings\Marcelo\SystemRequirementsLab

2009-11-27 21:56 . 2009-11-30 18:14 -------- d-----w- c:\arquivos de programas\PokerStars

2009-11-26 00:08 . 2009-11-26 00:08 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\DivX

2009-11-24 21:30 . 2009-11-24 21:30 -------- d-----w- c:\documents and settings\Ednir\Dados de aplicativos\Search Settings

2009-11-24 21:30 . 2009-11-24 21:30 -------- d-----w- c:\documents and settings\Ednir\Dados de aplicativos\Dealio

2009-11-23 12:43 . 2009-11-23 12:43 270 ----a-w- c:\windows\26488187.dat

2009-11-23 04:36 . 2009-12-01 18:32 376 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll

2009-11-23 04:00 . 2009-11-23 04:01 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-11-22 02:26 . 2009-11-22 02:26 -------- d-----w- c:\windows\system32\custom matrices

2009-11-22 02:26 . 2009-11-22 02:26 -------- d-----w- c:\windows\system32\C2MP

2009-11-22 02:26 . 2009-11-22 02:26 -------- d-----w- c:\windows\system32\QuickTime

2009-11-17 20:13 . 2009-11-17 20:19 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\sqlitestudio

2009-11-17 20:03 . 2009-11-17 20:03 -------- d-----w- c:\arquivos de programas\SQL Editor

2009-11-12 21:30 . 2009-11-16 00:19 -------- d-----w- c:\arquivos de programas\NightCAM

2009-11-10 22:28 . 2009-11-10 22:28 -------- d-----w- c:\arquivos de programas\Nightmare

2009-11-10 17:47 . 2009-12-01 18:51 -------- d-----w- c:\arquivos de programas\a-squared Free

2009-11-10 16:59 . 2009-11-23 12:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2009-11-10 16:59 . 2009-11-10 17:19 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-01 18:38 . 2001-10-28 11:07 65246 ----a-w- c:\windows\system32\perfc016.dat

2009-12-01 18:38 . 2001-10-28 11:07 419524 ----a-w- c:\windows\system32\perfh016.dat

2009-11-30 16:30 . 2009-06-30 20:48 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\FrostWire

2009-11-27 15:51 . 2009-05-16 17:42 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-11-23 05:19 . 2009-07-22 21:01 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-11-17 21:05 . 2009-07-15 03:43 -------- d-----w- c:\arquivos de programas\Steam

2009-11-14 00:22 . 2009-06-26 18:34 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Tibia

2009-11-01 18:46 . 2009-08-06 19:16 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-11-01 15:03 . 2009-11-01 15:03 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-11-01 14:57 . 2009-11-01 14:57 98304 ---h--w- c:\documents and settings\Marcelo\mstsc.exe

2009-11-01 14:56 . 2009-11-01 14:56 20480 ----a-w- c:\documents and settings\Marcelo\t.tmp

2009-11-01 14:52 . 2009-11-01 14:52 -------- d-----w- c:\arquivos de programas\EA GAMES

2009-11-01 14:50 . 2009-08-06 19:11 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\DAEMON Tools Lite

2009-10-27 23:22 . 2009-10-27 23:22 4835652 ----a-w- c:\windows\system32\libavcodec.dll

2009-10-27 23:16 . 2009-10-27 23:16 1632375 ----a-w- c:\windows\system32\ffmpegmt.dll

2009-10-27 23:16 . 2009-10-27 23:16 611638 ----a-w- c:\windows\system32\libmplayer.dll

2009-10-27 23:10 . 2009-10-27 23:10 143872 ----a-w- c:\windows\system32\libmpeg2_ff.dll

2009-10-27 22:46 . 2009-10-27 22:46 248320 ----a-w- c:\windows\system32\ff_kernelDeint.dll

2009-10-27 22:28 . 2009-10-27 22:28 324096 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2009-10-18 15:56 . 2009-10-18 15:56 -------- d-----w- c:\arquivos de programas\Wisdom-soft ScreenHunter 5 Free

2009-10-18 01:04 . 2009-10-18 01:04 -------- d-----w- c:\arquivos de programas\Microsoft Office Outlook Connector

2009-10-18 00:01 . 2009-10-18 00:01 -------- d-----w- c:\arquivos de programas\MSECache

2009-10-16 23:58 . 2009-10-16 23:58 183296 ----a-w- c:\windows\system32\ff_samplerate.dll

2009-10-16 23:57 . 2009-10-16 23:57 146944 ----a-w- c:\windows\system32\ff_tremor.dll

2009-10-16 23:04 . 2009-10-16 23:04 178688 ----a-w- c:\windows\system32\ff_libmad.dll

2009-10-16 23:04 . 2009-10-16 23:04 113152 ----a-w- c:\windows\system32\ff_unrar.dll

2009-10-16 23:03 . 2009-10-16 23:03 257024 ----a-w- c:\windows\system32\ff_libdts.dll

2009-10-16 23:03 . 2009-10-16 23:03 142848 ----a-w- c:\windows\system32\ff_liba52.dll

2009-10-16 23:03 . 2009-10-16 23:03 484864 ----a-w- c:\windows\system32\ff_libfaad2.dll

2009-10-16 20:53 . 2009-10-16 20:53 100864 ----a-w- c:\windows\system32\ff_wmv9.dll

2009-10-16 20:53 . 2009-10-16 20:53 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-16 19:40 . 2009-10-16 19:40 957047 ----a-w- c:\windows\system32\ff_x264.dll

2009-10-16 19:38 . 2009-10-16 19:38 914464 ----a-w- c:\windows\system32\xvidcore.dll

2009-10-10 13:54 . 2009-05-16 12:11 -------- d-----w- c:\arquivos de programas\Alwil Software

2009-10-08 23:30 . 2009-10-08 23:30 -------- d-----w- c:\arquivos de programas\DVD Decrypter

2009-10-08 23:27 . 2009-10-08 23:27 -------- d-----w- c:\arquivos de programas\Elaborate Bytes

2009-10-05 03:21 . 2009-07-22 21:01 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-10-05 00:14 . 2009-07-27 22:38 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\Skype

2009-10-04 21:39 . 2009-07-27 22:40 -------- d-----w- c:\documents and settings\Marcelo\Dados de aplicativos\skypePM

2009-10-03 01:11 . 2009-10-03 01:11 -------- d-----w- c:\arquivos de programas\PluginLetras

2009-09-04 20:01 . 2009-07-22 21:01 26776 ----a-w- c:\windows\system32\drivers\gbpkm.sys

.

 

------- Sigcheck -------

 

[-] 2008-05-12 . CAE2A2EC19F2F334ED47BA1A30912198 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Power Off Monitor"="c:\arquivos de programas\Power Monitor Off\PowerMonitorOff.exe :silent" [X]

"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"mstsc"="c:\documents and settings\Marcelo\mstsc.exe" [2009-11-01 98304]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"uTorrent"="c:\arquivos de programas\uTorrent\uTorrent.exe" [2009-11-30 289584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-05-16 198160]

"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

c:\arquivos de programas\GbPlugin\gbiehCef.dll [bU]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Valve\\hl.exe"=

"d:\\Valve\\hlds.exe"=

"c:\\Arquivos de programas\\FrostWire\\FrostWire.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Steam\\steamapps\\marceloparreiras\\counter-strike\\hl.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"d:\\Marcelo\\Ocupadores\\Championship Manager 2007\\CM2007.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Level Up! Games\\Grand Chase Season 2\\main.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"d:\\Age_of_Empire_-_The_Age_Of_Kings\\empires2.exe"=

"c:\\Age Of Empire-II The Conquerors\\age2_x1.exe"=

"d:\\Marcelo\\Styller Yourots 0.6.1 Rev 01 (8.50)\\Styller Yourots (8.50).exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27015:TCP"= 27015:TCP:Counter-Strike

"27015:UDP"= 27015:UDP:Counter-Strike

"27017:TCP"= 27017:TCP:CS7

"27017:UDP"= 27017:UDP:CS72

"8767:UDP"= 8767:UDP:TeamSpeakServer

"56777:TCP"= 56777:TCP:Pando Media Booster

"56777:UDP"= 56777:UDP:Pando Media Booster

"7171:UDP"= 7171:UDP:Tibia

"7172:UDP"= 7172:UDP:Tiiiibia

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/5/2009 10:12 114768]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [10/11/2009 15:47 1858144]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/5/2009 10:12 20560]

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [16/5/2009 10:37 634880]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/8/2009 17:11 721904]

S3 ddsxeiservice;ddsxeiservice2;d:\valve\cstrike\addons\sxei\dlls\sXe Injected\ddsxei.sys [21/8/2009 00:52 92544]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [25/8/2009 17:39 42112]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [22/7/2009 19:01 26776]

S4 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe --> c:\arquiv~1\GbPlugin\GbpSv.exe [?]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = local

IE: Download by VersalSoft Internet Download - c:\arquivos de programas\VersalSoft\InternetDownload\adddownload.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: {7565C233-AC96-4B29-9553-FA959E764F65} = 200.175.5.139,200.175.182.139

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

FF - ProfilePath - c:\documents and settings\Marcelo\Dados de aplicativos\Mozilla\Firefox\Profiles\7i2zjo5v.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.g1.com.br

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-01 21:31

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

Tempo para conclusão: 2009-12-01 21:33

ComboFix-quarantined-files.txt 2009-12-01 23:33

ComboFix2.txt 2009-12-01 21:09

 

Pré-execução: 13 pasta(s) 21.879.107.584 bytes disponíveis

Pós execução: 15 pasta(s) 21.866.422.272 bytes disponíveis

 

- - End Of File - - 8C7FEE2332448FA2E4BA646482C40514

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:34:08, on 1/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Marcelo\Meus documentos\Downloads\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Power Off Monitor] C:\Arquivos de programas\Power Monitor Off\PowerMonitorOff.exe :silent

O4 - HKCU\..\Run: [mstsc] C:\Documents and Settings\Marcelo\mstsc.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Arquivos de programas\VersalSoft\InternetDownload\adddownload.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7565C233-AC96-4B29-9553-FA959E764F65}: NameServer = 200.175.5.139,200.175.182.139

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

 

--

End of file - 7254 bytes

[wings 22]

OK...logs limpos.

 

1.

*Delete as pastas:

 

c:\documents and settings\Ednir\Dados de aplicativos\Search Settings

c:\documents and settings\Ednir\Dados de aplicativos\Dealio

 

2.

*Clique em [iniciar] > [Executar] > digite: combofix /uninstall

*Clique [OK]

 

 

*Clique em [Executar]

*Surgirá a mensagem: "ComboFix está desinstalado"

*Clique [OK]

*Delete a pasta C:\Combofix e o arquivo C:\combofix.txt, se ainda existirem.

 

3.

*Desative a Restauração do Sistema

 

Clique com o botão direito do mouse em Meu Computador > Propriedades > Restauração do Sistema > Desativar Restauração do Sistema > OK > Sim

 

4.

*Ative a Restauração do Sistema pelo mesmo caminho acima descrito

 

5.

*Faça o download e instale o CCleaner

*Na coluna da direita, desça até a opção "Avançado" e selecione "Dados Prefetch antigos"

*Abra o programa e clique em [Executar Limpeza]

*Em seguida, clique em [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

 

6.

*Delete o programa HostsXpert

 

7.

*Troque a senha do MSN

[marceloparreiras 0]

Muitíssimo obrigado, wings!

Meu caso específico foi resolvido, e de quebra meu computador se encontra sem virus... Fiz scans com o Avast, com o MalwareBytes, com o Spybot e não encontrei nada!

 

Mas eu queria lhe pedir um conselho... você acha que devo usar algum firewall como zonealarm, comodo ou dá pra levar sem eles?

[wings 22]

Muitíssimo obrigado, wings!

Meu caso específico foi resolvido, e de quebra meu computador se encontra sem virus... Fiz scans com o Avast, com o MalwareBytes, com o Spybot e não encontrei nada!

 

Mas eu queria lhe pedir um conselho... você acha que devo usar algum firewall como zonealarm, comodo ou dá pra levar sem eles?

 

O firewall do windows já está de bom tamanho.

 

O colega Antonio Vieira tem um tutorial explicando sobre o uso do Comodo Firewall é um bom firewall.

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.