[Arquivado] PC Lento,Cheio de virus.

[Nick™ 0]

Bom meu computador esta a muito tempo lento,com muitos virus,erros em aplicativos...

Nao entra em sites de antivirus nem da Microsoft

Nao isntala o Antivirus: AVG nem Avast

Mensagens: Windows - Sem Disco a todo momento

Nao entra em modo de segurança.

Percebi que a cada dia esta mais lento..

Eu nunca postei nada do tipo em nenhum outro lugar pedindo ajuda, porque eu sempre formatava o PC e Pendriver e o problema saia por um tempo..

Mais hoje eu resolvi postar aqui o meu problema

 

Log do Hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:30, on 29/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Panda USB Vaccine\USBVaccine.exe

C:\WINDOWS\system32\svchost.exe

C:\Hijack\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Arquivos de programas\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [iObit Security 360] "C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKCU\..\Run: [smartRAM] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; AskTB5.4)" -"http://www8.agame.com/games/shockwave/d/designer_trends_3d/designer_trends_3d_girlsgogames_com_br.htm"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5381 bytes

[Power Max 54]

:) Olá Nick™! Seja bem-vindo ao Fórum Imasters.

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

_____________________________________

 

:seta: Siga as dicas deste tutorial:

 

'>http://dicasetutoriaisparapc.blogspot.com/2009/10/tutorial-do-ad-remover.html"]Tutorial do Ad-Remover

_________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://forum.imasters.com.br/index.php?/topic/278480-como-iniciar-em-modo-de-seguranca/"]Modo de Segurança". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com o log que estará em C:\Ad-Report-CLEAN[1].log e um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[Nick™ 0]

Boa Noite Antonio.

 

Aqui esta os logs que voce me pediu:

 

Combo Fix

 

ComboFix 09-12-29.04 - Usuario 29/12/2009 21:01:27.4.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.895.617 [GMT -2:00]

Executando de: c:\documents and settings\Usuario\Desktop\Kombo.exe

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-29 ))))))))))))))))))))))))))))

.

 

2009-12-29 22:46 . 2009-12-29 23:00 -------- d-----w- C:\ComboFix

2009-12-29 22:12 . 2009-12-29 22:20 -------- d-----w- c:\arquivos de programas\Ad-Remover

2009-12-29 21:26 . 2009-12-03 18:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-29 21:26 . 2009-12-29 21:26 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-29 21:26 . 2009-12-03 18:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-29 21:07 . 2009-12-29 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Panda Security

2009-12-29 20:59 . 2009-12-29 22:11 -------- d-----w- C:\Hijack

2009-12-29 20:48 . 2009-12-29 20:48 -------- d-----w- c:\arquivos de programas\Panda USB Vaccine

2009-12-29 20:32 . 2009-12-29 20:32 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-29 19:06 . 2009-12-29 19:06 -------- d-----w- c:\windows\ServicePackFiles

2009-12-25 01:14 . 2009-12-25 01:14 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\AlvarSoft

2009-12-25 00:52 . 2009-12-25 01:16 -------- d-----w- c:\arquivos de programas\MAXON

2009-12-25 00:50 . 2009-12-25 00:59 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\MAXON

2009-12-24 21:38 . 2009-12-24 21:38 -------- d-----w- c:\arquivos de programas\Install Creator Pro

2009-12-24 21:26 . 2009-12-24 21:26 -------- d-----w- c:\arquivos de programas\Orban

2009-12-24 21:26 . 2009-12-25 00:41 -------- d-----w- c:\arquivos de programas\Megacubo

2009-12-18 17:24 . 2009-12-29 19:30 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\PE Explorer

2009-12-14 15:01 . 2009-12-14 15:01 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DirectX

2009-12-12 23:11 . 2009-12-12 23:16 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Dev-Cpp

2009-12-11 19:18 . 2009-12-11 19:18 -------- d-----w- c:\arquivos de programas\lamphunengineer

2009-12-09 01:10 . 2009-12-24 18:16 -------- d-----w- c:\documents and settings\Usuario\Tracing

2009-12-09 01:07 . 2009-12-09 01:07 -------- d-----w- c:\arquivos de programas\Microsoft

2009-12-09 01:06 . 2009-12-09 01:06 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-12-09 00:56 . 2009-12-09 00:56 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-12-08 10:50 . 2009-12-24 17:25 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server

2009-12-06 20:04 . 2009-12-06 20:04 -------- d-----w- c:\windows\system32\ogacheckcontrol

2009-12-06 19:58 . 2009-12-06 19:58 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Blender Foundation

2009-12-05 22:31 . 2002-08-15 12:11 344064 ----a-r- c:\windows\system32\msvcr70.dll

2009-12-05 22:31 . 2002-01-05 05:40 487424 ----a-r- c:\windows\system32\msvcp70.dll

2009-11-30 15:12 . 2009-12-29 19:22 -------- d-----w- C:\FindyKill

2009-11-30 15:06 . 2009-11-30 15:06 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\InspireSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-29 22:56 . 2009-08-01 18:02 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\Orbit

2009-12-29 19:16 . 2009-08-05 15:24 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-24 21:23 . 2009-08-02 00:57 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-14 15:42 . 2009-10-31 20:40 -------- d-----w- c:\arquivos de programas\NitroPC

2009-12-09 01:08 . 2009-09-05 16:40 -------- d-----w- c:\arquivos de programas\Windows Live

2009-12-08 12:11 . 2001-10-28 15:07 67450 ----a-w- c:\windows\system32\perfc016.dat

2009-12-08 12:11 . 2001-10-28 15:07 425426 ----a-w- c:\windows\system32\perfh016.dat

2009-12-08 11:40 . 2009-10-08 15:03 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-11-29 10:51 . 2009-08-01 18:02 -------- d-----w- c:\arquivos de programas\Orbitdownloader

2009-11-29 10:50 . 2009-11-29 10:50 -------- d-----w- c:\documents and settings\Usuario\Dados de aplicativos\GrabPro

2009-11-26 13:30 . 2009-09-05 13:39 -------- d-----w- c:\arquivos de programas\VDOWNLOADER

2009-11-11 20:50 . 2009-11-04 19:52 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Orbit

2009-10-29 07:43 . 2004-08-04 03:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-10-29 07:43 . 2004-08-04 03:45 17408 ------w- c:\windows\system32\corpol.dll

2009-10-28 04:15 . 2009-11-12 22:55 184320 ----a-w- c:\windows\system32\HMIPCore.dll

2009-10-13 10:52 . 2004-08-04 03:45 267776 ----a-w- c:\windows\system32\oakley.dll

2009-10-08 15:03 . 2009-10-08 15:03 151552 ----a-w- c:\windows\system32\nvRegDev.dll

.

 

------- Sigcheck -------

 

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys

 

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys

 

[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys

[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

 

[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\kbdclass.sys

[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kbdclass.sys

[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kbdclass.sys

[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

 

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys

[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys

 

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys

 

[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys

[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

 

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys

[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

 

[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\browser.dll

[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\browser.dll

[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll

 

[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\lsass.exe

[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lsass.exe

[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe

 

[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\netman.dll

[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netman.dll

[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll

[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll

 

[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\qmgr.dll

[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\ERDNT\cache\qmgr.dll

[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll

[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll

 

[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll

[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\rpcss.dll

[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . CB6BBDCCC9F7984E2CA6CA5842746635 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll

[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\rpcss.dll

[-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

 

[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe

[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\services.exe

[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\services.exe

[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-09 . E64296F1D45C776FAC6EE8F89EF3C303 . 111104 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe

[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\services.exe

[-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

 

[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\spoolsv.exe

[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\spoolsv.exe

[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe

 

[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\winlogon.exe

[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe

[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe

 

[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\comctl32.dll

[-] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\asms\60\msft\windows\common\controls\comctl32.dll

[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll

[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

 

[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\cryptsvc.dll

[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\cryptsvc.dll

[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll

 

[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\ERDNT\cache\es.dll

[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\es.dll

[-] 2004-08-04 03:45 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll

 

[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\imm32.dll

[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\imm32.dll

[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll

 

[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\ERDNT\cache\kernel32.dll

[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . 424919C0378FD828E0FE4683B480BE9B . 1028096 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\kernel32.dll

[-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

 

[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\linkinfo.dll

[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\linkinfo.dll

[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll

[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll

 

[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\lpk.dll

[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lpk.dll

[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll

 

[-] 2009-10-29 . 4E7FC9F63B0CE54E9DB3C0989D959FC8 . 3598336 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\6de5de4add20a7bec0cbb4feef32d0ed\sp3gdr\mshtml.dll

[-] 2009-10-29 . 4E7FC9F63B0CE54E9DB3C0989D959FC8 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2009-10-29 . F4A534864B70526C075731B4EFB18009 . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll

[-] 2009-10-29 . F4A534864B70526C075731B4EFB18009 . 3602432 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\6de5de4add20a7bec0cbb4feef32d0ed\sp3qfe\mshtml.dll

[-] 2009-07-19 . 44E6AD3F3719B08798173EDFAC4A2129 . 3597824 . . [7.00.6000.16890] . . c:\windows\ERDNT\cache\mshtml.dll

[-] 2009-07-19 . 44E6AD3F3719B08798173EDFAC4A2129 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll

[-] 2009-07-19 . 44E6AD3F3719B08798173EDFAC4A2129 . 3597824 . . [7.00.6000.16890] . . c:\windows\system32\mshtml.dll

[-] 2009-07-19 . 0681A6E3EEF936A71D6E23C1966ECF9B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll

[-] 2009-07-19 . CD4DC10D4F812033C4B402C9620F10BB . 5937152 . . [8.00.6001.18812] . . c:\windows\SoftwareDistribution\Download\ede04b5155a0d71577082ae0328bc698\SP3GDR\mshtml.dll

[-] 2009-07-19 . 5B7C8A16598E79AD559323C81737AC4D . 5938176 . . [8.00.6001.22902] . . c:\windows\SoftwareDistribution\Download\ede04b5155a0d71577082ae0328bc698\SP3QFE\mshtml.dll

[-] 2009-07-18 . 6A7949673B2BB090D9A7F2C49AF34B71 . 3083264 . . [6.00.2900.3603] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp2gdr\mshtml.dll

[-] 2009-07-18 . E8B917FEB2C23A0A53180E6BE7567285 . 3090432 . . [6.00.2900.5848] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp3gdr\mshtml.dll

[-] 2009-07-18 . 19F6395B20A8325AA54902897FAFAFCA . 3090432 . . [6.00.2900.3603] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp2qfe\mshtml.dll

[-] 2009-07-18 . 469129F01320AC0B5CCB7CE4ADF30A26 . 3090944 . . [6.00.2900.5848] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp3qfe\mshtml.dll

[-] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mshtml.dll

[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll

[-] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll

 

[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\msvcrt.dll

[-] 2008-04-14 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\asms\70\msft\windows\mswincrt\msvcrt.dll

[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\ERDNT\cache\msvcrt.dll

[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll

[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll

 

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\mswsock.dll

[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll

[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mswsock.dll

[-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

 

[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\8e79d2cbda3bd9d98c8929bede21ccbc\sp2qfe\netlogon.dll

[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\a981ef14113959c049288dcf4309ea49\sp2qfe\netlogon.dll

[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\netlogon.dll

[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\netlogon.dll

[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll

[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll

 

[-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe

[-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP3GDR\ntoskrnl.exe

[-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP3QFE\ntoskrnl.exe

[-] 2009-08-04 . 23BB94AD11225E8AE43015CF857FD4BA . 2190208 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 23BB94AD11225E8AE43015CF857FD4BA . 2190208 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 4840E4365BB2BB0ACDFC90E753E3D008 . 2184576 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-08-04 . 4840E4365BB2BB0ACDFC90E753E3D008 . 2184576 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP2GDR\ntoskrnl.exe

[-] 2009-08-04 . 4840E4365BB2BB0ACDFC90E753E3D008 . 2184576 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2009-08-04 . ABE4DD1C48487AD0C2DEFB972549CBAB . 2140160 . . [5.1.2600.3610] . . c:\windows\ERDNT\cache\ntoskrnl.exe

[-] 2009-08-04 . ABE4DD1C48487AD0C2DEFB972549CBAB . 2140160 . . [5.1.2600.3610] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[-] 2009-02-09 . 514F2B2055B58556ACCFEE763E14D78F . 2140160 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe

[-] 2009-02-09 . AF8A3B4150C87E692E5CD27836BFA83D . 2190336 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe

[-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntoskrnl.exe

[-] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe

 

[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\powrprof.dll

[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\powrprof.dll

[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll

[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll

 

[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\scecli.dll

[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\scecli.dll

[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll

[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll

 

[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfc.dll

[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfc.dll

[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll

[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll

 

[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\svchost.exe

[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\svchost.exe

[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe

 

[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tapisrv.dll

[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\tapisrv.dll

[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll

[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll

 

[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\user32.dll

[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\user32.dll

[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll

[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll

 

[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\userinit.exe

[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\userinit.exe

[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe

[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe

 

[-] 2009-10-29 . B9A30CC5E297B08C9D4579A2C224F4E5 . 832512 . . [7.00.6000.16945] . . c:\windows\SoftwareDistribution\Download\6de5de4add20a7bec0cbb4feef32d0ed\sp3gdr\wininet.dll

[-] 2009-10-29 . B9A30CC5E297B08C9D4579A2C224F4E5 . 832512 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\wininet.dll

[-] 2009-10-29 . DA680595CC7C54140A626E2717A8DC88 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll

[-] 2009-10-29 . DA680595CC7C54140A626E2717A8DC88 . 841216 . . [7.00.6000.21148] . . c:\windows\SoftwareDistribution\Download\6de5de4add20a7bec0cbb4feef32d0ed\sp3qfe\wininet.dll

[-] 2009-07-03 . 9572842DA52CF071068FAAB8AD4D74A5 . 915456 . . [8.00.6001.22896] . . c:\windows\SoftwareDistribution\Download\ede04b5155a0d71577082ae0328bc698\SP3QFE\wininet.dll

[-] 2009-07-03 . 903350F08A1DF38714EF37F09EA11BB4 . 915456 . . [8.00.6001.18806] . . c:\windows\SoftwareDistribution\Download\ede04b5155a0d71577082ae0328bc698\SP3GDR\wininet.dll

[-] 2009-06-29 . C6D974B9FDB0128E8841F1D2CC3D5A1D . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll

[-] 2009-06-29 . 6E05676FB9668BB18DEBA50146B4C6A3 . 827392 . . [7.00.6000.16876] . . c:\windows\ERDNT\cache\wininet.dll

[-] 2009-06-29 . 6E05676FB9668BB18DEBA50146B4C6A3 . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll

[-] 2009-06-29 . 6E05676FB9668BB18DEBA50146B4C6A3 . 827392 . . [7.00.6000.16876] . . c:\windows\system32\wininet.dll

[-] 2009-06-26 . D074DBDAB24616E3100BCB0F37C9F321 . 668672 . . [6.00.2900.5835] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp3gdr\wininet.dll

[-] 2009-06-26 . D9E9ED1E4254C8CE21D2B4BB3BAC9B50 . 670208 . . [6.00.2900.5835] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp3qfe\wininet.dll

[-] 2009-06-26 . DF4D2A3BE4F035F1E04720487A6AEF0A . 661504 . . [6.00.2900.3592] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp2gdr\wininet.dll

[-] 2009-06-26 . B810672D2C46C74D3CF259DC785E3B4F . 670208 . . [6.00.2900.3592] . . c:\windows\SoftwareDistribution\Download\e1360114762cd70bfbc54dca9a7222d1\sp2qfe\wininet.dll

[-] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wininet.dll

[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll

[-] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll

 

[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ws2_32.dll

[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2_32.dll

[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll

[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll

 

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\explorer.exe

[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\explorer.exe

[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe

 

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\srsvc.dll

[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll

[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll

[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll

 

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wscntfy.exe

[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wscntfy.exe

[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe

 

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\xmlprov.dll

[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\xmlprov.dll

[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll

 

[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\eventlog.dll

[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\eventlog.dll

[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll

[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll

 

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll

[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll

 

[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ctfmon.exe

[-] 2004-08-04 . A82639D448F21766DEB2FEDCBDA331AE . 93184 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe

[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe

 

[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\shsvcs.dll

[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\shsvcs.dll

[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll

[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll

 

[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\regsvc.dll

[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regsvc.dll

[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll

[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll

 

[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\schedsvc.dll

[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\schedsvc.dll

[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll

[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll

 

[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ssdpsrv.dll

[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ssdpsrv.dll

[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll

[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll

 

[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\termsrv.dll

[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\termsrv.dll

[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll

[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

 

[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\appmgmts.dll

[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\appmgmts.dll

[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll

[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll

 

[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys

[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys

[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

 

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\aec.sys

[-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ERDNT\cache\aec.sys

[-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\dllcache\aec.sys

[-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys

 

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

 

[-] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mfc40u.dll

[-] 2001-10-28 15:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\ERDNT\cache\mfc40u.dll

[-] 2001-10-28 15:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll

[-] 2001-10-28 15:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll

 

[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\msgsvc.dll

[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msgsvc.dll

[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll

[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll

 

[-] 2008-04-14 02:20 . 60103CA5992F18B1EEF8D4511318C4B3 . 52736 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mspmsnsv.dll

[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\ERDNT\cache\mspmsnsv.dll

[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

 

[-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP3QFE\ntkrnlpa.exe

[-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3GDR\ntkrnlpa.exe

[-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP3GDR\ntkrnlpa.exe

[-] 2009-08-04 . 5B655CC36552CF102F75A4422F7A9A00 . 2067200 . . [5.1.2600.3610] . . c:\windows\$hf_mig$\KB971486\SP2QFE\ntkrnlpa.exe

[-] 2009-08-04 . 5B655CC36552CF102F75A4422F7A9A00 . 2067200 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP2QFE\ntkrnlpa.exe

[-] 2009-08-04 . 648D00898D7EE9458A082F3EF3036548 . 2061952 . . [5.1.2600.3610] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-08-04 . 648D00898D7EE9458A082F3EF3036548 . 2061952 . . [5.1.2600.3610] . . c:\windows\SoftwareDistribution\Download\91b632d7eab098f85ecea8ccd1ea21eb\SP2GDR\ntkrnlpa.exe

[-] 2009-08-04 . 648D00898D7EE9458A082F3EF3036548 . 2061952 . . [5.1.2600.3610] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2009-08-04 . 768C3ACBAF109B2D498B682473CABD54 . 2019840 . . [5.1.2600.3610] . . c:\windows\ERDNT\cache\ntkrnlpa.exe

[-] 2009-08-04 . 768C3ACBAF109B2D498B682473CABD54 . 2019840 . . [5.1.2600.3610] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[-] 2009-02-09 . 22557C1B42929B1C5A0A42541C668D5A . 2019840 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe

[-] 2009-02-09 . 9CFC9992BF7C7AFE6FF7E5DE76D74A5F . 2067200 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe

[-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntkrnlpa.exe

[-] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe

 

[-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntmssvc.dll

[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll

[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll

 

[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\upnphost.dll

[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\upnphost.dll

[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll

[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-12-29_19.35.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-08-04 03:45 . 2004-08-04 03:45 85504 c:\windows\system32\regsvr32.exe

+ 2001-10-28 15:06 . 2001-10-28 15:06 85504 c:\windows\system32\chkdsk.exe

+ 2004-08-04 03:45 . 2004-08-04 03:45 128000 c:\windows\system32\utilman.exe

+ 2004-08-04 03:45 . 2004-08-04 03:45 215040 c:\windows\system32\taskmgr.exe

+ 2004-08-04 03:45 . 2004-08-04 03:45 111104 c:\windows\system32\rundll32.exe

+ 2009-08-01 00:35 . 2004-08-04 03:45 452608 c:\windows\system32\Restore\rstrui.exe

+ 2009-08-01 00:34 . 2004-08-04 03:45 415232 c:\windows\system32\mspaint.exe

+ 2004-08-04 03:45 . 2004-08-04 03:45 145920 c:\windows\system32\magnify.exe

+ 2004-08-04 03:45 . 2004-08-04 03:45 121344 c:\windows\system32\grpconv.exe

+ 2004-08-04 03:45 . 2004-08-04 03:45 232448 c:\windows\regedit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartRAM"="c:\arquivos de programas\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]

"NitroPC"="c:\arquivos de programas\NitroPC\NitroPC.exe" [2008-08-19 3477504]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]

"Advanced SystemCare 3"="c:\arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-16 86016]

"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 7192576]

"IObit Security 360"="c:\arquivos de programas\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-09-29 221184]

"Google Quick Search Box"="c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-24 122880]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 93184]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Orbit.lnk - c:\arquivos de programas\Orbitdownloader\orbitdm.exe [2009-8-1 1789952]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0rmslt.nt

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\IObit\\Advanced SystemCare 3\\AWC.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Media Player\\wmplayer.exe"=

"d:\\DarKGunZ\\Gunz.exe"=

"d:\\Trinity Entertainment\\Trinity GunZ\\Gunz.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"d:\\System Gunz\\theduel.exe"=

"d:\\NighT GamerZ Version4\\Gunz.exe"=

"d:\\Shadown Gunz\\Shadow GunZ v3.1\\SGunZ.exe"=

"d:\\DesignerGunz(V.3)\\Ds-Gunz.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\jusched.exe"=

"c:\\Arquivos de programas\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"=

"c:\\Arquivos de programas\\IObit\\Game Booster\\gbtray.exe"=

"d:\\MocroGunz\\MocroGZ.exe"=

"c:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=

"c:\\Arquivos de programas\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\WINDOWS\\system32\\utilman.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2918:TCP"= 2918:TCP:bitlovsh

 

S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29/12/2009 18:32 26624]

S2 IS360service;IS360service;c:\arquivos de programas\IObit\IObit Security 360\is360srv.exe [23/11/2009 21:38 312592]

S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\omgki.sys --> c:\windows\system32\drivers\omgki.sys [?]

S3 ddsxeiservice;ddsxeiservice2;\??\c:\arquivos de programas\sXe Injected\ddsxei.sys --> c:\arquivos de programas\sXe Injected\ddsxei.sys [?]

S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\DRIVERS\lgmcbus.sys --> c:\windows\system32\DRIVERS\lgmcbus.sys [?]

S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\DRIVERS\lgmcmdfl.sys --> c:\windows\system32\DRIVERS\lgmcmdfl.sys [?]

S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\DRIVERS\lgmcmdm.sys --> c:\windows\system32\DRIVERS\lgmcmdm.sys [?]

S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\lgmcmgmt.sys --> c:\windows\system32\DRIVERS\lgmcmgmt.sys [?]

S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\DRIVERS\lgmcnd5.sys --> c:\windows\system32\DRIVERS\lgmcnd5.sys [?]

S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\DRIVERS\lgmcobex.sys --> c:\windows\system32\DRIVERS\lgmcobex.sys [?]

S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\DRIVERS\lgmcunic.sys --> c:\windows\system32\DRIVERS\lgmcunic.sys [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/8/2009 00:11 208384]

S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

S3 XDva297;XDva297;\??\c:\windows\system32\XDva297.sys --> c:\windows\system32\XDva297.sys [?]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ipqkql

hrcmlaz

yxnjpsjix

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-12-29 c:\windows\Tasks\AWC AutoSweep.job

- c:\arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-08-01 15:51]

 

2009-12-29 c:\windows\Tasks\PandaUSBVaccine.job

- c:\arquivos de programas\Panda USB Vaccine\RunInteractiveWin.exe [2009-12-29 18:45]

.

.

------- Scan Suplementar -------

.

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

FF - ProfilePath - c:\documents and settings\Usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\r2vdlrly.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.ftp - 66.197.225.89

FF - prefs.js: network.proxy.ftp_port - 58258

FF - prefs.js: network.proxy.gopher - 66.197.225.89

FF - prefs.js: network.proxy.gopher_port - 58258

FF - prefs.js: network.proxy.http - 66.197.225.89

FF - prefs.js: network.proxy.http_port - 58258

FF - prefs.js: network.proxy.socks - 66.197.225.89

FF - prefs.js: network.proxy.socks_port - 58258

FF - prefs.js: network.proxy.ssl - 66.197.225.89

FF - prefs.js: network.proxy.ssl_port - 58258

FF - prefs.js: network.proxy.type - 4

FF - component: c:\arquivos de programas\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-29 21:07

Windows 5.1.2600 Service Pack 2 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1275210071-1770027372-839522115-1003\Software\MAIET entertainment]

@Denied: (Full) (Administrators)

@Denied: (Full) (RestrictedCode)

@Denied: (Full) (LocalSystem)

@Denied: (Full) (S-1-5-21-1275210071-1770027372-839522115-1003)

 

[HKEY_USERS\S-1-5-21-1275210071-1770027372-839522115-1003\Software\MAIET entertainment\DarKGunZ]

"LoginID"="fenixxx"

"LastChar"="†BanneD†"

"StageName"=""

 

[HKEY_USERS\S-1-5-21-1275210071-1770027372-839522115-1003\Software\MAIET entertainment\EuroGunz]

"LoginID"="zoim"

"LastChar"="BruninNhaA"

"StageName"="s"

 

[HKEY_USERS\S-1-5-21-1275210071-1770027372-839522115-1003\Software\MAIET entertainment\The Duel]

"LoginID"="151521"

"LastChar"="dedeF14"

"StageName"=">> Sexy - Shower Room <<"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'explorer.exe'(500)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

.

Tempo para conclusão: 2009-12-29 21:13:43

ComboFix-quarantined-files.txt 2009-12-29 23:13

ComboFix2.txt 2009-12-29 22:53

ComboFix3.txt 2009-12-29 19:38

 

Pré-execução: 15 pasta(s) 25.732.935.680 bytes disponíveis

Pós execução: 16 pasta(s) 25.675.943.936 bytes disponíveis

 

- - End Of File - - 3AC126A9B8A5686D06408BAF394AF6B9

 

 

 

Ad-Report Clean[1]

.

======= LOGFILE OF AD-REMOVER 1.1.4.6_F | ONLY XP/VISTA/7 =======

.

Updated by C_XX on 26.12.2009 at 20:47

Contact: AdRemover.contact@gmail.com

Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Launch at: 20:16:27, ter 29/12/2009 | Normal Boot | Option: CLEAN

Executed from: C:\Arquivos de programas\Ad-Remover\

Operating system: Microsoft® Windows XP™ Service Pack 2 versÆo 5.1.2600

Computer Name: COMPUTADOR | Current user: Usuario

 

Bonnes fêtes de fin d'année à vous tous :)

.

============== NEUTRALIZED ELEMENT(S) ==============

.

 

C:\DOCUME~1\Usuario\DADOSD~1\Mozilla\FireFox\Profiles\r2vdlrly.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

C:\Arquivos de programas\Mozilla FireFox\Components\AskHPRFF.js

C:\Arquivos de programas\AskBarDis

 

(!) -- Temp files deleted.

 

.

HKCU\software\appdatalow\AskBarDis

HKCU\software\appdatalow\AskHomepage

HKCU\software\AskBarDis

HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

HKLM\software\classes\appid\GenericAskToolbar.DLL

HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}

HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}

HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}

HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}

HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF

HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

.

============== Added scan ==============

.

.

* Mozilla FireFox Version 3.5.5 [pt-BR] *

.

ProfilePath: r2vdlrly.default (Usuario)

.

(Usuario, prefs.js) Browser.download.lastDir, F:

(Usuario, prefs.js) Browser.startup.homepage, hxxp://www.google.com

(Usuario, prefs.js) Extensions.enabledItems, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4,jqs@sun.com:1.0,{35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.3,{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

.

.

.

* Internet Explorer Version 7.0.5730.13 *

.

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

.

Do404Search: 01000000

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Enable Browser Extensions: yes

Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Start Page: hxxp://fr.msn.com/

Search bar: hxxp://search.msn.com/spbasic.htm

.

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

.

===================================

.

4506 Byte(s) - C:\Ad-Report-CLEAN[1].log

4853 Byte(s) - C:\Ad-Report-SCAN[1].log

.

0 File(s) - C:\DOCUME~1\Usuario\CONFIG~1\Temp

1 File(s) - C:\WINDOWS\Temp

0 File(s) - C:\WINDOWS\Prefetch

.

20 File(s) - C:\Arquivos de programas\Ad-Remover\BACKUP

23 File(s) - C:\Arquivos de programas\Ad-Remover\QUARANTINE

.

End at: 20:20:25 | ter 29/12/2009 - CLEAN[1]

.

============== E.O.F ==============

.

 

HiJack

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:22:19, on 29/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [iObit Security 360] "C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKCU\..\Run: [smartRAM] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_pt-BR;_rv:1.9.1.6)_Gecko/20091201_Firefox/3.5.6" -"http://www8.agame.com/games/shockwave/d/designer_trends_3d/designer_trends_3d_girlsgogames_com_br.htm"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4650 bytes

 

 

Ha, e o meu PC ainda nao notei muitas diferenças...

A Mensagen:

Windows - Sem Disco

Nao ha nenhum disco na unidade,Insira um disco na unidade.

Ainda esta aparecendo a cada 5 segundos..

 

Aguardo resposta. . .

[Power Max 54]

:) Alguns problemas foram removidos do seu PC.

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Findykill:

 

Tutorial do Findykill

 

O log do Findykill estará em C:\FindyKill.txt

______________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

* Faça uma atualização (update) do seu Malwarebytes que você já tem instalado em seu PC.

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: “Iniciar verificação”

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba “Logs”, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com o log do Findykill que estará em C:\FindyKill.txt e novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir estes procedimentos acima.

 

Ficamos no aguardo de sua resposta.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.