[Resolvido!] Vírus

Tati Ramos · Maio 4, 2010

Acho que estou com vírus no meu pc,porque tinha um programa que funcionava direito:DVD FLICK gratuito e fácil de usar,porém agora ele fica dando erro,cada vez um erro, erro (cítrico redundância), entre outros,já excluí e instalei outro, mais não adiantou!, meu msn não está funcionando ele entra e já some,só entro no live,

também já tentei desinstalar, instalar outro, mais ficou do mesmo jeito.

Meu antivírus é o avast,escolhi ele pq é português, quando passo ele não tá pegando nada , e quando pegou eu excluí tudo aí eu não sei se eu desinstalei alguma coisa que não era pra desinstalar,e ele fala que não foi possível escaniar algumas coisas, nem a atualização do adobe não está fazendo fica dando erro.

Se puder me ajudar, desde já eu agradeço.

Mário Monteiro · Maio 4, 2010

Post um log conforme regra 2 deste fórum

Regra'>http://forum.imasters.com.br/index.php?showtopic=165906"]Regra 02

Tati Ramos · Maio 5, 2010

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:10:59, on 5/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

C:\WINDOWS\winmgr\winmgr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orkthreat.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\HiJackThis.exe\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll (file missing)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll (file missing)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll (file missing)

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Motive SmartBridge] "C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe" /restart

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [WinMgr] C:\WINDOWS\winmgr\winmgr.exe /auto

O4 - HKLM\..\Run: [linkmsn] C:\WINDOWS\system32\linkmsn.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [msnmsgrs] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orkthreat.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [pro1.exe] C:\Windows\System32\Microsoft\pro1.exe

O4 - HKCU\..\Run: [taks] C:\Windows\System32\Microsoft\msn1.exe

O4 - HKCU\..\Run: [pmail.exe] C:\Windows\System32\Microsoft\pmail.exe

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.jogosjogos.com/jogar-jogo/Rally-Point.html"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')

O4 - HKUS\S-1-5-21-606747145-602162358-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-606747145-602162358-1417001333-1003\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.jogosjogos.com/jogar-jogo/Rally-Point.html" (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-21-606747145-602162358-1417001333-1003 Startup: Orkthreat.exe (User '?')

O4 - S-1-5-21-606747145-602162358-1417001333-1003 Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (User '?')

O4 - Startup: Orkthreat.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: javax.exe

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: Orkthreat.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CAC9E5B9-B6BF-48B3-BFFA-6875B76DE044}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--

End of file - 12739 bytes

Acho que é isso! Obrigada.

DigRam · Maio 5, 2010

Bom Dia! Tati Ramos

<@> Baixe: < Malwarebytes' Anti-Malware >

<@> Link - 2: < >

<@> Ps: Salve ou imprima estas instruções:

- Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.
- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

- Clique,à seguir,em Concluir

- Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

- Ao final da atualização,com o programa aberto, marque: Verificação Rápida

- Clique no botão Verificar.

- Começará então o exame. -> Aguarde,pois pode demorar!

- Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

- Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

- Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

- Ps: O log será armazenado,automáticamente,pela ferramenta.

- Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

0000000000000000000

<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

<!> Poste,também,HijackThis atualizado.

Abraços!

Tati Ramos · Maio 5, 2010

Oi, bom dia e obrigada pela disposição!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4068

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/5/2010 09:30:26

mbam-log-2010-05-05 (09-30-26).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 130799

Tempo decorrido: 5 minuto(s), 8 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 1

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 3

Pastas Infectadas: 0

Arquivos Infectados: 3

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

C:\Documents and Settings\All Users\Dados de aplicativos\OrkThreat.exe (Trojan.Banker) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Microsoft\orkut.exe (Trojan.Banker) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\dkwork.ini (Malware.Trace) -> Quarantined and deleted successfully.

DigRam · Maio 5, 2010

Bom Dia! Tati Ramos

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

1 - Em "Saída",deixe marcado o botão "Resumida".

2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

3 - Processos: Usar SafeList <-- Marque!

4 - Módulos: Usar SafeList <-- Marque!

5 - Serviços: Usar SafeList <-- Marque!

6 - Drivers: Usar SafeList <-- Marque!

7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

8 - Exame Extra do Registro: Usar SafeList <-- Marque!

9 - Verificação de Arquivos:

<!> Data de Criação >> Escolha: 14 dias

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

10 - Arquivos Criados Desde:

<!> Marque: Data de Criação

11 - Arquivos Modificados Desde:

<!> Marque: Data de Criação

<!> Marque as caixas:

[] Verificar Lop

[] Verificar Purity

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

<1> OTL.txt <--

<2> Extra.txt <--

Abraços!

Tati Ramos · Maio 5, 2010

Oi, DigRam.

Na hora que eu estava fazendo o processo o avast detectou arquivo infectado.

Nome original do arquivo -csrcs.exe
Pastaoriginal -C:\WINDOWS\system32

Tamanho do arquivo -526322

Data da última modificação -03/08/2004 09:43:58

Horário de transferência para quarentena-5/5/2010/10:22:41

Categoria -Arquivos infectados

Descrição do vírius -Win32:Rootkit-gen[Rtk]

ID do arquivo -12

O resultado:

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1.015,00 Mb Total Physical Memory | 591,00 Mb Available Physical Memory | 58,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,05 Gb Total Space | 114,23 Gb Free Space | 76,64% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MICRO_PC

Current User Name: Usuario

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = All Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"51290:TCP" = 51290:TCP:*:Enabled:Dreamule

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\CDS\Nero\Installation\SetupX.exe" = E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found

"F:\CD Utilitarios\Messenger\Install_Messenger.exe" = F:\CD Utilitarios\Messenger\Install_Messenger.exe:*:Enabled:Windows Live Messenger Installer -- File not found

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\MPC HomeCinema\mpc-hc.exe" = C:\Arquivos de programas\MPC HomeCinema\mpc-hc.exe:*:Enabled:Media Player Classic - Homecinema -- File not found

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Arquivos de programas\Ares\chatServer.exe" = C:\Arquivos de programas\Ares\chatServer.exe:*:Disabled:Ares Chat Server -- (Ares Development Group)

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{27C0CED3-E9FA-4EA0-96AA-FAECE5F81046}" = Nero 7 Essentials

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min

"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{901C0416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime

"{90260416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components

"{90A40416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" =

11.5

"Ares" = Ares 2.1.5

"avast!" = avast! Antivirus"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy

"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help

"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3

"A Bíblia Sagrada Versão Digital 6.0 Freeware_is1" = A Bíblia Sagrada Versão Digital 6.0 Freeware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F50&SUBSYS_205F14F1" = PCI SoftV92 Modem

"DreaMule_is1" = DreaMule 3.2

"DVD Flick_is1" = DVD Flick 1.3.0.7

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Flight Simulator 98" = Microsoft Flight Simulator 98

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"ie8" = Windows Internet Explorer 8

"InterApp Control_is1" = InterApp Control 2.03

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Online_Radio_Brazil Toolbar" = Online_Radio_Brazil Toolbar

"Orbit_is1" = Orbit Downloader

"Shop for HP Supplies" = Shop for HP Supplies

"telefonica.MCCInstall" = Assistente Técnico Speedy

"TypeFaster" = TypeFaster Typing Tutor

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Barra de Ferramentas do Yahoo!

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 25/3/2010 09:51:28 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SYSTEM32\WBEM\CIMWIN32.DLL failed, 0000001E.

Error - 25/3/2010 09:52:23 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\msxml6.dll failed, 0000001E.

Error - 25/3/2010 09:56:05 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\SYSTEM32\SRCLIENT.DLL failed, 0000001E.

Error - 25/3/2010 09:56:56 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\mscoree.dll failed, 0000001E.

Error - 25/3/2010 10:04:20 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\wuaucpl.cpl failed, 0000001E.

Error - 25/3/2010 17:48:41 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\srclient.dll failed, 0000001E.

Error - 26/3/2010 21:18:38 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll failed,

0000001E.

Error - 26/3/2010 21:25:05 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll failed,

0000001E.

Error - 26/3/2010 21:26:40 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll failed,

0000001E.

Error - 21/4/2010 12:49:02 | Computer Name = MICRO_PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\WINDOWS\system32\muweb.dll failed, 0000001E.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

=================

Acho que é isso, agradecida!

DigRam · Maio 5, 2010

Boa Tarde! Tati Ramos

<!> O relatório OTL.txt,foi postado incorretamente! Onde somente pude aproveitar o relatório "Extras".

<!> Leia com atenção os procedimentos,que simplifiquei,e repita seu scan.

<!> Concluindo,poste: OTL.txt <-- Apenas este!

Abraços!

Tati Ramos · Maio 5, 2010

OTL logfile created on: 5/5/2010 19:23:22 - Run 2

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1.015,00 Mb Total Physical Memory | 576,00 Mb Available Physical Memory | 57,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,05 Gb Total Space | 114,33 Gb Free Space | 76,71% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MICRO_PC

Current User Name: Usuario

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = All Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orkthreat.exe (Microsoft Corporation)

PRC - C:\WINDOWS\winmgr\winmgr.exe (Quartzo Desenvolvimento de Software Ltda.)

PRC - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

PRC - C:\Arquivos de programas\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

PRC - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

PRC - C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (Nero AG)

PRC - C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Arquivos de programas\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)

MOD - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

MOD - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

MOD - C:\Arquivos de programas\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\srclient.dll ()

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)

MOD - C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\SBHook.dll (Motive Communications, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (InCDsrv) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)

SRV - (NMIndexingService) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (Nero AG)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)

DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)

DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (MRENDIS5) -- C:\Arquivos de programas\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 72 43 79 A9 1E CA 01 [binary data]

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll File not found

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\URLSearchHook: {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

IE - HKU\S-1-5-21-606747145-602162358-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

O1 HOSTS File: ([2001/10/28 11:06:36 | 000,000,776 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (Online Radio Brazil Toolbar) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O3 - HKLM\..\Toolbar: (Online Radio Brazil Toolbar) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O3 - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\Toolbar\WebBrowser: (Online Radio Brazil Toolbar) - {F4C23CA5-ED6C-4376-80AD-62F9161A7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [inCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [linkmsn] C:\WINDOWS\System32\linkmsn.exe File not found

O4 - HKLM..\Run: [Motive SmartBridge] C:\Arquivos de programas\Assistente Tecnico Speedy\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)

O4 - HKLM..\Run: [msnmsgrs] C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orkthreat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [securDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKLM..\Run: [WinMgr] C:\WINDOWS\winmgr\winmgr.exe (Quartzo Desenvolvimento de Software Ltda.)

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [pmail.exe] C:\WINDOWS\System32\Microsoft\pmail.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [pro1.exe] C:\WINDOWS\System32\Microsoft\pro1.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [taks] C:\WINDOWS\System32\Microsoft\msn1.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; GTB6.5; Mozilla\4.0 ( File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\javax.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orkthreat.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Orkthreat.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe File not found

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-606747145-602162358-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll (Google Inc.)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (csrcs.exe) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/07/17 07:57:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within All Days ==========

[2010/05/05 19:23:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Usuario\Meus documentos

[2010/05/05 19:22:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\Cookies

[2010/05/05 19:19:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Usuario\Recent

[2010/05/05 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Desktop

[2010/05/05 18:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Orbit

[2010/05/05 18:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\InterApp

[2010/05/05 09:30:26 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos

[2010/05/05 09:09:23 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos

[2010/05/05 09:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Malwarebytes

[2010/05/05 09:09:09 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/05/05 09:09:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/05/05 09:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/05/05 09:09:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/05/05 08:07:51 | 000,000,000 | ---D | C] -- C:\HiJackThis.exe

[2010/05/02 11:34:35 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Usuario\SendTo

[2010/05/01 21:50:05 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\DreaMule

[2010/04/30 19:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Ares

[2010/04/30 11:14:31 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Ares

[2010/04/25 15:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Google

[2010/04/21 21:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

[2010/04/21 16:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Google

[2010/04/21 16:38:58 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Google

[2010/04/21 16:28:02 | 000,000,000 | ---D | C] -- C:\d0b096a2a9b3733425

[2010/04/21 16:26:50 | 000,000,000 | ---D | C] -- C:\541d8640f7f862b5e64ee9e4a5

[2010/04/21 16:26:02 | 000,000,000 | ---D | C] -- C:\4b034ba1d85a7f3e833085fd

[2010/04/21 16:26:02 | 000,000,000 | ---D | C] -- C:\31f7336f6239b90bdfcf

[2010/04/21 15:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Real

[2010/04/21 14:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\DVD Flick

[2010/04/20 10:15:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Usuario\Meus documentos\SERIADOS

[2010/04/20 10:14:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Usuario\Meus documentos\LEGENDAS

[2010/04/14 11:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Temp

[2010/04/10 22:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft

[2010/04/06 13:58:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft

[2010/04/02 17:53:44 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Usuario\Favoritos

[2010/04/01 21:56:56 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\K-Lite Codec Pack

[2010/04/01 21:56:38 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2010/04/01 21:56:38 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2010/04/01 21:56:38 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2010/04/01 21:56:36 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2010/04/01 21:56:36 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2010/04/01 21:31:05 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\DVD Flick

[2010/04/01 09:05:11 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\CCleaner

[2010/03/31 08:45:48 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Internet Explorer

[2010/03/31 08:45:44 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\FreeTime

[2010/03/31 08:45:31 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\DESIGNER

[2010/03/31 08:28:26 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

[2010/03/31 08:28:26 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns

[2010/03/30 22:05:53 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Usuario\Menu Iniciar

[2010/03/26 20:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Meus documentos\casa de oração

[2010/03/26 08:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Meus documentos\Oficce 2007

[2010/03/25 23:23:46 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx

[2010/03/25 11:58:58 | 000,000,000 | -HSD | C] -- C:\found.000

[2010/03/24 11:47:33 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Movie Maker

[2010/03/24 11:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Tracing

[2010/03/23 23:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop

[2010/03/23 23:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

[2010/03/23 23:12:28 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Passware

[2010/03/23 23:12:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Atheros_L2

[2010/03/08 08:06:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Usuario\Meus documentos\FACULDADE

[2010/02/27 17:14:49 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Adobe

[2010/02/27 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

[2010/02/26 16:16:08 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Games

[2010/02/26 07:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Help

[2010/02/26 07:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2010/02/24 15:49:53 | 000,000,000 | ---D | C] -- C:\looney

[2010/02/24 15:48:06 | 000,171,520 | ---- | C] (Europress Software) -- C:\WINDOWS\System\CNCS32.DLL

[2010/02/21 13:04:05 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Works

[2010/02/21 13:01:13 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\System

[2010/02/20 17:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/02/19 22:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\WMTools Downloaded Files

[2010/02/19 22:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2010/02/19 20:50:00 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\MSBuild

[2010/02/19 20:49:43 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Office

[2010/02/19 20:49:23 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Visual Studio

[2010/02/19 20:48:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

[2010/02/19 20:43:39 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Visual Studio 8

[2010/02/14 19:08:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Usuario\Meus documentos\Minhas imagens

[2010/02/01 08:27:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010/01/21 14:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\HpUpdate

[2010/01/18 22:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Online_Radio_Brazil

[2010/01/18 22:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Conduit

[2010/01/18 22:37:03 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Conduit

[2010/01/18 12:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data

[2010/01/17 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\vdownloader

[2010/01/17 14:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Meus documentos\DENIS

[2010/01/15 18:41:50 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2010/01/15 08:31:29 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Outlook Express

[2010/01/12 20:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HPSSUPPLY

[2009/10/31 15:48:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\command

[2009/10/24 17:13:00 | 000,000,000 | ---D | C] -- C:\Downloads

[2009/10/24 16:33:55 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Orbitdownloader

[2009/10/23 22:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google

[2009/10/23 22:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google

[2009/10/18 14:32:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW

[2009/10/18 14:01:46 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2009/10/18 13:59:47 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft.NET

[2009/10/15 12:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

[2009/10/15 12:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard

[2009/10/15 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft Help

[2009/10/08 23:10:41 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Menu Iniciar

[2009/10/03 20:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Ahead

[2009/09/23 12:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Modelos

[2009/09/23 11:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\BrOffice.org

[2009/09/20 21:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Application Data

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK

[2009/09/20 21:52:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA

[2009/09/20 13:45:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Usuario\Meus documentos\CIFRAS GOSPEL

[2009/09/08 11:54:02 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\MSECache

[2009/09/04 08:59:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Usuario\Configurações locais

[2009/09/02 08:58:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Usuario\Ambiente de rede

[2009/08/27 21:55:56 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Silverlight

[2009/08/27 21:43:48 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Samsung

[2009/08/27 21:43:47 | 000,000,000 | -H-D | M] -- C:\Arquivos de programas\InstallShield Installation Information

[2009/08/23 17:45:44 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft

[2009/08/23 17:45:21 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Windows Live

[2009/08/23 17:44:53 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Sync Framework

[2009/08/23 17:44:09 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

[2009/08/23 17:42:59 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documentos

[2009/08/23 17:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft

[2009/08/23 17:42:52 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Windows Live SkyDrive

[2009/08/23 16:19:33 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Windows Live

[2009/08/23 11:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\PCHealth

[2009/08/21 21:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2009/08/21 21:55:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US

[2009/08/21 21:55:24 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Reference Assemblies

[2009/08/21 21:54:47 | 000,000,000 | ---D | C] -- C:\3a46b0932e35070130e62c

[2009/08/17 10:48:11 | 000,000,000 | -H-D | M] -- C:\Arquivos de programas\Uninstall Information

[2009/08/17 10:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\winmgr

[2009/08/16 16:08:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009/08/16 14:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\MozillaControl

[2009/08/14 13:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Adobe

[2009/08/12 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MythPeople

[2009/08/12 22:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Config

[2009/08/10 14:30:19 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\ABSVD

[2009/08/09 22:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Contacts

[2009/08/06 11:18:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2009/08/06 11:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET

[2009/08/01 23:19:32 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\TypeFaster

[2009/07/31 22:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Identities

[2009/07/25 22:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Media Player Classic

[2009/07/24 10:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\CyberLink

[2009/07/22 19:24:41 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Motive

[2009/07/20 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Ahead

[2009/07/20 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\WinRAR

[2009/07/20 18:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Help

[2009/07/20 14:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Google

[2009/07/20 13:01:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2009/07/19 18:38:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\IECompatCache

[2009/07/19 18:36:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\PrivacIE

[2009/07/19 18:32:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\IETldCache

[2009/07/19 18:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/07/19 18:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2009/07/19 18:28:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/07/19 18:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\HPAppData

[2009/07/19 17:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Mozilla

[2009/07/19 16:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Mozilla

[2009/07/18 16:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\GrabPro

[2009/07/18 16:38:15 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Adobe

[2009/07/18 16:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Adobe

[2009/07/18 15:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\WEBREG

[2009/07/18 15:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\HP

[2009/07/18 15:28:20 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\HP

[2009/07/18 15:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hewlett-Packard

[2009/07/18 15:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP

[2009/07/18 15:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

[2009/07/18 15:21:17 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\HP

[2009/07/18 15:21:14 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Hewlett-Packard

[2009/07/18 15:21:09 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard

[2009/07/18 15:19:29 | 000,000,000 | -H-D | C] -- C:\Config.Msi

[2009/07/18 15:13:13 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Assistente Tecnico Speedy

[2009/07/18 15:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Motive

[2009/07/18 15:05:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Motive

[2009/07/18 15:04:59 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Common Files

[2009/07/18 15:04:52 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Motive

[2009/07/17 22:17:32 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Messenger

[2009/07/17 22:14:59 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\MSXML 4.0

[2009/07/17 21:50:19 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll

[2009/07/17 21:50:19 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx

[2009/07/17 21:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\eMule

[2009/07/17 20:18:06 | 000,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/07/17 20:18:06 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/07/17 20:18:05 | 000,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/07/17 20:18:04 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/07/17 20:18:04 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/07/17 20:18:04 | 000,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/07/17 20:18:04 | 000,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/07/17 20:18:04 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/07/17 20:17:48 | 001,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/07/17 20:17:46 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Alwil Software

[2009/07/17 19:37:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2009/07/17 19:37:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2009/07/17 19:30:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Usuario\UserData

[2009/07/17 18:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Yahoo!

[2009/07/17 18:36:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2009/07/17 10:59:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2009/07/17 10:19:04 | 000,055,640 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/07/17 10:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Macromedia

[2009/07/17 10:15:58 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\CONEXANT

[2009/07/17 09:52:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Usuario\Meus documentos\Imagens

[2009/07/17 09:50:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Usuario\Meus documentos\Meus vídeos

[2009/07/17 09:50:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/07/17 09:50:10 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Windows Media Connect 2

[2009/07/17 09:50:09 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Windows Media Player

[2009/07/17 09:49:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM

[2009/07/17 09:49:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2009/07/17 09:49:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\LogFiles

[2009/07/17 09:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

[2009/07/17 09:48:01 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\WinRAR

[2009/07/17 09:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink

[2009/07/17 09:47:14 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\CyberLink

[2009/07/17 09:47:10 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\InstallShield

[2009/07/17 09:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DVD Shrink

[2009/07/17 09:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ahead

[2009/07/17 09:36:10 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Ahead

[2009/07/17 09:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

[2009/07/17 09:34:25 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Nero

[2009/07/17 09:33:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\RegisteredPackages

[2009/07/17 09:18:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/07/17 09:15:46 | 000,029,696 | RH-- | C] (Atheros Communications) -- C:\WINDOWS\System32\drivers\l251x86.sys

[2009/07/17 09:13:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Lang

[2009/07/17 09:01:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\RTCOM

[2009/07/17 09:00:55 | 002,808,832 | RH-- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe

[2009/07/17 09:00:54 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Realtek

[2009/07/17 08:56:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\ReinstallBackups

[2009/07/17 08:56:19 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Intel

[2009/07/17 08:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Identities

[2009/07/17 08:51:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\SoftwareDistribution

[2009/07/17 08:50:58 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft

[2009/07/17 08:50:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Prefetch

[2009/07/17 07:58:50 | 000,080,896 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2009/07/17 07:58:50 | 000,080,896 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2009/07/17 07:58:50 | 000,029,184 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2009/07/17 07:57:54 | 000,054,528 | -H-- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2009/07/17 07:57:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\xircom

[2009/07/17 07:57:31 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\xerox

[2009/07/17 07:57:30 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\microsoft frontpage

[2009/07/17 07:57:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/07/17 07:56:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2009/07/17 07:56:19 | 000,000,000 | RH-D | C] -- C:\WINDOWS\Offline Web Pages

[2009/07/17 07:56:10 | 000,000,000 | -H-D | M] -- C:\Arquivos de programas\WindowsUpdate

[2009/07/17 07:56:06 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Serviços on-line

[2009/07/17 07:55:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\DirectX

[2009/07/17 07:55:35 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\NetMeeting

[2009/07/17 07:55:33 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Serviços

[2009/07/17 07:55:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2009/07/17 07:55:29 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\MSSoap

[2009/07/17 07:55:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\srchasst

[2009/07/17 07:55:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Macromed

[2009/07/17 07:54:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Restore

[2009/07/17 07:54:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Minhas imagens

[2009/07/17 07:54:09 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\ComPlus Applications

[2009/07/17 07:54:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Registration

[2009/07/17 07:53:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Minhas músicas

[2009/07/17 07:53:46 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\MSN Gaming Zone

[2009/07/17 07:53:35 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Windows NT

[2009/07/17 07:53:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Usuario\Modelos

[2009/07/17 07:53:17 | 000,283,648 | -H-- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe

[2009/07/17 07:53:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\MsDtc

[2009/07/17 07:53:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Com

[2009/07/17 07:52:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Meus vídeos

[2009/07/16 14:55:55 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2009/07/16 14:55:54 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\ODBC

[2009/07/16 14:55:51 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

[2009/07/16 14:55:50 | 000,000,000 | R--D | C] -- C:\Arquivos de programas

[2009/07/16 14:55:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Usuario\Ambiente de impressão

[2009/07/16 14:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Favoritos

[2009/07/16 14:55:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CatRoot2

[2009/07/16 14:55:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CatRoot

[2009/07/16 14:54:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2009/07/16 14:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings

[2009/07/16 14:51:16 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2009/07/16 14:51:16 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2009/07/16 14:51:16 | 000,000,000 | RH-D | C] -- C:\WINDOWS\Web

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\WinSxS

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\wins

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\wbem

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\usmt

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\twain_32

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Temp

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\system32

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\system

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\spool

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\ShellExt

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Setup

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\security

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Resources

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\repair

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\ras

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\pt-BR

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Provisioning

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PeerNet

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\pchealth

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\oobe

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\npp

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Network Diagnostic

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\mui

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\mui

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msapps

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msagent

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Media

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\L2Schemas

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\java

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\inetsrv

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\IME

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ime

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\icsxml

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\ias

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Help

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\export

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\drivers\etc

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ehome

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\drivers

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Driver Cache

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\drivers\disdn

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\dhcp

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Debug

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Cursors

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Connection Wizard

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\config

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Config

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\AppPatch

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\addins

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\3com_dmi

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\3076

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\2052

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1054

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1046

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1042

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1041

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1037

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1033

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1031

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1028

[2009/07/16 14:51:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\1025

[2007/08/22 16:34:26 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\WINDOWS\System32\AbaleZip.dll

[2004/07/26 16:16:10 | 001,568,768 | -H-- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagX7.dll

[2004/07/26 16:16:10 | 000,476,320 | -H-- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXpr7.dll

[2004/07/26 16:16:10 | 000,471,040 | -H-- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXRA7.dll

[2004/07/26 16:16:10 | 000,262,144 | -H-- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXR7.dll

[2004/07/09 08:43:56 | 000,364,544 | -H-- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll

[2001/10/28 11:07:32 | 003,374,640 | -H-- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe

[1999/01/05 17:30:02 | 000,225,280 | -H-- | C] (VideoSoft) -- C:\WINDOWS\System32\VSFLEX3.OCX

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within All Days ==========

[2010/05/05 19:23:16 | 000,013,464 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\OTL.docx

[2010/05/05 18:44:01 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/05 18:42:26 | 000,000,507 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Atalho para OTL.lnk

[2010/05/05 18:22:57 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/05 18:21:32 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

[2010/05/05 18:21:26 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/05 18:21:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/05 18:21:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/05 17:09:15 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Usuario\ntuser.dat

[2010/05/05 17:09:15 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Usuario\ntuser.ini

[2010/05/05 15:30:10 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E4152497-7C32-45D5-9C39-1A30CD0E97D6}.job

[2010/05/05 11:29:38 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/30 11:14:24 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Ares.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/04/17 16:22:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9

[2010/04/01 22:41:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/04/01 21:57:07 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Media Player Classic.lnk

[2010/04/01 10:53:08 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\DVD Flick.lnk

[2010/04/01 09:05:11 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\CCleaner.lnk

[2010/03/26 09:37:17 | 000,000,351 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\UpApp32.dll

[2010/03/26 09:28:00 | 000,072,272 | ---- | M] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2010/03/26 08:46:33 | 000,286,112 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/03/20 14:39:23 | 000,003,229 | ---- | M] () -- C:\Documents and Settings\Usuario\ipfreport.html

[2010/03/14 15:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/03/14 15:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

[2010/02/28 20:44:28 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Default.rdp

[2010/02/28 20:40:02 | 000,000,989 | -H-- | M] () -- C:\WINDOWS\win.ini

[2010/02/25 17:52:49 | 000,000,026 | ---- | M] () -- C:\WINDOWS\ms_shell.ini

[2010/02/19 21:13:57 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Atalho para Minhas músicas.lnk

[2010/02/19 21:09:52 | 000,010,166 | -HS- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Folder.jpg

[2010/02/19 21:09:51 | 000,002,304 | -HS- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\AlbumArtSmall.jpg

[2010/02/19 20:59:03 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

[2010/02/14 18:45:00 | 000,005,583 | -HS- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\AlbumArt_{194CD94F-A7CB-441D-BE30-0A5ECA23B181}_Large.jpg

[2010/02/14 18:45:00 | 000,002,072 | -HS- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\AlbumArt_{194CD94F-A7CB-441D-BE30-0A5ECA23B181}_Small.jpg

[2010/02/10 14:13:48 | 000,165,376 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll

[2010/02/03 10:38:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2010/01/17 12:18:08 | 000,151,552 | ---- | M] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2010/01/12 15:05:46 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Iniciar o Navegador Internet Explorer.lnk

[2010/01/05 15:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2009/12/19 15:21:18 | 006,395,714 | -H-- | M] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\IconCache.db

[2009/11/21 12:59:36 | 001,206,508 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2009/10/24 16:33:51 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Orbit.lnk

[2009/10/18 14:34:33 | 000,000,421 | -H-- | M] () -- C:\WINDOWS\ODBC.INI

[2009/09/22 09:02:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\javax.exe

[2009/09/03 08:23:12 | 000,002,265 | ---- | M] () -- C:\WINDOWS\System32\bios.EXE

[2009/09/03 08:23:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\mega.exe

[2009/08/27 22:03:56 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Windows Live Messenger .lnk

[2009/08/20 19:44:41 | 000,000,292 | -H-- | M] () -- C:\sqmdata09.sqm

[2009/08/20 19:44:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2009/08/20 08:41:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2009/08/20 08:41:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2009/08/12 22:28:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp

[2009/08/12 22:28:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp

[2009/08/10 14:30:20 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\A Bíblia Sagrada Versão Digital 6.0 Freeware.lnk

[2009/08/07 11:05:40 | 000,000,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speedy.lnk

[2009/08/03 15:07:42 | 000,403,816 | ---- | M] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | M] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/07/30 15:34:52 | 000,949,296 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_ciencias_da_natureza.pdf

[2009/07/30 15:30:32 | 000,641,358 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_matematica.pdf

[2009/07/30 15:30:24 | 000,803,729 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_linguagens_codigos.pdf

[2009/07/30 15:30:18 | 000,647,186 | ---- | M] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_ciencias_humanas.pdf

[2009/07/24 21:18:39 | 000,000,099 | ---- | M] () -- C:\WINDOWS\ANS2000.INI

[2009/07/24 21:16:28 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\system.ini

[2009/07/24 21:16:28 | 000,000,020 | -H-- | M] () -- C:\WINDOWS\akebook.ini

[2009/07/24 21:16:28 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\a3kebook.ini

[2009/07/19 18:57:45 | 000,169,858 | ---- | M] () -- C:\WINDOWS\hpqins00.dat

[2009/07/19 16:35:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2009/07/18 19:38:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Usuario\Ÿ9Ÿ9

[2009/07/18 15:29:34 | 000,168,041 | ---- | M] () -- C:\WINDOWS\hpoins29.dat

[2009/07/18 15:22:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸÔŸÔ

[2009/07/17 21:47:13 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\Windows Media Player.lnk

[2009/07/17 21:35:06 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Usuario\Desktop\DreaMule.lnk

[2009/07/17 20:18:06 | 000,001,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/07/17 19:28:41 | 000,000,304 | -H-- | M] () -- C:\sqmdata07.sqm

[2009/07/17 19:28:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2009/07/17 19:25:52 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009/07/17 19:25:52 | 000,000,172 | -H-- | M] () -- C:\sqmdata06.sqm

[2009/07/17 19:25:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2009/07/17 19:25:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2009/07/17 19:25:35 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2009/07/17 19:25:35 | 000,000,172 | -H-- | M] () -- C:\sqmdata04.sqm

[2009/07/17 19:25:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2009/07/17 19:25:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2009/07/17 18:48:38 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2009/07/17 18:48:38 | 000,000,172 | -H-- | M] () -- C:\sqmdata02.sqm

[2009/07/17 18:37:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2009/07/17 18:37:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2009/07/17 10:55:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2009/07/17 10:55:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2009/07/17 10:17:25 | 000,752,010 | -H-- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/07/17 10:17:25 | 000,344,734 | -H-- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/07/17 10:17:25 | 000,311,740 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/07/17 10:17:25 | 000,048,846 | -H-- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/07/17 10:17:25 | 000,040,128 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/07/17 09:50:16 | 000,023,392 | -H-- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/07/17 09:50:16 | 000,016,832 | -H-- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/07/17 09:49:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/07/17 09:42:01 | 000,000,012 | -H-- | M] () -- C:\WINDOWS\explorer.exe.local

[2009/07/17 09:37:15 | 000,002,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk

[2009/07/17 09:34:09 | 000,316,640 | -H-- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/07/17 09:14:27 | 000,011,068 | -H-- | M] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/07/17 09:13:17 | 000,940,794 | -H-- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav

[2009/07/17 09:13:17 | 000,146,650 | -H-- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav

[2009/07/17 08:00:10 | 000,008,192 | -H-- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2009/07/17 07:59:26 | 000,000,977 | -H-- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2009/07/17 07:57:14 | 000,002,969 | -H-- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/07/17 07:57:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2009/07/17 07:57:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/07/17 07:57:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\control.ini

[2009/07/17 07:57:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009/07/17 07:57:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/07/17 07:57:01 | 000,004,205 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI

[2009/07/17 07:56:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2009/07/17 07:56:19 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2009/07/17 07:54:16 | 000,021,844 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/07/17 07:54:07 | 000,000,037 | -H-- | M] () -- C:\WINDOWS\vbaddin.ini

[2009/07/17 07:54:07 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\vb.ini

[2009/07/16 14:55:58 | 000,004,444 | -H-- | M] () -- C:\WINDOWS\System32\pid.PNF

[2009/07/13 21:15:52 | 000,090,112 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009/07/13 21:15:48 | 000,685,056 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009/06/29 05:40:16 | 000,057,667 | -H-- | M] () -- C:\WINDOWS\System32\ieuinit.inf

[2009/05/29 18:37:40 | 000,205,824 | ---- | M] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/05/29 18:31:52 | 000,881,664 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/03/24 16:08:22 | 000,055,640 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/02/12 22:20:42 | 000,006,681 | ---- | M] () -- C:\WINDOWS\System32\IE8Eula.rtf

[2009/02/05 19:11:35 | 001,256,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2009/02/05 19:08:19 | 000,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2009/02/05 19:08:10 | 000,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2009/02/05 19:07:23 | 000,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2009/02/05 19:07:12 | 000,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2009/02/05 19:06:20 | 000,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2009/02/05 19:06:10 | 000,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2009/02/05 19:05:11 | 000,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2009/02/05 19:04:45 | 000,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2009/01/09 16:19:28 | 001,089,883 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

[2009/01/07 18:20:36 | 000,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls

[2009/01/07 18:20:36 | 000,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls

[2009/01/07 18:20:36 | 000,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls

[2009/01/07 18:20:36 | 000,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls

[2009/01/07 18:20:36 | 000,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls

[2009/01/07 18:20:20 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat

[2009/01/07 18:20:20 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat

[2008/11/06 13:37:32 | 003,596,288 | ---- | M] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/10/03 09:30:30 | 000,000,414 | ---- | M] () -- C:\WINDOWS\System32\lame_acm.xml

[2008/09/24 15:41:12 | 000,839,680 | ---- | M] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2008/08/31 13:27:26 | 000,028,672 | ---- | M] (-) -- C:\WINDOWS\System32\mousewheel.ocx

[2008/04/13 19:30:48 | 001,233,746 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\SP3.CAT

[2008/04/13 19:30:48 | 000,105,628 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat

[2008/04/13 19:20:26 | 002,038,809 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2008/04/13 19:20:26 | 000,634,592 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2008/04/13 19:20:26 | 000,034,747 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\mediactr.cat

[2008/04/13 19:20:24 | 000,033,765 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2008/04/13 19:20:24 | 000,016,825 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2008/04/13 19:20:24 | 000,012,363 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2008/04/13 19:20:24 | 000,010,027 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2008/04/13 19:20:22 | 000,144,484 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\netfx.cat

[2008/04/13 18:37:14 | 000,001,804 | -H-- | M] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/13 18:24:02 | 000,083,730 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\apps.chm

[2008/04/13 18:23:34 | 000,785,972 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb

[2008/04/13 18:23:34 | 000,204,396 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\msimain.sdb

[2008/04/13 18:23:34 | 000,009,424 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb

[2008/04/13 18:23:28 | 000,230,002 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb

[2008/04/13 18:21:26 | 000,239,616 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax

[2008/04/13 18:21:26 | 000,239,616 | -H-- | M] () -- C:\WINDOWS\System32\wstrenderer.ax

[2008/04/13 18:21:26 | 000,164,352 | -H-- | M] () -- C:\WINDOWS\System32\wstpager.ax

[2008/04/13 18:21:26 | 000,164,352 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\wstpager.ax

[2008/04/13 18:21:26 | 000,148,992 | -H-- | M] () -- C:\WINDOWS\System32\mpg2splt.ax

[2008/04/13 18:21:26 | 000,148,992 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax

[2008/04/13 18:21:26 | 000,118,272 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax

[2008/04/13 18:21:26 | 000,118,272 | -H-- | M] () -- C:\WINDOWS\System32\mpeg2data.ax

[2008/04/13 18:21:26 | 000,053,248 | -H-- | M] () -- C:\WINDOWS\System32\vbicodec.ax

[2008/04/13 18:21:26 | 000,053,248 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax

[2008/04/13 18:21:16 | 000,283,648 | -H-- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe

[2008/04/13 18:20:42 | 000,279,040 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\tshoot.dll

[2008/04/13 18:20:42 | 000,270,848 | -H-- | M] () -- C:\WINDOWS\System32\sbe.dll

[2008/04/13 18:20:42 | 000,270,848 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll

[2008/04/13 18:20:42 | 000,067,584 | -H-- | M] () -- C:\WINDOWS\System32\srclient.dll

[2008/04/13 18:20:42 | 000,034,816 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll

[2008/04/13 18:20:42 | 000,033,280 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sstub.dll

[2008/04/13 18:20:40 | 000,029,184 | -H-- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll

[2008/04/13 18:20:36 | 000,381,440 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\msinfo.dll

[2008/04/13 18:20:34 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\System32\msdmo.dll

[2008/04/13 18:20:34 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\msdmo.dll

[2008/04/13 18:20:28 | 000,186,880 | -H-- | M] () -- C:\WINDOWS\System32\encdec.dll

[2008/04/13 18:20:28 | 000,186,880 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll

[2008/04/13 18:20:26 | 000,253,440 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\compatui.dll

[2008/04/13 18:20:26 | 000,253,440 | -H-- | M] () -- C:\WINDOWS\System32\compatUI.dll

[2008/04/13 18:20:24 | 000,070,656 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\amstream.dll

[2008/04/13 18:20:24 | 000,070,656 | -H-- | M] () -- C:\WINDOWS\System32\amstream.dll

[2008/04/13 18:19:22 | 000,175,104 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2008/04/13 18:18:34 | 013,463,552 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2008/04/13 18:18:06 | 000,173,568 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2008/04/13 18:03:14 | 000,144,776 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\archvapp.inf

[2008/04/13 18:03:12 | 000,001,950 | -H-- | M] () -- C:\WINDOWS\System32\pid.inf

[2008/04/13 18:03:12 | 000,001,950 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\pid.inf

[2008/04/13 17:58:06 | 000,086,016 | -H-- | M] () -- C:\WINDOWS\System32\msxml6r.dll

[2008/04/13 10:31:44 | 000,251,696 | RHS- | M] () -- C:\ntldr

[2008/04/13 09:26:10 | 000,004,310 | -H-- | M] () -- C:\WINDOWS\System32\odbcconf.rsp

[2008/04/13 09:26:10 | 000,004,310 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp

[2008/04/13 09:21:34 | 000,733,696 | -H-- | M] () -- C:\WINDOWS\System32\qedwipes.dll

[2008/04/13 09:21:34 | 000,733,696 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll

[2008/04/13 08:54:54 | 000,054,048 | -H-- | M] () -- C:\WINDOWS\System32\dosx.exe

[2008/04/13 08:54:54 | 000,054,048 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\dosx.exe

[2008/04/13 08:52:32 | 000,003,346 | -H-- | M] () -- C:\WINDOWS\System32\redir.exe

[2008/04/13 08:52:32 | 000,003,346 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\redir.exe

[2008/04/13 08:50:56 | 000,042,537 | -H-- | M] () -- C:\WINDOWS\System32\keyboard.sys

[2008/04/13 08:50:56 | 000,042,537 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\keyboard.sys

[2008/04/13 08:49:48 | 000,033,984 | -H-- | M] () -- C:\WINDOWS\System32\ntio.sys

[2008/04/13 08:49:48 | 000,033,984 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntio.sys

[2008/04/13 08:49:44 | 000,035,424 | -H-- | M] () -- C:\WINDOWS\System32\ntio412.sys

[2008/04/13 08:49:44 | 000,035,424 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntio412.sys

[2008/04/13 08:49:44 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\System32\ntio404.sys

[2008/04/13 08:49:44 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntio404.sys

[2008/04/13 08:49:42 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\System32\ntio804.sys

[2008/04/13 08:49:42 | 000,034,560 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntio804.sys

[2008/04/13 08:49:40 | 000,035,648 | -H-- | M] () -- C:\WINDOWS\System32\ntio411.sys

[2008/04/13 08:49:40 | 000,035,648 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntio411.sys

[2008/04/13 08:43:50 | 000,196,665 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2008/04/13 08:43:38 | 000,059,392 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2008/04/13 08:43:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/13 08:28:14 | 000,000,929 | -H-- | M] () -- C:\WINDOWS\System32\homepage.inf

[2008/02/29 01:10:00 | 000,265,948 | -H-- | M] () -- C:\WINDOWS\System32\locale.nls

[2008/02/29 01:10:00 | 000,265,948 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\locale.nls

[2008/02/20 01:36:13 | 000,000,986 | ---- | M] () -- C:\WINDOWS\hpomdl29.dat

[2007/09/19 00:09:20 | 000,000,488 | -H-- | M] () -- C:\WINDOWS\System32\login.cmd

[2007/08/31 18:36:28 | 000,036,864 | ---- | M] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx

[2007/08/22 16:34:26 | 000,287,256 | R--- | M] (Abale.com (info@abale.com)) -- C:\WINDOWS\System32\AbaleZip.dll

[2007/08/08 00:08:18 | 000,144,201 | RH-- | M] () -- C:\WINDOWS\System32\drivers\HSFProf.cty

[2007/07/10 13:10:12 | 000,000,547 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/06/25 21:56:54 | 000,007,334 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat

[2007/06/20 23:44:32 | 000,029,696 | RH-- | M] (Atheros Communications) -- C:\WINDOWS\System32\drivers\l251x86.sys

[2007/04/02 09:34:28 | 000,053,478 | -H-- | M] () -- C:\WINDOWS\System32\tcpmon.ini

[2007/04/02 07:59:46 | 000,000,862 | -H-- | M] () -- C:\WINDOWS\System32\termcap

[2007/04/02 07:36:22 | 000,956,990 | -H-- | M] () -- C:\WINDOWS\System32\instcat.sql

[2007/04/02 04:49:22 | 000,355,112 | -H-- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll

[2007/04/02 04:49:22 | 000,355,112 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll

[2007/01/01 11:26:50 | 000,355,680 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf

[2007/01/01 11:26:46 | 000,383,804 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf

[2007/01/01 11:25:52 | 000,461,672 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\micross.ttf

[2007/01/01 06:32:46 | 001,354,752 | -H-- | M] () -- C:\WINDOWS\System32\webfldrs.msi

[2006/12/30 18:27:08 | 000,007,208 | -H-- | M] () -- C:\WINDOWS\System32\secupd.sig

[2006/12/30 18:27:08 | 000,007,208 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\secupd.sig

[2006/12/30 18:27:08 | 000,004,569 | -H-- | M] () -- C:\WINDOWS\System32\secupd.dat

[2006/12/30 18:27:08 | 000,004,569 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\secupd.dat

[2006/12/29 10:08:32 | 000,262,148 | -H-- | M] () -- C:\WINDOWS\System32\sortkey.nls

[2006/12/29 10:08:32 | 000,262,148 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sortkey.nls

[2006/12/29 10:08:32 | 000,023,044 | -H-- | M] () -- C:\WINDOWS\System32\sorttbls.nls

[2006/12/29 10:08:32 | 000,023,044 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls

[2006/12/29 09:54:02 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28603.nls

[2006/12/29 09:54:02 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28603.nls

[2006/10/10 08:33:00 | 000,010,288 | -H-- | M] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006/10/05 13:41:00 | 000,023,632 | RH-- | M] () -- C:\WINDOWS\System32\igxpxs32.vp

[2006/10/05 13:19:00 | 000,200,704 | RH-- | M] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2006/10/05 09:58:00 | 000,655,842 | RH-- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa

[2006/10/05 09:58:00 | 000,002,096 | RH-- | M] () -- C:\WINDOWS\System32\igxpxk32.vp

[2006/10/05 09:58:00 | 000,000,929 | RH-- | M] () -- C:\WINDOWS\System32\igxpxa32.vp

[2006/08/01 04:02:32 | 000,049,152 | RH-- | M] () -- C:\WINDOWS\System32\ChCfg.exe

[2006/05/04 05:26:36 | 002,808,832 | RH-- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe

[2006/01/22 09:29:00 | 000,121,232 | RH-- | M] () -- C:\WINDOWS\System32\IScrNBR.bmp

[2006/01/22 09:29:00 | 000,121,232 | RH-- | M] () -- C:\WINDOWS\System32\IScrNB.bmp

[2005/08/31 12:49:08 | 000,000,050 | -H-- | M] () -- C:\WINDOWS\NuNInst.cfg

[2005/08/30 20:33:38 | 000,000,050 | -H-- | M] () -- C:\WINDOWS\UNNeroBackItUp.cfg

[2004/08/12 23:56:20 | 000,005,810 | RH-- | M] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2004/07/26 16:16:10 | 001,568,768 | -H-- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagX7.dll

[2004/07/26 16:16:10 | 000,476,320 | -H-- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXpr7.dll

[2004/07/26 16:16:10 | 000,471,040 | -H-- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXRA7.dll

[2004/07/26 16:16:10 | 000,262,144 | -H-- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXR7.dll

[2004/07/09 08:43:56 | 000,364,544 | -H-- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll

[2004/01/25 13:18:44 | 000,217,088 | ---- | M] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2004/01/09 07:13:58 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\actskin4.ocx

[2003/02/28 16:54:04 | 000,007,315 | ---- | M] () -- C:\WINDOWS\System32\javasup.vxd

[2003/02/28 16:38:32 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\zonedon.reg

[2003/02/28 16:38:32 | 000,000,113 | ---- | M] () -- C:\WINDOWS\System32\zonedoff.reg

[2003/02/28 16:35:26 | 000,006,550 | ---- | M] () -- C:\WINDOWS\jautoexp.dat

[2003/01/26 13:41:24 | 000,040,960 | ---- | M] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll

[2002/05/14 13:08:54 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2001/10/28 11:07:50 | 000,009,522 | -H-- | M] () -- C:\WINDOWS\Tapete.bmp

[2001/10/28 11:07:50 | 000,000,707 | -H-- | M] () -- C:\WINDOWS\_default.pif

[2001/10/28 11:07:48 | 000,034,666 | -H-- | M] () -- C:\WINDOWS\wmprfPTB.prx

[2001/10/28 11:07:48 | 000,028,288 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2001/10/28 11:07:46 | 000,063,488 | -H-- | M] () -- C:\WINDOWS\System32\wmimgmt.msc

[2001/10/28 11:07:44 | 000,033,865 | -H-- | M] () -- C:\WINDOWS\System32\winhelp.hlp

[2001/10/28 11:07:38 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp

[2001/10/28 11:07:38 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp

[2001/10/28 11:07:38 | 000,013,312 | -H-- | M] () -- C:\WINDOWS\System32\win87em.dll

[2001/10/28 11:07:38 | 000,013,312 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\win87em.dll

[2001/10/28 11:07:36 | 001,309,184 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.deu

[2001/10/28 11:07:36 | 001,095,680 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.nld

[2001/10/28 11:07:36 | 000,957,440 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.enu

[2001/10/28 11:07:36 | 000,937,984 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.sve

[2001/10/28 11:07:36 | 000,867,840 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.ita

[2001/10/28 11:07:36 | 000,786,944 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.fra

[2001/10/28 11:07:36 | 000,750,080 | -H-- | M] () -- C:\WINDOWS\System32\wbdbase.esn

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.sve

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.nld

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.ita

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.fra

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.esn

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.enu

[2001/10/28 11:07:36 | 000,065,489 | -H-- | M] () -- C:\WINDOWS\System32\wbcache.deu

[2001/10/28 11:07:36 | 000,040,448 | -H-- | M] () -- C:\WINDOWS\System32\wiasf.ax

[2001/10/28 11:07:36 | 000,040,448 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\wiasf.ax

[2001/10/28 11:07:36 | 000,004,096 | -H-- | M] () -- C:\WINDOWS\System32\wdl.trm

[2001/10/28 11:07:36 | 000,001,144 | -H-- | M] () -- C:\WINDOWS\System32\vwipxspx.exe

[2001/10/28 11:07:36 | 000,001,144 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe

[2001/10/28 11:07:34 | 000,089,588 | -H-- | M] () -- C:\WINDOWS\System32\unicode.nls

[2001/10/28 11:07:34 | 000,089,588 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\unicode.nls

[2001/10/28 11:07:34 | 000,026,931 | -H-- | M] () -- C:\WINDOWS\System32\tslabels.ini

[2001/10/28 11:07:34 | 000,018,832 | -H-- | M] () -- C:\WINDOWS\System32\v7vga.rom

[2001/10/28 11:07:34 | 000,003,286 | -H-- | M] () -- C:\WINDOWS\System32\tslabels.h

[2001/10/28 11:07:34 | 000,001,221 | -H-- | M] () -- C:\WINDOWS\System32\usrlogon.cmd

[2001/10/28 11:07:32 | 003,374,640 | -H-- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe

[2001/10/28 11:07:32 | 000,015,360 | -H-- | M] () -- C:\WINDOWS\System32\tsd32.dll

[2001/10/28 11:07:32 | 000,015,360 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\tsd32.dll

[2001/10/28 11:07:30 | 000,093,702 | -H-- | M] () -- C:\WINDOWS\System32\subrange.uce

[2001/10/28 11:07:30 | 000,003,577 | -H-- | M] () -- C:\WINDOWS\System32\sysprtj.sep

[2001/10/28 11:07:30 | 000,003,214 | -H-- | M] () -- C:\WINDOWS\System32\sysprint.sep

[2001/10/28 11:07:28 | 000,049,345 | -H-- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm

[2001/10/28 11:07:28 | 000,000,984 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\srframe.mmf

[2001/10/28 11:07:26 | 000,240,120 | -H-- | M] () -- C:\WINDOWS\System32\setup.bmp

[2001/10/28 11:07:26 | 000,059,167 | -H-- | M] () -- C:\WINDOWS\System\setup.inf

[2001/10/28 11:07:26 | 000,035,716 | -H-- | M] () -- C:\WINDOWS\System32\secpol.msc

[2001/10/28 11:07:26 | 000,033,074 | -H-- | M] () -- C:\WINDOWS\System32\services.msc

[2001/10/28 11:07:26 | 000,016,740 | -H-- | M] () -- C:\WINDOWS\System32\shiftjis.uce

[2001/10/28 11:07:26 | 000,011,995 | -H-- | M] () -- C:\WINDOWS\System32\setver.exe

[2001/10/28 11:07:26 | 000,010,240 | -H-- | M] () -- C:\WINDOWS\System32\scriptpw.dll

[2001/10/28 11:07:26 | 000,010,240 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll

[2001/10/28 11:07:26 | 000,006,953 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\services

[2001/10/28 11:07:26 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\System32\share.exe

[2001/10/28 11:07:26 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\share.exe

[2001/10/28 11:07:24 | 001,685,606 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sam.spd

[2001/10/28 11:07:24 | 000,080,896 | -H-- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2001/10/28 11:07:24 | 000,080,896 | -H-- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2001/10/28 11:07:24 | 000,065,832 | -H-- | M] () -- C:\WINDOWS\Deserto.bmp

[2001/10/28 11:07:24 | 000,043,974 | RH-- | M] () -- C:\WINDOWS\System32\rsop.msc

[2001/10/28 11:07:24 | 000,026,680 | -H-- | M] () -- C:\WINDOWS\Leques.bmp

[2001/10/28 11:07:24 | 000,017,362 | -H-- | M] () -- C:\WINDOWS\Rododentro.bmp

[2001/10/28 11:07:24 | 000,015,799 | -H-- | M] () -- C:\WINDOWS\System32\rsvp.ini

[2001/10/28 11:07:24 | 000,003,282 | -H-- | M] () -- C:\WINDOWS\System32\rsaci.rat

[2001/10/28 11:07:24 | 000,003,178 | -H-- | M] () -- C:\WINDOWS\System32\rsvpcnts.h

[2001/10/28 11:07:24 | 000,000,888 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\sam.sdf

[2001/10/28 11:07:22 | 000,605,050 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa

[2001/10/28 11:07:22 | 000,013,712 | -H-- | M] () -- C:\WINDOWS\System32\pschdprf.ini

[2001/10/28 11:07:22 | 000,006,107 | -H-- | M] () -- C:\WINDOWS\System32\rasctrs.ini

[2001/10/28 11:07:22 | 000,003,788 | -H-- | M] () -- C:\WINDOWS\System32\pubprn.vbs

[2001/10/28 11:07:22 | 000,003,788 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs

[2001/10/28 11:07:22 | 000,003,010 | -H-- | M] () -- C:\WINDOWS\System32\pschdcnt.h

[2001/10/28 11:07:22 | 000,001,818 | -H-- | M] () -- C:\WINDOWS\System32\rasctrnm.h

[2001/10/28 11:07:22 | 000,000,051 | -H-- | M] () -- C:\WINDOWS\System32\pscript.sep

[2001/10/28 11:07:18 | 000,301,776 | -H-- | M] () -- C:\WINDOWS\System32\perfi016.dat

[2001/10/28 11:07:18 | 000,272,128 | -H-- | M] () -- C:\WINDOWS\System32\perfi009.dat

[2001/10/28 11:07:18 | 000,083,748 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2001/10/28 11:07:18 | 000,083,748 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2001/10/28 11:07:18 | 000,065,954 | -H-- | M] () -- C:\WINDOWS\Bruma.bmp

[2001/10/28 11:07:18 | 000,057,837 | RH-- | M] () -- C:\WINDOWS\System32\perfmon.msc

[2001/10/28 11:07:18 | 000,036,056 | -H-- | M] () -- C:\WINDOWS\System32\prncnfg.vbs

[2001/10/28 11:07:18 | 000,036,056 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs

[2001/10/28 11:07:18 | 000,035,178 | -H-- | M] () -- C:\WINDOWS\System32\perfd016.dat

[2001/10/28 11:07:18 | 000,032,801 | -H-- | M] () -- C:\WINDOWS\System32\prnmngr.vbs

[2001/10/28 11:07:18 | 000,032,801 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs

[2001/10/28 11:07:18 | 000,029,728 | -H-- | M] () -- C:\WINDOWS\System32\prnport.vbs

[2001/10/28 11:07:18 | 000,029,728 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prnport.vbs

[2001/10/28 11:07:18 | 000,028,626 | -H-- | M] () -- C:\WINDOWS\System32\perfd009.dat

[2001/10/28 11:07:18 | 000,025,646 | -H-- | M] () -- C:\WINDOWS\System32\prndrvr.vbs

[2001/10/28 11:07:18 | 000,025,646 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs

[2001/10/28 11:07:18 | 000,021,776 | -H-- | M] () -- C:\WINDOWS\System32\prnjobs.vbs

[2001/10/28 11:07:18 | 000,021,776 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs

[2001/10/28 11:07:18 | 000,016,004 | -H-- | M] () -- C:\WINDOWS\System32\prnqctl.vbs

[2001/10/28 11:07:18 | 000,016,004 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs

[2001/10/28 11:07:18 | 000,003,043 | -H-- | M] () -- C:\WINDOWS\System32\perfci.ini

[2001/10/28 11:07:18 | 000,002,924 | -H-- | M] () -- C:\WINDOWS\System32\perfwci.ini

[2001/10/28 11:07:18 | 000,001,300 | -H-- | M] () -- C:\WINDOWS\System32\perffilt.ini

[2001/10/28 11:07:18 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\protocol

[2001/10/28 11:07:18 | 000,000,435 | -H-- | M] () -- C:\WINDOWS\System32\perfwci.h

[2001/10/28 11:07:18 | 000,000,427 | -H-- | M] () -- C:\WINDOWS\System32\perfci.h

[2001/10/28 11:07:18 | 000,000,361 | -H-- | M] () -- C:\WINDOWS\System32\prodspec.ini

[2001/10/28 11:07:18 | 000,000,140 | -H-- | M] () -- C:\WINDOWS\System32\perffilt.h

[2001/10/28 11:07:18 | 000,000,114 | -H-- | M] () -- C:\WINDOWS\System32\pcl.sep

[2001/10/28 11:07:16 | 000,168,063 | -H-- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs

[2001/10/28 11:07:16 | 000,168,063 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs

[2001/10/28 11:07:16 | 000,007,407 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2001/10/28 11:07:14 | 000,003,258 | -H-- | M] () -- C:\WINDOWS\System32\nw16.exe

[2001/10/28 11:07:14 | 000,003,258 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\nw16.exe

[2001/10/28 11:07:10 | 000,809,104 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2001/10/28 11:07:10 | 000,048,794 | -H-- | M] () -- C:\WINDOWS\System32\ntimage.gif

[2001/10/28 11:07:10 | 000,032,603 | -H-- | M] () -- C:\WINDOWS\System32\ntmsoprq.msc

[2001/10/28 11:07:10 | 000,029,370 | -H-- | M] () -- C:\WINDOWS\System32\ntdos411.sys

[2001/10/28 11:07:10 | 000,029,370 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys

[2001/10/28 11:07:10 | 000,029,274 | -H-- | M] () -- C:\WINDOWS\System32\ntdos412.sys

[2001/10/28 11:07:10 | 000,029,274 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys

[2001/10/28 11:07:10 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\System32\ntdos804.sys

[2001/10/28 11:07:10 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys

[2001/10/28 11:07:10 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\System32\ntdos404.sys

[2001/10/28 11:07:10 | 000,029,146 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys

[2001/10/28 11:07:10 | 000,027,900 | -H-- | M] () -- C:\WINDOWS\System32\ntdos.sys

[2001/10/28 11:07:10 | 000,027,900 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ntdos.sys

[2001/10/28 11:07:10 | 000,025,912 | -H-- | M] () -- C:\WINDOWS\System32\ntmsmgr.msc

[2001/10/28 11:07:08 | 004,399,505 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\nls302en.lex

[2001/10/28 11:07:08 | 000,149,848 | -H-- | M] () -- C:\WINDOWS\System32\noise.deu

[2001/10/28 11:07:08 | 000,108,328 | -H-- | M] () -- C:\WINDOWS\System32\net.hlp

[2001/10/28 11:07:08 | 000,049,196 | -H-- | M] () -- C:\WINDOWS\System32\noise.fra

[2001/10/28 11:07:08 | 000,019,684 | -H-- | M] () -- C:\WINDOWS\System32\noise.esn

[2001/10/28 11:07:08 | 000,019,618 | -H-- | M] () -- C:\WINDOWS\System32\noise.ita

[2001/10/28 11:07:08 | 000,013,730 | -H-- | M] () -- C:\WINDOWS\System32\noise.sve

[2001/10/28 11:07:08 | 000,013,256 | -H-- | M] () -- C:\WINDOWS\System32\noise.nld

[2001/10/28 11:07:08 | 000,007,132 | -H-- | M] () -- C:\WINDOWS\System32\nlsfunc.exe

[2001/10/28 11:07:08 | 000,007,132 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe

[2001/10/28 11:07:08 | 000,002,656 | -H-- | M] () -- C:\WINDOWS\System32\netware.drv

[2001/10/28 11:07:08 | 000,001,696 | -H-- | M] () -- C:\WINDOWS\System32\noise.cht

[2001/10/28 11:07:08 | 000,001,696 | -H-- | M] () -- C:\WINDOWS\System32\noise.chs

[2001/10/28 11:07:08 | 000,000,751 | -H-- | M] () -- C:\WINDOWS\System32\noise.enu

[2001/10/28 11:07:08 | 000,000,751 | -H-- | M] () -- C:\WINDOWS\System32\noise.eng

[2001/10/28 11:07:08 | 000,000,741 | -H-- | M] () -- C:\WINDOWS\System32\noise.dat

[2001/10/28 11:07:08 | 000,000,697 | -H-- | M] () -- C:\WINDOWS\System32\noise.tha

[2001/10/28 11:07:08 | 000,000,429 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\networks

[2001/10/28 11:07:06 | 000,037,509 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2001/10/28 11:07:02 | 000,094,282 | -H-- | M] () -- C:\WINDOWS\System32\msencode.dll

[2001/10/28 11:07:02 | 000,003,828 | -H-- | M] () -- C:\WINDOWS\System32\msdtcprf.ini

[2001/10/28 11:07:02 | 000,001,405 | -H-- | M] () -- C:\WINDOWS\msdfmap.ini

[2001/10/28 11:07:02 | 000,000,817 | -H-- | M] () -- C:\WINDOWS\System32\mscdexnt.exe

[2001/10/28 11:07:02 | 000,000,817 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe

[2001/10/28 11:07:02 | 000,000,768 | -H-- | M] () -- C:\WINDOWS\System32\msdtcprf.h

[2001/10/28 11:07:00 | 000,021,111 | -H-- | M] () -- C:\WINDOWS\System32\mqperf.ini

[2001/10/28 11:07:00 | 000,002,755 | -H-- | M] () -- C:\WINDOWS\System32\mqprfsym.h

[2001/10/28 11:07:00 | 000,001,492 | -H-- | M] () -- C:\WINDOWS\System32\mmdriver.inf

[2001/10/28 11:06:58 | 000,673,088 | -H-- | M] () -- C:\WINDOWS\System32\mlang.dat

[2001/10/28 11:06:58 | 000,673,088 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\mlang.dat

[2001/10/28 11:06:58 | 000,399,670 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2001/10/28 11:06:58 | 000,046,258 | -H-- | M] () -- C:\WINDOWS\System32\mib.bin

[2001/10/28 11:06:58 | 000,039,386 | -H-- | M] () -- C:\WINDOWS\System32\mem.exe

[2001/10/28 11:06:58 | 000,039,386 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\mem.exe

[2001/10/28 11:06:58 | 000,024,124 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\marlett.ttf

[2001/10/28 11:06:56 | 000,643,717 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa

[2001/10/28 11:06:56 | 000,041,834 | -H-- | M] () -- C:\WINDOWS\System32\lusrmgr.msc

[2001/10/28 11:06:56 | 000,007,046 | -H-- | M] () -- C:\WINDOWS\System32\l_intl.nls

[2001/10/28 11:06:56 | 000,007,046 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\l_intl.nls

[2001/10/28 11:06:56 | 000,003,957 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam

[2001/10/28 11:06:56 | 000,001,153 | -H-- | M] () -- C:\WINDOWS\System32\loadfix.com

[2001/10/28 11:06:56 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\System32\l_except.nls

[2001/10/28 11:06:56 | 000,000,168 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\l_except.nls

[2001/10/28 11:06:50 | 001,158,818 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2001/10/28 11:06:46 | 000,134,339 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2001/10/28 11:06:42 | 000,108,827 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2001/10/28 11:06:40 | 000,047,066 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2001/10/28 11:06:40 | 000,042,809 | -H-- | M] () -- C:\WINDOWS\System32\key01.sys

[2001/10/28 11:06:40 | 000,042,809 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\key01.sys

[2001/10/28 11:06:40 | 000,014,950 | -H-- | M] () -- C:\WINDOWS\System32\kb16.com

[2001/10/28 11:06:40 | 000,012,876 | -H-- | M] () -- C:\WINDOWS\System32\korean.uce

[2001/10/28 11:06:40 | 000,008,484 | -H-- | M] () -- C:\WINDOWS\System32\kanji_2.uce

[2001/10/28 11:06:40 | 000,006,948 | -H-- | M] () -- C:\WINDOWS\System32\kanji_1.uce

[2001/10/28 11:06:38 | 000,199,168 | -H-- | M] () -- C:\WINDOWS\System32\ir32_32.dll

[2001/10/28 11:06:36 | 000,060,458 | -H-- | M] () -- C:\WINDOWS\System32\ideograf.uce

[2001/10/28 11:06:36 | 000,013,497 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2001/10/28 11:06:36 | 000,008,599 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2001/10/28 11:06:36 | 000,004,896 | -H-- | M] () -- C:\WINDOWS\System32\himem.sys

[2001/10/28 11:06:36 | 000,004,896 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\himem.sys

[2001/10/28 11:06:36 | 000,000,776 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2001/10/28 11:06:36 | 000,000,776 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2001/10/28 11:06:34 | 003,440,660 | -H-- | M] () -- C:\WINDOWS\System32\drivers\gm.dls

[2001/10/28 11:06:34 | 003,440,660 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\gm.dls

[2001/10/28 11:06:34 | 000,034,348 | -H-- | M] () -- C:\WINDOWS\System32\gpedit.msc

[2001/10/28 11:06:34 | 000,032,412 | -H-- | M] () -- C:\WINDOWS\System32\fsmgmt.msc

[2001/10/28 11:06:34 | 000,026,582 | -H-- | M] () -- C:\WINDOWS\Areia.bmp

[2001/10/28 11:06:34 | 000,024,772 | -H-- | M] () -- C:\WINDOWS\System32\geo.nls

[2001/10/28 11:06:34 | 000,024,772 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\geo.nls

[2001/10/28 11:06:34 | 000,024,006 | -H-- | M] () -- C:\WINDOWS\System32\gb2312.uce

[2001/10/28 11:06:34 | 000,021,232 | -H-- | M] () -- C:\WINDOWS\System32\graphics.pro

[2001/10/28 11:06:34 | 000,019,918 | -H-- | M] () -- C:\WINDOWS\System32\graphics.com

[2001/10/28 11:06:34 | 000,017,336 | -H-- | M] () -- C:\WINDOWS\Pescaria.bmp

[2001/10/28 11:06:32 | 001,015,477 | -H-- | M] () -- C:\WINDOWS\System32\esentprf.ini

[2001/10/28 11:06:32 | 000,218,003 | -H-- | M] () -- C:\WINDOWS\System32\dssec.dat

[2001/10/28 11:06:32 | 000,152,844 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\framdit.ttf

[2001/10/28 11:06:32 | 000,135,984 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\framd.ttf

[2001/10/28 11:06:32 | 000,127,213 | -H-- | M] () -- C:\WINDOWS\System32\ega.cpi

[2001/10/28 11:06:32 | 000,098,268 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs

[2001/10/28 11:06:32 | 000,098,268 | -H-- | M] () -- C:\WINDOWS\System32\eventquery.vbs

[2001/10/28 11:06:32 | 000,070,750 | -H-- | M] () -- C:\WINDOWS\System32\edit.com

[2001/10/28 11:06:32 | 000,056,263 | -H-- | M] () -- C:\WINDOWS\System32\eventvwr.msc

[2001/10/28 11:06:32 | 000,016,730 | -H-- | M] () -- C:\WINDOWS\Seda.bmp

[2001/10/28 11:06:32 | 000,013,106 | -H-- | M] () -- C:\WINDOWS\System32\edlin.exe

[2001/10/28 11:06:32 | 000,013,106 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\edlin.exe

[2001/10/28 11:06:32 | 000,012,447 | -H-- | M] () -- C:\WINDOWS\System32\edit.hlp

[2001/10/28 11:06:32 | 000,008,600 | -H-- | M] () -- C:\WINDOWS\System32\exe2bin.exe

[2001/10/28 11:06:32 | 000,008,600 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe

[2001/10/28 11:06:32 | 000,006,708 | -H-- | M] () -- C:\WINDOWS\System32\esentprf.hxx

[2001/10/28 11:06:32 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\System32\fastopen.exe

[2001/10/28 11:06:32 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\fastopen.exe

[2001/10/28 11:06:32 | 000,000,080 | -H-- | M] () -- C:\WINDOWS\explorer.scf

[2001/10/28 11:06:30 | 000,157,696 | -H-- | M] () -- C:\WINDOWS\System32\paqsp.dll

[2001/10/28 11:06:30 | 000,057,344 | -H-- | M] () -- C:\WINDOWS\System32\dvdplay.exe

[2001/10/28 11:06:30 | 000,000,081 | -H-- | M] () -- C:\WINDOWS\System32\dsound.vxd

[2001/10/28 11:06:18 | 000,196,642 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_950.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | M] () -- C:\WINDOWS\System32\c_950.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_949.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | M] () -- C:\WINDOWS\System32\c_949.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_936.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | M] () -- C:\WINDOWS\System32\c_936.nls

[2001/10/28 11:06:18 | 000,180,770 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2001/10/28 11:06:18 | 000,177,698 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2001/10/28 11:06:18 | 000,173,602 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2001/10/28 11:06:18 | 000,162,850 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_932.nls

[2001/10/28 11:06:18 | 000,162,850 | -H-- | M] () -- C:\WINDOWS\System32\c_932.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_874.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_874.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_869.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_869.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_866.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_866.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_865.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_865.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_863.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_863.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_861.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_861.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_860.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_860.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_857.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_857.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_855.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_855.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_852.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_852.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_850.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_850.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_775.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_775.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_737.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_737.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_437.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | M] () -- C:\WINDOWS\System32\c_437.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_875.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_875.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_500.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_500.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28605.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28605.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28599.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28599.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28598.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28598.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28597.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\C_28597.NLS

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28595.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\C_28595.NLS

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28594.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\C_28594.NLS

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28593.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28593.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28592.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28592.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_28591.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_28591.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_21866.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_21866.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2001/10/28 11:06:18 | 000,041,128 | -H-- | M] () -- C:\WINDOWS\System32\dfrg.msc

[2001/10/28 11:06:18 | 000,033,311 | -H-- | M] () -- C:\WINDOWS\System32\diskmgmt.msc

[2001/10/28 11:06:18 | 000,032,724 | -H-- | M] () -- C:\WINDOWS\System32\devmgmt.msc

[2001/10/28 11:06:18 | 000,021,130 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\debug.exe

[2001/10/28 11:06:18 | 000,021,130 | -H-- | M] () -- C:\WINDOWS\System32\debug.exe

[2001/10/28 11:06:16 | 000,195,618 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2001/10/28 11:06:16 | 000,189,986 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2001/10/28 11:06:16 | 000,187,938 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2001/10/28 11:06:16 | 000,186,402 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2001/10/28 11:06:16 | 000,185,378 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2001/10/28 11:06:16 | 000,180,258 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2001/10/28 11:06:16 | 000,180,258 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2001/10/28 11:06:16 | 000,177,698 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2001/10/28 11:06:16 | 000,173,602 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2001/10/28 11:06:16 | 000,173,602 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2001/10/28 11:06:16 | 000,162,850 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2001/10/28 11:06:16 | 000,139,810 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20261.nls

[2001/10/28 11:06:16 | 000,139,810 | -H-- | M] () -- C:\WINDOWS\System32\c_20261.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20905.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_20905.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20866.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_20866.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20127.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_20127.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1258.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1258.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1257.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1257.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1256.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1256.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1255.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1255.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1254.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1254.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1253.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1253.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1252.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1252.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1251.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1251.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1250.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1250.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_1026.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_1026.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10082.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10082.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10081.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10081.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10079.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10079.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10029.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10029.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10017.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10017.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10010.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10010.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10007.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10007.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10006.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10006.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_10000.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_10000.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\c_037.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | M] () -- C:\WINDOWS\System32\c_037.nls

[2001/10/28 11:06:16 | 000,037,362 | -H-- | M] () -- C:\WINDOWS\System32\compmgmt.msc

[2001/10/28 11:06:16 | 000,027,097 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\country.sys

[2001/10/28 11:06:16 | 000,027,097 | -H-- | M] () -- C:\WINDOWS\System32\country.sys

[2001/10/28 11:06:16 | 000,008,386 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ctype.nls

[2001/10/28 11:06:16 | 000,008,386 | -H-- | M] () -- C:\WINDOWS\System32\ctype.nls

[2001/10/28 11:06:12 | 000,061,126 | -H-- | M] () -- C:\WINDOWS\System32\cliconf.chm

[2001/10/28 11:06:12 | 000,060,504 | -H-- | M] () -- C:\WINDOWS\System32\cmmgr32.hlp

[2001/10/28 11:06:12 | 000,052,472 | -H-- | M] () -- C:\WINDOWS\System32\command.com

[2001/10/28 11:06:12 | 000,041,461 | -H-- | M] () -- C:\WINDOWS\System32\ciadv.msc

[2001/10/28 11:06:12 | 000,040,593 | -H-- | M] () -- C:\WINDOWS\System32\cmdlib.wsc

[2001/10/28 11:06:12 | 000,017,062 | -H-- | M] () -- C:\WINDOWS\Cafezinho.bmp

[2001/10/28 11:06:12 | 000,000,075 | -H-- | M] () -- C:\WINDOWS\System32\Exibir canais.scf

[2001/10/28 11:06:12 | 000,000,064 | -H-- | M] () -- C:\WINDOWS\System32\cmos.ram

[2001/10/28 11:06:10 | 000,082,172 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2001/10/28 11:06:10 | 000,066,728 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2001/10/28 11:06:10 | 000,065,978 | -H-- | M] () -- C:\WINDOWS\Bolhas de sabão.bmp

[2001/10/28 11:06:10 | 000,054,528 | -H-- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2001/10/28 11:06:10 | 000,041,985 | -H-- | M] () -- C:\WINDOWS\System32\certmgr.msc

[2001/10/28 11:06:10 | 000,028,420 | -H-- | M] () -- C:\WINDOWS\System32\bios1.rom

[2001/10/28 11:06:10 | 000,022,984 | -H-- | M] () -- C:\WINDOWS\System32\bopomofo.uce

[2001/10/28 11:06:10 | 000,008,191 | -H-- | M] () -- C:\WINDOWS\System32\bios4.rom

[2001/10/28 11:06:10 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2001/10/28 11:06:10 | 000,001,272 | -H-- | M] () -- C:\WINDOWS\Renda azul 16.bmp

[2001/10/28 11:06:10 | 000,000,515 | -H-- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2001/10/28 11:06:08 | 000,012,578 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\append.exe

[2001/10/28 11:06:08 | 000,012,578 | -H-- | M] () -- C:\WINDOWS\System32\append.exe

[2001/10/28 11:06:08 | 000,009,032 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\ansi.sys

[2001/10/28 11:06:08 | 000,009,032 | -H-- | M] () -- C:\WINDOWS\System32\ansi.sys

[2001/10/28 11:06:06 | 000,002,233 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\12520850.cpx

[2001/10/28 11:06:06 | 000,002,233 | -H-- | M] () -- C:\WINDOWS\System32\12520850.cpx

[2001/10/28 11:06:06 | 000,002,151 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\12520437.cpx

[2001/10/28 11:06:06 | 000,002,151 | -H-- | M] () -- C:\WINDOWS\System32\12520437.cpx

[2001/08/23 09:00:00 | 013,107,200 | -H-- | M] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 09:00:00 | 013,107,200 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\oembios.bin

[2001/08/23 09:00:00 | 000,006,761 | -H-- | M] () -- C:\WINDOWS\System32\oembios.sig

[2001/08/23 09:00:00 | 000,006,761 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\oembios.sig

[2001/08/23 09:00:00 | 000,004,463 | -H-- | M] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 09:00:00 | 000,004,463 | -H-- | M] () -- C:\WINDOWS\System32\dllcache\oembios.dat

[1999/11/21 14:11:00 | 000,372,736 | ---- | M] () -- C:\WINDOWS\System32\wintbr.ocx

[1999/01/08 10:19:42 | 000,025,360 | ---- | M] () -- C:\WINDOWS\System32\VBAPTB32.OLB

[1999/01/05 17:30:02 | 000,225,280 | -H-- | M] (VideoSoft) -- C:\WINDOWS\System32\VSFLEX3.OCX

[1998/05/20 05:17:12 | 000,280,064 | ---- | M] () -- C:\WINDOWS\System\CNCS232.DLL

[1997/08/11 03:10:00 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\iyvu9_32.dll

[1997/04/24 21:25:38 | 000,171,520 | ---- | M] (Europress Software) -- C:\WINDOWS\System\CNCS32.DLL

[1994/12/10 08:25:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\System\CURLING2.DLL

[1994/12/10 08:25:08 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System\CURLING1.DLL

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 18:42:26 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Atalho para OTL.lnk

[2010/05/05 10:39:22 | 000,013,464 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\OTL.docx

[2010/04/30 11:14:24 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Ares.lnk

[2010/04/28 23:06:48 | 000,949,296 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_ciencias_da_natureza.pdf

[2010/04/28 23:06:48 | 000,803,729 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_linguagens_codigos.pdf

[2010/04/28 23:06:48 | 000,647,186 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_ciencias_humanas.pdf

[2010/04/28 23:06:48 | 000,641,358 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Enem2009_matematica.pdf

[2010/04/21 16:39:04 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/04/21 16:39:04 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/04/17 16:22:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ9Ÿ9

[2010/04/01 22:44:33 | 008,126,464 | ---- | C] () -- C:\Documents and Settings\Usuario\ntuser.dat

[2010/04/01 21:57:07 | 000,001,003 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Media Player Classic.lnk

[2010/04/01 21:56:39 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2010/04/01 21:56:39 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/04/01 21:56:37 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/04/01 21:56:37 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/04/01 21:56:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/04/01 21:56:33 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/04/01 21:56:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/04/01 10:53:08 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\DVD Flick.lnk

[2010/03/25 22:02:47 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\UpApp32.dll

[2010/03/20 14:39:23 | 000,003,229 | ---- | C] () -- C:\Documents and Settings\Usuario\ipfreport.html

[2010/02/28 20:44:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Default.rdp

[2010/02/24 15:48:07 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System\CURLING2.DLL

[2010/02/24 15:48:06 | 000,280,064 | ---- | C] () -- C:\WINDOWS\System\CNCS232.DLL

[2010/02/24 15:48:06 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System\CURLING1.DLL

[2010/02/24 07:49:50 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\wintbr.ocx

[2010/02/19 21:14:07 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Atalho para Minhas músicas.lnk

[2010/02/19 20:59:03 | 000,000,998 | ---- | C] () -- C:\Documents and Settings\Usuario\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

[2010/02/14 18:44:15 | 000,010,166 | -HS- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\Folder.jpg

[2010/02/14 18:44:15 | 000,005,583 | -HS- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\AlbumArt_{194CD94F-A7CB-441D-BE30-0A5ECA23B181}_Large.jpg

[2010/02/14 18:44:15 | 000,002,304 | -HS- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\AlbumArtSmall.jpg

[2010/02/14 18:44:15 | 000,002,072 | -HS- | C] () -- C:\Documents and Settings\Usuario\Meus documentos\AlbumArt_{194CD94F-A7CB-441D-BE30-0A5ECA23B181}_Small.jpg

[2010/02/01 08:31:15 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

[2010/01/14 22:27:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/10/08 23:42:16 | 000,006,144 | -HS- | C] () -- C:\Documents and Settings\Usuario\Thumbs.db

[2009/09/16 18:27:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\javax.exe

[2009/09/06 19:52:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/09/03 08:23:06 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\mega.exe

[2009/09/03 08:23:06 | 000,002,265 | ---- | C] () -- C:\WINDOWS\System32\bios.EXE

[2009/08/27 22:03:56 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Windows Live Messenger .lnk

[2009/08/20 19:44:41 | 000,000,292 | -H-- | C] () -- C:\sqmdata09.sqm

[2009/08/20 19:44:41 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm

[2009/08/20 08:41:59 | 000,000,268 | -H-- | C] () -- C:\sqmdata08.sqm

[2009/08/20 08:41:59 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm

[2009/08/12 22:28:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp

[2009/08/12 22:28:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp

[2009/08/10 14:30:20 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\A Bíblia Sagrada Versão Digital 6.0 Freeware.lnk

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/07/24 21:16:28 | 000,000,099 | ---- | C] () -- C:\WINDOWS\ANS2000.INI

[2009/07/24 21:16:28 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini

[2009/07/24 21:16:28 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini

[2009/07/20 18:41:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ms_shell.ini

[2009/07/19 18:56:32 | 000,169,858 | ---- | C] () -- C:\WINDOWS\hpqins00.dat

[2009/07/19 18:38:02 | 000,000,458 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E4152497-7C32-45D5-9C39-1A30CD0E97D6}.job

[2009/07/19 18:33:13 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Iniciar o Navegador Internet Explorer.lnk

[2009/07/19 17:43:10 | 000,113,152 | ---- | C] () -- C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/19 16:35:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/07/18 19:38:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Usuario\Ÿ9Ÿ9

[2009/07/18 16:43:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Orbit.lnk

[2009/07/18 15:22:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸÔŸÔ

[2009/07/18 15:17:49 | 000,168,041 | ---- | C] () -- C:\WINDOWS\hpoins29.dat

[2009/07/18 15:17:49 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log

[2009/07/18 15:17:49 | 000,000,986 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat

[2009/07/18 15:02:51 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd

[2009/07/18 15:02:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2009/07/18 15:02:47 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg

[2009/07/18 15:02:47 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg

[2009/07/17 21:47:13 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\Windows Media Player.lnk

[2009/07/17 21:35:06 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\DreaMule.lnk

[2009/07/17 20:18:06 | 000,001,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk

[2009/07/17 20:17:48 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2009/07/17 19:28:41 | 000,000,304 | -H-- | C] () -- C:\sqmdata07.sqm

[2009/07/17 19:28:41 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm

[2009/07/17 19:27:02 | 000,000,776 | -H-- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

[2009/07/17 19:25:52 | 000,000,172 | -H-- | C] () -- C:\sqmnoopt06.sqm

[2009/07/17 19:25:52 | 000,000,172 | -H-- | C] () -- C:\sqmdata06.sqm

[2009/07/17 19:25:37 | 000,000,268 | -H-- | C] () -- C:\sqmdata05.sqm

[2009/07/17 19:25:37 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm

[2009/07/17 19:25:35 | 000,000,172 | -H-- | C] () -- C:\sqmnoopt04.sqm

[2009/07/17 19:25:35 | 000,000,172 | -H-- | C] () -- C:\sqmdata04.sqm

[2009/07/17 19:25:22 | 000,000,268 | -H-- | C] () -- C:\sqmdata03.sqm

[2009/07/17 19:25:22 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm

[2009/07/17 18:48:38 | 000,000,172 | -H-- | C] () -- C:\sqmnoopt02.sqm

[2009/07/17 18:48:38 | 000,000,172 | -H-- | C] () -- C:\sqmdata02.sqm

[2009/07/17 18:43:41 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\Usuario\Desktop\CCleaner.lnk

[2009/07/17 18:37:25 | 000,000,268 | -H-- | C] () -- C:\sqmdata01.sqm

[2009/07/17 18:37:25 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm

[2009/07/17 10:55:33 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm

[2009/07/17 10:55:33 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm

[2009/07/17 10:15:57 | 000,144,201 | RH-- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty

[2009/07/17 09:49:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/07/17 09:42:01 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\explorer.exe.local

[2009/07/17 09:41:51 | 000,000,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speedy.lnk

[2009/07/17 09:37:15 | 000,002,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk

[2009/07/17 09:27:07 | 000,000,421 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2009/07/17 09:18:29 | 000,200,704 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2009/07/17 09:18:28 | 000,655,842 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa

[2009/07/17 09:18:28 | 000,023,632 | RH-- | C] () -- C:\WINDOWS\System32\igxpxs32.vp

[2009/07/17 09:18:28 | 000,002,096 | RH-- | C] () -- C:\WINDOWS\System32\igxpxk32.vp

[2009/07/17 09:18:28 | 000,000,929 | RH-- | C] () -- C:\WINDOWS\System32\igxpxa32.vp

[2009/07/17 09:18:14 | 000,121,232 | RH-- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp

[2009/07/17 09:18:14 | 000,121,232 | RH-- | C] () -- C:\WINDOWS\System32\IScrNB.bmp

[2009/07/17 09:13:17 | 000,940,794 | -H-- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav

[2009/07/17 09:13:17 | 000,146,650 | -H-- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav

[2009/07/17 09:01:37 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/07/17 08:55:14 | 000,011,068 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/07/17 08:55:14 | 000,005,810 | RH-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/07/17 08:55:02 | 000,010,288 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/07/17 08:51:06 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Usuario\ntuser.dat.LOG

[2009/07/17 08:51:06 | 000,000,330 | -HS- | C] () -- C:\Documents and Settings\Usuario\ntuser.ini

[2009/07/17 08:00:10 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2009/07/17 07:59:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/07/17 07:59:16 | 000,028,288 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls

[2009/07/17 07:58:46 | 000,083,748 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls

[2009/07/17 07:58:46 | 000,083,748 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls

[2009/07/17 07:58:45 | 000,175,104 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2009/07/17 07:58:29 | 000,047,066 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls

[2009/07/17 07:58:28 | 001,158,818 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2009/07/17 07:58:22 | 000,059,392 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2009/07/17 07:58:21 | 000,196,665 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2009/07/17 07:58:19 | 000,134,339 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2009/07/17 07:58:12 | 013,463,552 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2009/07/17 07:58:09 | 000,108,827 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2009/07/17 07:58:05 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll

[2009/07/17 07:57:56 | 000,173,568 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2009/07/17 07:57:54 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls

[2009/07/17 07:57:54 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls

[2009/07/17 07:57:54 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls

[2009/07/17 07:57:53 | 000,180,770 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls

[2009/07/17 07:57:53 | 000,177,698 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls

[2009/07/17 07:57:53 | 000,173,602 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls

[2009/07/17 07:57:53 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls

[2009/07/17 07:57:53 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls

[2009/07/17 07:57:53 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls

[2009/07/17 07:57:53 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls

[2009/07/17 07:57:53 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls

[2009/07/17 07:57:53 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls

[2009/07/17 07:57:53 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls

[2009/07/17 07:57:53 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls

[2009/07/17 07:57:52 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls

[2009/07/17 07:57:51 | 000,187,938 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls

[2009/07/17 07:57:51 | 000,186,402 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls

[2009/07/17 07:57:51 | 000,185,378 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls

[2009/07/17 07:57:51 | 000,180,258 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls

[2009/07/17 07:57:51 | 000,173,602 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls

[2009/07/17 07:57:51 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls

[2009/07/17 07:57:51 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls

[2009/07/17 07:57:51 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls

[2009/07/17 07:57:51 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls

[2009/07/17 07:57:51 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls

[2009/07/17 07:57:51 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls

[2009/07/17 07:57:50 | 000,189,986 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls

[2009/07/17 07:57:50 | 000,180,258 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls

[2009/07/17 07:57:50 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls

[2009/07/17 07:57:49 | 000,195,618 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls

[2009/07/17 07:57:49 | 000,177,698 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls

[2009/07/17 07:57:49 | 000,173,602 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls

[2009/07/17 07:57:49 | 000,162,850 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls

[2009/07/17 07:57:49 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls

[2009/07/17 07:57:49 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls

[2009/07/17 07:57:49 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls

[2009/07/17 07:57:49 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls

[2009/07/17 07:57:49 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls

[2009/07/17 07:57:48 | 000,082,172 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls

[2009/07/17 07:57:48 | 000,066,728 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls

[2009/07/17 07:57:14 | 000,002,969 | -H-- | C] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/07/17 07:57:14 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2009/07/17 07:57:14 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2009/07/17 07:57:14 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2009/07/17 07:57:14 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2009/07/17 07:57:11 | 000,023,392 | -H-- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/07/17 07:57:11 | 000,016,832 | -H-- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/07/17 07:57:10 | 000,316,640 | -H-- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2009/07/17 07:56:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2009/07/17 07:56:19 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2009/07/17 07:56:14 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2009/07/17 07:55:59 | 004,399,505 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex

[2009/07/17 07:55:42 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp

[2009/07/17 07:55:42 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp

[2009/07/17 07:55:35 | 000,000,984 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf

[2009/07/17 07:54:57 | 000,381,440 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll

[2009/07/17 07:54:55 | 000,067,584 | -H-- | C] () -- C:\WINDOWS\System32\srclient.dll

[2009/07/17 07:54:16 | 000,021,844 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/07/17 07:53:29 | 000,065,954 | -H-- | C] () -- C:\WINDOWS\Bruma.bmp

[2009/07/17 07:53:29 | 000,065,832 | -H-- | C] () -- C:\WINDOWS\Deserto.bmp

[2009/07/17 07:53:29 | 000,026,680 | -H-- | C] () -- C:\WINDOWS\Leques.bmp

[2009/07/17 07:53:29 | 000,017,362 | -H-- | C] () -- C:\WINDOWS\Rododentro.bmp

[2009/07/17 07:53:29 | 000,009,522 | -H-- | C] () -- C:\WINDOWS\Tapete.bmp

[2009/07/17 07:53:28 | 000,093,702 | -H-- | C] () -- C:\WINDOWS\System32\subrange.uce

[2009/07/17 07:53:28 | 000,065,978 | -H-- | C] () -- C:\WINDOWS\Bolhas de sabão.bmp

[2009/07/17 07:53:28 | 000,026,582 | -H-- | C] () -- C:\WINDOWS\Areia.bmp

[2009/07/17 07:53:28 | 000,017,336 | -H-- | C] () -- C:\WINDOWS\Pescaria.bmp

[2009/07/17 07:53:28 | 000,017,062 | -H-- | C] () -- C:\WINDOWS\Cafezinho.bmp

[2009/07/17 07:53:28 | 000,016,730 | -H-- | C] () -- C:\WINDOWS\Seda.bmp

[2009/07/17 07:53:28 | 000,001,272 | -H-- | C] () -- C:\WINDOWS\Renda azul 16.bmp

[2009/07/17 07:53:27 | 000,060,458 | -H-- | C] () -- C:\WINDOWS\System32\ideograf.uce

[2009/07/17 07:53:27 | 000,024,006 | -H-- | C] () -- C:\WINDOWS\System32\gb2312.uce

[2009/07/17 07:53:27 | 000,022,984 | -H-- | C] () -- C:\WINDOWS\System32\bopomofo.uce

[2009/07/17 07:53:27 | 000,016,740 | -H-- | C] () -- C:\WINDOWS\System32\shiftjis.uce

[2009/07/17 07:53:27 | 000,012,876 | -H-- | C] () -- C:\WINDOWS\System32\korean.uce

[2009/07/17 07:53:27 | 000,008,484 | -H-- | C] () -- C:\WINDOWS\System32\kanji_2.uce

[2009/07/17 07:53:27 | 000,006,948 | -H-- | C] () -- C:\WINDOWS\System32\kanji_1.uce

[2009/07/17 07:53:25 | 000,003,286 | -H-- | C] () -- C:\WINDOWS\System32\tslabels.h

[2009/07/17 07:53:25 | 000,001,221 | -H-- | C] () -- C:\WINDOWS\System32\usrlogon.cmd

[2009/07/17 07:53:23 | 000,000,768 | -H-- | C] () -- C:\WINDOWS\System32\msdtcprf.h

[2009/07/17 07:53:17 | 000,063,488 | -H-- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

[2009/07/16 14:55:58 | 000,004,444 | -H-- | C] () -- C:\WINDOWS\System32\pid.PNF

[2009/07/16 14:55:52 | 001,685,606 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd

[2009/07/16 14:55:52 | 000,000,888 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf

[2009/07/16 14:55:51 | 000,643,717 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa

[2009/07/16 14:55:51 | 000,605,050 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa

[2009/07/16 14:55:48 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls

[2009/07/16 14:55:48 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28603.nls

[2009/07/16 14:55:46 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls

[2009/07/16 14:55:46 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_857.nls

[2009/07/16 14:55:46 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls

[2009/07/16 14:55:46 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28599.nls

[2009/07/16 14:55:46 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls

[2009/07/16 14:55:46 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10081.nls

[2009/07/16 14:55:43 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls

[2009/07/16 14:55:43 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\C_28595.NLS

[2009/07/16 14:55:43 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls

[2009/07/16 14:55:43 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10017.nls

[2009/07/16 14:55:43 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls

[2009/07/16 14:55:43 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10007.nls

[2009/07/16 14:55:41 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls

[2009/07/16 14:55:41 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_869.nls

[2009/07/16 14:55:41 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls

[2009/07/16 14:55:41 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_737.nls

[2009/07/16 14:55:41 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls

[2009/07/16 14:55:41 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_875.nls

[2009/07/16 14:55:41 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls

[2009/07/16 14:55:41 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\C_28597.NLS

[2009/07/16 14:55:41 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls

[2009/07/16 14:55:41 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10006.nls

[2009/07/16 14:55:40 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls

[2009/07/16 14:55:40 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\C_28594.NLS

[2009/07/16 14:55:39 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls

[2009/07/16 14:55:39 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_866.nls

[2009/07/16 14:55:39 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls

[2009/07/16 14:55:39 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_855.nls

[2009/07/16 14:55:37 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls

[2009/07/16 14:55:37 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_852.nls

[2009/07/16 14:55:37 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls

[2009/07/16 14:55:37 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10082.nls

[2009/07/16 14:55:37 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls

[2009/07/16 14:55:37 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10029.nls

[2009/07/16 14:55:37 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls

[2009/07/16 14:55:37 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10010.nls

[2009/07/16 14:55:34 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls

[2009/07/16 14:55:34 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_20127.nls

[2009/07/16 14:55:29 | 000,000,515 | -H-- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2009/07/16 14:55:20 | 001,233,746 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT

[2009/07/16 14:55:20 | 000,809,104 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2009/07/16 14:55:20 | 000,399,670 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2009/07/16 14:55:20 | 000,144,484 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat

[2009/07/16 14:55:20 | 000,105,628 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat

[2009/07/16 14:55:20 | 000,037,509 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2009/07/16 14:55:20 | 000,034,747 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat

[2009/07/16 14:55:20 | 000,033,765 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT

[2009/07/16 14:55:20 | 000,016,825 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT

[2009/07/16 14:55:20 | 000,013,497 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2009/07/16 14:55:20 | 000,012,363 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT

[2009/07/16 14:55:20 | 000,010,027 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT

[2009/07/16 14:55:20 | 000,008,599 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2009/07/16 14:55:20 | 000,007,407 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2009/07/16 14:55:20 | 000,007,334 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat

[2009/07/16 14:55:19 | 002,038,809 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT

[2009/07/16 14:55:19 | 000,634,592 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT

[2009/07/16 14:54:41 | 000,286,112 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/07/16 14:54:09 | 000,000,211 | -HS- | C] () -- C:\boot.ini

[2009/07/16 14:54:06 | 000,000,977 | -H-- | C] () -- C:\WINDOWS\System32\$winnt$.inf

[2009/02/12 22:20:42 | 000,006,681 | ---- | C] () -- C:\WINDOWS\System32\IE8Eula.rtf

[2009/01/07 18:20:36 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls

[2009/01/07 18:20:36 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls

[2009/01/07 18:20:36 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls

[2009/01/07 18:20:36 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls

[2009/01/07 18:20:36 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls

[2009/01/07 18:20:20 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat

[2009/01/07 18:20:20 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat

[2008/04/13 18:37:14 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/13 18:24:02 | 000,083,730 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm

[2008/04/13 18:23:34 | 000,785,972 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb

[2008/04/13 18:23:34 | 000,204,396 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb

[2008/04/13 18:23:34 | 000,009,424 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb

[2008/04/13 18:23:28 | 000,230,002 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb

[2008/04/13 18:21:26 | 000,164,352 | -H-- | C] () -- C:\WINDOWS\System32\wstpager.ax

[2008/04/13 18:21:26 | 000,164,352 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax

[2008/04/13 18:21:26 | 000,148,992 | -H-- | C] () -- C:\WINDOWS\System32\mpg2splt.ax

[2008/04/13 18:21:26 | 000,148,992 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax

[2008/04/13 18:21:26 | 000,118,272 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax

[2008/04/13 18:21:26 | 000,118,272 | -H-- | C] () -- C:\WINDOWS\System32\mpeg2data.ax

[2008/04/13 18:21:26 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\vbicodec.ax

[2008/04/13 18:21:26 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax

[2008/04/13 18:20:42 | 000,279,040 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tshoot.dll

[2008/04/13 18:20:42 | 000,270,848 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll

[2008/04/13 18:20:42 | 000,034,816 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll

[2008/04/13 18:20:42 | 000,033,280 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sstub.dll

[2008/04/13 18:20:34 | 000,014,336 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll

[2008/04/13 18:20:28 | 000,186,880 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll

[2008/04/13 18:20:26 | 000,253,440 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\compatui.dll

[2008/04/13 18:20:24 | 000,070,656 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll

[2008/04/13 18:03:14 | 000,144,776 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\archvapp.inf

[2008/04/13 18:03:12 | 000,001,950 | -H-- | C] () -- C:\WINDOWS\System32\pid.inf

[2008/04/13 18:03:12 | 000,001,950 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf

[2008/04/13 18:03:06 | 000,057,667 | -H-- | C] () -- C:\WINDOWS\System32\ieuinit.inf

[2008/04/13 17:58:06 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\msxml6r.dll

[2008/04/13 10:31:44 | 000,251,696 | RHS- | C] () -- C:\ntldr

[2008/04/13 09:26:10 | 000,004,310 | -H-- | C] () -- C:\WINDOWS\System32\odbcconf.rsp

[2008/04/13 09:26:10 | 000,004,310 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp

[2008/04/13 09:21:34 | 000,733,696 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll

[2008/04/13 08:54:54 | 000,054,048 | -H-- | C] () -- C:\WINDOWS\System32\dosx.exe

[2008/04/13 08:54:54 | 000,054,048 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe

[2008/04/13 08:52:32 | 000,003,346 | -H-- | C] () -- C:\WINDOWS\System32\redir.exe

[2008/04/13 08:52:32 | 000,003,346 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe

[2008/04/13 08:50:56 | 000,042,537 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys

[2008/04/13 08:49:48 | 000,033,984 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys

[2008/04/13 08:49:44 | 000,035,424 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys

[2008/04/13 08:49:44 | 000,034,560 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys

[2008/04/13 08:49:42 | 000,034,560 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys

[2008/04/13 08:49:40 | 000,035,648 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys

[2008/04/13 08:43:04 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM

[2008/04/13 08:28:14 | 000,000,929 | -H-- | C] () -- C:\WINDOWS\System32\homepage.inf

[2008/02/29 01:10:00 | 000,265,948 | -H-- | C] () -- C:\WINDOWS\System32\locale.nls

[2008/02/29 01:10:00 | 000,265,948 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls

[2007/09/19 00:09:20 | 000,000,488 | -H-- | C] () -- C:\WINDOWS\System32\login.cmd

[2007/04/02 07:59:46 | 000,000,862 | -H-- | C] () -- C:\WINDOWS\System32\termcap

[2007/04/02 07:36:22 | 000,956,990 | -H-- | C] () -- C:\WINDOWS\System32\instcat.sql

[2007/01/01 11:26:50 | 000,355,680 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf

[2007/01/01 11:26:46 | 000,383,804 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf

[2007/01/01 11:25:52 | 000,461,672 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf

[2007/01/01 06:32:46 | 001,354,752 | -H-- | C] () -- C:\WINDOWS\System32\webfldrs.msi

[2006/12/30 18:27:08 | 000,007,208 | -H-- | C] () -- C:\WINDOWS\System32\secupd.sig

[2006/12/30 18:27:08 | 000,007,208 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig

[2006/12/30 18:27:08 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/12/30 18:27:08 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat

[2006/12/29 10:08:32 | 000,262,148 | -H-- | C] () -- C:\WINDOWS\System32\sortkey.nls

[2006/12/29 10:08:32 | 000,262,148 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sortkey.nls

[2006/12/29 10:08:32 | 000,023,044 | -H-- | C] () -- C:\WINDOWS\System32\sorttbls.nls

[2006/12/29 10:08:32 | 000,023,044 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls

[2005/08/31 12:49:08 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\NuNInst.cfg

[2005/08/30 20:33:38 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\UNNeroBackItUp.cfg

[2001/10/28 11:07:50 | 000,000,707 | -H-- | C] () -- C:\WINDOWS\_default.pif

[2001/10/28 11:07:48 | 000,034,666 | -H-- | C] () -- C:\WINDOWS\wmprfPTB.prx

[2001/10/28 11:07:48 | 000,002,206 | -H-- | C] () -- C:\WINDOWS\System32\wpa.dbl

[2001/10/28 11:07:44 | 000,033,865 | -H-- | C] () -- C:\WINDOWS\System32\winhelp.hlp

[2001/10/28 11:07:38 | 000,013,312 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll

[2001/10/28 11:07:36 | 001,309,184 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.deu

[2001/10/28 11:07:36 | 001,095,680 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.nld

[2001/10/28 11:07:36 | 000,957,440 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.enu

[2001/10/28 11:07:36 | 000,937,984 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.sve

[2001/10/28 11:07:36 | 000,867,840 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.ita

[2001/10/28 11:07:36 | 000,786,944 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.fra

[2001/10/28 11:07:36 | 000,750,080 | -H-- | C] () -- C:\WINDOWS\System32\wbdbase.esn

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.sve

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.nld

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.ita

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.fra

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.esn

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.enu

[2001/10/28 11:07:36 | 000,065,489 | -H-- | C] () -- C:\WINDOWS\System32\wbcache.deu

[2001/10/28 11:07:36 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\wiasf.ax

[2001/10/28 11:07:36 | 000,040,448 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax

[2001/10/28 11:07:36 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\System32\wdl.trm

[2001/10/28 11:07:36 | 000,001,144 | -H-- | C] () -- C:\WINDOWS\System32\vwipxspx.exe

[2001/10/28 11:07:36 | 000,001,144 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe

[2001/10/28 11:07:34 | 000,089,588 | -H-- | C] () -- C:\WINDOWS\System32\unicode.nls

[2001/10/28 11:07:34 | 000,089,588 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\unicode.nls

[2001/10/28 11:07:34 | 000,018,832 | -H-- | C] () -- C:\WINDOWS\System32\v7vga.rom

[2001/10/28 11:07:32 | 000,015,360 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll

[2001/10/28 11:07:30 | 000,003,577 | -H-- | C] () -- C:\WINDOWS\System32\sysprtj.sep

[2001/10/28 11:07:30 | 000,003,214 | -H-- | C] () -- C:\WINDOWS\System32\sysprint.sep

[2001/10/28 11:07:28 | 000,049,345 | -H-- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm

[2001/10/28 11:07:26 | 000,240,120 | -H-- | C] () -- C:\WINDOWS\System32\setup.bmp

[2001/10/28 11:07:26 | 000,059,167 | -H-- | C] () -- C:\WINDOWS\System\setup.inf

[2001/10/28 11:07:26 | 000,035,716 | -H-- | C] () -- C:\WINDOWS\System32\secpol.msc

[2001/10/28 11:07:26 | 000,033,074 | -H-- | C] () -- C:\WINDOWS\System32\services.msc

[2001/10/28 11:07:26 | 000,011,995 | -H-- | C] () -- C:\WINDOWS\System32\setver.exe

[2001/10/28 11:07:26 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll

[2001/10/28 11:07:26 | 000,006,953 | -H-- | C] () -- C:\WINDOWS\System32\drivers\etc\services

[2001/10/28 11:07:26 | 000,000,882 | -H-- | C] () -- C:\WINDOWS\System32\share.exe

[2001/10/28 11:07:26 | 000,000,882 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\share.exe

[2001/10/28 11:07:24 | 000,043,974 | RH-- | C] () -- C:\WINDOWS\System32\rsop.msc

[2001/10/28 11:07:24 | 000,003,282 | -H-- | C] () -- C:\WINDOWS\System32\rsaci.rat

[2001/10/28 11:07:24 | 000,003,178 | -H-- | C] () -- C:\WINDOWS\System32\rsvpcnts.h

[2001/10/28 11:07:22 | 000,003,788 | -H-- | C] () -- C:\WINDOWS\System32\pubprn.vbs

[2001/10/28 11:07:22 | 000,003,788 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs

[2001/10/28 11:07:22 | 000,003,010 | -H-- | C] () -- C:\WINDOWS\System32\pschdcnt.h

[2001/10/28 11:07:22 | 000,001,818 | -H-- | C] () -- C:\WINDOWS\System32\rasctrnm.h

[2001/10/28 11:07:22 | 000,000,051 | -H-- | C] () -- C:\WINDOWS\System32\pscript.sep

[2001/10/28 11:07:18 | 000,344,734 | -H-- | C] () -- C:\WINDOWS\System32\perfh016.dat

[2001/10/28 11:07:18 | 000,311,740 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001/10/28 11:07:18 | 000,301,776 | -H-- | C] () -- C:\WINDOWS\System32\perfi016.dat

[2001/10/28 11:07:18 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001/10/28 11:07:18 | 000,057,837 | RH-- | C] () -- C:\WINDOWS\System32\perfmon.msc

[2001/10/28 11:07:18 | 000,048,846 | -H-- | C] () -- C:\WINDOWS\System32\perfc016.dat

[2001/10/28 11:07:18 | 000,040,128 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001/10/28 11:07:18 | 000,036,056 | -H-- | C] () -- C:\WINDOWS\System32\prncnfg.vbs

[2001/10/28 11:07:18 | 000,036,056 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs

[2001/10/28 11:07:18 | 000,035,178 | -H-- | C] () -- C:\WINDOWS\System32\perfd016.dat

[2001/10/28 11:07:18 | 000,032,801 | -H-- | C] () -- C:\WINDOWS\System32\prnmngr.vbs

[2001/10/28 11:07:18 | 000,032,801 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs

[2001/10/28 11:07:18 | 000,029,728 | -H-- | C] () -- C:\WINDOWS\System32\prnport.vbs

[2001/10/28 11:07:18 | 000,029,728 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs

[2001/10/28 11:07:18 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001/10/28 11:07:18 | 000,025,646 | -H-- | C] () -- C:\WINDOWS\System32\prndrvr.vbs

[2001/10/28 11:07:18 | 000,025,646 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs

[2001/10/28 11:07:18 | 000,021,776 | -H-- | C] () -- C:\WINDOWS\System32\prnjobs.vbs

[2001/10/28 11:07:18 | 000,021,776 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs

[2001/10/28 11:07:18 | 000,016,004 | -H-- | C] () -- C:\WINDOWS\System32\prnqctl.vbs

[2001/10/28 11:07:18 | 000,016,004 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs

[2001/10/28 11:07:18 | 000,000,878 | -H-- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol

[2001/10/28 11:07:18 | 000,000,435 | -H-- | C] () -- C:\WINDOWS\System32\perfwci.h

[2001/10/28 11:07:18 | 000,000,427 | -H-- | C] () -- C:\WINDOWS\System32\perfci.h

[2001/10/28 11:07:18 | 000,000,140 | -H-- | C] () -- C:\WINDOWS\System32\perffilt.h

[2001/10/28 11:07:18 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\System32\pcl.sep

[2001/10/28 11:07:14 | 000,003,258 | -H-- | C] () -- C:\WINDOWS\System32\nw16.exe

[2001/10/28 11:07:14 | 000,003,258 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe

[2001/10/28 11:07:10 | 000,048,794 | -H-- | C] () -- C:\WINDOWS\System32\ntimage.gif

[2001/10/28 11:07:10 | 000,032,603 | -H-- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc

[2001/10/28 11:07:10 | 000,029,370 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys

[2001/10/28 11:07:10 | 000,029,274 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys

[2001/10/28 11:07:10 | 000,029,146 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys

[2001/10/28 11:07:10 | 000,029,146 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys

[2001/10/28 11:07:10 | 000,027,900 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys

[2001/10/28 11:07:10 | 000,025,912 | -H-- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc

[2001/10/28 11:07:08 | 000,149,848 | -H-- | C] () -- C:\WINDOWS\System32\noise.deu

[2001/10/28 11:07:08 | 000,108,328 | -H-- | C] () -- C:\WINDOWS\System32\net.hlp

[2001/10/28 11:07:08 | 000,049,196 | -H-- | C] () -- C:\WINDOWS\System32\noise.fra

[2001/10/28 11:07:08 | 000,019,684 | -H-- | C] () -- C:\WINDOWS\System32\noise.esn

[2001/10/28 11:07:08 | 000,019,618 | -H-- | C] () -- C:\WINDOWS\System32\noise.ita

[2001/10/28 11:07:08 | 000,013,730 | -H-- | C] () -- C:\WINDOWS\System32\noise.sve

[2001/10/28 11:07:08 | 000,013,256 | -H-- | C] () -- C:\WINDOWS\System32\noise.nld

[2001/10/28 11:07:08 | 000,007,132 | -H-- | C] () -- C:\WINDOWS\System32\nlsfunc.exe

[2001/10/28 11:07:08 | 000,007,132 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe

[2001/10/28 11:07:08 | 000,001,696 | -H-- | C] () -- C:\WINDOWS\System32\noise.cht

[2001/10/28 11:07:08 | 000,001,696 | -H-- | C] () -- C:\WINDOWS\System32\noise.chs

[2001/10/28 11:07:08 | 000,000,751 | -H-- | C] () -- C:\WINDOWS\System32\noise.enu

[2001/10/28 11:07:08 | 000,000,751 | -H-- | C] () -- C:\WINDOWS\System32\noise.eng

[2001/10/28 11:07:08 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[2001/10/28 11:07:08 | 000,000,697 | -H-- | C] () -- C:\WINDOWS\System32\noise.tha

[2001/10/28 11:07:08 | 000,000,429 | -H-- | C] () -- C:\WINDOWS\System32\drivers\etc\networks

[2001/10/28 11:07:02 | 000,000,817 | -H-- | C] () -- C:\WINDOWS\System32\mscdexnt.exe

[2001/10/28 11:07:02 | 000,000,817 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe

[2001/10/28 11:07:00 | 000,002,755 | -H-- | C] () -- C:\WINDOWS\System32\mqprfsym.h

[2001/10/28 11:07:00 | 000,001,492 | -H-- | C] () -- C:\WINDOWS\System32\mmdriver.inf

[2001/10/28 11:06:58 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001/10/28 11:06:58 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat

[2001/10/28 11:06:58 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2001/10/28 11:06:58 | 000,039,386 | -H-- | C] () -- C:\WINDOWS\System32\mem.exe

[2001/10/28 11:06:58 | 000,039,386 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe

[2001/10/28 11:06:58 | 000,024,124 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf

[2001/10/28 11:06:56 | 000,041,834 | -H-- | C] () -- C:\WINDOWS\System32\lusrmgr.msc

[2001/10/28 11:06:56 | 000,007,046 | -H-- | C] () -- C:\WINDOWS\System32\l_intl.nls

[2001/10/28 11:06:56 | 000,007,046 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\l_intl.nls

[2001/10/28 11:06:56 | 000,003,957 | -H-- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam

[2001/10/28 11:06:56 | 000,001,153 | -H-- | C] () -- C:\WINDOWS\System32\loadfix.com

[2001/10/28 11:06:56 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\System32\l_except.nls

[2001/10/28 11:06:56 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\l_except.nls

[2001/10/28 11:06:40 | 000,042,809 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys

[2001/10/28 11:06:40 | 000,014,950 | -H-- | C] () -- C:\WINDOWS\System32\kb16.com

[2001/10/28 11:06:36 | 000,004,896 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys

[2001/10/28 11:06:36 | 000,000,776 | -H-- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2001/10/28 11:06:34 | 003,440,660 | -H-- | C] () -- C:\WINDOWS\System32\drivers\gm.dls

[2001/10/28 11:06:34 | 003,440,660 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls

[2001/10/28 11:06:34 | 000,034,348 | -H-- | C] () -- C:\WINDOWS\System32\gpedit.msc

[2001/10/28 11:06:34 | 000,032,412 | -H-- | C] () -- C:\WINDOWS\System32\fsmgmt.msc

[2001/10/28 11:06:34 | 000,024,772 | -H-- | C] () -- C:\WINDOWS\System32\geo.nls

[2001/10/28 11:06:34 | 000,024,772 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\geo.nls

[2001/10/28 11:06:34 | 000,021,232 | -H-- | C] () -- C:\WINDOWS\System32\graphics.pro

[2001/10/28 11:06:34 | 000,019,918 | -H-- | C] () -- C:\WINDOWS\System32\graphics.com

[2001/10/28 11:06:32 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001/10/28 11:06:32 | 000,152,844 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf

[2001/10/28 11:06:32 | 000,135,984 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf

[2001/10/28 11:06:32 | 000,127,213 | -H-- | C] () -- C:\WINDOWS\System32\ega.cpi

[2001/10/28 11:06:32 | 000,070,750 | -H-- | C] () -- C:\WINDOWS\System32\edit.com

[2001/10/28 11:06:32 | 000,056,263 | -H-- | C] () -- C:\WINDOWS\System32\eventvwr.msc

[2001/10/28 11:06:32 | 000,013,106 | -H-- | C] () -- C:\WINDOWS\System32\edlin.exe

[2001/10/28 11:06:32 | 000,013,106 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe

[2001/10/28 11:06:32 | 000,012,447 | -H-- | C] () -- C:\WINDOWS\System32\edit.hlp

[2001/10/28 11:06:32 | 000,008,600 | -H-- | C] () -- C:\WINDOWS\System32\exe2bin.exe

[2001/10/28 11:06:32 | 000,008,600 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe

[2001/10/28 11:06:32 | 000,006,708 | -H-- | C] () -- C:\WINDOWS\System32\esentprf.hxx

[2001/10/28 11:06:32 | 000,000,882 | -H-- | C] () -- C:\WINDOWS\System32\fastopen.exe

[2001/10/28 11:06:32 | 000,000,882 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe

[2001/10/28 11:06:32 | 000,000,080 | -H-- | C] () -- C:\WINDOWS\explorer.scf

[2001/10/28 11:06:30 | 000,000,081 | -H-- | C] () -- C:\WINDOWS\System32\dsound.vxd

[2001/10/28 11:06:18 | 000,196,642 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_950.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | C] () -- C:\WINDOWS\System32\c_950.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_949.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | C] () -- C:\WINDOWS\System32\c_949.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_936.nls

[2001/10/28 11:06:18 | 000,196,642 | -H-- | C] () -- C:\WINDOWS\System32\c_936.nls

[2001/10/28 11:06:18 | 000,162,850 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_932.nls

[2001/10/28 11:06:18 | 000,162,850 | -H-- | C] () -- C:\WINDOWS\System32\c_932.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_874.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_874.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_865.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_865.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_863.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_863.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_861.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_861.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_860.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_860.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_850.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_850.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_775.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_775.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_437.nls

[2001/10/28 11:06:18 | 000,066,594 | -H-- | C] () -- C:\WINDOWS\System32\c_437.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_500.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_500.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28605.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28605.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28598.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28598.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28593.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28593.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28592.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28592.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_28591.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_28591.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_21866.nls

[2001/10/28 11:06:18 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_21866.nls

[2001/10/28 11:06:18 | 000,041,128 | -H-- | C] () -- C:\WINDOWS\System32\dfrg.msc

[2001/10/28 11:06:18 | 000,033,311 | -H-- | C] () -- C:\WINDOWS\System32\diskmgmt.msc

[2001/10/28 11:06:18 | 000,032,724 | -H-- | C] () -- C:\WINDOWS\System32\devmgmt.msc

[2001/10/28 11:06:18 | 000,021,130 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe

[2001/10/28 11:06:18 | 000,021,130 | -H-- | C] () -- C:\WINDOWS\System32\debug.exe

[2001/10/28 11:06:16 | 000,139,810 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20261.nls

[2001/10/28 11:06:16 | 000,139,810 | -H-- | C] () -- C:\WINDOWS\System32\c_20261.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20905.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_20905.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_20866.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_20866.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1258.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1258.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1257.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1257.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1256.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1256.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1255.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1255.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1254.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1254.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1253.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1253.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1252.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1252.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1251.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1251.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1250.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1250.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_1026.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_1026.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10079.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10079.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_10000.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_10000.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\c_037.nls

[2001/10/28 11:06:16 | 000,066,082 | -H-- | C] () -- C:\WINDOWS\System32\c_037.nls

[2001/10/28 11:06:16 | 000,037,362 | -H-- | C] () -- C:\WINDOWS\System32\compmgmt.msc

[2001/10/28 11:06:16 | 000,027,097 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\country.sys

[2001/10/28 11:06:16 | 000,008,386 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ctype.nls

[2001/10/28 11:06:16 | 000,008,386 | -H-- | C] () -- C:\WINDOWS\System32\ctype.nls

[2001/10/28 11:06:12 | 000,355,112 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll

[2001/10/28 11:06:12 | 000,239,616 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax

[2001/10/28 11:06:12 | 000,239,616 | -H-- | C] () -- C:\WINDOWS\System32\wstrenderer.ax

[2001/10/28 11:06:12 | 000,168,063 | -H-- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs

[2001/10/28 11:06:12 | 000,168,063 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs

[2001/10/28 11:06:12 | 000,098,268 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs

[2001/10/28 11:06:12 | 000,098,268 | -H-- | C] () -- C:\WINDOWS\System32\eventquery.vbs

[2001/10/28 11:06:12 | 000,061,126 | -H-- | C] () -- C:\WINDOWS\System32\cliconf.chm

[2001/10/28 11:06:12 | 000,060,504 | -H-- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp

[2001/10/28 11:06:12 | 000,052,472 | -H-- | C] () -- C:\WINDOWS\System32\command.com

[2001/10/28 11:06:12 | 000,041,461 | -H-- | C] () -- C:\WINDOWS\System32\ciadv.msc

[2001/10/28 11:06:12 | 000,040,593 | -H-- | C] () -- C:\WINDOWS\System32\cmdlib.wsc

[2001/10/28 11:06:12 | 000,000,075 | -H-- | C] () -- C:\WINDOWS\System32\Exibir canais.scf

[2001/10/28 11:06:12 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\System32\cmos.ram

[2001/10/28 11:06:10 | 000,041,985 | -H-- | C] () -- C:\WINDOWS\System32\certmgr.msc

[2001/10/28 11:06:10 | 000,028,420 | -H-- | C] () -- C:\WINDOWS\System32\bios1.rom

[2001/10/28 11:06:10 | 000,008,191 | -H-- | C] () -- C:\WINDOWS\System32\bios4.rom

[2001/10/28 11:06:10 | 000,004,952 | RHS- | C] () -- C:\Bootfont.bin

[2001/10/28 11:06:08 | 000,012,578 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\append.exe

[2001/10/28 11:06:08 | 000,012,578 | -H-- | C] () -- C:\WINDOWS\System32\append.exe

[2001/10/28 11:06:08 | 000,009,032 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys

[2001/10/28 11:06:06 | 000,002,233 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx

[2001/10/28 11:06:06 | 000,002,233 | -H-- | C] () -- C:\WINDOWS\System32\12520850.cpx

[2001/10/28 11:06:06 | 000,002,151 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx

[2001/10/28 11:06:06 | 000,002,151 | -H-- | C] () -- C:\WINDOWS\System32\12520437.cpx

[2001/09/05 20:50:34 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\dvdplay.exe

[2001/08/23 09:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001/08/23 09:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin

[2001/08/23 09:00:00 | 000,006,761 | -H-- | C] () -- C:\WINDOWS\System32\oembios.sig

[2001/08/23 09:00:00 | 000,006,761 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig

[2001/08/23 09:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001/08/23 09:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat

[1999/01/08 10:19:42 | 000,025,360 | ---- | C] () -- C:\WINDOWS\System32\VBAPTB32.OLB

[1997/08/11 03:10:00 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2010/05/05 18:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\InterApp

[2009/08/12 22:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MythPeople

[2009/10/15 12:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Drivers HeadQuarters

[2009/08/23 11:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP\Dados de aplicativos\Orbit

[2009/09/23 11:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\BrOffice.org

[2009/07/18 16:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\GrabPro

[2010/05/05 18:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Usuario\Dados de aplicativos\Orbit

[2010/05/05 15:30:10 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E4152497-7C32-45D5-9C39-1A30CD0E97D6}.job

========== Purity Check ==========

< End of report >

Espero, que esteje certo agora!

O que pode ser aquele vírus que o avast datectou lá antes no outro procedimento,

tenho que fazer alguma coisa a respeito disso? Obrigada!!

DigRam · Maio 6, 2010

Boa Noite! Tati Ramos

Espero, que esteje certo agora!
O que pode ser aquele vírus que o avast datectou lá antes no outro procedimento,

tenho que fazer alguma coisa a respeito disso? Obrigada!!

<!> Está correta a sua postagem,do relatório OTL.txt.

<!> Quanto ao malware,detectado pelo Avast,já está sendo "tratado" pelo script desta ferramenta.

00000000000000000000000

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

::files
C:\WINDOWS\System32\zh-TW

C:\WINDOWS\System32\zh-HK

C:\WINDOWS\System32\tr-TR

C:\WINDOWS\System32\sv-SE

C:\WINDOWS\System32\nl-NL

C:\WINDOWS\System32\nb-NO

C:\WINDOWS\System32\ko-KR

C:\WINDOWS\System32\it-IT

C:\WINDOWS\System32\he-IL

C:\WINDOWS\System32\fr-FR

C:\WINDOWS\System32\fi-FI

C:\WINDOWS\System32\es-ES

C:\WINDOWS\System32\el-GR

C:\WINDOWS\System32\de-DE

C:\WINDOWS\System32\da-DK

C:\WINDOWS\System32\ar-SA

:otl

O2 - BHO: (Online Radio Brazil Toolbar) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O3 - HKLM\..\Toolbar: (Online Radio Brazil Toolbar) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O3 - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\Toolbar\WebBrowser: (Online Radio Brazil Toolbar) - {F4C23CA5-ED6C-4376-80AD-62F9161A7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O4 - HKLM..\Run: [linkmsn] C:\WINDOWS\System32\linkmsn.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [pmail.exe] C:\WINDOWS\System32\Microsoft\pmail.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [pro1.exe] C:\WINDOWS\System32\Microsoft\pro1.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [taks] C:\WINDOWS\System32\Microsoft\msn1.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; GTB6.5; Mozilla\4.0 ( File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe File not found

O20 - HKLM Winlogon: Shell - (csrcs.exe) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\CDS\Nero\Installation\SetupX.exe"=-

"F:\CD Utilitarios\Messenger\Install_Messenger.exe"=-

"C:\Arquivos de programas\MSN Messenger\livecall.exe"=-

"C:\Arquivos de programas\MPC HomeCinema\mpc-hc.exe"=-

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

<@> Poste,também,HijackThis atualizado.

Abraços!

Tati Ramos · Maio 6, 2010

Boa Noite! Tati Ramos

Espero, que esteje certo agora!
O que pode ser aquele vírus que o avast datectou lá antes no outro procedimento,

tenho que fazer alguma coisa a respeito disso? Obrigada!!

<!> Está correta a sua postagem,do relatório OTL.txt.

<!> Quanto ao malware,detectado pelo Avast,já está sendo "tratado" pelo script desta ferramenta.

00000000000000000000000

00000000000000000000000

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

::files
C:\WINDOWS\System32\zh-TW

C:\WINDOWS\System32\zh-HK

C:\WINDOWS\System32\tr-TR

C:\WINDOWS\System32\sv-SE

C:\WINDOWS\System32\nl-NL

C:\WINDOWS\System32\nb-NO

C:\WINDOWS\System32\ko-KR

C:\WINDOWS\System32\it-IT

C:\WINDOWS\System32\he-IL

C:\WINDOWS\System32\fr-FR

C:\WINDOWS\System32\fi-FI

C:\WINDOWS\System32\es-ES

C:\WINDOWS\System32\el-GR

C:\WINDOWS\System32\de-DE

C:\WINDOWS\System32\da-DK

C:\WINDOWS\System32\ar-SA

:otl

O2 - BHO: (Online Radio Brazil Toolbar) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll File not found

O3 - HKLM\..\Toolbar: (Online Radio Brazil Toolbar) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O3 - HKU\S-1-5-21-606747145-602162358-1417001333-1003\..\Toolbar\WebBrowser: (Online Radio Brazil Toolbar) - {F4C23CA5-ED6C-4376-80AD-62F9161A7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnli.dll File not found

O4 - HKLM..\Run: [linkmsn] C:\WINDOWS\System32\linkmsn.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [pmail.exe] C:\WINDOWS\System32\Microsoft\pmail.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [pro1.exe] C:\WINDOWS\System32\Microsoft\pro1.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\Run: [taks] C:\WINDOWS\System32\Microsoft\msn1.exe File not found

O4 - HKU\S-1-5-21-606747145-602162358-1417001333-1003..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; GTB6.5; Mozilla\4.0 ( File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe File not found

O20 - HKLM Winlogon: Shell - (csrcs.exe) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"E:\CDS\Nero\Installation\SetupX.exe"=-

"F:\CD Utilitarios\Messenger\Install_Messenger.exe"=-

"C:\Arquivos de programas\MSN Messenger\livecall.exe"=-

"C:\Arquivos de programas\MPC HomeCinema\mpc-hc.exe"=-

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

<@> Poste,também,HijackThis atualizado.

Abraços!

========================================================

Bom, dia DigRam, fiz todo o processo, que foi rápido, mais quando ele acabou pediu pra reiniciar o pc

ficou 3 horas na tela o windows sendo encerrado,aí eu apertei o botão do gabinete pra reiniciar,ele reiniciou deu um bloco de notas

aparentemente escrito eboot deleted.

Pensei que eu tivesse cancelado o processo e fiz tudo de novo!

era 1:30 da manhã e esta até agora na tela o windows está sendo encerrado.

É assim mesmo?

Eu estou em outro pc!

Tati Ramos · Maio 6, 2010

==================================================

Bom, dia DigRam, fiz todo o Processo, Que foi Rápido, Mais QUANDO Ele Pediu Acabou pra Reiniciar o pc

Ficou 3 horas NA TELA encerrado Sendo o windows, aí eu apertei o Botão do gabinete pra Reiniciar, DEU UM Ele reiniciou bloco de Notas

Aparentemente Reboot Escrito excluída.

Pensei Que Tivesse eu CANCELADO o Processo e fiz Tudo de novo!

era 01:30 da Manhã e encerrado sendo esta Até ágora NA TELA janelas o ESTA.

É Mesmo assim?

Eu Estou Outro pc em!

[/ Quote]

Abei de chegar em casa e reiniciei o pc pelo botão do gabinete novamente

aí vai o que o OTL gerou:

All processes killed

Error: Unable to interpret <::files> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\zh-TW> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\zh-HK> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\tr-TR> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\sv-SE> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\nl-NL> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\nb-NO> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\ko-KR> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\it-IT> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\he-IL> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\fr-FR> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\fi-FI> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\es-ES> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\el-GR> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\de-DE> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\da-DK> in the current context!

Error: Unable to interpret <C:\WINDOWS\System32\ar-SA> in the current context!

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f4c23ca5-ed6c-4376-80ad-62f9161a7286} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\ not found.

Registry value HKEY_USERS\S-1-5-21-606747145-602162358-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F4C23CA5-ED6C-4376-80AD-62F9161A7286} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4C23CA5-ED6C-4376-80AD-62F9161A7286}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\linkmsn not found.

Registry value HKEY_USERS\S-1-5-21-606747145-602162358-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\pmail.exe not found.

Registry value HKEY_USERS\S-1-5-21-606747145-602162358-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\pro1.exe not found.

Registry value HKEY_USERS\S-1-5-21-606747145-602162358-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run\\taks not found.

Registry value HKEY_USERS\S-1-5-21-606747145-602162358-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\csrcs not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:csrcs.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

File/Folder C:\WINDOWS\System32\*.tmp not found.

File/Folder C:\WINDOWS\*.tmp not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Arquivos de programas\MSN Messenger\livecall.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\CDS\Nero\Installation\SetupX.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\CD Utilitarios\Messenger\Install_Messenger.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\MSN Messenger\livecall.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\MPC HomeCinema\mpc-hc.exe not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: TEMP

User: Usuario

->Flash cache emptied: 434 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: TEMP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Usuario

->Temp folder emptied: 624838 bytes

->Temporary Internet Files folder emptied: 3806291 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 20449 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,00 mb

OTL by OldTimer - Version 3.2.4.1 log created on 05062010_012025

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_56c.dat not found!

Registry entries deleted on Reboot...

DigRam · Maio 6, 2010

Boa Tarde! Tati Ramos

Bom, dia DigRam, fiz todo o Processo, Que foi Rápido, Mais QUANDO Ele Pediu Acabou pra Reiniciar o pc
Ficou 3 horas NA TELA encerrado Sendo o windows, aí eu apertei o Botão do gabinete pra Reiniciar, DEU UM Ele reiniciou bloco de Notas

Aparentemente Reboot Escrito excluída.

Pensei Que Tivesse eu CANCELADO o Processo e fiz Tudo de novo!

era 01:30 da Manhã e encerrado sendo esta Até ágora NA TELA janelas o ESTA.

É Mesmo assim?

<!> A sua ação foi correta,já que ocorreu travamento ao reboot que foi relacionado no script.

000000000000000000000000

<@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

000000000000000000000000

<@> Baixe: < PureRa15Binary.zip > ( ...by Paul McLain & Fred de Vries )

<!> Link - 2 < >

<@> Salve-o no desktop! <-- Tire-o do zip!

<@> Execute: PureRa.exe --> Clique em Clean.

<@> Marque a opção: "Check All"

< >

<@> Clique no botão Clean Selected --> Aguarde!

<@> Terminando ( Finished ),clique em Exit.

<@> Poste o relatório: PureRa.txt <--

Abraços!

Tati Ramos · Maio 6, 2010

RaProducts' PureRa v1.5

Log created at 18:34 on 06/05/2010 (Usuario)

C:\Config.MSI emptied.

C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted.

Recycle bin emptied.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.

C:\WINDOWS\SoftwareDistribution\Download emptied.

C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.

C:\WINDOWS\SoftwareDistribution\WuRedir emptied.

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- O arquivo já está sendo usado por outro processo.

C:\DOCUME~1\Usuario\CONFIG~1\Temp emptied.

C:\WINDOWS\TEMP emptied.

C:\WINDOWS\$NtUninstallKB898461$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923561$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB929399$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936782_WMP11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB939683$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941569$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946648$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950762$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950974$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951066$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951748$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951978$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952004$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952069_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952287$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952954$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954154_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954155_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954459$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954600$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955069$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955759$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956572$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956744$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956802$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956803$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956844$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957097$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958869$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB959426$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB959772_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960225$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960803$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960859$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961118$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961371$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961501$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961503$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB967715$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968389$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968537$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968816_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB969059$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB969897$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB969947$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970238$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970430$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970653-v3$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971468$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971486$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971557$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971633$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971657$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971737$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973346$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973354$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973507$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973525$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973540_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973815$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973869$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973904$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974112$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974318$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974392$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974571$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975025$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975467$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975560$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975561$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975713$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB976098-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB977165$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB977914$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978037$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978251$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978262$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978706$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB979306$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallMSCompPackV1$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWMFDist11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallwmp11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWudf01000$ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\FrameWork.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemcore.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemess.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wmiprov.log <- Successfully deleted.

C:\sqmdata00.sqm <- Successfully deleted.

C:\sqmdata01.sqm <- Successfully deleted.

C:\sqmdata02.sqm <- Successfully deleted.

C:\sqmdata03.sqm <- Successfully deleted.

C:\sqmdata04.sqm <- Successfully deleted.

C:\sqmdata05.sqm <- Successfully deleted.

C:\sqmdata06.sqm <- Successfully deleted.

C:\sqmdata07.sqm <- Successfully deleted.

C:\sqmdata08.sqm <- Successfully deleted.

C:\sqmdata09.sqm <- Successfully deleted.

C:\sqmnoopt00.sqm <- Successfully deleted.

C:\sqmnoopt01.sqm <- Successfully deleted.

C:\sqmnoopt02.sqm <- Successfully deleted.

C:\sqmnoopt03.sqm <- Successfully deleted.

C:\sqmnoopt04.sqm <- Successfully deleted.

C:\sqmnoopt05.sqm <- Successfully deleted.

C:\sqmnoopt06.sqm <- Successfully deleted.

C:\sqmnoopt07.sqm <- Successfully deleted.

C:\sqmnoopt08.sqm <- Successfully deleted.

C:\sqmnoopt09.sqm <- Successfully deleted.

C:\Arquivos de programas\Ares\data\GUI\Bloody\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Ares\data\GUI\Borravino\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Ares\data\GUI\Esmeralda\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Ares\data\GUI\General\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Ares\data\GUI\Mac\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Ares\data\GUI\OsThemes\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\DreaMule\skins\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\HP\Digital Imaging\skins\oov1\tj\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Microsoft Office\CLIPART\PUB60COR\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Microsoft Office\CLIPART\Publisher\Backgrounds\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Microsoft Office\MEDIA\CAGCAT10\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Microsoft Office\MEDIA\OFFICE11\LINES\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Microsoft Office\MEDIA\OFFICE12\LINES\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Amostra de música\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\IconCache.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Ares\My Shared Folder\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Windows Live\SqmApi\SqmData720896_01.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Windows Live\SqmApi\SqmData720896_02.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Mail\sqmdata00.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Mail\sqmnoopt00.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmdata00.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmdata01.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmdata02.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmdata03.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt01.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt02.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt03.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt04.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt05.sqm <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\casa de oração\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\DENIS\GIROC[OPTEROS\Minhas imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\DENIS\GIROC[OPTEROS\VIDEOS\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\Imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\Meus vídeos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\Minhas imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\Minhas imagens\Minhas músicas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\Minhas imagens\Originals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\SERIADOS\Flash.avi\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\Usuario\Meus documentos\SERIADOS\Heroes.avi\Thumbs.db <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag00.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag01.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag02.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag03.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag04.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag05.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag06.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag07.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag08.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag09.sqm <- Successfully deleted.

C:\WINDOWS\Network Diagnostic\Sqm\NetDiag10.sqm <- Successfully deleted.

Total space cleaned: 262706624 bytes

-=E.O.F=-

Boa noite.

DigRam · Maio 6, 2010

Boa Noite! Tati Ramos

<!> Como está seu computador! Tudo Ok?

00000000000000

<!> Poste: HijackThis atualizado.

Abraços!

Tati Ramos · Maio 7, 2010

O OTL sumiu do meu pc! pq

HijackThis atualizado

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:16:08, on 6/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\ARQUIV~1\ASSIST~1\SMARTB~1\MotiveSB.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe

C:\WINDOWS\winmgr\winmgr.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orkthreat.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\HiJackThis.exe\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - (no file)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)