[Resolvido] &nbspServidor Win 2003 com W32 Sality .AA

Marcio Ortiz · Junho 8, 2011

Meu Servidor está apresentando este virus e desabilita o task manager, pode me ajudar a retirar esse virus?

LOG:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:34:24 AM, on 6/8/2011

Platform: Windows 2003 SP1 (WinNT 5.02.3790)

MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Ipswitch\WhatsConnected\NetworkViewerService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\PRTG Network Monitor\PRTG Server.exe

C:\Program Files\PRTG Network Monitor\PRTG Probe.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Ipswitch\WhatsUp\ServiceControlManager.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\PRTG Network Monitor\PRTG Windows GUI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe

C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe

C:\Program Files\Ipswitch\WhatsUp\NmConsole.exe

C:\Program Files\Ipswitch\WhatsUp\nmservice.exe

C:\Program Files\Ipswitch\WhatsUp\bwcollector.net.exe

C:\Program Files\Ipswitch\WhatsUp\alertcenterservice.exe

C:\Program Files\Ipswitch\WhatsUp\tftpservice.exe

C:\Program Files\Ipswitch\WhatsUp\networkconfigservice.exe

C:\Program Files\Ipswitch\WhatsUp\discoveryservice.exe

C:\Program Files\Ipswitch\WhatsUp\nmwebservice.exe

C:\Program Files\Ipswitch\WhatsUp\nmapi.exe

C:\Program Files\Ipswitch\WhatsUp\networkviewerdataservice.exe

C:\Program Files\Ipswitch\WhatsUp\whatsvirtualservice.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe

C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe

C:\Program Files\Genetec Omnicast Client 4.6\LiveViewer.exe

c:\windows\system32\inetsrv\w3wp.exe

E:\Programas\WindowsServer2003-KB914961-SP2-x86-ENU.exe

D:\HiJackThis.exe

d:\e279f9cfb054b7f94421b9\i386\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.0.0.9/'>http://10.0.0.9/

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [NMTaskTray] C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe /AutoStart

O4 - HKLM\..\Run: [NmDesktopActions] C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - S-1-5-21-1402282174-3741761746-3258281098-1020 Startup: PRTG Windows GUI.lnk = C:\Program Files\PRTG Network Monitor\PRTG Windows GUI.exe (User 'vanderlei.rocha')

O4 - S-1-5-21-1402282174-3741761746-3258281098-1020 User Startup: PRTG Windows GUI.lnk = C:\Program Files\PRTG Network Monitor\PRTG Windows GUI.exe (User 'vanderlei.rocha')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O15 - ESC Trusted IP range: http://10.0.0.9

O15 - ESC Trusted IP range: http://10.0.2.55

O15 - ESC Trusted IP range: http://10.0.2.56

O15 - ESC Trusted IP range: http://10.0.9.171

O15 - ESC Trusted IP range: http://10.0.22.185

O15 - ESC Trusted IP range: http://10.0.22.218

O15 - ESC Trusted IP range: http://10.50.96.3

O15 - ESC Trusted IP range: http://10.0.41.108

O15 - ESC Trusted IP range: http://10.50.96.112

O15 - ESC Trusted IP range: http://10.0.41.83

O15 - ESC Trusted IP range: http://10.0.22.201

O15 - ESC Trusted IP range: http://10.0.41.78

O15 - ESC Trusted IP range: http://10.0.41.79

O15 - ESC Trusted IP range: http://10.50.96.107

O15 - ESC Trusted IP range: http://10.50.96.108

O15 - ESC Trusted IP range: http://10.0.16.134

O15 - ESC Trusted IP range: http://10.0.16.132

O15 - ESC Trusted IP range: http://10.0.16.133

O15 - ESC Trusted IP range: http://10.0.9.179

O15 - ESC Trusted IP range: http://10.0.3.69

O15 - ESC Trusted IP range: http://10.50.96.139

O15 - ESC Trusted IP range: http://10.0.2.145

O15 - ESC Trusted IP range: http://10.0.41.90

O15 - ESC Trusted IP range: http://10.0.2.136

O15 - ESC Trusted IP range: http://10.0.0.10

O15 - ESC Trusted IP range: http://10.0.2.51

O15 - ESC Trusted IP range: http://10.0.2.52

O15 - ESC Trusted IP range: http://10.0.2.53

O15 - ESC Trusted IP range: http://10.0.2.54

O16 - DPF: {59BA4B4E-F390-4AF0-8A7B-37503D7FC00F} (SnPlayer Control) - http://10.0.0.150/SnPlayer.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://10.0.0.95:8080/NmConsole/CoreNm/Tools/msrdp.cab

O16 - DPF: {F9BF64A0-5A65-43E0-ACDB-B223E7F9DDD9} (WebWatch2 Control) - http://10.0.9.179/WEBWATCH2.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ipswitch Network Viewer - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\Ipswitch\WhatsConnected\NetworkViewerService.exe

O23 - Service: Ipswitch Service Control Manager - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\Ipswitch\WhatsUp\ServiceControlManager.exe

O23 - Service: PRTG 8 Core Server Service (PRTG7CoreService) - Paessler AG - C:\Program Files\PRTG Network Monitor\PRTG Server.exe

O23 - Service: PRTG 8 Probe Service (PRTG7ProbeService) - Paessler AG - C:\Program Files\PRTG Network Monitor\PRTG Probe.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--

End of file - 7165 bytes

wings · Junho 8, 2011

Olá Marcio Ortiz

Este servidor é de empresa?

Caso positivo, é melhor entrar em contato com o responsável.

Marcio Ortiz · Junho 8, 2011

Olá Marcio Ortiz

Este servidor é de empresa?

Caso positivo, é melhor entrar em contato com o responsável.

Eu sou o responsavel, mas estou tomando uma surra pra tirrar esse virus.

Essa é a questão, eu sou o responsável, mais não estou conseguindo retirar esse vírus, pode me ajudar?

wings · Junho 8, 2011

*Baixe o RSIT e salve-o no desktop

*Execute-o e clique [Continue]

*Cole o relatório C:\rsit\log.txt

Marcio Ortiz · Junho 8, 2011

Segue o log, e obrigado pela ajuda!

Logfile of random's system information tool 1.08 (written by random/random)

Run by marcio.ortiz at 2011-06-08 15:33:25

Microsoft® Windows® Server 2003, Standard Edition Service Pack 2

System drive C: has 429 GB (90%) free of 477 GB

Total RAM: 1023 MB (8% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Gravacoes.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NMTaskTray"=C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe [2011-01-06 134480]

"NmDesktopActions"=C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe [2011-01-06 71680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 112496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]

C:\Program Files\Broadcom\BACS\BacsTray.exe [2009-10-23 419176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DudeServer]

C:\Program Files\Dude\dude.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 100648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^marcio.ortiz^Start Menu^Programs^Startup^PRTG Windows GUI.lnk]

C:\PROGRA~1\PRTGNE~1\PRTGWI~1.EXE [2010-10-19 4081936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"TeamViewer5"=2

"idsvc"=3

"IDriverT"=3

"rpcapd"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

C:\WINDOWS\system32\crypt32.dll [2007-02-17 595456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

C:\WINDOWS\system32\cscdll.dll [2007-02-17 101888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

C:\WINDOWS\system32\sclgntfy.dll [2006-04-04 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2007-02-17 8359936]

CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2007-02-17 8359936]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2007-02-17 276992]

SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2007-02-17 1033216]

Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2007-02-17 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2007-02-17 8359936]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=RASSFM

KDCSVC

WDIGEST

scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=1

"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"disablecad"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=0

"undockwithoutlogon"=1

"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"ShowSuperHidden"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\PRTG Network Monitor\PRTG Server.exe"="C:\Program Files\PRTG Network Monitor\PRTG Server.exe:*:Enabled:PRTG_Network_Monitor_Server"

"C:\Program Files\PRTG Network Monitor\PRTG Probe.exe"="C:\Program Files\PRTG Network Monitor\PRTG Probe.exe:*:Enabled:PRTG_Network_Monitor_Probe"

"C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe"="C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe:*:Enabled:PRTG_Network_Monitor_Admin_Tool"

"G:\rcebgx.pif"="G:\rcebgx.pif:*:Enabled:ipsec"

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:ipsec"

"C:\Program Files\Genetec Omnicast Client 4.6\LiveViewer.exe"="C:\Program Files\Genetec Omnicast Client 4.6\LiveViewer.exe:*:Enabled:ipsec"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"C:\Program Files\Genetec Omnicast Client 4.6\ConfigTool.exe"="C:\Program Files\Genetec Omnicast Client 4.6\ConfigTool.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\rdpclip.exe"="C:\WINDOWS\system32\rdpclip.exe:*:Enabled:ipsec"

"C:\Documents and Settings\marcio.ortiz\Desktop\ipscan.exe"="C:\Documents and Settings\marcio.ortiz\Desktop\ipscan.exe:*:Enabled:ipsec"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\cmd.exe"="C:\WINDOWS\system32\cmd.exe:*:Enabled:ipsec"

"C:\Program Files\Genetec Omnicast Client 4.6\ArchivePlayer.exe"="C:\Program Files\Genetec Omnicast Client 4.6\ArchivePlayer.exe:*:Enabled:ipsec"

"C:\Program Files\RealVNC\VNC4\vncconfig.exe"="C:\Program Files\RealVNC\VNC4\vncconfig.exe:*:Enabled:ipsec"

"C:\Program Files\PRTG Network Monitor\PRTG Windows GUI.exe"="C:\Program Files\PRTG Network Monitor\PRTG Windows GUI.exe:*:Enabled:ipsec"

"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:ipsec"

"C:\Program Files\Ahead\Nero\nero.exe"="C:\Program Files\Ahead\Nero\nero.exe:*:Enabled:ipsec"

"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE"="C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:ipsec"

"C:\Program Files\Wireshark\wireshark.exe"="C:\Program Files\Wireshark\wireshark.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\mstsc.exe"="C:\WINDOWS\system32\mstsc.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\sslpeek.exe"="C:\Program Files\Ipswitch\WhatsUp\sslpeek.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe"="C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe"="C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\ipsactive.exe"="C:\Program Files\Ipswitch\WhatsUp\ipsactive.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\NmConsole.exe"="C:\Program Files\Ipswitch\WhatsUp\NmConsole.exe:*:Enabled:ipsec"

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE:*:Enabled:ipsec"

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\nmservice.exe"="C:\Program Files\Ipswitch\WhatsUp\nmservice.exe:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsConnected\NetworkViewer.exe"="C:\Program Files\Ipswitch\WhatsConnected\NetworkViewer.exe:*:Enabled:ipsec"

"C:\DOCUME~1\MARCIO~1.ORT\LOCALS~1\Temp\2\~nsu.tmp\Au_.exe"="C:\DOCUME~1\MARCIO~1.ORT\LOCALS~1\Temp\2\~nsu.tmp\Au_.exe:*:Enabled:ipsec"

"C:\Program Files\HostMonitor8\UnInstal.exe"="C:\Program Files\HostMonitor8\UnInstal.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\scrnsave.scr"="C:\WINDOWS\system32\scrnsave.scr:*:Enabled:ipsec"

"C:\Program Files\Ipswitch\WhatsUp\nmwebservice.exe"="C:\Program Files\Ipswitch\WhatsUp\nmwebservice.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-06-08 15:33:26 ----D---- C:\Program Files\trend micro

2011-06-08 15:33:25 ----D---- C:\rsit

2011-06-08 10:44:01 ----A---- C:\WINDOWS\system32\dpcdll.dll

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\whsbrand.dll

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\hdaudres.dll

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\hdashcut.exe

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\hdaprop.dll

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\drivers\ipmidrv.sys

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\drivers\hdaudio.sys

2011-06-08 10:43:57 ----N---- C:\WINDOWS\system32\drivers\hdaudbus.sys

2011-06-08 10:43:56 ----N---- C:\WINDOWS\system32\drivers\hpcisss.sys

2011-06-08 10:43:56 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys

2011-06-08 10:43:56 ----N---- C:\WINDOWS\system32\drivers\arc.sys

2011-06-08 10:43:56 ----N---- C:\WINDOWS\system32\drivers\amdide.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\wpdusb.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\usbccid.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\uliagpkx.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\drivers\nv_agp.sys

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\dfsobjectmodel.dll

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\dfsmgmt.dll

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\cfscommonuifx.dll

2011-06-08 10:43:55 ----N---- C:\WINDOWS\system32\azrlreg.exe

2011-06-08 10:43:55 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys

2011-06-08 10:43:55 ----A---- C:\WINDOWS\system32\dimsntfy.dll

2011-06-08 10:43:55 ----A---- C:\WINDOWS\system32\aelupsvc.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\wpdtrace.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\wpdmtpus.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\wpdmtpdr.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\wpdmtp.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\wpdconns.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\verclsid.exe

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\srmlib.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\setupn.exe

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\netset03.exe

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\microsoft.storage.vds.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdukx.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdsmsno.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdpash.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdno1.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdnepr.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdmlt48.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdmlt47.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdmaori.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdiultn.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdfi1.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\kbdbhc.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\icacls.exe

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\fsmsnap.dll

2011-06-08 10:43:54 ----N---- C:\WINDOWS\system32\fsmmsg.dll

2011-06-08 10:43:54 ----A---- C:\WINDOWS\system32\ws03res.dll

2011-06-08 10:43:53 ----N---- C:\WINDOWS\system32\xmllite.dll

2011-06-08 10:43:53 ----A---- C:\WINDOWS\system32\wuaueng.dll

2011-06-08 10:43:52 ----A---- C:\WINDOWS\system32\xpsp2res.dll

2011-06-08 10:42:46 ----D---- C:\WINDOWS\ServicePackFiles

2011-06-08 10:42:46 ----A---- C:\WINDOWS\system32\rassfm.dll

2011-06-08 10:42:45 ----A---- C:\WINDOWS\system32\sainstall.dll

2011-06-08 10:42:31 ----A---- C:\WINDOWS\system32\actxprxy.dll

2011-06-08 10:42:31 ----A---- C:\WINDOWS\system32\activeds.dll

2011-06-08 10:42:31 ----A---- C:\WINDOWS\explorer.exe

2011-06-08 10:42:30 ----A---- C:\WINDOWS\system32\admwprox.dll

2011-06-08 10:42:29 ----A---- C:\WINDOWS\system32\adsldpc.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\browseui.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\browser.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\batmeter.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\basesrv.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\avifil32.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\authz.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\audiosrv.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\atmfd.dll

2011-06-08 10:42:28 ----A---- C:\WINDOWS\system32\apphelp.dll

2011-06-08 10:42:27 ----A---- C:\WINDOWS\system32\cabview.dll

2011-06-08 10:42:26 ----A---- C:\WINDOWS\system32\comres.dll

2011-06-08 10:42:26 ----A---- C:\WINDOWS\system32\cnbjmon.dll

2011-06-08 10:42:26 ----A---- C:\WINDOWS\system32\clusapi.dll

2011-06-08 10:42:26 ----A---- C:\WINDOWS\system32\clbcatq.dll

2011-06-08 10:42:26 ----A---- C:\WINDOWS\system32\certcli.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\csrsrv.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\cscui.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\cscdll.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\cryptui.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\cryptsvc.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\cryptnet.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\cryptdll.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\crypt32.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\credui.dll

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\conime.exe

2011-06-08 10:42:25 ----A---- C:\WINDOWS\system32\comsvcs.dll

2011-06-08 10:42:24 ----A---- C:\WINDOWS\system32\ctfmon.exe

2011-06-08 10:42:23 ----A---- C:\WINDOWS\system32\dinput.dll

2011-06-08 10:42:23 ----A---- C:\WINDOWS\system32\ddrawex.dll

2011-06-08 10:42:23 ----A---- C:\WINDOWS\system32\ddraw.dll

2011-06-08 10:42:23 ----A---- C:\WINDOWS\system32\dbnmpntw.dll

2011-06-08 10:42:23 ----A---- C:\WINDOWS\system32\dbnetlib.dll

2011-06-08 10:42:23 ----A---- C:\WINDOWS\system32\davclnt.dll

2011-06-08 10:42:22 ----A---- C:\WINDOWS\system32\dssenh.dll

2011-06-08 10:42:22 ----A---- C:\WINDOWS\system32\drprov.dll

2011-06-08 10:42:22 ----A---- C:\WINDOWS\system32\dnsrslvr.dll

2011-06-08 10:42:22 ----A---- C:\WINDOWS\system32\dnsapi.dll

2011-06-08 10:42:22 ----A---- C:\WINDOWS\system32\dmserver.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\faultrep.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\evntagnt.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\eventlog.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\esent.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\es.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\ersvc.dll

2011-06-08 10:42:20 ----A---- C:\WINDOWS\system32\duser.dll

2011-06-08 10:42:19 ----A---- C:\WINDOWS\system32\gdi32.dll

2011-06-08 10:42:19 ----A---- C:\WINDOWS\system32\feclient.dll

2011-06-08 10:42:18 ----A---- C:\WINDOWS\system32\icm32.dll

2011-06-08 10:42:18 ----A---- C:\WINDOWS\system32\icaapi.dll

2011-06-08 10:42:18 ----A---- C:\WINDOWS\system32\httpapi.dll

2011-06-08 10:42:18 ----A---- C:\WINDOWS\system32\hnetcfg.dll

2011-06-08 10:42:18 ----A---- C:\WINDOWS\system32\hid.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\iphlpapi.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\ipbootp.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\inetpp.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\inetmib1.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\imm32.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\imgutil.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\iisrtl.dll

2011-06-08 10:42:17 ----A---- C:\WINDOWS\system32\iismap.dll

2011-06-08 10:42:16 ----A---- C:\WINDOWS\system32\ipsecsvc.dll

2011-06-08 10:42:16 ----A---- C:\WINDOWS\system32\ipnathlp.dll

2011-06-08 10:42:15 ----A---- C:\WINDOWS\system32\linkinfo.dll

2011-06-08 10:42:15 ----A---- C:\WINDOWS\system32\licdll.dll

2011-06-08 10:42:15 ----A---- C:\WINDOWS\system32\kernel32.dll

2011-06-08 10:42:15 ----A---- C:\WINDOWS\system32\kerberos.dll

2011-06-08 10:42:15 ----A---- C:\WINDOWS\system32\kdcsvc.dll

2011-06-08 10:42:15 ----A---- C:\WINDOWS\system32\jscript.dll

2011-06-08 10:42:14 ----A---- C:\WINDOWS\system32\mfc42u.dll

2011-06-08 10:42:14 ----A---- C:\WINDOWS\system32\mfc42.dll

2011-06-08 10:42:14 ----A---- C:\WINDOWS\system32\mdminst.dll

2011-06-08 10:42:14 ----A---- C:\WINDOWS\system32\lmmib2.dll

2011-06-08 10:42:13 ----A---- C:\WINDOWS\system32\modemui.dll

2011-06-08 10:42:13 ----A---- C:\WINDOWS\system32\mlang.dll

2011-06-08 10:42:12 ----A---- C:\WINDOWS\system32\mscms.dll

2011-06-08 10:42:12 ----A---- C:\WINDOWS\system32\msasn1.dll

2011-06-08 10:42:12 ----A---- C:\WINDOWS\system32\msacm32.dll

2011-06-08 10:42:12 ----A---- C:\WINDOWS\system32\mprapi.dll

2011-06-08 10:42:12 ----A---- C:\WINDOWS\system32\mpr.dll

2011-06-08 10:42:11 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2011-06-08 10:42:11 ----A---- C:\WINDOWS\system32\msdtclog.dll

2011-06-08 10:42:11 ----A---- C:\WINDOWS\system32\msdtc.exe

2011-06-08 10:42:11 ----A---- C:\WINDOWS\system32\msdart.dll

2011-06-08 10:42:11 ----A---- C:\WINDOWS\system32\msctf.dll

2011-06-08 10:42:10 ----A---- C:\WINDOWS\system32\msi.dll

2011-06-08 10:42:10 ----A---- C:\WINDOWS\system32\msgina.dll

2011-06-08 10:42:10 ----A---- C:\WINDOWS\system32\msftedit.dll

2011-06-08 10:42:10 ----A---- C:\WINDOWS\system32\msdtctm.dll

2011-06-08 10:42:09 ----A---- C:\WINDOWS\system32\msisip.dll

2011-06-08 10:42:09 ----A---- C:\WINDOWS\system32\msimsg.dll

2011-06-08 10:42:09 ----A---- C:\WINDOWS\system32\msihnd.dll

2011-06-08 10:42:09 ----A---- C:\WINDOWS\system32\msiexec.exe

2011-06-08 10:42:09 ----A---- C:\WINDOWS\system32\msidle.dll

2011-06-08 10:42:08 ----A---- C:\WINDOWS\system32\msvcrt.dll

2011-06-08 10:42:08 ----A---- C:\WINDOWS\system32\msvcp60.dll

2011-06-08 10:42:08 ----A---- C:\WINDOWS\system32\msvbvm60.dll

2011-06-08 10:42:08 ----A---- C:\WINDOWS\system32\msv1_0.dll

2011-06-08 10:42:08 ----A---- C:\WINDOWS\system32\msutb.dll

2011-06-08 10:42:08 ----A---- C:\WINDOWS\system32\mstlsapi.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\ncobjapi.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\mydocs.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\mtxoci.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\mtxclu.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\msxml3r.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\msxml3.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\mswsock.dll

2011-06-08 10:42:07 ----A---- C:\WINDOWS\system32\msvfw32.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\newdev.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\netshell.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\netman.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\netlogon.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\netcfgx.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\netapi32.dll

2011-06-08 10:42:06 ----A---- C:\WINDOWS\system32\nddeapi.dll

2011-06-08 10:42:05 ----A---- C:\WINDOWS\system32\ntmarta.dll

2011-06-08 10:42:05 ----A---- C:\WINDOWS\system32\ntlanman.dll

2011-06-08 10:42:05 ----A---- C:\WINDOWS\system32\ntdsatq.dll

2011-06-08 10:42:05 ----A---- C:\WINDOWS\system32\ntdsapi.dll

2011-06-08 10:42:05 ----A---- C:\WINDOWS\system32\ntdsa.dll

2011-06-08 10:42:05 ----A---- C:\WINDOWS\system32\notepad.exe

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\oleacc.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\ole32.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\odbcint.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\odbccp32.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\odbcbcp.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\odbc32.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\oakley.dll

2011-06-08 10:42:04 ----A---- C:\WINDOWS\system32\ntshrui.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\profmap.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\powrprof.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\pjlmon.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\perfos.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\pdh.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\olepro32.dll

2011-06-08 10:42:03 ----A---- C:\WINDOWS\system32\olecli32.dll

2011-06-08 10:42:02 ----A---- C:\WINDOWS\system32\raschap.dll

2011-06-08 10:42:02 ----A---- C:\WINDOWS\system32\rasadhlp.dll

2011-06-08 10:42:02 ----A---- C:\WINDOWS\system32\pstorsvc.dll

2011-06-08 10:42:02 ----A---- C:\WINDOWS\system32\psbase.dll

2011-06-08 10:42:02 ----A---- C:\WINDOWS\system32\psapi.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\resutils.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\regsvc.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\regapi.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\rdpdd.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\rdpclip.exe

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\rastls.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\rasppp.dll

2011-06-08 10:42:01 ----A---- C:\WINDOWS\system32\rasmans.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\scesrv.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\scecli.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\rtutils.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\rsaenh.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\rpcss.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\rpcrt4.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\ripagnt.dll

2011-06-08 10:42:00 ----A---- C:\WINDOWS\system32\riched20.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\sfc_os.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\sensapi.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\sens.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\secur32.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\seclogon.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\scrrun.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\scredir.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\schedsvc.dll

2011-06-08 10:41:59 ----A---- C:\WINDOWS\system32\schannel.dll

2011-06-08 10:41:58 ----A---- C:\WINDOWS\system32\shfolder.dll

2011-06-08 10:41:58 ----A---- C:\WINDOWS\system32\shell32.dll

2011-06-08 10:41:58 ----A---- C:\WINDOWS\system32\shdocvw.dll

2011-06-08 10:41:57 ----A---- C:\WINDOWS\system32\shlwapi.dll

2011-06-08 10:41:57 ----A---- C:\WINDOWS\system32\shimeng.dll

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\stobject.dll

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\sqlunirl.dll

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\sqlsrv32.dll

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\spoolsv.exe

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\spoolss.dll

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\snmpapi.dll

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\snmp.exe

2011-06-08 10:41:56 ----A---- C:\WINDOWS\system32\shsvcs.dll

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\tcpmon.dll

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\tcpmib.dll

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\tapisrv.dll

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\tapi32.dll

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\sxs.dll

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\svchost.exe

2011-06-08 10:41:55 ----A---- C:\WINDOWS\system32\strmfilt.dll

2011-06-08 10:41:54 ----A---- C:\WINDOWS\system32\termsrv.dll

2011-06-08 10:41:53 ----A---- C:\WINDOWS\system32\url.dll

2011-06-08 10:41:53 ----A---- C:\WINDOWS\system32\uniplat.dll

2011-06-08 10:41:53 ----A---- C:\WINDOWS\system32\unimdmat.dll

2011-06-08 10:41:53 ----A---- C:\WINDOWS\system32\umpnpmgr.dll

2011-06-08 10:41:53 ----A---- C:\WINDOWS\system32\trkwks.dll

2011-06-08 10:41:53 ----A---- C:\WINDOWS\system32\themeui.dll

2011-06-08 10:41:52 ----A---- C:\WINDOWS\system32\user32.dll

2011-06-08 10:41:52 ----A---- C:\WINDOWS\system32\usbmon.dll

2011-06-08 10:41:52 ----A---- C:\WINDOWS\system32\urlmon.dll

2011-06-08 10:41:51 ----A---- C:\WINDOWS\system32\webcheck.dll

2011-06-08 10:41:51 ----A---- C:\WINDOWS\system32\wdigest.dll

2011-06-08 10:41:51 ----A---- C:\WINDOWS\system32\w32time.dll

2011-06-08 10:41:51 ----A---- C:\WINDOWS\system32\vssapi.dll

2011-06-08 10:41:51 ----A---- C:\WINDOWS\system32\version.dll

2011-06-08 10:41:51 ----A---- C:\WINDOWS\system32\uxtheme.dll

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\winscard.dll

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\winrnr.dll

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\winmm.dll

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\winlogon.exe

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\winipsec.dll

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\wininet.dll

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\win32k.sys

2011-06-08 10:41:50 ----A---- C:\WINDOWS\system32\wiarpc.dll

2011-06-08 10:41:48 ----A---- C:\WINDOWS\system32\wlnotify.dll

2011-06-08 10:41:48 ----A---- C:\WINDOWS\system32\wldap32.dll

2011-06-08 10:41:48 ----A---- C:\WINDOWS\system32\wlbsctrl.dll

2011-06-08 10:41:48 ----A---- C:\WINDOWS\system32\wintrust.dll

2011-06-08 10:41:48 ----A---- C:\WINDOWS\system32\winsta.dll

2011-06-08 10:41:48 ----A---- C:\WINDOWS\system32\winsrv.dll

2011-06-08 10:41:47 ----A---- C:\WINDOWS\system32\wshqos.dll

2011-06-08 10:41:47 ----A---- C:\WINDOWS\system32\wship6.dll

2011-06-08 10:41:47 ----A---- C:\WINDOWS\system32\ws2help.dll

2011-06-08 10:41:47 ----A---- C:\WINDOWS\system32\ws2_32.dll

2011-06-08 10:41:46 ----A---- C:\WINDOWS\system32\wzcsvc.dll

2011-06-08 10:41:46 ----A---- C:\WINDOWS\system32\wzcsapi.dll

2011-06-08 10:41:46 ----A---- C:\WINDOWS\system32\wtsapi32.dll

2011-06-08 10:41:46 ----A---- C:\WINDOWS\system32\wsnmp32.dll

2011-06-08 10:41:46 ----A---- C:\WINDOWS\system32\wshtcpip.dll

2011-06-08 10:41:45 ----A---- C:\WINDOWS\system32\xolehlp.dll

2011-06-08 10:41:45 ----A---- C:\WINDOWS\system32\xactsrv.dll

2011-06-08 10:37:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2011-06-01 10:18:53 ----D---- C:\WINDOWS\IIS Temporary Compressed Files

2011-06-01 10:18:44 ----D---- C:\WINDOWS\system32\Cache

2011-06-01 10:18:21 ----A---- C:\WINDOWS\system32\w3ctrs.ini

2011-06-01 10:18:21 ----A---- C:\WINDOWS\system32\ftpctrs2.dll

2011-06-01 10:18:21 ----A---- C:\WINDOWS\system32\ftpctrs.ini

2011-06-01 10:18:21 ----A---- C:\WINDOWS\system32\axperf.ini

2011-06-01 10:18:21 ----A---- C:\WINDOWS\system32\aspperf.dll

2011-06-01 10:18:20 ----D---- C:\Program Files\Phone Book Service

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\wamregps.dll

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\snmptrap.exe

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\nmsupp.dll

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\infoctrs.ini

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\infoctrs.dll

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\infoadmn.dll

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\iisvdir.vbs

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\IIsFtpdr.vbs

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\IIsFtp.vbs

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\iisext.vbs

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\iisback.vbs

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\CPSsym.ini

2011-06-01 10:18:20 ----A---- C:\WINDOWS\system32\convlog.exe

2011-06-01 10:18:19 ----A---- C:\WINDOWS\system32\snmpmib.dll

2011-06-01 10:18:19 ----A---- C:\WINDOWS\system32\hostmib.dll

2011-06-01 10:17:51 ----D---- C:\Inetpub

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\staxmem.dll

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\smtpapi.dll

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\rwnh.dll

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\nntpapi.dll

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\iisweb.vbs

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\iisrstap.dll

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\iisreset.exe

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\iismui.dll

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\IIsCnfg.vbs

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\iisapp.vbs

2011-06-01 10:17:51 ----A---- C:\WINDOWS\system32\exstrace.dll

2011-06-01 10:17:49 ----A---- C:\WINDOWS\system32\evntwin.exe

2011-06-01 10:17:49 ----A---- C:\WINDOWS\system32\evntcmd.exe

2011-05-30 14:24:39 ----D---- C:\WINDOWS\system32\ipmi

2011-05-30 14:24:39 ----D---- C:\WINDOWS\adam

2011-05-30 14:24:37 ----A---- C:\WINDOWS\system32\SET133B.tmp

2011-05-30 14:24:37 ----A---- C:\WINDOWS\system32\SET1333.tmp

2011-05-30 14:24:37 ----A---- C:\WINDOWS\system32\drivers\SET1344.tmp

2011-05-30 14:24:36 ----A---- C:\WINDOWS\system32\SET1330.tmp

2011-05-30 14:24:36 ----A---- C:\WINDOWS\system32\SET1307.tmp

2011-05-30 14:24:35 ----A---- C:\WINDOWS\system32\SET12E4.tmp

2011-05-30 14:24:35 ----A---- C:\WINDOWS\system32\SET12DE.tmp

2011-05-30 14:24:34 ----D---- C:\WINDOWS\system32\en

2011-05-30 14:24:34 ----D---- C:\WINDOWS\adfs

2011-05-30 14:24:34 ----A---- C:\WINDOWS\system32\SET12D3.tmp

2011-05-30 14:24:32 ----D---- C:\Program Files\cmak

2011-05-30 14:23:32 ----A---- C:\WINDOWS\system32\SET670.tmp

2011-05-30 14:23:31 ----A---- C:\WINDOWS\system32\SET66E.tmp

2011-05-30 14:23:08 ----A---- C:\WINDOWS\fonts\SET4CA.tmp

2011-05-30 14:23:07 ----A---- C:\WINDOWS\fonts\SET4C9.tmp

2011-05-30 14:23:07 ----A---- C:\WINDOWS\fonts\SET4C8.tmp

2011-05-30 14:23:06 ----A---- C:\WINDOWS\system32\SET49B.tmp

2011-05-30 14:23:06 ----A---- C:\WINDOWS\system32\SET499.tmp

2011-05-30 14:23:06 ----A---- C:\WINDOWS\SET4AE.tmp

2011-05-30 14:23:05 ----A---- C:\WINDOWS\system32\SET494.tmp

2011-05-30 14:23:05 ----A---- C:\WINDOWS\system32\SET489.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET47D.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET47A.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET479.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET476.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET473.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET472.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET46D.tmp

2011-05-30 14:23:04 ----A---- C:\WINDOWS\system32\SET46C.tmp

2011-05-30 14:23:03 ----A---- C:\WINDOWS\system32\SET462.tmp

2011-05-30 14:23:03 ----A---- C:\WINDOWS\system32\SET451.tmp

2011-05-30 14:23:03 ----A---- C:\WINDOWS\system32\SET44C.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET443.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET43C.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET43A.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET437.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET432.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET431.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET430.tmp

2011-05-30 14:23:02 ----A---- C:\WINDOWS\system32\SET42E.tmp

2011-05-30 14:23:01 ----N---- C:\WINDOWS\system32\SET41C.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET42D.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET42C.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET42B.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET429.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET428.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET427.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET420.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET41B.tmp

2011-05-30 14:23:01 ----A---- C:\WINDOWS\system32\SET41A.tmp

2011-05-30 14:23:00 ----A---- C:\WINDOWS\system32\SET419.tmp

2011-05-30 14:23:00 ----A---- C:\WINDOWS\system32\SET405.tmp

2011-05-30 14:23:00 ----A---- C:\WINDOWS\system32\SET3F5.tmp

2011-05-30 14:23:00 ----A---- C:\WINDOWS\system32\SET3F2.tmp

2011-05-30 14:23:00 ----A---- C:\WINDOWS\system32\SET3F1.tmp

2011-05-30 14:22:59 ----A---- C:\WINDOWS\system32\SET3DD.tmp

2011-05-30 14:22:59 ----A---- C:\WINDOWS\system32\SET3D7.tmp

2011-05-30 14:22:59 ----A---- C:\WINDOWS\system32\SET3D3.tmp

2011-05-30 14:22:59 ----A---- C:\WINDOWS\system32\SET3C8.tmp

2011-05-30 14:22:59 ----A---- C:\WINDOWS\system32\SET3C4.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3BC.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3BB.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3BA.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3B3.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3B0.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3AD.tmp

2011-05-30 14:22:58 ----A---- C:\WINDOWS\system32\SET3A3.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET399.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET394.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET393.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET391.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET38F.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET384.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET383.tmp

2011-05-30 14:22:57 ----A---- C:\WINDOWS\system32\SET372.tmp

2011-05-30 14:22:56 ----A---- C:\WINDOWS\system32\SET371.tmp

2011-05-30 14:22:56 ----A---- C:\WINDOWS\system32\SET36D.tmp

2011-05-30 14:22:56 ----A---- C:\WINDOWS\system32\SET36C.tmp

2011-05-30 14:22:56 ----A---- C:\WINDOWS\system32\SET366.tmp

2011-05-30 14:22:56 ----A---- C:\WINDOWS\system32\SET364.tmp

2011-05-30 14:22:56 ----A---- C:\WINDOWS\system32\SET362.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET35B.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET349.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET347.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET346.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET345.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET343.tmp

2011-05-30 14:22:55 ----A---- C:\WINDOWS\system32\SET33E.tmp

2011-05-30 14:22:54 ----A---- C:\WINDOWS\system32\SET33C.tmp

2011-05-30 14:22:54 ----A---- C:\WINDOWS\system32\SET327.tmp

2011-05-30 14:22:54 ----A---- C:\WINDOWS\system32\SET325.tmp

2011-05-30 14:22:54 ----A---- C:\WINDOWS\system32\SET324.tmp

2011-05-30 14:22:54 ----A---- C:\WINDOWS\system32\SET31F.tmp

2011-05-30 14:22:53 ----A---- C:\WINDOWS\system32\SET310.tmp

2011-05-30 14:22:53 ----A---- C:\WINDOWS\system32\SET309.tmp

2011-05-30 14:22:53 ----A---- C:\WINDOWS\system32\SET308.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2EB.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2EA.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2E9.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2E7.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2E3.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2E0.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2DD.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2DC.tmp

2011-05-30 14:22:52 ----A---- C:\WINDOWS\system32\SET2DB.tmp

2011-05-30 14:22:51 ----A---- C:\WINDOWS\system32\SET2DA.tmp

2011-05-30 14:22:51 ----A---- C:\WINDOWS\system32\SET2D5.tmp

2011-05-30 14:22:51 ----A---- C:\WINDOWS\system32\SET2D3.tmp

2011-05-30 14:22:51 ----A---- C:\WINDOWS\system32\SET2D2.tmp

2011-05-30 14:22:51 ----A---- C:\WINDOWS\system32\SET2CF.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2CE.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2CC.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2CA.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2C8.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2C6.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2C5.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2C4.tmp

2011-05-30 14:22:50 ----A---- C:\WINDOWS\system32\SET2C3.tmp

2011-05-30 14:22:49 ----A---- C:\WINDOWS\system32\SET2C2.tmp

2011-05-30 14:22:49 ----A---- C:\WINDOWS\system32\SET2BB.tmp

2011-05-30 14:22:48 ----A---- C:\WINDOWS\system32\SET29D.tmp

2011-05-30 14:22:48 ----A---- C:\WINDOWS\system32\SET298.tmp

2011-05-30 14:22:48 ----A---- C:\WINDOWS\system32\SET297.tmp

2011-05-30 14:22:48 ----A---- C:\WINDOWS\system32\SET295.tmp

2011-05-30 14:22:48 ----A---- C:\WINDOWS\system32\SET294.tmp

2011-05-30 14:22:47 ----A---- C:\WINDOWS\system32\SET293.tmp

2011-05-30 14:22:47 ----A---- C:\WINDOWS\system32\SET28D.tmp

2011-05-30 14:22:47 ----A---- C:\WINDOWS\system32\SET288.tmp

2011-05-30 14:22:47 ----A---- C:\WINDOWS\system32\SET286.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET282.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET280.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET27C.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET27A.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET278.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET275.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET274.tmp

2011-05-30 14:22:46 ----A---- C:\WINDOWS\system32\SET271.tmp

2011-05-30 14:22:45 ----A---- C:\WINDOWS\system32\SET270.tmp

2011-05-30 14:22:45 ----A---- C:\WINDOWS\system32\SET26D.tmp

2011-05-30 14:22:45 ----A---- C:\WINDOWS\system32\SET26A.tmp

2011-05-30 14:22:45 ----A---- C:\WINDOWS\system32\SET265.tmp

2011-05-30 14:22:45 ----A---- C:\WINDOWS\system32\SET263.tmp

2011-05-30 14:22:45 ----A---- C:\WINDOWS\system32\SET262.tmp

2011-05-30 14:22:44 ----N---- C:\WINDOWS\system32\SET247.tmp

2011-05-30 14:22:44 ----A---- C:\WINDOWS\system32\SET261.tmp

2011-05-30 14:22:44 ----A---- C:\WINDOWS\system32\SET257.tmp

2011-05-30 14:22:44 ----A---- C:\WINDOWS\system32\SET256.tmp

2011-05-30 14:22:44 ----A---- C:\WINDOWS\system32\SET24F.tmp

2011-05-30 14:22:44 ----A---- C:\WINDOWS\system32\SET24E.tmp

2011-05-30 14:22:44 ----A---- C:\WINDOWS\system32\SET24A.tmp

2011-05-30 14:22:43 ----A---- C:\WINDOWS\system32\SET242.tmp

2011-05-30 14:22:43 ----A---- C:\WINDOWS\system32\SET23F.tmp

2011-05-30 14:22:43 ----A---- C:\WINDOWS\system32\SET234.tmp

2011-05-30 14:22:43 ----A---- C:\WINDOWS\system32\SET233.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET232.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET22F.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET226.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET225.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET221.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET21D.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET21C.tmp

2011-05-30 14:22:42 ----A---- C:\WINDOWS\system32\SET218.tmp

2011-05-30 14:22:41 ----A---- C:\WINDOWS\system32\SET216.tmp

2011-05-30 14:22:41 ----A---- C:\WINDOWS\system32\SET213.tmp

2011-05-30 14:22:41 ----A---- C:\WINDOWS\system32\SET212.tmp

2011-05-30 14:22:41 ----A---- C:\WINDOWS\system32\SET20F.tmp

2011-05-30 14:22:41 ----A---- C:\WINDOWS\system32\SET1FD.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1FC.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1F9.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1F6.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1F4.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1EE.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1ED.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1EC.tmp

2011-05-30 14:22:40 ----A---- C:\WINDOWS\system32\SET1E9.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1E8.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1DF.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1DD.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1D9.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1D8.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1D6.tmp

2011-05-30 14:22:39 ----A---- C:\WINDOWS\system32\SET1CD.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1C2.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1C1.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1C0.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1BF.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1BD.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1BA.tmp

2011-05-30 14:22:38 ----A---- C:\WINDOWS\system32\SET1B7.tmp

2011-05-30 14:22:37 ----A---- C:\WINDOWS\system32\SET1B6.tmp

2011-05-30 14:22:37 ----A---- C:\WINDOWS\system32\SET1B3.tmp

2011-05-30 14:22:37 ----A---- C:\WINDOWS\system32\SET1B2.tmp

2011-05-30 14:22:37 ----A---- C:\WINDOWS\system32\SET1AB.tmp

2011-05-30 14:22:37 ----A---- C:\WINDOWS\system32\SET1A9.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET1A8.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET1A7.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET1A5.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET1A3.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET19E.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET190.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET18D.tmp

2011-05-30 14:22:36 ----A---- C:\WINDOWS\system32\SET18C.tmp

2011-05-30 14:22:35 ----N---- C:\WINDOWS\system32\SET18B.tmp

2011-05-30 14:22:35 ----N---- C:\WINDOWS\system32\SET18A.tmp

2011-05-30 14:22:35 ----N---- C:\WINDOWS\system32\SET189.tmp

2011-05-30 14:22:35 ----A---- C:\WINDOWS\system32\SET187.tmp

2011-05-30 14:22:35 ----A---- C:\WINDOWS\system32\SET184.tmp

2011-05-30 14:22:35 ----A---- C:\WINDOWS\system32\SET180.tmp

2011-05-30 14:22:35 ----A---- C:\WINDOWS\system32\SET17F.tmp

2011-05-30 14:22:35 ----A---- C:\WINDOWS\system32\SET17C.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET174.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET171.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET16C.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET16B.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET168.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET167.tmp

2011-05-30 14:22:34 ----A---- C:\WINDOWS\system32\SET160.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET153.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET152.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET151.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET150.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET14E.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET14D.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET14C.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET14A.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET146.tmp

2011-05-30 14:22:33 ----A---- C:\WINDOWS\system32\SET13C.tmp

2011-05-30 14:22:32 ----A---- C:\WINDOWS\system32\SET139.tmp

2011-05-30 14:22:32 ----A---- C:\WINDOWS\system32\SET136.tmp

2011-05-30 14:22:32 ----A---- C:\WINDOWS\system32\SET133.tmp

2011-05-30 14:22:32 ----A---- C:\WINDOWS\system32\SET131.tmp

2011-05-30 14:22:32 ----A---- C:\WINDOWS\system32\SET12B.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET125.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET123.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET122.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET121.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET120.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET11E.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET11D.tmp

2011-05-30 14:22:31 ----A---- C:\WINDOWS\system32\SET11B.tmp

2011-05-30 14:22:30 ----A---- C:\WINDOWS\system32\SET11A.tmp

2011-05-30 14:22:30 ----A---- C:\WINDOWS\system32\SET119.tmp

2011-05-30 14:22:30 ----A---- C:\WINDOWS\system32\SET116.tmp

2011-05-30 14:22:30 ----A---- C:\WINDOWS\system32\SET115.tmp

2011-05-30 14:22:30 ----A---- C:\WINDOWS\system32\SET114.tmp

2011-05-30 14:22:29 ----A---- C:\WINDOWS\system32\SETFA.tmp

2011-05-30 14:22:29 ----A---- C:\WINDOWS\system32\SETF9.tmp

2011-05-30 14:22:29 ----A---- C:\WINDOWS\system32\SETF5.tmp

2011-05-30 14:22:29 ----A---- C:\WINDOWS\system32\SETF4.tmp

2011-05-30 14:22:29 ----A---- C:\WINDOWS\system32\SETF3.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETF2.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETF1.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETEF.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETEC.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETEB.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETEA.tmp

2011-05-30 14:22:28 ----A---- C:\WINDOWS\system32\SETE8.tmp

2011-05-30 14:20:20 ----A---- C:\WINDOWS\system32\d3d9.dll

2011-05-30 14:19:29 ----A---- C:\WINDOWS\system32\dskquota.dll

2011-05-30 14:19:18 ----A---- C:\WINDOWS\system32\msls31.dll

2011-05-30 14:19:18 ----A---- C:\WINDOWS\system32\msimtf.dll

2011-05-30 14:19:18 ----A---- C:\WINDOWS\system32\mshtmled.dll

2011-05-30 14:19:18 ----A---- C:\WINDOWS\system32\mshtml.dll

2011-05-30 14:19:17 ----A---- C:\WINDOWS\system32\mstscax.dll

2011-05-30 14:19:17 ----A---- C:\WINDOWS\system32\mstsc.exe

2011-05-30 14:19:05 ----A---- C:\WINDOWS\system32\perfctrs.dll

2011-05-30 14:19:04 ----A---- C:\WINDOWS\system32\pngfilt.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\lmhsvc.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\imagehlp.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\ifsutil.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\ftp.exe

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\fmifs.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\find.exe

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\dhcpsapi.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\comdlg32.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\comctl32.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\cnvfat.dll

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\cmd.exe

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\cacls.exe

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\autoconv.exe

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\autochk.exe

2011-05-30 14:18:52 ----A---- C:\WINDOWS\system32\advapi32.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\win32spl.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\userinit.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\userenv.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\untfs.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\ulib.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\ufat.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\tcpmonui.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\syssetup.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\srvsvc.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\smss.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\setupapi.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\sessmgr.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\services.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\scardsvr.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\samsrv.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\samlib.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\rshx32.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\rastapi.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\rasman.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\rasdlg.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\rasauto.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\rasapi32.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\printui.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\olecnv32.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\oleaut32.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\nwwks.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\nwprovau.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\ntvdm.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\ntprint.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\ntdll.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\ntbackup.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\nslookup.exe

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\msgsvc.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\mgmtapi.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\lsasrv.dll

2011-05-30 14:18:51 ----A---- C:\WINDOWS\system32\localspl.dll

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\wsecedit.dll

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\wkssvc.dll

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\ftdisk.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\fips.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\fdc.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\fastfat.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\dxg.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\dmio.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\dmboot.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\diskdump.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\disk.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\dfs.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\crusoe.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\crcdisk.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\classpnp.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\cdrom.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\cdfs.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\bridge.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\atmuni.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\atmlane.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\atmarps.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\atmarpc.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\atapi.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\amdk7.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\amdk6.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\afd.sys

2011-05-30 14:18:50 ----A---- C:\WINDOWS\system32\drivers\acpi.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbuhci.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbstor.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbport.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbintel.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbhub.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbehci.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbcamd2.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usbcamd.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\usb8023.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\update.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\udfs.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\termdd.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\tdi.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\tcpip6.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\tape.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\swenum.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\stream.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\storport.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\srv.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\sonydcam.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\smclib.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\smb.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\serial.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\serenum.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\scsiport.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\sacdrv.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\rndismp.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\rmcast.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\redbook.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\rdbss.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\raspti.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\raspptp.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\raspppoe.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\rasl2tp.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ptilink.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\psched.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\processr.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\pcmcia.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\pciidex.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\pci.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\partmgr.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\parport.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\p3.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\nwrdr.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\nwlnkspx.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\nwlnkipx.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\npfs.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\nmnt.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\netbt.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\netbios.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ndproxy.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ndiswan.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ndisuio.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ndistapi.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ndis.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mup.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\msgpc.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\msfs.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mrxsmb.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mrxdav.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mqac.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mountmgr.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\modem.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mf.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\mcd.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ksecdd.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ks.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\kbdclass.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\isapnp.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ipsec.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ipnat.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\ipfltdrv.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\imapi.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\i8042prt.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\http.sys

2011-05-30 14:18:49 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\ntoskrnl.exe

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\HAL.DLL

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\ws2ifsl.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\wlbs.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\watchdog.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\wanarp.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\volsnap.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\videoprt.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\vgapnp.sys

2011-05-30 14:18:48 ----A---- C:\WINDOWS\system32\drivers\vga.sys

2011-05-30 14:18:41 ----AD---- C:\WINDOWS\PolicyBackup

2011-05-30 13:23:04 ----D---- C:\kav

======List of files/folders modified in the last 1 months======

2011-06-08 15:33:26 ----RD---- C:\Program Files

2011-06-08 15:14:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2011-06-08 14:34:23 ----D---- C:\WINDOWS\system32

2011-06-08 14:34:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2011-06-08 14:33:48 ----A---- C:\WINDOWS\OEWABLog.txt

2011-06-08 14:33:43 ----D---- C:\WINDOWS\Temp

2011-06-08 14:31:26 ----A---- C:\scripterror.txt

2011-06-08 13:48:56 ----D---- C:\WINDOWS\system32\CatRoot2

2011-06-08 11:32:46 ----D---- C:\Program Files\Genetec Omnicast Client 4.6

2011-06-08 11:13:39 ----D---- C:\WINDOWS\system32\inetsrv

2011-06-08 11:12:22 ----D---- C:\WINDOWS

2011-06-08 11:11:16 ----RSHDC---- C:\WINDOWS\system32\dllcache

2011-06-08 11:10:41 ----RSD---- C:\WINDOWS\Fonts

2011-06-08 11:10:41 ----D---- C:\WINDOWS\system32\wbem

2011-06-08 11:10:41 ----D---- C:\WINDOWS\system32\Setup

2011-06-08 11:10:41 ----D---- C:\WINDOWS\system32\drivers

2011-06-08 11:10:41 ----D---- C:\WINDOWS\AppPatch

2011-06-08 10:46:13 ----D---- C:\WINDOWS\inf

2011-06-08 10:45:49 ----D---- C:\WINDOWS\system32\CatRoot

2011-06-08 10:44:47 ----D---- C:\WINDOWS\security

2011-06-08 10:44:05 ----D---- C:\WINDOWS\WinSxS

2011-06-08 10:44:03 ----D---- C:\WINDOWS\Help

2011-06-08 10:44:03 ----D---- C:\WINDOWS\Cluster

2011-06-08 10:43:57 ----D---- C:\WINDOWS\system32\certsrv

2011-06-08 10:43:52 ----D---- C:\Program Files\Internet Explorer

2011-06-08 10:43:49 ----D---- C:\Program Files\Windows Media Player

2011-06-08 10:42:44 ----D---- C:\WINDOWS\twain_32

2011-06-08 10:42:44 ----D---- C:\WINDOWS\system32\npp

2011-06-08 10:42:44 ----D---- C:\WINDOWS\msagent

2011-06-08 10:42:43 ----D---- C:\WINDOWS\system32\netmon

2011-06-08 10:42:43 ----D---- C:\WINDOWS\system32\ias

2011-06-08 10:42:43 ----D---- C:\WINDOWS\srchasst

2011-06-08 10:42:43 ----D---- C:\WINDOWS\ime

2011-06-08 10:42:40 ----D---- C:\Program Files\NetMeeting

2011-06-08 10:42:39 ----D---- C:\WINDOWS\system32\Com

2011-06-08 10:42:38 ----D---- C:\Program Files\Outlook Express

2011-06-08 10:42:37 ----D---- C:\Program Files\Common Files\System

2011-06-08 10:42:31 ----D---- C:\WINDOWS\system32\oobe

2011-06-08 10:42:31 ----D---- C:\WINDOWS\system

2011-06-08 10:40:56 ----A---- C:\WINDOWS\imsins.BAK

2011-06-02 22:17:50 ----D---- C:\WINDOWS\system32\LogFiles

2011-06-01 14:07:47 ----D---- C:\Documents and Settings

2011-06-01 10:19:03 ----D---- C:\WINDOWS\Registration

2011-05-30 15:01:05 ----D---- C:\Program Files\HostMonitor8

2011-05-30 15:00:47 ----D---- C:\Program Files\Easy Service Monitor

2011-05-30 14:31:42 ----SD---- C:\WINDOWS\Tasks

2011-05-30 14:21:34 ----D---- C:\WINDOWS\system32\ReinstallBackups

2011-05-29 12:04:12 ----SD---- C:\WINDOWS\Downloaded Program Files

2011-05-29 11:46:54 ----D---- C:\Program Files\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194048]

R0 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]

R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]

R0 Disk;Disk Driver; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]

R0 dmio;Logical Disk Manager Driver; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 150528]

R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2006-04-04 7680]

R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2007-02-17 130560]

R0 Ftdisk;Volume Manager Driver; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]

R0 isapnp;PnP ISA/EISA Bus Driver; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]

R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2007-02-18 133120]

R0 MountMgr;Mount Point Manager; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]

R0 Mup;Mup; C:\WINDOWS\system32\drivers\Mup.sys [2007-02-17 103424]

R0 NDIS;NDIS System Driver; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]

R0 PartMgr;Partition Manager; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]

R0 PCI;PCI Bus Driver; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 74752]

R0 PCIIde;PCIIde; C:\WINDOWS\system32\DRIVERS\pciide.sys [2006-04-04 5632]

R0 VolSnap;Storage volumes; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2007-02-17 153600]

R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2007-02-17 150528]

R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2006-04-04 6144]

R1 Cdrom;CD-ROM Driver; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]

R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]

R1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]

R1 IPSec;IPSEC driver; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]

R1 Kbdclass;Keyboard Class Driver; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2007-02-17 17408]

R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2006-04-04 6144]

R1 Mouclass;Mouse Class Driver; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2006-04-04 23040]

R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2007-02-17 437760]

R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]

R1 NetBIOS;NetBIOS Interface; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]

R1 NetBT;NetBios over Tcpip; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]

R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]

R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2006-04-04 4608]

R1 RasAcd;Remote Access Auto Connection Driver; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2006-04-04 10752]

R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2007-02-17 177664]

R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2006-04-04 6144]

R1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 60928]

R1 Serial;Serial port driver; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]

R1 Tcpip;TCP/IP Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2007-02-17 383488]

R1 TermDD;Terminal Device Driver; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]

R1 VgaSave;VGA Display Controller.; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]

R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\SNMP\BASFND.sys []

R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-06 1431040]

R3 audstub;Audio Stub Driver; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-24 5120]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2009-07-31 213544]

R3 dac970nt;dac970nt; \??\C:\WINDOWS\system32\drivers\mffijj.sys []

R3 Fdc;Floppy Disk Controller Driver; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]

R3 Gpc;Generic Packet Classifier; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-04-04 11776]

R3 HTTP;HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2007-02-17 291328]

R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 36864]

R3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]

R3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-04-04 13312]

R3 mssmbios;Microsoft System Management BIOS Driver; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]

R3 NdisTapi;Remote Access NDIS TAPI Driver; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2007-02-17 12288]

R3 Ndisuio;NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]

R3 NdisWan;Remote Access NDIS WAN Driver; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]

R3 NDProxy;NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2007-02-17 40960]

R3 PptpMiniport;WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]

R3 PSSDK42;PSSDK42; \??\C:\WINDOWS\system32\Drivers\pssdk42.sys []

R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]

R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]

R3 RasPppoe;Remote Access PPPOE Driver; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]

R3 Raspti;Direct Parallel; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]

R3 rdpdr;Terminal Server Device Redirector Driver; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]

R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2007-02-17 152200]

R3 serenum;Serenum Filter Driver; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]

R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2007-02-17 356864]

R3 swenum;Software Bus Driver; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]

R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]

R3 Update;Microcode Update Driver; C:\WINDOWS\system32\DRIVERS\update.sys [2007-02-17 280576]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-02-17 27520]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-02-17 60416]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-02-17 20864]

R3 Wanarp;Remote Access IP ARP Driver; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]

R3 WLBS;Network Load Balancing; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 169984]

R4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]

R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-18 589824]

S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []

S1 Flpydisk;Flpydisk; C:\WINDOWS\system32\drivers\Flpydisk.sys [2006-04-04 18432]

S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []

S1 i8042prt;i8042prt; C:\WINDOWS\system32\drivers\i8042prt.sys [2007-02-17 55808]

S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2006-04-04 12288]

S3 AsyncMac;RAS Asynchronous Media Driver; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2006-04-04 16384]

S3 Atmarpc;ATM ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]

S3 Blfp;Broadcom Advanced Server Program Driver; C:\WINDOWS\system32\DRIVERS\baspxp32.sys [2009-10-15 90112]

S3 Ip6Fw;IPv6 Windows Firewall Driver; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]

S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []

S3 IRENUM;IR Enumerator Service; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]

S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]

S3 MRxDAV;WebDav Client Redirector; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2007-02-17 188928]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2007-02-17 42496]

S3 Parport;Parport; C:\WINDOWS\system32\drivers\Parport.sys [2007-02-17 81408]

S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []

S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []

S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []

S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2009-04-16 340736]

S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2006-04-04 163644]

S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-17 28160]

S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]

S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []

S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []

S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2006-04-04 12800]

S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []

S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []

S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []

S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []

S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []

S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []

S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]

S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]

S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []

S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2006-04-04 15360]

S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []

S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]

S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []

S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []

S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []

S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []

S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []

S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []

S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []

S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []

S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268288]

S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []

S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []

S4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2007-02-17 151040]

S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]

S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []

S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []

S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []

S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []

S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []

S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []

S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []

S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]

S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []

S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []

S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []

S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []

S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []

S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []

S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []

S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []

S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []

S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []

S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []

S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []

S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []

S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []

S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []

S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []

S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]

S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []

S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 AudioSrv;Windows Audio; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 Browser;Computer Browser; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 CryptSvc;Cryptographic Services; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 DcomLaunch;DCOM Server Process Launcher; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 Dhcp;DHCP Client; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 dmserver;Logical Disk Manager; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 Dnscache;DNS Client; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 ERSvc;Error Reporting Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 Eventlog;Event Log; C:\WINDOWS\system32\services.exe [2007-02-17 111104]

R2 EventSystem;COM+ Event System; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 IISADMIN;IIS Admin Service; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]

R2 Ipswitch Network Viewer;Ipswitch Network Viewer; C:\Program Files\Ipswitch\WhatsConnected\NetworkViewerService.exe [2011-01-06 52736]

R2 Ipswitch Service Control Manager;Ipswitch Service Control Manager; C:\Program Files\Ipswitch\WhatsUp\ServiceControlManager.exe [2011-01-06 38400]

R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 lanmanworkstation;Workstation; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 LmHosts;TCP/IP NetBIOS Helper; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 MSFtpsvc;FTP Publishing Service; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2007-02-17 14336]

R2 MSSQL$WHATSUP;SQL Server (WHATSUP); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]

R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2007-02-17 111104]

R2 PolicyAgent;IPSEC Services; C:\WINDOWS\system32\lsass.exe [2006-04-04 13312]

R2 ProtectedStorage;Protected Storage; C:\WINDOWS\system32\lsass.exe [2006-04-04 13312]

R2 PRTG7CoreService;PRTG 8 Core Server Service; C:\Program Files\PRTG Network Monitor\PRTG Server.exe [2010-10-19 4017936]

R2 PRTG7ProbeService;PRTG 8 Probe Service; C:\Program Files\PRTG Network Monitor\PRTG Probe.exe [2010-10-19 3842832]

R2 RemoteRegistry;Remote Registry; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 RpcSs;Remote Procedure Call (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 SamSs;Security Accounts Manager; C:\WINDOWS\system32\lsass.exe [2006-04-04 13312]

R2 Schedule;Task Scheduler; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 seclogon;Secondary Logon; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 SENS;System Event Notification; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 ShellHWDetection;Shell Hardware Detection; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2007-02-17 40960]

R2 Spooler;Print Spooler; C:\WINDOWS\system32\spoolsv.exe [2007-02-17 57856]

R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]

R2 TrkWks;Distributed Link Tracking Client; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 W32Time;Windows Time; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 W3SVC;World Wide Web Publishing Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R2 winmgmt;Windows Management Instrumentation; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2004-06-15 380928]

R2 WZCSVC;Wireless Configuration; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R3 HTTPFilter;HTTP SSL; C:\WINDOWS\system32\lsass.exe [2006-04-04 13312]

R3 Netman;Network Connections; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R3 Nla;Network Location Awareness (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R3 RasMan;Remote Access Connection Manager; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

R3 TapiSrv;Telephony; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

R3 TermService;Terminal Services; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 MSDTC;Distributed Transaction Coordinator; C:\WINDOWS\system32\msdtc.exe [2007-02-17 6144]

S2 SysmonLog;Performance Logs and Alerts; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96256]

S3 AppMgmt;Application Management; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 COMSysApp;COM+ System Application; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]

S3 Dfs;Distributed File System; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]

S3 dmadmin;Logical Disk Manager Administrative Service; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 234496]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 143648]

S3 MSIServer;Windows Installer; C:\WINDOWS\system32\msiexec.exe [2007-02-17 78848]

S3 Netlogon;Net Logon; C:\WINDOWS\system32\lsass.exe [2006-04-04 13312]

S3 NtFrs;File Replication; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792064]

S3 NtLmSsp;NT LM Security Support Provider; C:\WINDOWS\system32\lsass.exe [2006-04-04 13312]

S3 NtmsSvc;Removable Storage; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 510768]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 214816]

S3 RasAuto;Remote Access Auto Connection Manager; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S3 RDSessMgr;Remote Desktop Help Session Manager; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]

S3 RpcLocator;Remote Procedure Call (RPC) Locator; C:\WINDOWS\system32\locator.exe [2006-04-04 71680]

S3 RSoPProv;Resultant Set of Policy Provider; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]

S3 sacsvr;Special Administration Console Helper; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 90112]

S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2005-11-30 8704]

S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]

S3 UPS;Uninterruptible Power Supply; C:\WINDOWS\System32\ups.exe [2006-04-04 16896]

S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-18 352768]

S3 VSS;Volume Shadow Copy; C:\WINDOWS\System32\vssvc.exe [2007-02-17 836096]

S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S3 Wmi;Windows Management Instrumentation Driver Extensions; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S3 WmiApSrv;WMI Performance Adapter; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 xmlprov;Network Provisioning Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S4 Alerter;Alerter; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 BITS;Background Intelligent Transfer Service; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]

S4 ClipSrv;ClipBook; C:\WINDOWS\system32\clipsrv.exe [2006-04-04 32256]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 HidServ;Human Interface Device Access; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 147456]

S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 ImapiService;IMAPI CD-Burning COM Service; C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]

S4 IsmServ;Intersite Messaging; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]

S4 kdc;Kerberos Key Distribution Center; C:\WINDOWS\System32\lsass.exe [2006-04-04 13312]

S4 LicenseService;License Logging; C:\WINDOWS\System32\llssrv.exe [2007-02-18 94720]

S4 Messenger;Messenger; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 mnmsrvc;NetMeeting Remote Desktop Sharing; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 115040]

S4 NetDDE;Network DDE; C:\WINDOWS\system32\netdde.exe [2007-02-17 110080]

S4 NetDDEdsdm;Network DDE DSDM; C:\WINDOWS\system32\netdde.exe [2007-02-17 110080]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 RemoteAccess;Routing and Remote Access; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 190992]

S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 309600]

S4 stisvc;Windows Image Acquisition (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 Themes;Themes; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

S4 TrkSvr;Distributed Link Tracking Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]

S4 WebClient;WebClient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

S4 wuauserv;Automatic Updates; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------

wings · Junho 8, 2011

Entenda: o sality contamina arquivos .exe. Geralmente recomenda-se a formatação. O uso de cracks e keygens costumam ser as fontes desta contaminação. Portanto, antes de fazer o procedimento abaixo, recomendo que grave num cd seus arquivos pessoais (.doc, .mpeg, .ppt, etc...), exceto arquivos .exe (aplicativos)!

Faça passo a passo...

1.

*Baixe o RegUnlocker e salve-o no desktop

*Execute o programa e na aba [A - Restricciones], selecione:

1 - Elimina las restricciones del Sistema

2 - Eliminar restricciones del Explorador

*Clique [Aplicar]

*Não reinicie o PC!

2.

*Baixe o SalityKiller e salve-o no desktop

*Extraia para C:\

*Este programa será executado em 2 janelas distintas ao mesmo tempo!!

*A primeira janela:

*Clique [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m

*Clique [OK]

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

*A segunda janela:

*Clique [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -l sality.txt -v

*Clique [OK]

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

*Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo:

23:57:51:0 Infected files: 8

23:57:51:0 Infected processes: 0

23:57:51:0 Infected threads: 2

23:57:51:0 Cured files: 8

23:57:51:0 Executed registry scripts: 1

3.

*Baixe o sality_regkeys e salve-o no desktop

*Extraia o conteúdo para o desktop

*Na pasta SalityRegKeys execute o arquivo SafeBootWinServer2003.reg e aceite a entrada no registro

*Reinicie o PC

4.

*Novo log do RSIT

Marcio Ortiz · Junho 14, 2011

Ok,

Vou baixar tudo e imprimir os procedimentos mas tenho que ir ao servidor fisicamente, vou postar o log de resposta só na próxima terça, agradeço muito a ajuda.

Quando tentei rodar o Regunlocker, o windows apresentou tela azul erro de memória, e reiniciou, será que tem jeito ou vou ter que formatar mesmo?

Marcio Ortiz · Junho 14, 2011

Consegui rodar o Salitykiller.exe

15:25:47:703 5044 Infected files: 408

15:25:47:703 5044 Infected processes: 0

15:25:47:703 5044 Infected threads: 0

15:25:47:703 5044 Cured files: 408

15:25:47:703 5044 Will be cured on reboot: 0

15:25:47:703 5044 Executed registry scripts: 1

Logfile of random's system information tool 1.08 (written by random/random)

Run by marcio.ortiz at 2011-06-14 15:56:27

Microsoft® Windows® Server 2003, Standard Edition Service Pack 2

System drive C: has 428 GB (90%) free of 477 GB

Total RAM: 1023 MB (5% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Gravacoes.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NMTaskTray"=C:\Program Files\Ipswitch\WhatsUp\NMTaskTray.exe [2011-06-14 64848]

"NmDesktopActions"=C:\Program Files\Ipswitch\WhatsUp\NmDesktopActions.exe [2011-01-06 71680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-14 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]

C:\Program Files\Broadcom\BACS\BacsTray.exe [2011-06-14 345448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DudeServer]

C:\Program Files\Dude\dude.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2011-06-14 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2011-06-08 155648]