REDENTOR 0 Denunciar post Postado Outubro 5, 2011 Olá! Por favor, preciso de uma ajuda: rodei o combofix no micro e agora ele não acessa mais a net. Já restaurei pra varios pontos de restauração anteriores mas não resolveu. Eu estava tentando desinstalar o f-secure, mas não tava conseguindo, daí fui tentando fazer outras coisas e foi dando tudo errado. Segue o log do hijackthis e do combofix rodado. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:15:29, on 5/10/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\F-Secure\Common\FSM32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Win\lsass.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE C:\Arquivos de programas\F-Secure\Common\FSMB32.EXE C:\Arquivos de programas\F-Secure\Common\FCH32.EXE C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\F-Secure\Common\FAMEH32.EXE C:\Arquivos de programas\F-Secure\Anti-Virus\fsqh.exe C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe C:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe C:\Arquivos de programas\F-Secure\Common\FIH32.EXE C:\Arquivos de programas\F-Secure\FSGUI\fsguidll.exe C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: Agente de Gerenciamento do F-Secure (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- End of file - 6812 bytes ComboFix 11-10-04.04 - USUARIO 04/10/2011 12:19:38.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.448 [GMT -3:00] Executando de: c:\documents and settings\USUARIO\Desktop\ComboFix.exe AV: F-Secure Client Security 7.12 *Enabled/Outdated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Client Security 7.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4} * AV residente está ativo . . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Win c:\win\lsass.exe c:\win\names.txt . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))) . . 2011-10-04 15:12 . 2011-10-04 15:12 286072 ----a-w- C:\SoftonicDownloader_para_combofix.exe 2011-10-04 15:04 . 2011-10-04 15:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\AVAST Software 2011-10-04 15:04 . 2011-10-04 15:06 -------- d-----w- c:\arquivos de programas\AVAST Software 2011-10-04 14:20 . 2011-10-04 14:20 -------- d-sh--w- c:\documents and settings\USUARIO\IECompatCache 2011-10-04 14:18 . 2011-10-04 14:18 -------- d-----w- c:\documents and settings\USUARIO\Configurações locais\Dados de aplicativos\Yahoo 2011-10-04 14:18 . 2011-10-04 14:18 -------- d-sh--w- c:\documents and settings\USUARIO\PrivacIE 2011-10-04 14:18 . 2011-10-04 14:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-10-04 14:17 . 2011-10-04 14:17 -------- d-sh--w- c:\documents and settings\USUARIO\IETldCache 2011-10-04 14:14 . 2011-10-04 14:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! 2011-10-04 14:14 . 2011-10-04 14:19 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion 2011-10-04 14:14 . 2011-10-04 14:14 -------- d-----w- c:\documents and settings\USUARIO\Dados de aplicativos\Yahoo! 2011-10-04 14:14 . 2011-10-04 14:14 -------- d-----w- c:\arquivos de programas\Yahoo! 2011-10-04 14:12 . 2011-10-04 14:14 -------- dc-h--w- c:\windows\ie8 2011-10-04 14:11 . 2011-10-04 14:14 -------- d--h--w- c:\windows\msdownld.tmp 2011-10-04 13:20 . 2011-10-04 13:20 -------- d-----w- c:\arquivos de programas\VS Revo Group 2011-09-05 16:50 . 2011-09-05 16:50 16856 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugin-container.exe 2011-09-05 16:50 . 2011-09-05 16:50 719832 ----a-w- c:\arquivos de programas\Mozilla Firefox\mozcpp19.dll . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 15:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 07:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-23 21:05 143360 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] 2011-09-23 15:26 2648384 ----a-w- c:\arquivos de programas\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 03:47 31016 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 04:11 132496 ----a-w- c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1076:TCP"= 1076:TCP:xlwcnn . R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [14/9/2010 05:55 59808] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [22/9/2010 09:46 39424] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys [14/9/2010 05:54 72288] S2 asysyf;Installer Network;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 09:00 14336] S3 davygf;davygf;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S4 F-Secure Filter;F-Secure File System Filter;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsfilter.sys [14/9/2010 05:54 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsrec.sys [14/9/2010 05:54 25184] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs asysyf . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 07:32 128512 ----a-w- c:\windows\system32\advpack.dll . . ------- Scan Suplementar ------- . uStart Page = hxxp://br.yahoo.com/?fr=fp-yie8 IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\arquivos de programas\F-Secure\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 FF - ProfilePath - c:\documents and settings\USUARIO\Dados de aplicativos\Mozilla\Firefox\Profiles\0dvas703.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} . - - - - ORFÃOS REMOVIDOS - - - - . HKLM-Run-run32 - c:\win\lsass.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-04 12:22 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\davygf] "ImagePath"="\??\c:\windows\system32\01.tmp" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asysyf] "ServiceDll"="c:\windows\system32\bvngu.dll" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\igfxdev.dll . - - - - - - - > 'lsass.exe'(592) c:\arquivos de programas\F-Secure\FSPS\program\FSLSP.DLL . Tempo para conclusão: 2011-10-04 12:24:04 ComboFix-quarantined-files.txt 2011-10-04 15:24 . Pré-execução: 7 pasta(s) 150.825.230.336 bytes disponíveis Pós execução: 9 pasta(s) 150.833.250.304 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 8EBD5911886BE461E8DAD42F51D2DC90 Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 5, 2011 Olá REDENTOR *Clique com o botão direito do mouse no arquivo abaixo e selecione Mesclar C:\Qoobox\Quarantine\Registry_backups\tcpip.reg *Reinicie o PC Compartilhar este post Link para o post Compartilhar em outros sites
REDENTOR 0 Denunciar post Postado Outubro 5, 2011 Não tem esse arquivo na pasta, somente o HKLM-Run-run32.reg, em formato de filme vídeo CD. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 5, 2011 1.Reinicie o PC. Se não resolver... 2.Clique [iniciar] > [Configurações] > [Painel de Controle] > [Conexões de Rede] Localize a sua conexão da internet, clique com o botão direito do mouse nela e selecione: Reparar Compartilhar este post Link para o post Compartilhar em outros sites
REDENTOR 0 Denunciar post Postado Outubro 5, 2011 Já tentei as 2 coisas, não resolve... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 5, 2011 1. *Abra o bloco de notas e cole nele o código abaixo: File:: c:\windows\system32\01.tmp c:\windows\system32\bvngu.dll Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\davygf] [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asysyf] NetSvc:: asysyf Driver:: davygf *Salve o arquivo no desktop como CFScript.txt *Arraste-o para o Combofix conforme ilustração abaixo: *Enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Cole o relatório apresentado 2. *Baixe o Repair Winsock_DNS Cache e salve-o no desktop *Execute-o, clique [start] e aguarde o término *Reinicie o PC Compartilhar este post Link para o post Compartilhar em outros sites
REDENTOR 0 Denunciar post Postado Outubro 5, 2011 Estou enviando os logs, primeiro do Combofix e em seguida do Repair Winsock_DNS Cache. Agora a conexão tá ativa, mas o internet explorer abre e fecha em seguida. ComboFix 11-10-05.01 - USUARIO 05/10/2011 14:14:35.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.526 [GMT -3:00] Executando de: c:\documents and settings\USUARIO\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\USUARIO\Desktop\CFScript.txt AV: F-Secure Client Security 7.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Client Security 7.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4} . FILE :: "c:\windows\system32\01.tmp" "c:\windows\system32\bvngu.dll" . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Win c:\win\lsass.exe c:\win\names.txt c:\windows\system32\bvngu.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_davygf -------\Legacy_asysyf -------\Service_asysyf . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-09-05 to 2011-10-05 )))))))))))))))))))))))))))) . . 2011-10-04 15:54 . 2011-10-05 11:49 -------- d-----w- C:\RECYCLER(3) 2011-10-04 15:25 . 2011-10-05 11:50 -------- d-----w- C:\RECYCLER(2) 2011-10-04 14:20 . 2011-10-04 14:20 -------- d-----w- c:\documents and settings\USUARIO\IECompatCache 2011-10-04 14:18 . 2011-10-04 14:18 -------- d-----w- c:\documents and settings\USUARIO\PrivacIE 2011-10-04 14:18 . 2011-10-04 14:18 -------- d-----w- c:\documents and settings\NetworkService\IETldCache 2011-10-04 14:17 . 2011-10-04 14:17 -------- d-----w- c:\documents and settings\USUARIO\IETldCache 2011-10-04 14:14 . 2011-10-04 14:14 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! 2011-10-04 14:14 . 2011-10-05 11:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion 2011-10-04 14:14 . 2011-10-04 14:14 -------- d-----w- c:\documents and settings\USUARIO\Dados de aplicativos\Yahoo! 2011-10-04 14:14 . 2011-10-05 11:51 -------- d-----w- c:\arquivos de programas\Yahoo! 2011-10-04 14:12 . 2011-10-05 11:51 -------- dc----w- c:\windows\ie8 2011-10-04 13:20 . 2011-10-04 13:20 -------- d-----w- c:\arquivos de programas\VS Revo Group . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\arquivos de programas\F-Secure\Common\FSM32.EXE" [2008-06-19 182936] "F-Secure TNB"="c:\arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" [2008-06-19 895584] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008] "run32"="c:\win\lsass.exe" [bU] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 15:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 07:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-23 21:05 143360 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] 2010-07-23 14:49 1755960 ----a-w- c:\arquivos de programas\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 03:47 31016 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 04:11 132496 ----a-w- c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1076:TCP"= 1076:TCP:xlwcnn . R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [14/9/2010 05:55 59808] R1 F-Secure HIPS;F-Secure HIPS;c:\arquivos de programas\F-Secure\HIPS\fshs.sys [14/9/2010 05:55 70752] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [22/9/2010 09:46 39424] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys [14/9/2010 05:54 72288] S2 asysyf;Installer Network;c:\windows\system32\svchost.exe -k netsvcs [14/4/2008 09:00 14336] S4 F-Secure Filter;F-Secure File System Filter;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsfilter.sys [14/9/2010 05:54 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsrec.sys [14/9/2010 05:54 25184] . Conteúdo da pasta 'Tarefas Agendadas' . 2011-10-05 c:\windows\Tasks\Scheduled scanning task.job - c:\arquiv~1\F-Secure\ANTI-V~1\fsav.exe [2010-09-14 09:18] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\arquivos de programas\F-Secure\FSPS\program\FSLSP.DLL TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 FF - ProfilePath - c:\documents and settings\USUARIO\Dados de aplicativos\Mozilla\Firefox\Profiles\0dvas703.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-05 14:18 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asysyf] "ServiceDll"="c:\windows\system32\bvngu.dll" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'lsass.exe'(592) c:\arquivos de programas\F-Secure\FSPS\program\FSLSP.DLL . - - - - - - - > 'explorer.exe'(3188) c:\windows\system32\ieframe.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe c:\arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe c:\arquivos de programas\F-Secure\Common\FSMA32.EXE c:\arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE c:\windows\system32\wdfmgr.exe c:\arquivos de programas\F-Secure\Common\FSMB32.EXE c:\arquivos de programas\F-Secure\Common\FCH32.EXE c:\arquivos de programas\F-Secure\Anti-Virus\fsqh.exe c:\arquivos de programas\F-Secure\Common\FAMEH32.EXE c:\arquivos de programas\F-Secure\FSGUI\fsguidll.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe c:\arquivos de programas\F-Secure\Common\FNRB32.EXE c:\arquivos de programas\F-Secure\Anti-Virus\fssm32.exe c:\arquivos de programas\F-Secure\FSAUA\program\fsaua.exe c:\arquivos de programas\F-Secure\Common\FIH32.EXE c:\arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe c:\arquivos de programas\F-Secure\Anti-Virus\fsav32.exe . ************************************************************************** . Tempo para conclusão: 2011-10-05 14:21:40 - Máquina reiniciou ComboFix-quarantined-files.txt 2011-10-05 17:21 . Pré-execução: 7 pasta(s) 148.759.228.416 bytes disponíveis Pós execução: 11 pasta(s) 148.711.800.832 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 11AC5829B8FB8847C3DA1EEE35B2DFE2 reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation old REG_MULTI_SZ = SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{039D458B-BCD8-4C0F-9142-E6D7FA920DFC}\NetbiosOptions added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{3F33B047-C548-4DEF-81BF-7C971825FD8B}\NetbiosOptions deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\DisableDynamicUpdate deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\IpAutoconfigurationSeed reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\UdpAllowedPorts old REG_MULTI_SZ = 0 added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88C7E1D9-6592-492A-96A5-F75BD0F1B26A}\AddressType added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88C7E1D9-6592-492A-96A5-F75BD0F1B26A}\DisableDynamicUpdate reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88C7E1D9-6592-492A-96A5-F75BD0F1B26A}\RawIpAllowedProtocols old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88C7E1D9-6592-492A-96A5-F75BD0F1B26A}\TcpAllowedPorts old REG_MULTI_SZ = 0 reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{88C7E1D9-6592-492A-96A5-F75BD0F1B26A}\UdpAllowedPorts old REG_MULTI_SZ = 0 deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution reset Linkage\UpperBind for USB\VID_A727&PID_6893\1.0. bad value was: REG_MULTI_SZ = PSched reset Linkage\UpperBind for PCI\VEN_1969&DEV_1048&SUBSYS_82261043&REV_B0\4&38D2602C&0&00E1. bad value was: REG_MULTI_SZ = PSched reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was: REG_MULTI_SZ = PSched <completed> deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\IpAutoconfigurationAddress deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\IpAutoconfigurationMask deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AF4190A-12F2-4C69-BBDC-DF92D0BB0A7E}\IpAutoconfigurationSeed <completed> Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 5, 2011 1. *Abra o bloco de notas e cole nele o código abaixo: File:: c:\windows\system32\bvngu.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "run32"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1076:TCP"= [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asysyf] Driver:: asysyf *Salve o arquivo no desktop como CFScript.txt *Arraste-o para o Combofix conforme ilustração abaixo: *Enquanto o combofix estiver em execução, não use o mouse nem o teclado!! *Cole o relatório apresentado 2. *Baixe o Repair Internet Explorer e salve-o no desktop *Execute-o e clique [start] Compartilhar este post Link para o post Compartilhar em outros sites
REDENTOR 0 Denunciar post Postado Outubro 6, 2011 Segue relatorio do Combofix abaixo. Instalei o repair internet explorer, mas o programa continua da mesma maneira. ComboFix 11-10-06.02 - USUARIO 06/10/2011 8:37.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1014.413 [GMT -3:00] Executando de: c:\documents and settings\USUARIO\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\USUARIO\Desktop\CFScript.txt AV: F-Secure Client Security 7.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Client Security 7.12 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . FILE :: "c:\windows\system32\bvngu.dll" . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\RECYCLER(2) c:\recycler(2)\S-1-5-21-1645522239-1229272821-1801674531-1004(2)\INFO2 C:\RECYCLER(3) c:\recycler(3)\S-1-5-21-1645522239-1229272821-1801674531-1004(2)\Dc11.htm c:\recycler(3)\S-1-5-21-1645522239-1229272821-1801674531-1004(2)\Dc12.htm c:\recycler(3)\S-1-5-21-1645522239-1229272821-1801674531-1004(2)\Dc13.txt c:\recycler(3)\S-1-5-21-1645522239-1229272821-1801674531-1004(2)\INFO2 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ASYSYF -------\Service_asysyf . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))) . . 2011-10-06 11:24 . 2011-10-06 11:24 -------- d-----w- c:\windows\system32\KB905474 2011-10-05 18:51 . 2010-12-09 15:13 2152960 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-10-05 18:51 . 2010-12-09 15:13 2196992 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-10-05 18:51 . 2010-12-09 15:13 2031104 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-10-05 18:51 . 2010-12-09 15:13 2073600 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-10-05 18:50 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-10-05 18:50 . 2008-06-14 17:34 272384 ------w- c:\windows\system32\drivers\bthport.sys 2011-10-05 18:48 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-10-05 12:26 . 2011-10-05 12:26 388096 ----a-r- c:\documents and settings\USUARIO\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-05 12:15 . 2011-10-05 12:15 -------- d-----w- c:\arquivos de programas\Trend Micro 2011-10-05 12:14 . 2011-10-05 12:05 1402880 ----a-w- C:\HiJackThis.msi 2011-10-04 13:20 . 2011-10-04 13:20 -------- d-----w- c:\arquivos de programas\VS Revo Group . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-09 09:12 . 2008-04-14 12:00 605184 ----a-w- c:\windows\system32\crypt32.dll 2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-10-05_17.18.13 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-14 12:00 . 2008-04-14 12:00 90112 c:\windows\system32\wshext.dll + 2008-04-14 12:00 . 2008-05-09 10:55 90112 c:\windows\system32\wshext.dll + 2008-04-14 12:00 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll + 2008-04-14 12:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe + 2008-04-14 12:00 . 2009-06-15 10:44 81408 c:\windows\system32\tlntsess.exe + 2008-04-14 12:00 . 2009-06-15 10:44 77824 c:\windows\system32\telnet.exe + 2010-08-17 12:33 . 2007-07-28 02:11 26488 c:\windows\system32\spupdsvc.exe + 2008-04-14 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\spoolsv.exe + 2010-08-17 12:33 . 2010-07-05 13:12 18296 c:\windows\system32\spmsg.dll + 2008-04-14 12:00 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll + 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe + 2008-04-14 12:00 . 2009-10-12 13:39 79872 c:\windows\system32\raschap.dll - 2008-04-14 12:00 . 2008-04-14 12:00 79872 c:\windows\system32\raschap.dll - 2008-04-14 12:00 . 2007-08-13 21:36 44544 c:\windows\system32\pngfilt.dll + 2008-04-14 12:00 . 2011-06-21 18:38 44544 c:\windows\system32\pngfilt.dll + 2008-04-14 12:00 . 2011-10-06 11:23 52174 c:\windows\system32\perfc016.dat - 2008-04-14 12:00 . 2011-02-14 10:31 52174 c:\windows\system32\perfc016.dat - 2008-04-14 12:00 . 2011-02-14 10:31 43342 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2011-10-06 11:23 43342 c:\windows\system32\perfc009.dat + 2010-08-17 12:13 . 2008-06-12 14:22 91648 c:\windows\system32\mtxoci.dll - 2010-08-17 12:13 . 2008-04-14 12:00 91648 c:\windows\system32\mtxoci.dll - 2008-04-14 12:00 . 2008-04-14 12:00 66560 c:\windows\system32\mtxclu.dll + 2008-04-14 12:00 . 2008-06-12 14:22 66560 c:\windows\system32\mtxclu.dll + 2008-04-13 19:20 . 2009-11-27 17:13 17920 c:\windows\system32\msyuv.dll + 2008-04-14 12:00 . 2009-11-27 16:08 28672 c:\windows\system32\msvidc32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\msrle32.dll + 2008-04-14 12:00 . 2009-11-27 16:08 11264 c:\windows\system32\msrle32.dll + 2007-08-13 21:54 . 2011-06-21 18:38 52224 c:\windows\system32\msfeedsbs.dll - 2010-08-17 12:13 . 2008-04-14 12:00 58880 c:\windows\system32\msdtclog.dll + 2010-08-17 12:13 . 2008-06-12 14:22 58880 c:\windows\system32\msdtclog.dll + 2008-04-14 12:00 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll + 2008-04-14 12:00 . 2009-09-04 21:04 58880 c:\windows\system32\msasn1.dll - 2008-04-14 12:00 . 2004-08-11 04:45 96768 c:\windows\system32\logagent.exe + 2008-04-14 12:00 . 2008-06-10 12:17 96768 c:\windows\system32\logagent.exe + 2008-04-14 12:00 . 2011-06-21 18:38 27648 c:\windows\system32\jsproxy.dll + 2008-04-13 19:20 . 2009-11-27 16:08 48128 c:\windows\system32\iyuv_32.dll - 2010-08-17 12:15 . 2008-04-14 12:00 86016 c:\windows\system32\isign32.dll + 2010-08-17 12:15 . 2010-11-18 18:15 86016 c:\windows\system32\isign32.dll + 2007-08-13 21:39 . 2011-06-21 11:46 13824 c:\windows\system32\ieudinit.exe + 2008-04-14 12:00 . 2011-06-21 18:38 44544 c:\windows\system32\iernonce.dll + 2008-04-14 12:00 . 2011-06-21 18:38 78336 c:\windows\system32\ieencode.dll + 2008-04-14 12:00 . 2011-06-21 11:46 70656 c:\windows\system32\ie4uinit.exe - 2008-04-14 12:00 . 2008-04-14 12:00 80384 c:\windows\system32\iccvid.dll + 2008-04-14 12:00 . 2010-06-17 14:03 80384 c:\windows\system32\iccvid.dll + 2007-08-13 21:36 . 2011-06-21 18:38 63488 c:\windows\system32\icardie.dll + 2008-04-14 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll + 2008-04-14 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\drivers\ndproxy.sys + 2008-04-14 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys - 2008-04-14 12:00 . 2008-04-14 12:00 45568 c:\windows\system32\dnsrslvr.dll + 2008-04-14 12:00 . 2009-04-20 17:19 45568 c:\windows\system32\dnsrslvr.dll - 2008-04-14 12:00 . 2008-04-14 12:00 90112 c:\windows\system32\dllcache\wshext.dll + 2008-04-14 12:00 . 2008-05-09 10:55 90112 c:\windows\system32\dllcache\wshext.dll + 2008-04-14 12:00 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll + 2010-08-17 12:15 . 2010-10-11 14:59 45568 c:\windows\system32\dllcache\wab.exe + 2008-04-14 12:00 . 2009-06-15 10:44 81408 c:\windows\system32\dllcache\tlntsess.exe + 2008-04-14 12:00 . 2009-06-15 10:44 77824 c:\windows\system32\dllcache\telnet.exe + 2008-04-14 12:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe + 2008-04-14 12:00 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll + 2008-04-14 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe - 2008-04-14 12:00 . 2008-04-14 12:00 79872 c:\windows\system32\dllcache\raschap.dll + 2008-04-14 12:00 . 2009-10-12 13:39 79872 c:\windows\system32\dllcache\raschap.dll - 2008-04-14 12:00 . 2007-08-13 21:36 44544 c:\windows\system32\dllcache\pngfilt.dll + 2008-04-14 12:00 . 2011-06-21 18:38 44544 c:\windows\system32\dllcache\pngfilt.dll + 2008-04-14 12:00 . 2010-11-02 15:17 40960 c:\windows\system32\dllcache\ndproxy.sys + 2008-04-14 12:00 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys + 2010-08-17 12:13 . 2008-06-12 14:22 91648 c:\windows\system32\dllcache\mtxoci.dll - 2010-08-17 12:13 . 2008-04-14 12:00 91648 c:\windows\system32\dllcache\mtxoci.dll + 2008-04-14 12:00 . 2008-06-12 14:22 66560 c:\windows\system32\dllcache\mtxclu.dll - 2008-04-14 12:00 . 2008-04-14 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll + 2009-11-27 17:13 . 2009-11-27 17:13 17920 c:\windows\system32\dllcache\msyuv.dll + 2008-04-14 12:00 . 2009-11-27 16:08 28672 c:\windows\system32\dllcache\msvidc32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 11264 c:\windows\system32\dllcache\msrle32.dll + 2008-04-14 12:00 . 2009-11-27 16:08 11264 c:\windows\system32\dllcache\msrle32.dll + 2011-06-21 18:38 . 2011-06-21 18:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll + 2010-08-17 12:13 . 2008-06-12 14:22 58880 c:\windows\system32\dllcache\msdtclog.dll - 2010-08-17 12:13 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll + 2008-04-14 12:00 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll + 2008-04-14 12:00 . 2009-09-04 21:04 58880 c:\windows\system32\dllcache\msasn1.dll - 2008-04-14 12:00 . 2004-08-11 04:45 96768 c:\windows\system32\dllcache\logagent.exe + 2008-04-14 12:00 . 2008-06-10 12:17 96768 c:\windows\system32\dllcache\logagent.exe + 2008-04-14 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys + 2008-04-14 12:00 . 2011-06-21 18:38 27648 c:\windows\system32\dllcache\jsproxy.dll + 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\system32\dllcache\iyuv_32.dll - 2010-08-17 12:15 . 2008-04-14 12:00 86016 c:\windows\system32\dllcache\isign32.dll + 2010-08-17 12:15 . 2010-11-18 18:15 86016 c:\windows\system32\dllcache\isign32.dll + 2011-06-21 11:46 . 2011-06-21 11:46 13824 c:\windows\system32\dllcache\ieudinit.exe + 2008-04-14 12:00 . 2011-06-21 18:38 44544 c:\windows\system32\dllcache\iernonce.dll + 2008-04-14 12:00 . 2011-06-21 18:38 78336 c:\windows\system32\dllcache\ieencode.dll + 2008-04-14 12:00 . 2011-06-21 11:46 70656 c:\windows\system32\dllcache\ie4uinit.exe + 2011-06-21 18:38 . 2011-06-21 18:38 63488 c:\windows\system32\dllcache\icardie.dll + 2008-04-14 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll - 2008-04-14 12:00 . 2008-04-14 12:00 45568 c:\windows\system32\dllcache\dnsrslvr.dll + 2008-04-14 12:00 . 2009-04-20 17:19 45568 c:\windows\system32\dllcache\dnsrslvr.dll + 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll + 2008-04-14 12:00 . 2011-06-21 18:38 17408 c:\windows\system32\dllcache\corpol.dll + 2008-04-14 12:00 . 2010-01-13 14:01 86528 c:\windows\system32\dllcache\cabview.dll + 2008-04-14 12:00 . 2009-11-27 16:08 85504 c:\windows\system32\dllcache\avifil32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 85504 c:\windows\system32\dllcache\avifil32.dll + 2008-04-14 12:00 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll - 2008-04-14 12:00 . 2008-04-14 12:00 58880 c:\windows\system32\dllcache\atl.dll + 2008-04-14 12:00 . 2010-03-05 14:38 65536 c:\windows\system32\dllcache\asycfilt.dll + 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll + 2008-04-14 12:00 . 2011-06-21 18:38 17408 c:\windows\system32\corpol.dll + 2008-04-14 12:00 . 2010-01-13 14:01 86528 c:\windows\system32\cabview.dll - 2008-04-14 12:00 . 2008-04-14 12:00 85504 c:\windows\system32\avifil32.dll + 2008-04-14 12:00 . 2009-11-27 16:08 85504 c:\windows\system32\avifil32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 58880 c:\windows\system32\atl.dll + 2008-04-14 12:00 . 2009-07-17 19:03 58880 c:\windows\system32\atl.dll + 2008-04-14 12:00 . 2010-03-05 14:38 65536 c:\windows\system32\asycfilt.dll + 2011-10-06 11:21 . 2007-08-13 21:36 44544 c:\windows\ie7updates\KB2559049-IE7\pngfilt.dll + 2011-10-06 11:21 . 2007-08-13 21:54 50688 c:\windows\ie7updates\KB2559049-IE7\msfeedsbs.dll + 2011-10-06 11:21 . 2007-08-13 21:54 27136 c:\windows\ie7updates\KB2559049-IE7\jsproxy.dll + 2011-10-06 11:21 . 2007-08-13 21:39 13312 c:\windows\ie7updates\KB2559049-IE7\ieudinit.exe + 2011-10-06 11:21 . 2007-08-13 21:39 43008 c:\windows\ie7updates\KB2559049-IE7\iernonce.dll + 2011-10-06 11:21 . 2008-04-14 12:00 81920 c:\windows\ie7updates\KB2559049-IE7\ieencode.dll + 2011-10-06 11:21 . 2007-08-13 21:39 54784 c:\windows\ie7updates\KB2559049-IE7\ie4uinit.exe + 2011-10-06 11:21 . 2007-08-13 21:36 61952 c:\windows\ie7updates\KB2559049-IE7\icardie.dll + 2011-10-06 11:21 . 2008-04-14 12:00 35328 c:\windows\ie7updates\KB2559049-IE7\corpol.dll + 2009-11-27 17:13 . 2009-11-27 17:13 17920 c:\windows\Driver Cache\i386\msyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\Driver Cache\i386\iyuv_32.dll + 2008-05-05 09:24 . 2011-02-17 12:54 5120 c:\windows\system32\xpsp4res.dll + 2001-09-05 23:50 . 2009-11-27 16:08 8704 c:\windows\system32\tsbyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\system32\dllcache\tsbyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\Driver Cache\i386\tsbyuv.dll - 2008-04-14 12:00 . 2008-04-14 12:00 155648 c:\windows\system32\wscript.exe + 2008-04-14 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe + 2008-04-14 12:00 . 2009-04-10 04:01 530280 c:\windows\system32\wmspdmod.dll + 2008-04-14 12:00 . 2009-07-12 15:21 233472 c:\windows\system32\wmpdxm.dll - 2008-04-14 12:00 . 2008-04-14 12:00 233472 c:\windows\system32\wmpdxm.dll + 2008-04-14 12:00 . 2007-10-20 09:01 227328 c:\windows\system32\wmasf.dll + 2008-04-14 12:00 . 2009-06-10 06:15 132096 c:\windows\system32\wkssvc.dll - 2008-04-14 12:00 . 2008-04-14 12:00 132096 c:\windows\system32\wkssvc.dll + 2008-04-14 12:00 . 2009-12-24 07:00 177664 c:\windows\system32\wintrust.dll - 2008-04-14 12:00 . 2008-04-14 12:00 293888 c:\windows\system32\winsrv.dll + 2008-04-14 12:00 . 2011-06-20 17:44 293888 c:\windows\system32\winsrv.dll + 2008-04-14 12:00 . 2011-06-21 18:38 832512 c:\windows\system32\wininet.dll - 2008-04-14 12:00 . 2008-04-14 12:00 354304 c:\windows\system32\winhttp.dll + 2008-04-14 12:00 . 2008-12-16 12:31 354304 c:\windows\system32\winhttp.dll + 2008-04-14 12:00 . 2011-06-21 18:38 233472 c:\windows\system32\webcheck.dll + 2010-08-17 12:13 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe + 2010-08-17 12:13 . 2009-02-09 10:53 453120 c:\windows\system32\wbem\wmiprvsd.dll + 2010-08-17 12:13 . 2009-02-09 10:53 473600 c:\windows\system32\wbem\fastprox.dll + 2008-04-14 12:00 . 2011-03-04 06:43 434176 c:\windows\system32\vbscript.dll - 2008-04-14 12:00 . 2008-04-14 12:00 434176 c:\windows\system32\vbscript.dll + 2008-04-14 12:00 . 2010-04-16 15:37 406016 c:\windows\system32\usp10.dll - 2008-04-14 12:00 . 2008-04-14 12:00 406016 c:\windows\system32\usp10.dll + 2008-04-14 12:00 . 2011-06-21 18:38 106496 c:\windows\system32\url.dll + 2008-04-14 12:00 . 2010-08-27 08:03 119808 c:\windows\system32\t2embed.dll + 2008-04-14 12:00 . 2009-08-26 08:01 247326 c:\windows\system32\strmdll.dll + 2008-04-14 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll - 2008-04-14 12:00 . 2008-04-14 12:00 135168 c:\windows\system32\shsvcs.dll - 2008-04-14 12:00 . 2008-04-14 12:00 474112 c:\windows\system32\shlwapi.dll + 2008-04-14 12:00 . 2009-12-08 09:24 474112 c:\windows\system32\shlwapi.dll + 2008-04-14 12:00 . 2011-01-21 14:44 440832 c:\windows\system32\shimgvw.dll + 2008-04-14 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\services.exe - 2008-04-14 12:00 . 2008-04-14 12:00 172032 c:\windows\system32\scrrun.dll + 2008-04-14 12:00 . 2008-05-09 10:55 172032 c:\windows\system32\scrrun.dll - 2008-04-14 12:00 . 2008-04-14 12:00 180224 c:\windows\system32\scrobj.dll + 2008-04-14 12:00 . 2008-05-09 10:55 180224 c:\windows\system32\scrobj.dll + 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\schannel.dll + 2008-04-14 12:00 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll - 2008-04-14 12:00 . 2008-04-14 12:00 270848 c:\windows\system32\sbe.dll + 2008-04-14 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\rpcss.dll + 2008-04-14 12:00 . 2010-08-16 08:44 590848 c:\windows\system32\rpcrt4.dll + 2008-04-14 12:00 . 2009-10-12 13:39 150016 c:\windows\system32\rastls.dll + 2008-04-14 12:00 . 2011-10-06 11:23 353142 c:\windows\system32\perfh016.dat - 2008-04-14 12:00 . 2011-02-14 10:31 353142 c:\windows\system32\perfh016.dat - 2008-04-14 12:00 . 2011-02-14 10:31 320138 c:\windows\system32\perfh009.dat + 2008-04-14 12:00 . 2011-10-06 11:23 320138 c:\windows\system32\perfh009.dat - 2008-04-14 12:00 . 2008-04-14 12:00 286208 c:\windows\system32\pdh.dll + 2008-04-14 12:00 . 2009-03-06 14:20 286208 c:\windows\system32\pdh.dll + 2008-04-14 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 551936 c:\windows\system32\oleaut32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 249856 c:\windows\system32\odbc32.dll + 2008-04-14 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\odbc32.dll + 2008-04-14 12:00 . 2011-06-21 18:38 102912 c:\windows\system32\occache.dll + 2008-04-14 12:00 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll - 2008-04-14 12:00 . 2008-04-14 12:00 271360 c:\windows\system32\oakley.dll + 2008-04-14 12:00 . 2010-12-09 15:15 734208 c:\windows\system32\ntdll.dll + 2008-04-14 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\netapi32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 337408 c:\windows\system32\netapi32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 247808 c:\windows\system32\mswsock.dll + 2008-04-14 12:00 . 2008-06-20 16:03 247808 c:\windows\system32\mswsock.dll + 2008-04-14 12:00 . 2009-08-05 09:00 205312 c:\windows\system32\mswebdvd.dll + 2008-04-14 12:00 . 2009-09-11 14:19 136192 c:\windows\system32\msv1_0.dll - 2010-08-17 12:13 . 2008-04-14 12:00 677888 c:\windows\system32\mstsc.exe + 2010-08-17 12:13 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe + 2008-04-14 12:00 . 2011-06-21 18:38 671232 c:\windows\system32\mstime.dll + 2008-04-14 12:00 . 2011-06-21 18:38 193024 c:\windows\system32\msrating.dll - 2010-08-17 12:13 . 2008-04-14 12:00 345600 c:\windows\system32\mspaint.exe + 2010-08-17 12:13 . 2009-12-17 07:41 345600 c:\windows\system32\mspaint.exe + 2008-04-14 12:00 . 2011-06-21 18:38 478720 c:\windows\system32\mshtmled.dll + 2007-08-13 21:54 . 2011-06-21 18:38 468480 c:\windows\system32\msfeeds.dll - 2010-08-17 12:13 . 2008-04-14 12:00 161792 c:\windows\system32\msdtcuiu.dll + 2010-08-17 12:13 . 2008-06-12 14:22 161792 c:\windows\system32\msdtcuiu.dll - 2010-08-17 12:13 . 2008-04-14 12:00 956928 c:\windows\system32\msdtctm.dll + 2010-08-17 12:13 . 2008-06-12 14:22 956928 c:\windows\system32\msdtctm.dll + 2010-08-17 12:13 . 2008-06-12 14:22 428032 c:\windows\system32\msdtcprx.dll + 2008-04-14 12:00 . 2010-04-05 14:54 384512 c:\windows\system32\mp4sdmod.dll - 2008-04-14 12:00 . 2008-04-14 12:00 384512 c:\windows\system32\mp4sdmod.dll + 2008-04-14 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll + 2008-04-14 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll + 2008-04-14 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\mfc40u.dll + 2008-04-14 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\mfc40.dll + 2008-04-14 12:00 . 2010-12-20 17:25 732672 c:\windows\system32\lsasrv.dll + 2008-04-14 12:00 . 2009-05-07 15:33 347136 c:\windows\system32\localspl.dll + 2008-04-14 12:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll + 2011-10-06 11:24 . 2009-03-11 01:18 454536 c:\windows\system32\KB905474\wgasetup.exe + 2008-04-14 12:00 . 2011-03-04 06:43 512000 c:\windows\system32\jscript.dll - 2008-04-14 12:00 . 2008-04-14 12:00 512000 c:\windows\system32\jscript.dll + 2010-08-17 12:15 . 2011-05-02 15:31 692736 c:\windows\system32\inetcomm.dll + 2007-08-13 21:34 . 2011-06-21 18:38 268288 c:\windows\system32\iertutil.dll + 2008-04-14 12:00 . 2011-06-21 18:38 192512 c:\windows\system32\iepeers.dll + 2008-04-14 12:00 . 2011-06-21 18:38 384512 c:\windows\system32\iedkcs32.dll + 2007-07-11 15:27 . 2011-06-21 18:38 380928 c:\windows\system32\ieapfltr.dll - 2008-04-14 12:00 . 2007-08-13 20:56 161792 c:\windows\system32\ieakui.dll + 2008-04-14 12:00 . 2011-06-20 11:27 161792 c:\windows\system32\ieakui.dll + 2008-04-14 12:00 . 2011-06-21 18:38 230400 c:\windows\system32\ieaksie.dll + 2008-04-14 12:00 . 2011-06-21 18:38 153088 c:\windows\system32\ieakeng.dll + 2008-04-14 12:00 . 2008-10-23 12:37 286720 c:\windows\system32\gdi32.dll + 2010-08-17 09:01 . 2011-10-06 11:18 263824 c:\windows\system32\FNTCACHE.DAT - 2010-08-17 09:01 . 2010-08-17 12:41 263824 c:\windows\system32\FNTCACHE.DAT + 2008-04-14 12:00 . 2011-06-21 18:38 133120 c:\windows\system32\extmgr.dll + 2008-04-14 12:00 . 2008-07-07 20:28 253952 c:\windows\system32\es.dll + 2008-04-14 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll - 2008-04-14 12:00 . 2008-04-14 12:00 186880 c:\windows\system32\encdec.dll - 2008-04-14 12:00 . 2007-08-13 21:35 214528 c:\windows\system32\dxtrans.dll + 2008-04-14 12:00 . 2011-06-21 18:38 214528 c:\windows\system32\dxtrans.dll + 2008-04-14 12:00 . 2011-06-21 18:38 347136 c:\windows\system32\dxtmsft.dll + 2008-04-14 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys + 2008-04-14 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys + 2008-04-14 12:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys + 2008-04-14 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys + 2010-08-17 12:13 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys - 2010-08-17 12:13 . 2008-04-14 12:00 139656 c:\windows\system32\drivers\rdpwd.sys + 2008-04-14 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\drivers\mup.sys + 2008-04-14 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\drivers\afd.sys + 2008-04-14 12:00 . 2011-03-03 06:54 149504 c:\windows\system32\dnsapi.dll - 2008-04-14 12:00 . 2008-04-14 12:00 155648 c:\windows\system32\dllcache\wscript.exe + 2008-04-14 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe + 2010-08-17 12:13 . 2010-07-16 11:57 218624 c:\windows\system32\dllcache\wordpad.exe + 2008-04-14 12:00 . 2009-04-10 04:01 530280 c:\windows\system32\dllcache\wmspdmod.dll - 2008-04-14 12:00 . 2008-04-14 12:00 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2008-04-14 12:00 . 2009-07-12 15:21 233472 c:\windows\system32\dllcache\wmpdxm.dll + 2010-08-17 12:13 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe + 2010-08-17 12:13 . 2009-02-09 10:53 453120 c:\windows\system32\dllcache\wmiprvsd.dll + 2008-04-14 12:00 . 2007-10-20 09:01 227328 c:\windows\system32\dllcache\wmasf.dll + 2008-04-14 12:00 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll - 2008-04-14 12:00 . 2008-04-14 12:00 132096 c:\windows\system32\dllcache\wkssvc.dll + 2008-04-14 12:00 . 2009-12-24 07:00 177664 c:\windows\system32\dllcache\wintrust.dll + 2008-04-14 12:00 . 2011-06-20 17:44 293888 c:\windows\system32\dllcache\winsrv.dll - 2008-04-14 12:00 . 2008-04-14 12:00 293888 c:\windows\system32\dllcache\winsrv.dll + 2008-04-14 12:00 . 2011-06-21 18:38 832512 c:\windows\system32\dllcache\wininet.dll - 2008-04-14 12:00 . 2008-04-14 12:00 354304 c:\windows\system32\dllcache\winhttp.dll + 2008-04-14 12:00 . 2008-12-16 12:31 354304 c:\windows\system32\dllcache\winhttp.dll + 2008-04-14 12:00 . 2011-06-21 18:38 233472 c:\windows\system32\dllcache\webcheck.dll + 2010-08-17 12:15 . 2011-04-30 08:50 766464 c:\windows\system32\dllcache\vgx.dll - 2008-04-14 12:00 . 2008-04-14 12:00 434176 c:\windows\system32\dllcache\vbscript.dll + 2008-04-14 12:00 . 2011-03-04 06:43 434176 c:\windows\system32\dllcache\vbscript.dll - 2008-04-14 12:00 . 2008-04-14 12:00 406016 c:\windows\system32\dllcache\usp10.dll + 2008-04-14 12:00 . 2010-04-16 15:37 406016 c:\windows\system32\dllcache\usp10.dll + 2008-04-14 12:00 . 2011-06-21 18:38 106496 c:\windows\system32\dllcache\url.dll + 2010-08-17 12:15 . 2009-06-21 21:48 153088 c:\windows\system32\dllcache\triedit.dll - 2010-08-17 12:15 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\triedit.dll + 2008-04-14 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys + 2008-04-14 12:00 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys + 2008-04-14 12:00 . 2010-08-27 08:03 119808 c:\windows\system32\dllcache\t2embed.dll + 2008-04-14 12:00 . 2009-08-26 08:01 247326 c:\windows\system32\dllcache\strmdll.dll + 2008-04-14 12:00 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys + 2008-04-14 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll - 2008-04-14 12:00 . 2008-04-14 12:00 135168 c:\windows\system32\dllcache\shsvcs.dll + 2008-04-14 12:00 . 2009-12-08 09:24 474112 c:\windows\system32\dllcache\shlwapi.dll - 2008-04-14 12:00 . 2008-04-14 12:00 474112 c:\windows\system32\dllcache\shlwapi.dll + 2008-04-14 12:00 . 2011-01-21 14:44 440832 c:\windows\system32\dllcache\shimgvw.dll + 2008-04-14 12:00 . 2009-02-09 11:25 111104 c:\windows\system32\dllcache\services.exe + 2008-04-14 12:00 . 2008-05-09 10:55 172032 c:\windows\system32\dllcache\scrrun.dll - 2008-04-14 12:00 . 2008-04-14 12:00 172032 c:\windows\system32\dllcache\scrrun.dll - 2008-04-14 12:00 . 2008-04-14 12:00 180224 c:\windows\system32\dllcache\scrobj.dll + 2008-04-14 12:00 . 2008-05-09 10:55 180224 c:\windows\system32\dllcache\scrobj.dll + 2008-04-14 12:00 . 2011-04-29 17:25 151552 c:\windows\system32\dllcache\schannel.dll - 2008-04-14 12:00 . 2008-04-14 12:00 270848 c:\windows\system32\dllcache\sbe.dll + 2008-04-14 12:00 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll + 2008-04-14 12:00 . 2009-02-09 10:53 401408 c:\windows\system32\dllcache\rpcss.dll + 2008-04-14 12:00 . 2010-08-16 08:44 590848 c:\windows\system32\dllcache\rpcrt4.dll + 2008-04-14 12:00 . 2008-05-08 14:02 203136 c:\windows\system32\dllcache\rmcast.sys + 2010-08-17 12:13 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys - 2010-08-17 12:13 . 2008-04-14 12:00 139656 c:\windows\system32\dllcache\rdpwd.sys + 2008-04-14 12:00 . 2009-10-12 13:39 150016 c:\windows\system32\dllcache\rastls.dll - 2008-04-14 12:00 . 2008-04-14 12:00 286208 c:\windows\system32\dllcache\pdh.dll + 2008-04-14 12:00 . 2009-03-06 14:20 286208 c:\windows\system32\dllcache\pdh.dll + 2008-04-14 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 551936 c:\windows\system32\dllcache\oleaut32.dll + 2008-04-14 12:00 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 249856 c:\windows\system32\dllcache\odbc32.dll + 2008-04-14 12:00 . 2011-06-21 18:38 102912 c:\windows\system32\dllcache\occache.dll + 2008-04-14 12:00 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll - 2008-04-14 12:00 . 2008-04-14 12:00 271360 c:\windows\system32\dllcache\oakley.dll + 2008-04-14 12:00 . 2010-12-09 15:15 734208 c:\windows\system32\dllcache\ntdll.dll - 2008-04-14 12:00 . 2008-04-14 12:00 337408 c:\windows\system32\dllcache\netapi32.dll + 2008-04-14 12:00 . 2008-10-15 16:36 337408 c:\windows\system32\dllcache\netapi32.dll + 2008-04-14 12:00 . 2011-04-21 13:37 105472 c:\windows\system32\dllcache\mup.sys + 2008-04-14 12:00 . 2008-06-20 16:03 247808 c:\windows\system32\dllcache\mswsock.dll - 2008-04-14 12:00 . 2008-04-14 12:00 247808 c:\windows\system32\dllcache\mswsock.dll + 2008-04-14 12:00 . 2009-08-05 09:00 205312 c:\windows\system32\dllcache\mswebdvd.dll + 2008-04-14 12:00 . 2009-09-11 14:19 136192 c:\windows\system32\dllcache\msv1_0.dll + 2008-04-14 12:00 . 2011-06-21 18:38 671232 c:\windows\system32\dllcache\mstime.dll + 2008-04-14 12:00 . 2011-06-21 18:38 193024 c:\windows\system32\dllcache\msrating.dll - 2010-08-17 12:13 . 2008-04-14 12:00 345600 c:\windows\system32\dllcache\mspaint.exe + 2010-08-17 12:13 . 2009-12-17 07:41 345600 c:\windows\system32\dllcache\mspaint.exe + 2010-08-17 12:15 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll - 2010-08-17 12:15 . 2008-04-14 12:00 102400 c:\windows\system32\dllcache\msjro.dll + 2008-04-14 12:00 . 2011-06-21 18:38 478720 c:\windows\system32\dllcache\mshtmled.dll + 2011-06-21 18:38 . 2011-06-21 18:38 468480 c:\windows\system32\dllcache\msfeeds.dll - 2010-08-17 12:13 . 2008-04-14 12:00 161792 c:\windows\system32\dllcache\msdtcuiu.dll + 2010-08-17 12:13 . 2008-06-12 14:22 161792 c:\windows\system32\dllcache\msdtcuiu.dll - 2010-08-17 12:13 . 2008-04-14 12:00 956928 c:\windows\system32\dllcache\msdtctm.dll + 2010-08-17 12:13 . 2008-06-12 14:22 956928 c:\windows\system32\dllcache\msdtctm.dll + 2010-08-17 12:13 . 2008-06-12 14:22 428032 c:\windows\system32\dllcache\msdtcprx.dll - 2010-08-17 12:15 . 2008-04-14 12:00 200704 c:\windows\system32\dllcache\msadox.dll + 2010-08-17 12:15 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll - 2010-08-17 12:15 . 2008-04-14 12:00 180224 c:\windows\system32\dllcache\msadomd.dll + 2010-08-17 12:15 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll - 2010-08-17 12:15 . 2008-04-14 12:00 536576 c:\windows\system32\dllcache\msado15.dll + 2010-08-17 12:15 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll - 2010-08-17 12:15 . 2008-04-14 12:00 143360 c:\windows\system32\dllcache\msadco.dll + 2010-08-17 12:15 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll + 2010-08-17 12:15 . 2008-05-01 14:36 331776 c:\windows\system32\dllcache\msadce.dll - 2010-08-17 12:15 . 2008-04-14 12:00 331776 c:\windows\system32\dllcache\msadce.dll - 2008-04-14 12:00 . 2008-04-14 12:00 384512 c:\windows\system32\dllcache\mp4sdmod.dll + 2008-04-14 12:00 . 2010-04-05 14:54 384512 c:\windows\system32\dllcache\mp4sdmod.dll + 2008-04-14 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll + 2008-04-14 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll + 2008-04-14 12:00 . 2010-09-18 06:53 953856 c:\windows\system32\dllcache\mfc40u.dll + 2008-04-14 12:00 . 2010-09-18 06:53 954368 c:\windows\system32\dllcache\mfc40.dll + 2008-04-14 12:00 . 2010-12-20 17:25 732672 c:\windows\system32\dllcache\lsasrv.dll + 2008-04-14 12:00 . 2009-05-07 15:33 347136 c:\windows\system32\dllcache\localspl.dll + 2010-08-17 12:13 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe - 2010-08-17 12:13 . 2008-04-14 12:00 677888 c:\windows\system32\dllcache\lhmstsc.exe + 2008-04-14 12:00 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll - 2008-04-14 12:00 . 2008-04-14 12:00 512000 c:\windows\system32\dllcache\jscript.dll + 2008-04-14 12:00 . 2011-03-04 06:43 512000 c:\windows\system32\dllcache\jscript.dll + 2010-08-17 12:15 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll + 2010-08-17 12:15 . 2011-06-20 11:29 634648 c:\windows\system32\dllcache\iexplore.exe + 2011-06-21 18:38 . 2011-06-21 18:38 268288 c:\windows\system32\dllcache\iertutil.dll + 2008-04-14 12:00 . 2011-06-21 18:38 192512 c:\windows\system32\dllcache\iepeers.dll + 2008-04-14 12:00 . 2011-06-21 18:38 384512 c:\windows\system32\dllcache\iedkcs32.dll + 2011-06-21 18:38 . 2011-06-21 18:38 380928 c:\windows\system32\dllcache\ieapfltr.dll + 2008-04-14 12:00 . 2011-06-20 11:27 161792 c:\windows\system32\dllcache\ieakui.dll - 2008-04-14 12:00 . 2007-08-13 20:56 161792 c:\windows\system32\dllcache\ieakui.dll + 2008-04-14 12:00 . 2011-06-21 18:38 230400 c:\windows\system32\dllcache\ieaksie.dll + 2008-04-14 12:00 . 2011-06-21 18:38 153088 c:\windows\system32\dllcache\ieakeng.dll - 2010-08-17 12:15 . 2008-04-14 12:00 744448 c:\windows\system32\dllcache\helpsvc.exe + 2010-08-17 12:15 . 2010-06-14 14:31 744448 c:\windows\system32\dllcache\helpsvc.exe + 2008-04-14 12:00 . 2008-10-23 12:37 286720 c:\windows\system32\dllcache\gdi32.dll + 2010-08-17 12:13 . 2009-02-09 10:53 473600 c:\windows\system32\dllcache\fastprox.dll + 2008-04-14 12:00 . 2011-06-21 18:38 133120 c:\windows\system32\dllcache\extmgr.dll + 2008-04-14 12:00 . 2008-07-07 20:28 253952 c:\windows\system32\dllcache\es.dll + 2008-04-14 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll - 2008-04-14 12:00 . 2008-04-14 12:00 186880 c:\windows\system32\dllcache\encdec.dll - 2008-04-14 12:00 . 2007-08-13 21:35 214528 c:\windows\system32\dllcache\dxtrans.dll + 2008-04-14 12:00 . 2011-06-21 18:38 214528 c:\windows\system32\dllcache\dxtrans.dll + 2008-04-14 12:00 . 2011-06-21 18:38 347136 c:\windows\system32\dllcache\dxtmsft.dll + 2008-04-14 12:00 . 2011-03-03 06:54 149504 c:\windows\system32\dllcache\dnsapi.dll + 2008-04-14 12:00 . 2008-05-09 08:45 135168 c:\windows\system32\dllcache\cscript.exe - 2008-04-14 12:00 . 2008-04-14 12:00 605184 c:\windows\system32\dllcache\crypt32.dll + 2008-04-14 12:00 . 2011-09-09 09:12 605184 c:\windows\system32\dllcache\crypt32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\dllcache\comctl32.dll + 2008-04-14 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll + 2008-04-14 12:00 . 2011-02-15 12:56 290432 c:\windows\system32\dllcache\atmfd.dll + 2008-04-14 12:00 . 2011-02-16 13:22 138496 c:\windows\system32\dllcache\afd.sys + 2008-04-14 12:00 . 2011-06-21 18:38 124928 c:\windows\system32\dllcache\advpack.dll + 2008-04-14 12:00 . 2009-02-09 10:53 683520 c:\windows\system32\dllcache\advapi32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 683520 c:\windows\system32\dllcache\advapi32.dll + 2008-04-14 12:00 . 2009-11-21 15:58 471552 c:\windows\system32\dllcache\aclayers.dll + 2008-04-14 12:00 . 2010-02-12 04:34 100864 c:\windows\system32\dllcache\6to4svc.dll + 2008-04-14 12:00 . 2008-05-09 08:45 135168 c:\windows\system32\cscript.exe - 2008-04-14 12:00 . 2008-04-14 12:00 617472 c:\windows\system32\comctl32.dll + 2008-04-14 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\comctl32.dll + 2008-04-14 12:00 . 2011-02-15 12:56 290432 c:\windows\system32\atmfd.dll + 2008-04-14 12:00 . 2011-06-21 18:38 124928 c:\windows\system32\advpack.dll + 2008-04-14 12:00 . 2009-02-09 10:53 683520 c:\windows\system32\advapi32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 683520 c:\windows\system32\advapi32.dll + 2008-04-14 12:00 . 2010-02-12 04:34 100864 c:\windows\system32\6to4svc.dll + 2010-08-17 12:15 . 2010-06-14 14:31 744448 c:\windows\pchealth\helpctr\binaries\helpsvc.exe - 2010-08-17 12:15 . 2008-04-14 12:00 744448 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe + 2011-10-06 11:21 . 2007-08-13 21:54 818688 c:\windows\ie7updates\KB2559049-IE7\wininet.dll + 2011-10-06 11:21 . 2007-08-13 21:54 231424 c:\windows\ie7updates\KB2559049-IE7\webcheck.dll + 2011-10-06 11:21 . 2007-08-13 21:44 105984 c:\windows\ie7updates\KB2559049-IE7\url.dll + 2011-10-06 11:21 . 2010-07-05 13:12 395128 c:\windows\ie7updates\KB2559049-IE7\spuninst\updspapi.dll + 2011-10-06 11:21 . 2010-07-05 13:12 233336 c:\windows\ie7updates\KB2559049-IE7\spuninst\spuninst.exe + 2011-10-06 11:21 . 2007-08-13 21:44 101376 c:\windows\ie7updates\KB2559049-IE7\occache.dll + 2011-10-06 11:21 . 2007-08-13 21:54 670720 c:\windows\ie7updates\KB2559049-IE7\mstime.dll + 2011-10-06 11:21 . 2007-08-13 21:44 192000 c:\windows\ie7updates\KB2559049-IE7\msrating.dll + 2011-10-06 11:21 . 2007-08-13 21:54 475648 c:\windows\ie7updates\KB2559049-IE7\mshtmled.dll + 2011-10-06 11:21 . 2007-08-13 21:54 458752 c:\windows\ie7updates\KB2559049-IE7\msfeeds.dll + 2011-10-06 11:21 . 2007-08-13 21:43 622080 c:\windows\ie7updates\KB2559049-IE7\iexplore.exe + 2011-10-06 11:21 . 2007-08-13 21:34 266752 c:\windows\ie7updates\KB2559049-IE7\iertutil.dll + 2011-10-06 11:21 . 2007-08-13 21:54 191488 c:\windows\ie7updates\KB2559049-IE7\iepeers.dll + 2011-10-06 11:21 . 2007-08-13 21:39 382976 c:\windows\ie7updates\KB2559049-IE7\iedkcs32.dll + 2011-10-06 11:21 . 2007-07-11 15:27 383488 c:\windows\ie7updates\KB2559049-IE7\ieapfltr.dll + 2011-10-06 11:21 . 2007-08-13 20:56 161792 c:\windows\ie7updates\KB2559049-IE7\ieakui.dll + 2011-10-06 11:21 . 2007-08-13 21:39 229376 c:\windows\ie7updates\KB2559049-IE7\ieaksie.dll + 2011-10-06 11:21 . 2007-08-13 21:39 152064 c:\windows\ie7updates\KB2559049-IE7\ieakeng.dll + 2011-10-06 11:21 . 2007-08-13 21:54 131584 c:\windows\ie7updates\KB2559049-IE7\extmgr.dll + 2011-10-06 11:21 . 2007-08-13 21:35 214528 c:\windows\ie7updates\KB2559049-IE7\dxtrans.dll + 2011-10-06 11:21 . 2007-08-13 21:35 346624 c:\windows\ie7updates\KB2559049-IE7\dxtmsft.dll + 2011-10-06 11:21 . 2007-08-13 21:39 123904 c:\windows\ie7updates\KB2559049-IE7\advpack.dll + 2011-10-05 19:25 . 2007-08-13 21:54 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll + 2011-10-05 19:25 . 2010-07-05 13:12 395128 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll + 2011-10-05 19:25 . 2010-07-05 13:12 233336 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe + 2011-10-05 18:48 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys + 2011-10-05 18:50 . 2008-06-14 17:34 272384 c:\windows\Driver Cache\i386\bthport.sys + 2008-04-14 12:00 . 2009-11-21 15:58 471552 c:\windows\AppPatch\aclayers.dll + 2011-10-05 18:09 . 2010-10-23 00:48 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll + 2011-10-05 18:48 . 2010-08-23 16:11 1054208 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll + 2008-04-14 12:00 . 2010-04-03 06:33 2365288 c:\windows\system32\WMVCore.dll + 2008-04-14 12:00 . 2010-08-26 20:16 4886528 c:\windows\system32\wmp.dll + 2008-04-14 12:00 . 2008-06-10 14:37 1026048 c:\windows\system32\WMNetmgr.dll + 2008-04-14 12:00 . 2011-06-06 11:35 1859072 c:\windows\system32\win32k.sys + 2008-04-14 12:00 . 2011-06-21 18:38 1168896 c:\windows\system32\urlmon.dll + 2008-04-14 12:00 . 2011-01-21 14:44 8492032 c:\windows\system32\shell32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 1439744 c:\windows\system32\query.dll + 2008-04-14 12:00 . 2009-07-17 16:17 1439744 c:\windows\system32\query.dll + 2008-04-14 12:00 . 2010-02-05 18:26 1296384 c:\windows\system32\quartz.dll + 2008-04-14 12:00 . 2010-07-16 12:00 1287680 c:\windows\system32\ole32.dll + 2008-04-14 12:00 . 2010-12-09 15:13 2152960 c:\windows\system32\ntoskrnl.exe + 2008-04-13 19:00 . 2010-12-09 15:13 2031104 c:\windows\system32\ntkrnlpa.exe + 2008-04-14 12:00 . 2009-07-31 13:03 1372672 c:\windows\system32\msxml6.dll + 2008-04-14 12:00 . 2010-06-14 07:42 1172480 c:\windows\system32\msxml3.dll + 2010-08-17 12:13 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll + 2008-04-14 12:00 . 2011-07-22 16:30 3613696 c:\windows\system32\mshtml.dll + 2008-04-14 12:00 . 2009-03-21 14:08 1028608 c:\windows\system32\kernel32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 1028608 c:\windows\system32\kernel32.dll + 2011-10-06 11:24 . 2009-03-11 01:26 1434496 c:\windows\system32\KB905474\wganotifypackageinner.exe + 2007-08-13 21:54 . 2011-06-21 18:38 6076416 c:\windows\system32\ieframe.dll + 2008-04-14 12:00 . 2010-04-03 06:33 2365288 c:\windows\system32\dllcache\WMVCore.dll + 2008-04-14 12:00 . 2010-08-26 20:16 4886528 c:\windows\system32\dllcache\wmp.dll + 2008-04-14 12:00 . 2008-06-10 14:37 1026048 c:\windows\system32\dllcache\WMNetmgr.dll + 2008-04-14 12:00 . 2011-06-06 11:35 1859072 c:\windows\system32\dllcache\win32k.sys + 2008-04-14 12:00 . 2011-06-21 18:38 1168896 c:\windows\system32\dllcache\urlmon.dll + 2008-04-14 12:00 . 2011-01-21 14:44 8492032 c:\windows\system32\dllcache\shell32.dll + 2008-04-14 12:00 . 2009-07-17 16:17 1439744 c:\windows\system32\dllcache\query.dll - 2008-04-14 12:00 . 2008-04-14 12:00 1439744 c:\windows\system32\dllcache\query.dll + 2008-04-14 12:00 . 2010-02-05 18:26 1296384 c:\windows\system32\dllcache\quartz.dll + 2008-04-14 12:00 . 2010-07-16 12:00 1287680 c:\windows\system32\dllcache\ole32.dll + 2008-04-14 12:00 . 2009-07-31 13:03 1372672 c:\windows\system32\dllcache\msxml6.dll + 2008-04-14 12:00 . 2010-06-14 07:42 1172480 c:\windows\system32\dllcache\msxml3.dll + 2009-06-10 12:21 . 2009-06-10 12:21 2066432 c:\windows\system32\dllcache\mstscax.dll + 2010-08-17 12:15 . 2010-01-29 15:00 1315328 c:\windows\system32\dllcache\msoe.dll + 2008-04-14 12:00 . 2011-07-22 16:30 3613696 c:\windows\system32\dllcache\mshtml.dll - 2010-08-17 12:15 . 2008-04-14 12:00 3558912 c:\windows\system32\dllcache\moviemk.exe + 2010-08-17 12:15 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe + 2010-08-17 12:13 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll + 2008-04-14 12:00 . 2009-03-21 14:08 1028608 c:\windows\system32\dllcache\kernel32.dll - 2008-04-14 12:00 . 2008-04-14 12:00 1028608 c:\windows\system32\dllcache\kernel32.dll + 2011-06-21 18:38 . 2011-06-21 18:38 6076416 c:\windows\system32\dllcache\ieframe.dll + 2010-07-05 20:32 . 2010-07-05 20:32 2452872 c:\windows\system32\dllcache\ieapfltr.dat + 2011-10-06 11:21 . 2007-08-13 21:54 1162240 c:\windows\ie7updates\KB2559049-IE7\urlmon.dll + 2011-10-06 11:21 . 2007-08-13 21:54 3578368 c:\windows\ie7updates\KB2559049-IE7\mshtml.dll + 2011-10-06 11:21 . 2007-08-13 21:54 6049280 c:\windows\ie7updates\KB2559049-IE7\ieframe.dll + 2011-10-05 18:51 . 2010-12-09 15:13 2196992 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2011-10-05 18:51 . 2010-12-09 15:13 2031104 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2011-10-05 18:51 . 2010-12-09 15:13 2073600 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2011-10-05 18:51 . 2010-12-09 15:13 2152960 c:\windows\Driver Cache\i386\ntkrnlmp.exe . -- Snapshot resetado para data atual -- . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"="c:\arquivos de programas\F-Secure\Common\FSM32.EXE" [2008-06-19 182936] "F-Secure TNB"="c:\arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" [2008-06-19 895584] "SkyTel"="SkyTel.EXE" [2007-04-04 1822720] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 15:08 935288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 07:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2006-12-23 21:05 143360 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] 2010-07-23 14:49 1755960 ----a-w- c:\arquivos de programas\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 03:47 31016 ----a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 04:11 132496 ----a-w- c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1076:TCP"= 1076:TCP:xlwcnn . R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [14/9/2010 05:55 59808] R1 F-Secure HIPS;F-Secure HIPS;c:\arquivos de programas\F-Secure\HIPS\fshs.sys [14/9/2010 05:55 70752] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [22/9/2010 09:46 39424] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys [14/9/2010 05:54 72288] S4 F-Secure Filter;F-Secure File System Filter;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsfilter.sys [14/9/2010 05:54 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\arquivos de programas\F-Secure\Anti-Virus\win2k\fsrec.sys [14/9/2010 05:54 25184] . Conteúdo da pasta 'Tarefas Agendadas' . 2011-10-06 c:\windows\Tasks\Scheduled scanning task.job - c:\arquiv~1\F-Secure\ANTI-V~1\fsav.exe [2010-09-14 09:18] . 2011-10-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2011-10-06 01:18] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 200.204.0.10 200.204.0.138 FF - ProfilePath - c:\documents and settings\USUARIO\Dados de aplicativos\Mozilla\Firefox\Profiles\0dvas703.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-06 08:42 Windows 5.1.2600 Service Pack 3 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'explorer.exe'(3204) c:\windows\system32\WININET.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe c:\arquivos de programas\F-Secure\Common\FSMA32.EXE c:\arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE c:\windows\system32\wdfmgr.exe c:\arquivos de programas\F-Secure\Common\FSMB32.EXE c:\arquivos de programas\F-Secure\Common\FCH32.EXE c:\arquivos de programas\F-Secure\Common\FAMEH32.EXE c:\arquivos de programas\F-Secure\Anti-Virus\fsqh.exe c:\arquivos de programas\F-Secure\Common\FNRB32.EXE c:\arquivos de programas\F-Secure\Anti-Virus\fssm32.exe c:\arquivos de programas\F-Secure\FSAUA\program\fsaua.exe c:\arquivos de programas\F-Secure\Common\FIH32.EXE c:\arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe c:\arquivos de programas\F-Secure\FSGUI\fsguidll.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe c:\arquivos de programas\F-Secure\Anti-Virus\fsav32.exe . ************************************************************************** . Tempo para conclusão: 2011-10-06 08:48:25 - Máquina reiniciou ComboFix-quarantined-files.txt 2011-10-06 11:46 ComboFix2.txt 2011-10-05 17:21 . Pré-execução: 10 pasta(s) 147.082.510.336 bytes disponíveis Pós execução: 9 pasta(s) 147.041.132.544 bytes disponíveis . - - End Of File - - FCF51AEF97F810109D0D6D5A6CEE78C7 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:08:31, on 6/10/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17099) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\F-Secure\Common\FSM32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE C:\Arquivos de programas\F-Secure\Common\FSMB32.EXE C:\Arquivos de programas\F-Secure\Common\FCH32.EXE C:\Arquivos de programas\F-Secure\Common\FAMEH32.EXE C:\Arquivos de programas\F-Secure\Anti-Virus\fsqh.exe C:\Arquivos de programas\F-Secure\FSGUI\fsguidll.exe C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe C:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe C:\Arquivos de programas\F-Secure\Common\FIH32.EXE C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: Agente de Gerenciamento do F-Secure (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- End of file - 6462 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 6, 2011 Seu log está limpo. 1. *Clique [iniciar] > [Executar] > digite: c:\documents and settings\USUARIO\Desktop\ComboFix.exe /uninstall *Clique [OK] e aguarde a mensagem: "ComboFix está desinstalado" 2. *Delete o Internet Explorer e o Repair Winsock_DNS Cache 3. *Clique em [iniciar] > [Executar] > digite: sfc /scannow *Clique OK *Será solicitado o cd do Windows *Coloque-o no CD-Rom e aguarde o término.... *Retire o CD e reinicie o PC Caso não resolva, tente reinstalar o Internet Explorer. Algumas orientações da Microsoft: http://support.microsoft.com/kb/967896/pt-br Mais nada a fazer. Compartilhar este post Link para o post Compartilhar em outros sites
REDENTOR 0 Denunciar post Postado Outubro 10, 2011 Olá! Eu tentei desinstalar o Combofix, mas apareceu mensagem de que não era possível localizar "documents anda settings". Então, deletei a pasta do Combofix. Posso deletar a Qoobox, também? Consegui reinstalar o I. Explorer. Obrigada pela ajuda Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Outubro 10, 2011 Olá! O Wings teve que fazer uma viagem, então estou respondendo no lugar dele. __________________ Posso deletar a Qoobox, também? Sim, pode deletar a Qoobox também. __________________ Consegui reinstalar o I. Explorer. Obrigada pela ajuda :thumbsup: Ficamos felizes que o problema foi resolvido. Conte sempre conosco! Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Outubro 10, 2011 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
