Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Chourisso

[Segundo Tópico] Ajuda por favor

Recommended Posts

Descobri que meu cpu tinha sido infectado por alguns vírus/trojans. Todos os programas listados a seguir foram utilizados nos modos normal e de segurança do Windows XP:

-Avast

-Lavasoft Ad-Ware

-Spybot Search&Destroy

-Online Freescan by McAfee

Várias coisas foram achadas e deletadas porém algumas não conseguem ser removidas. Tenho certeza que o cpu ainda está infectado porque sempre que starto o IE ou abro alguma nova janela nele é como se o explorer do windows desse um pequeno boot, reloadando os atalhos no desktop e os ícones no tray ao lado do relógio (nem todos os ícones voltam ao tray, alguns somem). Outra coisa que está me deixando encucado é que não consigo mais atualizar o windows pelo update. Por mais que eu mude as configurações (inclusive pelo caminho no executar) a atualização sempre fica desativada e não me permite utilizar o update. Segue abaixo o log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:03:04, on 21/6/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ventrilo\Ventrilo.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

D:\Jogos\Warcraft III\ggg\GG E-Sports Platform\Garena.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: vrmdtneg - {2A9788F6-727D-4CEE-9C9F-A6D2A47FD34A} - (no file)

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [4f992e16] rundll32.exe "C:\WINDOWS\system32\jdyvctbv.dll",b

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/.../GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/app...jolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.atrativa.com.br/games/app...pcaploader.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br...bPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...21/mcfscan.cab

O21 - SSODL: wpvmqosg - {74FE8159-52EE-48F7-9003-68B95F8797F8} - (no file)

O21 - SSODL: xvorfwbd - {FAF34F9C-4712-4642-8555-3E69FB8D518A} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 10703 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Chourisso

<!> Existem,no seu PC,infecções por:

<!> Trojan.Vundo

<!> Adware.Agent malware

<!> Trojan/Backdoor

<!> Maiores detalhes:

<!> < Link 1 >

<!> < Link 2 >

<!> O Vundo,é um malware de difícil remoção,obrigando-nos a repetir/modificar procedimentos e manter o computador atualizado.

---------------------

<@> Faça o download do ComboFix.

<@> Baixe-o para o Desktop!

<@> Desabilite as proteções residente de: Antivírus,Antispywares e Firewall.

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

Salve-a no Desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix em Modo de Segurança.

<@> Abrirá a janela Auto Scan. Aguarde!

<@> Digite a opção para continuar e < Enter >

<@> Aguarde a conclusão! Durante o scan,evite tocar no mouse ou teclado!

---------------------

<@> Poste o relatório: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Joram,

Segui todos os procedimentos indicados mas alguma coisa não está dando certo. Sempre após o combofix informar que modificou o relógio etc.. o hd faz um barulho e o pc reinicia. Mesmo após salvar como Kombo. Não consigo "tirar" o avast do tray, como fazia quando usava o AVG, apenas consgio pausar todas as proteções, mas o logo do avast continua no tray, será que isso pode estar atrapalhando?

Sobre a "travada" após o combofix informar sobre a modificação do relógio, aparece uma tela azul, só que é muito rápida e não dá pra ler o que tem nela, apenas a parte final que diz que inicia o despejo de memória etc etc etc. Então o pc quando reinicia informa que o PC se recuperou de um erro grave etc etc.

Estou no aguardo de novas informações.

Um abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Joram,

vacilo meu, não tentei passar o combofix no safe mode. Segue abaixo os logs do combo e o novo do hijackthis :

Edit: não sei se isso ajuda ou não mas quando o pc foi reiniciado após passar o combofix deu um erro RUNDLL avisando que faltava ou que tinha erro no arquivo womlrmyo.dll.

Um abraço

COMBOFIX

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\egqk.exe

C:\WINDOWS\memf8.dll

C:\WINDOWS\system32\faphcmbp.dll

C:\WINDOWS\system32\ffviioes.dll

C:\WINDOWS\system32\Iihhknpo.ini

C:\WINDOWS\system32\Iihhknpo.ini2

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\merlbvdv.ini

C:\WINDOWS\system32\mtxdncuu.ini

C:\WINDOWS\system32\nTDMnnnn.ini

C:\WINDOWS\system32\nTDMnnnn.ini2

C:\WINDOWS\system32\omhodekg.ini

C:\WINDOWS\system32\oymrlmow.ini

C:\WINDOWS\system32\pbmchpaf.ini

C:\WINDOWS\system32\pnpywahv.ini

C:\WINDOWS\system32\qachnohs.dll

C:\WINDOWS\system32\seoiivff.ini

C:\WINDOWS\system32\shonhcaq.ini

C:\WINDOWS\system32\vbtcvydj.ini

C:\WINDOWS\system32\womlrmyo.dll

D:\Autorun.inf

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-16 to 2008-07-16 ))))))))))))))))))))))))))))))))

.

2010-06-12 21:12 . 2007-06-15 23:28 1 --a------ C:\WINDOWS\systems100b1.dll

2008-07-16 12:20 . 2008-07-16 12:20 <DIR> d-------- C:\ComboFix

2008-06-25 15:40 . 2008-06-25 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2008-06-25 15:39 . 2008-06-25 15:39 6,467,096 --a------ C:\SUPERAntiSpyware.exe

2008-06-20 21:50 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-20 21:50 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-20 21:50 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-20 21:50 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-20 21:50 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-20 21:50 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-20 21:50 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-20 21:50 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-20 21:50 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-20 19:54 . 2008-06-20 21:51 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-06-20 15:03 . 2008-06-20 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-06-20 15:02 . 2008-06-20 15:04 <DIR> d-------- C:\Arquivos de programas\adware

2008-06-20 01:40 . 2008-06-20 01:40 <DIR> d-------- C:\WINDOWS\McAfee.com

2008-06-20 01:20 . 2008-06-20 01:17 691,545 --a------ C:\WINDOWS\unins000.exe

2008-06-20 01:20 . 2008-06-20 01:20 2,545 --a------ C:\WINDOWS\unins000.dat

2008-06-18 23:15 . 2008-06-18 23:15 0 -rahs---- C:\kb

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 03:00 --------- d-----w C:\Arquivos de programas\PokerStars

2008-07-08 21:49 --------- d-----w C:\Arquivos de programas\emule

2008-07-04 20:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-01 21:33 --------- d-----w C:\Arquivos de programas\avast

2008-06-25 18:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-06-24 22:34 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Command & Conquer 3 Kane's Wrath

2008-06-21 00:39 --------- d-----w C:\Arquivos de programas\TuneUp Utilities 2006

2008-06-20 04:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-06-20 04:22 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-06-20 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-06-18 15:53 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\uTorrent

2008-06-15 20:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-06-15 05:26 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\My Games

2008-06-12 16:25 --------- d-----w C:\Arquivos de programas\GbPlugin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"avast!"="C:\ARQUIV~1\avast\ashDisp.exe" [2008-05-15 20:19 79224]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"Adobe Photo Downloader"="C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GbPlugin\gbieh.dll" [2008-04-15 09:37 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2008-03-27 18:46 364448]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-03-27 18:46 364448 C:\ARQUIV~1\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.X264"= x264vfw.dll

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"4f992e16"=rundll32.exe "C:\WINDOWS\system32\ffviioes.dll",b

"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"cftmom"=C:\WINDOWS\system32\cftmom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"=

"D:\\Jogos\\gp4\\gp4\\GP4.exe"=

"C:\\Arquivos de programas\\hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"D:\\Jogos\\DreamTennis\\Dream Match Tennis Pro\\FA.exe"=

"D:\\Jogos\\pes6\\PES6.exe"=

"D:\\Jogos\\Warcraft III\\Warcraft III.exe"=

"C:\\Arquivos de programas\\emule\\emule.exe"=

"D:\\Jogos\\cs\\hl.exe"=

"D:\\Jogos\\cs\\hlds.exe"=

"D:\\Jogos\\cm\\cm0304.exe"=

"D:\\Jogos\\Age 2\\age2\\age2_x1.exe"=

"D:\\Jogos\\Age 2\\age2\\empires2.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\GGclient.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\Garena.exe"=

"D:\\Jogos\\Diablo_II\\Diablo II.exe"=

"D:\\Jogos\\Diablo_II\\Game.exe"=

"D:\\Jogos\\trackmania\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"D:\\Jogos\\cmsheep\\cm0304.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:TCP"= 67:TCP:*:Disabled:a

"68:TCP"= 68:TCP:*:Disabled:a

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]

R2 PDSched;PDScheduler;C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe [2005-06-28 14:07]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507167cf-8231-11da-b7af-806d6172696f}]

\Shell\AutoRun\command - E:\ASUSACPI.exe

.

Conte£do da pasta 'Tarefas Agendadas'

"2008-07-11 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2006\SystemOptimizer.exe

"2008-07-08 12:24:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

"2007-04-24 19:54:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-4f992e16 - C:\WINDOWS\system32\womlrmyo.dll

SSODL-wpvmqosg-{74FE8159-52EE-48F7-9003-68B95F8797F8} - (no file)

SSODL-xvorfwbd-{FAF34F9C-4712-4642-8555-3E69FB8D518A} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-16 16:58:59

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ*veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-07-16 17:06:18 - machine was rebooted [Cliente]

ComboFix-quarantined-files.txt 2008-07-16 20:06:05

Pre-Run: 12,575,510,528 bytes disponíveis

Post-Run: 13,106,102,272 bytes dispon¡veis

196 --- E O F --- 2007-06-23 01:06:14

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:07:25, on 16/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\WINDOWS\system32\cmd.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Kombo\NirCmd.cfexe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [4f992e16] rundll32.exe "C:\WINDOWS\system32\womlrmyo.dll",b

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5321/mcfscan.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: wpvmqosg - {74FE8159-52EE-48F7-9003-68B95F8797F8} - (no file)

O21 - SSODL: xvorfwbd - {FAF34F9C-4712-4642-8555-3E69FB8D518A} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 11333 bytes

Editado por Chourisso

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Chourisso

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

<!> Para a segurança do PC,vamos providenciar a instalação do Console de Recuperação.

------------------------

<!> Vá ao site da Microsoft:

< Link >

<!> Selecione o download,que seja adequado,ao seu Sistema Operacional!

crecuperacaorz4.jpg

<!> Faça o download,do arquivo,e salve-o no seu desktop.

<!> Feche todos os programas,que estejam abertos!

<!> Feche,também,seus programas de proteção! ( Antivírus,Antispywares e Firewall )

<!> Arraste o setup,baixado do site da Microsoft,para o interior do ComboFix.exe

<!> Veja,abaixo,a demonstração!

rc1.gif

<!> Siga as mensagens que aparecem na tela,para iniciar o ComboFix.

<!> Aceite o contrato da Microsoft,para instalar o "Console de Recuperação da Microsoft".

<!> Na próxima mensagem,clique em "Yes",para realizar um scan com o ComboFix.

RC_whatnext.gif

<!> Terminando,poste os relatórios:

<!> C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Joram,

como solicitado seguem os logs atualizados do combofix (rodado em safe mode) e do hijackthis (após a reinicialização - em normal mode):

Um abraço.

COMBOFIX

ComboFix 08-07-15.4 - Cliente 2008-07-16 21:59:11.2 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.791 [GMT -3:00]

Executando de: C:\Documents and Settings\Cliente\Desktop\Kombo.exe

Command switches used :: C:\Documents and Settings\Cliente\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))

.

2010-06-12 21:12 . 2007-06-15 23:28 1 --a------ C:\WINDOWS\systems100b1.dll

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\Cliente\Configuraþ§es locais

2008-07-16 17:04 . 2008-07-16 17:04 <DIR> d-------- C:\WINDOWS\LastGood

2008-07-16 12:20 . 2008-07-16 12:20 <DIR> d-------- C:\ComboFix

2008-06-25 15:40 . 2008-06-25 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2008-06-25 15:39 . 2008-06-25 15:39 6,467,096 --a------ C:\SUPERAntiSpyware.exe

2008-06-20 21:50 . 2007-12-06 23:09 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-20 21:50 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-20 21:50 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-20 21:50 . 2007-12-06 23:09 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-20 21:50 . 2007-12-06 23:09 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-20 21:50 . 2007-12-06 23:09 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-20 21:50 . 2007-12-06 23:09 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-20 21:50 . 2007-12-06 23:09 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-20 21:50 . 2007-12-06 08:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-20 19:54 . 2008-06-20 21:51 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-06-20 15:03 . 2008-06-20 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-06-20 15:02 . 2008-06-20 15:04 <DIR> d-------- C:\Arquivos de programas\adware

2008-06-20 01:40 . 2008-06-20 01:40 <DIR> d-------- C:\WINDOWS\McAfee.com

2008-06-20 01:20 . 2008-06-20 01:17 691,545 --a------ C:\WINDOWS\unins000.exe

2008-06-20 01:20 . 2008-06-20 01:20 2,545 --a------ C:\WINDOWS\unins000.dat

2008-06-18 23:15 . 2008-06-18 23:15 0 -rahs---- C:\kb

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-13 03:00 --------- d-----w C:\Arquivos de programas\PokerStars

2008-07-08 21:49 --------- d-----w C:\Arquivos de programas\emule

2008-07-04 20:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-07-01 21:33 --------- d-----w C:\Arquivos de programas\avast

2008-06-25 18:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-06-24 22:34 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Command & Conquer 3 Kane's Wrath

2008-06-21 00:39 --------- d-----w C:\Arquivos de programas\TuneUp Utilities 2006

2008-06-20 04:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-06-20 04:22 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-06-20 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-06-18 15:53 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\uTorrent

2008-06-18 04:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-15 20:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-06-15 05:26 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\My Games

2008-06-12 16:25 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-05-16 14:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-04-20 16:13 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

.

((((((((((((((((((((((((((((( snapshot@2008-07-16_17.05.42.71 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-16 20:08:33 4,784 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{6C8C8F1F-4255-4BCB-BB64-E49F2A07B0A8}.bin

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"avast!"="C:\ARQUIV~1\avast\ashDisp.exe" [2008-05-15 20:19 79224]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"Adobe Photo Downloader"="C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GbPlugin\gbieh.dll" [2008-04-15 09:37 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2008-03-27 18:46 364448]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-03-27 18:46 364448 C:\ARQUIV~1\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.X264"= x264vfw.dll

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"4f992e16"=rundll32.exe "C:\WINDOWS\system32\ffviioes.dll",b

"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"cftmom"=C:\WINDOWS\system32\cftmom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"=

"D:\\Jogos\\gp4\\gp4\\GP4.exe"=

"C:\\Arquivos de programas\\hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"D:\\Jogos\\DreamTennis\\Dream Match Tennis Pro\\FA.exe"=

"D:\\Jogos\\pes6\\PES6.exe"=

"D:\\Jogos\\Warcraft III\\Warcraft III.exe"=

"C:\\Arquivos de programas\\emule\\emule.exe"=

"D:\\Jogos\\cs\\hl.exe"=

"D:\\Jogos\\cs\\hlds.exe"=

"D:\\Jogos\\cm\\cm0304.exe"=

"D:\\Jogos\\Age 2\\age2\\age2_x1.exe"=

"D:\\Jogos\\Age 2\\age2\\empires2.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\GGclient.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\Garena.exe"=

"D:\\Jogos\\Diablo_II\\Diablo II.exe"=

"D:\\Jogos\\Diablo_II\\Game.exe"=

"D:\\Jogos\\trackmania\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"D:\\Jogos\\cmsheep\\cm0304.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:TCP"= 67:TCP:*:Disabled:a

"68:TCP"= 68:TCP:*:Disabled:a

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

S2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]

S2 PDSched;PDScheduler;C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe [2005-06-28 14:07]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507167cf-8231-11da-b7af-806d6172696f}]

\Shell\AutoRun\command - E:\ASUSACPI.exe

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-11 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2006\SystemOptimizer.exe

"2008-07-08 12:24:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

"2007-04-24 19:54:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-16 22:00:47

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-07-16 22:02:07

ComboFix-quarantined-files.txt 2008-07-17 01:02:06

ComboFix2.txt 2008-07-16 20:06:19

Pre-Run: 13,024,075,776 bytes disponíveis

Post-Run: 13,004,435,456 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

173 --- E O F --- 2007-06-23 01:06:14

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:06:41, on 16/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5321/mcfscan.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 10992 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Chourisso

Conecte seu(s) dispositivo(s) removíveis,na entrada USB.

<@> Selecione e copie,todo o conteúdo que está na área do Código,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

File::
C:\WINDOWS\systems100b1.dll
G:\autorun.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"4f992e16"=-

<@> Arraste,com o Mouse,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

cfscriptuq2.gif

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Joram,

novamente só consegui rodar o ComboFix no safe mode. Segue abaixo os logs do Combo e do hijack, um abraço:

COMBOFIX

ComboFix 08-07-15.4 - Cliente 2008-07-19 1:41:51.3 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.793 [GMT -3:00]

Executando de: C:\Documents and Settings\Cliente\Desktop\Kombo.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

I:\autorun.inf

I:\RavMonE.exe

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))

.

2010-06-12 21:12 . 2007-06-15 23:28 1 --a------ C:\WINDOWS\systems100b1.dll

2008-07-16 17:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-16 17:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\Cliente\Configuraþ§es locais

2008-07-16 12:20 . 2008-07-16 12:20 <DIR> d-------- C:\ComboFix

2008-06-25 15:40 . 2008-06-25 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2008-06-25 15:39 . 2008-06-25 15:39 6,467,096 --a------ C:\SUPERAntiSpyware.exe

2008-06-20 21:50 . 2008-04-23 04:14 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-06-20 21:50 . 2007-04-17 06:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-06-20 21:50 . 2007-03-08 02:12 1,024,000 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-06-20 21:50 . 2008-04-23 04:14 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-06-20 21:50 . 2008-04-23 04:14 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-06-20 21:50 . 2008-04-23 04:14 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-06-20 21:50 . 2008-04-23 04:14 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-06-20 21:50 . 2008-04-23 04:14 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-06-20 21:50 . 2008-04-22 04:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-20 19:54 . 2008-06-20 21:51 <DIR> d-------- C:\WINDOWS\system32\pt-br

2008-06-20 15:03 . 2008-06-20 15:05 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-06-20 15:02 . 2008-06-20 15:04 <DIR> d-------- C:\Arquivos de programas\adware

2008-06-20 01:40 . 2008-06-20 01:40 <DIR> d-------- C:\WINDOWS\McAfee.com

2008-06-20 01:20 . 2008-06-20 01:17 691,545 --a------ C:\WINDOWS\unins000.exe

2008-06-20 01:20 . 2008-06-20 01:20 2,545 --a------ C:\WINDOWS\unins000.dat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-19 04:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-18 23:49 --------- d-----w C:\Arquivos de programas\PokerStars

2008-07-17 01:11 --------- d-----w C:\Arquivos de programas\avast

2008-07-08 21:49 --------- d-----w C:\Arquivos de programas\emule

2008-07-04 20:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-25 18:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-06-24 22:34 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Command & Conquer 3 Kane's Wrath

2008-06-21 00:39 --------- d-----w C:\Arquivos de programas\TuneUp Utilities 2006

2008-06-20 04:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-06-20 04:22 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-06-20 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-06-18 15:53 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\uTorrent

2008-06-18 04:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-15 05:26 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\My Games

2008-06-12 16:25 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-05-16 14:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-20 16:13 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

.

((((((((((((((((((((((((((((( snapshot@2008-07-16_17.05.42.71 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-26 11:49:31 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll

+ 2007-07-12 23:27:10 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll

+ 2008-03-27 09:22:32 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe

+ 2008-03-27 10:40:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP3GDR\tzchange.exe

+ 2008-03-27 10:46:15 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP3QFE\tzchange.exe

+ 2007-11-30 11:18:16 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe

+ 2007-11-30 11:18:17 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll

+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll

+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll

+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll

+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll

+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll

+ 2007-11-01 05:14:33 183,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll

+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll

+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll

+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll

+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll

+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll

+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll

+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll

+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll

+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll

+ 2007-11-01 05:14:34 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll

+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll

+ 2007-03-06 01:00:55 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll

+ 2008-05-07 04:55:49 1,292,800 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll

+ 2008-05-07 05:11:33 1,292,800 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll

+ 2008-05-07 05:04:43 1,292,800 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll

+ 2007-11-30 11:18:16 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll

- 2008-02-25 18:19:26 1,257,472 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-07-17 06:03:46 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-02-25 18:19:27 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2008-07-17 06:03:47 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

- 2006-10-24 12:43:41 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-07-17 06:07:14 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2006-10-24 12:43:45 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-07-17 06:07:27 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2006-10-24 12:43:46 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-07-17 06:06:29 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2006-10-24 12:43:47 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-07-17 06:07:32 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2006-10-24 12:43:44 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-07-17 06:06:56 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2006-10-24 12:43:39 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-07-17 06:07:39 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2006-10-24 12:43:39 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-07-17 06:07:39 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2006-10-24 12:43:49 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-07-17 06:07:28 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2006-10-24 12:43:42 5,029,888 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-07-17 06:06:47 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2006-10-24 12:43:41 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-07-17 06:07:06 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2006-10-24 12:43:39 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-07-17 06:06:52 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2006-10-24 12:43:40 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-07-17 06:07:12 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2006-10-24 12:43:45 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-07-17 06:07:19 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2006-10-24 12:43:45 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-07-17 06:07:20 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2006-10-24 12:43:45 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-07-17 06:07:21 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2006-10-24 12:43:40 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-07-17 06:07:40 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2006-10-24 12:43:41 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-07-17 06:07:41 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2006-10-24 12:43:41 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-07-17 06:07:42 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2006-10-24 12:43:41 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-07-17 06:07:43 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2006-10-24 12:43:40 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-07-17 06:07:23 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2006-10-24 12:43:50 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-07-17 06:07:20 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2006-10-24 12:43:50 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-07-17 06:07:18 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2006-10-24 12:43:38 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-07-17 06:07:35 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2006-10-24 12:43:49 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-07-17 06:07:16 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2006-10-24 12:43:50 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-07-17 06:06:32 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2006-10-24 12:43:39 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-07-17 06:07:38 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2006-10-24 12:43:39 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-07-17 06:07:15 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2006-10-24 12:43:39 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-07-17 06:07:14 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2006-10-24 12:43:48 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-07-17 06:07:25 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2006-10-24 12:43:41 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-07-17 06:07:26 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2006-10-24 12:43:48 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-07-17 06:06:54 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2006-10-24 12:43:47 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-07-17 06:06:57 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2006-10-24 12:43:40 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-07-17 06:06:58 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2006-10-24 12:43:44 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-07-17 06:07:44 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2006-10-24 12:43:42 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-07-17 06:07:41 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2006-10-24 12:43:42 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-07-17 06:07:07 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2006-10-24 12:43:42 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-07-17 06:07:38 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2006-10-24 12:43:49 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-07-17 06:06:32 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2006-10-24 12:43:47 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-07-17 06:07:39 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2006-10-24 12:43:49 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-07-17 06:07:36 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2006-10-24 12:43:48 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-07-17 06:07:31 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2006-10-24 12:43:48 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-07-17 06:07:29 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2006-10-24 12:43:41 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-07-17 06:06:35 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2006-10-24 12:43:42 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-07-17 06:06:38 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2006-10-24 12:43:49 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-07-17 06:07:03 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2006-10-24 12:43:43 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-07-17 06:07:05 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2006-10-24 12:43:43 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-07-17 06:07:02 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2006-10-24 12:43:43 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-07-17 06:07:10 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2006-10-24 12:43:44 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-07-17 06:06:41 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2006-10-24 12:43:48 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-07-17 06:06:59 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-07-17 06:21:15 27,136 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll

+ 2008-07-17 06:21:20 884,736 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll

+ 2008-07-17 06:21:22 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll

+ 2008-07-17 06:21:21 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe

+ 2008-07-17 06:21:23 876,544 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll

+ 2008-07-17 06:21:24 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll

+ 2008-07-17 06:21:27 1,695,744 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll

+ 2008-07-17 06:21:28 167,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll

+ 2008-07-17 06:21:31 1,740,800 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll

+ 2008-07-17 06:09:25 11,722,752 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll

+ 2008-07-17 06:21:33 1,011,712 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll

+ 2008-07-17 06:10:15 7,049,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll

+ 2008-07-17 06:21:34 1,798,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll

+ 2008-07-17 06:10:41 10,969,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll

+ 2008-07-17 06:21:36 1,224,704 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll

+ 2008-07-17 06:21:37 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll

+ 2008-07-17 06:10:45 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll

+ 2008-07-17 06:10:44 1,667,072 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll

+ 2008-07-17 06:21:38 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll

+ 2008-07-17 06:21:38 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll

+ 2008-07-17 06:21:39 733,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll

+ 2008-07-17 06:21:40 233,472 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll

+ 2008-07-17 06:21:41 679,936 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll

+ 2008-07-17 06:21:56 2,342,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll

+ 2008-07-17 06:21:57 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll

+ 2008-07-17 06:21:59 1,986,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll

+ 2008-07-17 06:21:53 12,509,184 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll

+ 2008-07-17 06:11:00 13,193,216 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll

+ 2008-07-17 06:11:07 5,771,264 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll

+ 2008-07-17 06:09:53 8,265,728 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll

+ 2008-07-17 06:03:58 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_88991cf9\CustomMarshalers.dll

+ 2008-07-17 06:04:23 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07cc92aa\mscorlib.dll

+ 2008-07-17 06:04:17 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_787d2d9d\System.Design.dll

+ 2008-07-17 06:04:01 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3d8bf019\System.Drawing.Design.dll

+ 2008-07-17 06:04:19 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_616b6cee\System.Drawing.dll

+ 2008-07-17 06:04:07 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_804640e4\System.Windows.Forms.dll

+ 2008-07-17 06:04:12 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2b32b08c\System.Xml.dll

+ 2008-07-17 06:03:56 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_31ef6d1a\System.dll

+ 2008-06-14 17:59:51 272,384 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll

+ 2007-08-13 21:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll

+ 2007-12-07 02:09:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll

+ 2007-12-19 22:53:59 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll

+ 2007-12-07 02:09:20 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll

+ 2007-12-07 02:09:20 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll

+ 2007-12-07 02:09:20 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll

+ 2007-12-06 11:05:55 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe

+ 2007-12-07 02:09:20 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll

+ 2007-12-07 02:09:20 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll

+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll

+ 2007-12-07 02:09:20 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll

+ 2007-12-07 02:09:20 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll

+ 2007-12-07 02:09:21 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll

+ 2007-12-07 02:09:21 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll

+ 2007-12-07 02:09:21 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll

+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe

+ 2007-12-06 11:06:21 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe

+ 2007-12-07 02:09:21 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll

+ 2007-12-07 02:09:21 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll

+ 2007-12-07 02:09:21 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll

+ 2007-12-08 13:39:22 3,592,192 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll

+ 2007-12-07 02:09:22 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll

+ 2007-12-07 02:09:22 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll

+ 2007-12-07 02:09:22 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll

+ 2007-12-07 02:09:22 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll

+ 2008-01-11 05:37:21 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll

+ 2007-03-06 01:01:00 215,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:09:22 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll

+ 2007-12-07 02:09:22 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll

+ 2007-12-07 02:09:22 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll

+ 2007-12-07 02:09:22 824,832 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll

+ 2008-07-17 06:01:24 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe

- 2005-09-23 10:28:52 72,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2007-10-24 04:47:38 82,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe

- 2005-09-23 10:28:52 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

+ 2007-10-24 04:47:38 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll

- 2005-09-23 10:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2007-10-24 04:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

- 2005-09-23 10:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2007-10-24 04:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

- 2005-09-23 10:28:56 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

+ 2007-10-24 04:47:40 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll

- 2005-09-23 10:28:52 86,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2007-10-24 04:47:38 97,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

- 2004-07-15 04:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2007-04-14 00:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

- 2004-07-15 04:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2007-04-14 00:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

- 2004-07-15 03:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2007-04-13 23:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2003-02-20 22:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

+ 2007-04-13 23:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2004-07-15 03:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

+ 2007-04-13 23:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2004-07-15 03:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2007-04-13 23:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

- 2004-07-15 17:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2007-04-13 23:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

- 2003-02-20 22:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2007-04-13 23:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2004-07-15 03:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2007-04-13 23:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

- 2004-07-15 03:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2007-04-13 23:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

- 2004-08-10 19:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

+ 2007-01-15 19:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

+ 2004-07-15 04:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_aspnet_isapi.dll

+ 2004-07-15 03:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_CORPerfMonExt.dll

+ 2004-07-15 03:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_fusion.dll

+ 2004-07-15 03:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_mscorjit.dll

+ 2004-07-15 17:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_mscorlib.dll

+ 2003-02-20 22:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_mscorsn.dll

+ 2004-07-15 03:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_mscorsvr.dll

+ 2004-07-15 03:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_mscorwks.dll

+ 2003-02-21 07:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_msvcr71.dll

+ 2004-07-15 03:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2304\_PerfCounter.dll

- 2004-07-15 17:31:16 1,224,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2007-04-14 00:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll

- 2004-07-15 17:29:00 1,257,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2007-04-14 00:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

- 2005-09-23 10:28:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2007-10-24 04:47:26 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

- 2005-09-23 10:28:42 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2007-10-24 04:47:30 145,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

- 2005-09-23 10:28:44 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2007-10-24 04:47:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

- 2005-09-23 10:29:04 183,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2007-10-24 04:47:48 193,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

- 2005-09-23 10:28:28 208,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2007-10-24 04:47:20 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

- 2005-09-23 10:28:56 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2007-10-24 04:47:40 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

- 2005-09-23 10:28:58 138,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2007-10-24 04:47:42 147,968 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

- 2005-09-23 10:28:36 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2007-10-24 04:47:26 99,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll

- 2005-09-23 10:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2007-10-24 04:47:42 59,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

- 2005-09-23 10:28:32 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2007-10-24 04:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

- 2006-04-14 09:08:30 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2007-10-24 04:47:22 22,024 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

- 2005-09-23 10:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2007-10-24 04:47:22 17,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

- 2005-09-23 10:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2007-10-24 04:47:22 33,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

- 2005-09-23 10:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2007-10-24 04:47:22 84,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

- 2005-09-23 10:28:32 13,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2007-10-24 04:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

- 2005-09-23 10:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2007-10-24 04:47:22 32,776 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

- 2005-09-23 10:28:32 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2007-10-24 04:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

- 2005-09-23 10:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2007-10-24 04:47:22 33,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

- 2006-09-12 20:10:46 23,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2007-10-24 04:47:22 33,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2005-09-23 10:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2007-10-24 04:47:22 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

- 2005-09-23 10:28:56 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2007-10-24 04:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

- 2005-09-23 10:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2007-10-24 04:47:40 101,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

- 2005-09-23 10:28:42 76,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2007-10-24 04:47:30 80,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe

- 2005-09-23 10:28:42 1,144,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2007-10-24 04:47:30 1,162,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

- 2005-09-23 10:28:42 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2007-10-24 04:47:30 13,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

- 2005-09-23 10:28:58 17,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2007-10-24 04:47:42 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll

- 2005-09-23 10:28:56 68,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2007-10-24 04:47:40 69,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

- 2005-09-23 10:28:44 31,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2007-10-24 04:47:30 35,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

- 2005-09-23 10:28:38 52,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2007-10-24 04:47:28 66,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

- 2005-09-23 10:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2007-10-24 04:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

- 2005-09-23 10:29:12 547,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2007-10-24 04:47:54 572,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

- 2005-09-23 10:28:56 788,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2007-10-24 04:47:40 798,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

- 2005-09-23 10:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2007-10-24 04:47:36 18,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll

- 2005-09-23 10:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2007-10-24 04:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2005-09-23 10:28:56 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2007-10-24 04:47:40 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

- 2005-09-23 10:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2007-10-24 04:47:40 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

- 2005-09-23 10:28:56 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2007-10-24 04:47:40 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

- 2005-09-23 10:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2007-10-24 04:47:40 230,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

- 2005-09-23 10:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2007-10-24 04:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 10:28:56 55,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2007-10-24 04:47:40 65,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

- 2005-09-23 10:28:56 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2007-10-24 04:47:40 72,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

- 2005-09-23 10:28:48 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2007-10-24 04:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe

- 2005-09-23 10:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2007-10-24 04:47:36 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

- 2005-09-23 10:28:48 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2007-10-24 04:47:36 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

- 2005-09-23 10:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2007-10-24 04:47:36 655,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

- 2005-09-23 10:28:48 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2007-10-24 04:47:36 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

- 2005-09-23 10:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2007-10-24 04:47:34 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

- 2005-09-23 10:29:10 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2007-10-24 04:47:52 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

- 2005-09-23 10:29:10 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2007-10-24 04:47:52 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

- 2005-09-23 10:29:08 667,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2007-10-24 04:47:50 671,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

- 2005-09-23 10:28:30 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2007-10-24 04:47:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

- 2005-09-23 10:29:10 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2007-10-24 04:47:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

- 2005-09-23 10:28:30 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2007-10-24 04:47:20 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

- 2005-09-23 10:28:30 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2007-10-24 04:47:20 12,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2005-09-23 10:28:30 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2007-10-24 04:47:20 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

- 2005-09-23 10:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2007-10-24 04:47:22 97,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 10:28:48 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2007-10-24 04:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

- 2005-09-23 10:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2007-10-24 04:47:40 822,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2005-09-23 10:28:56 73,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2007-10-24 04:47:40 83,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

- 2005-09-23 10:28:56 288,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2007-10-24 04:47:40 308,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

- 2005-09-23 10:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2007-10-24 04:47:40 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

- 2005-09-23 10:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2007-10-24 04:47:40 348,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2005-09-23 10:28:56 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2007-10-24 04:47:40 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

- 2005-09-23 10:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2007-10-24 04:47:40 4,444,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2005-09-23 10:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2007-10-24 04:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

- 2005-09-23 10:29:00 330,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2007-10-24 04:47:44 340,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

- 2005-09-23 10:28:56 67,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2007-10-24 04:47:40 77,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

- 2005-09-23 10:28:50 9,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2007-10-24 04:47:36 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

- 2005-09-23 10:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2007-10-24 04:47:40 242,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

- 2005-09-23 10:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2007-10-24 04:47:40 70,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

- 2005-09-23 10:28:56 10,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2007-10-24 04:47:40 19,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

- 2005-09-23 10:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2007-10-24 04:47:36 5,814,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2005-09-23 10:29:00 22,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2007-10-24 04:47:44 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

- 2005-09-23 10:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2007-10-24 04:47:40 101,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

- 2005-09-23 10:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2007-10-24 04:47:40 24,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

- 2005-09-23 10:28:56 78,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2007-10-24 04:47:40 89,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

- 2005-09-23 10:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2007-10-24 04:47:36 144,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

- 2005-09-23 10:28:56 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2007-10-24 04:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

- 2005-09-23 10:28:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2007-10-24 04:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

- 2005-09-23 10:29:02 59,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2007-10-24 04:47:46 61,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

- 2005-09-23 10:28:58 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2007-10-24 04:47:42 16,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

- 2005-09-23 10:28:56 107,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2007-10-24 04:47:40 119,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

- 2005-09-23 10:29:00 85,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2007-10-24 04:47:44 95,232 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

- 2005-09-23 10:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2007-10-24 04:47:40 392,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2005-09-23 10:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2007-10-24 04:47:40 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

- 2005-09-23 10:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2007-10-24 04:47:42 425,984 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

- 2005-09-23 10:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2007-10-24 04:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

- 2005-09-23 10:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2007-10-24 04:47:40 3,036,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

- 2005-09-23 10:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2007-10-24 04:47:40 483,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

- 2005-09-23 10:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2007-10-24 04:47:40 741,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

- 2005-09-23 10:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2007-10-24 04:47:28 933,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

- 2005-09-23 10:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2007-10-24 04:47:40 5,070,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2005-09-23 10:28:56 397,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2007-10-24 04:47:40 401,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

- 2005-09-23 10:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2007-10-24 04:47:40 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

- 2005-09-23 10:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2007-10-24 04:47:40 3,076,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2005-09-23 10:28:56 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2007-10-24 04:47:40 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

- 2005-09-23 10:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2007-10-24 04:47:40 630,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2005-09-23 10:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2007-10-24 04:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

- 2005-09-23 10:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2007-10-24 04:47:40 57,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2005-09-23 10:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2007-10-24 04:47:40 113,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2005-09-23 10:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2007-10-24 04:47:40 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

- 2005-09-23 10:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2007-10-24 04:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

- 2005-09-23 10:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2007-10-24 04:47:40 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2005-09-23 10:28:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2007-10-24 04:47:40 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

- 2005-09-23 10:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2007-10-24 04:47:40 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2005-09-23 10:28:56 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2007-10-24 04:47:40 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

- 2005-09-23 10:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2007-10-24 04:47:40 261,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

- 2006-09-12 20:11:12 5,029,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2007-10-24 04:47:40 5,431,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2005-09-23 10:28:56 835,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2007-10-24 04:47:40 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

- 2005-09-23 10:28:56 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2007-10-24 04:47:40 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

- 2005-09-23 10:28:56 823,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2007-10-24 04:47:40 839,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

- 2005-09-23 10:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2007-10-24 04:47:40 5,013,504 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2005-09-23 10:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2007-10-24 04:47:40 2,068,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

- 2005-09-23 10:28:56 71,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2007-10-24 04:47:40 81,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

- 2005-09-23 10:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2007-10-24 04:47:48 1,172,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

- 2005-09-23 10:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2007-10-24 04:47:20 1,344,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

- 2006-09-12 20:10:46 300,032 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2007-10-24 04:47:22 434,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

- 2005-09-23 10:28:56 28,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2007-10-24 04:47:40 37,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

- 2007-12-07 02:09:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-04-23 07:14:09 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2005-09-23 10:28:38 83,456 ----a-w C:\WINDOWS\system32\dfshim.dll

+ 2007-10-24 04:47:28 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

- 2007-12-07 02:09:20 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-04-23 07:14:09 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2004-08-04 03:45:22 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll

+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll

- 2007-12-19 22:53:59 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-04-23 07:14:09 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-04-23 07:14:09 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-12-07 02:09:20 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-04-23 07:14:09 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-12-06 11:05:55 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2008-04-22 07:43:30 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-04-23 07:14:09 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-12-07 02:09:20 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-04-23 07:14:09 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2007-12-07 02:09:20 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-04-23 07:14:09 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-12-07 02:09:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-04-23 07:14:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-12-06 11:06:21 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2008-04-22 07:43:46 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2007-12-07 02:09:21 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-04-23 07:14:10 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2004-08-04 03:45:24 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll

+ 2008-02-26 12:00:47 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll

- 2004-08-04 03:45:24 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll

- 2004-08-04 03:45:24 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll

- 2007-12-08 13:39:22 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-04-24 04:14:12 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-12-07 02:09:22 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-04-23 07:14:11 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2004-08-04 03:45:26 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll

- 2004-07-17 14:34:48 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

- 2004-08-04 03:45:26 176,159 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll

+ 2008-03-25 04:49:45 183,072 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll

- 2004-08-04 03:45:26 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll

- 2004-08-04 03:45:26 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll

- 2004-08-04 03:45:26 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll

+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll

- 2004-08-04 03:45:26 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll

- 2007-12-07 02:09:22 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-04-23 07:14:11 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2004-08-04 03:45:26 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll

- 2004-08-04 03:45:26 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll

- 2004-08-04 03:45:26 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll

- 2004-08-04 03:45:26 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll

+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll

- 2007-12-07 02:09:22 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-04-23 07:14:11 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2004-08-04 03:45:26 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll

- 2004-08-04 03:45:26 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

+ 2008-03-25 04:49:46 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

- 2004-08-04 03:45:26 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll

- 2007-12-07 02:09:22 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-04-23 07:14:11 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-01-11 05:37:21 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-04-23 07:14:11 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2005-08-30 03:55:37 1,291,776 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2008-05-07 05:15:38 1,292,288 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys

- 2007-12-07 02:09:22 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-04-23 07:14:11 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll

- 2007-12-07 02:09:22 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-04-23 07:14:11 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-08-13 21:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll

+ 2007-07-12 23:31:30 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll

- 2007-12-07 02:09:22 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-04-23 07:14:11 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-12-07 02:09:22 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-04-23 07:14:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2005-01-28 11:53:16 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

+ 2007-10-20 09:01:32 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll

- 2006-04-29 09:07:48 5,533,696 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll

+ 2007-04-30 11:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll

- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

- 2007-12-19 22:53:59 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-04-23 07:14:09 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 02:09:20 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-04-23 07:14:09 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-12-07 02:09:20 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2008-04-23 07:14:09 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2007-12-07 02:09:20 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-04-23 07:14:09 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-12-06 11:05:55 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-04-22 07:43:30 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-12-07 02:09:20 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2008-04-23 07:14:09 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-12-07 02:09:20 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2008-04-23 07:14:09 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-12-07 02:09:20 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-04-23 07:14:09 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-12-07 02:09:20 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-04-23 07:14:09 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-12-07 02:09:21 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-04-23 07:14:10 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-12-07 02:09:21 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2008-04-23 07:14:10 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-12-07 02:09:21 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-04-23 07:14:10 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-12-07 02:09:21 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2008-04-23 07:14:10 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2008-05-29 19:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe

- 2005-09-23 10:28:52 270,848 ----a-w C:\WINDOWS\system32\mscoree.dll

+ 2007-10-24 04:47:38 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

- 2005-09-23 10:28:52 150,016 ----a-w C:\WINDOWS\system32\mscorier.dll

+ 2007-10-24 04:47:38 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

- 2005-09-23 10:28:52 74,240 ----a-w C:\WINDOWS\system32\mscories.dll

+ 2007-10-24 04:47:38 84,480 ----a-w C:\WINDOWS\system32\mscories.dll

- 2004-08-04 03:45:24 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll

+ 2008-02-26 12:00:47 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

- 2004-08-04 03:45:24 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll

- 2004-08-04 03:45:24 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll

- 2007-12-07 02:09:21 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-04-23 07:14:10 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-12-07 02:09:21 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-04-23 07:14:10 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-12-08 13:39:22 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-04-24 04:14:12 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 02:09:22 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-04-23 07:14:11 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2004-08-04 03:45:26 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll

- 2004-07-17 14:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

- 2004-08-04 03:45:26 176,159 ----a-w C:\WINDOWS\system32\msjint40.dll

+ 2008-03-25 04:49:45 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll

- 2004-08-04 03:45:26 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll

- 2004-08-04 03:45:26 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll

- 2004-08-04 03:45:26 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

- 2004-08-04 03:45:26 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll

- 2007-12-07 02:09:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-04-23 07:14:11 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2004-08-04 03:45:26 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll

- 2004-08-04 03:45:26 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll

- 2004-08-04 03:45:26 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll

- 2004-08-04 03:45:26 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll

+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll

- 2007-12-07 02:09:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2008-04-23 07:14:11 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2004-08-04 03:45:26 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll

- 2004-08-04 03:45:26 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll

+ 2008-03-25 04:49:46 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

- 2004-08-04 03:45:26 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll

- 2006-11-04 16:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll

+ 2007-05-08 18:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll

- 2005-09-23 10:29:00 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll

+ 2007-10-24 04:47:44 15,360 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll

- 2007-12-07 02:09:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll

+ 2008-04-23 07:14:11 102,912 ----a-w C:\WINDOWS\system32\occache.dll

- 2008-02-25 18:19:18 63,324 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-07-17 06:07:49 64,508 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-02-25 18:19:18 72,156 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-07-17 06:07:49 73,340 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-02-25 18:19:18 404,104 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-07-17 06:07:49 409,368 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-02-25 18:19:18 437,108 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-07-17 06:07:49 442,372 ----a-w C:\WINDOWS\system32\perfh016.dat

- 2008-01-11 05:37:21 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-04-23 07:14:11 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-03-06 01:00:55 15,072 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 11:18:16 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2006-09-06 20:43:54 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2005-06-28 13:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

- 2007-01-29 08:58:06 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2008-03-27 09:24:20 60,416 ------w C:\WINDOWS\system32\tzchange.exe

- 2007-12-07 02:09:22 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-04-23 07:14:11 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-12-07 02:09:22 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-04-23 07:14:11 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-12-07 02:09:22 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-04-23 07:14:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2005-01-28 11:53:16 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll

+ 2007-10-20 09:01:32 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll

- 2006-04-29 09:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll

+ 2007-04-30 11:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll

+ 2008-07-17 06:07:19 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2007-05-08 18:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll

+ 2007-10-24 04:47:56 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll

+ 2007-10-24 04:47:56 558,080 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcp80.dll

+ 2007-10-24 04:47:56 635,904 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

- 2006-10-24 12:43:39 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-07-17 06:07:39 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2006-10-24 12:43:39 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2008-07-17 06:07:39 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"avast!"="C:\ARQUIV~1\avast\ashDisp.exe" [2008-05-15 20:19 79224]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"Adobe Photo Downloader"="C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GbPlugin\gbieh.dll" [2008-04-15 09:37 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2008-03-27 18:46 364448]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-03-27 18:46 364448 C:\ARQUIV~1\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.X264"= x264vfw.dll

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"4f992e16"=rundll32.exe "C:\WINDOWS\system32\ffviioes.dll",b

"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"cftmom"=C:\WINDOWS\system32\cftmom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"=

"D:\\Jogos\\gp4\\gp4\\GP4.exe"=

"C:\\Arquivos de programas\\hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"D:\\Jogos\\DreamTennis\\Dream Match Tennis Pro\\FA.exe"=

"D:\\Jogos\\pes6\\PES6.exe"=

"D:\\Jogos\\Warcraft III\\Warcraft III.exe"=

"C:\\Arquivos de programas\\emule\\emule.exe"=

"D:\\Jogos\\cs\\hl.exe"=

"D:\\Jogos\\cs\\hlds.exe"=

"D:\\Jogos\\cm\\cm0304.exe"=

"D:\\Jogos\\Age 2\\age2\\age2_x1.exe"=

"D:\\Jogos\\Age 2\\age2\\empires2.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\GGclient.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\Garena.exe"=

"D:\\Jogos\\Diablo_II\\Diablo II.exe"=

"D:\\Jogos\\Diablo_II\\Game.exe"=

"D:\\Jogos\\trackmania\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"D:\\Jogos\\cmsheep\\cm0304.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:TCP"= 67:TCP:*:Disabled:a

"68:TCP"= 68:TCP:*:Disabled:a

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

S2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]

S2 PDSched;PDScheduler;C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe [2005-06-28 14:07]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507167cf-8231-11da-b7af-806d6172696f}]

\Shell\AutoRun\command - E:\ASUSACPI.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-18 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2006\SystemOptimizer.exe

"2008-07-18 12:24:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

"2007-04-24 19:54:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-19 01:44:15

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

**************************************************************************

.

Tempo para conclusão: 2008-07-19 1:46:39

ComboFix-quarantined-files.txt 2008-07-19 04:45:37

ComboFix2.txt 2008-07-17 01:02:08

ComboFix3.txt 2008-07-16 20:06:19

Pre-Run: 12,532,695,040 bytes disponíveis

Post-Run: 12,600,074,240 bytes disponíveis

906 --- E O F --- 2008-07-17 15:16:42

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:51:19, on 19/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5321/mcfscan.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 11016 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Chourisso

Segure a tecla shift,e em seguida,insira sua(s) unidade(s) removíveis,na entrada USB.Atente,principalmente,para o dispositivo conectado na unidade G:\.

Não pode ocorrer autoinicialização,durante este procedimento com o CFScript,para evitar a reinfecção do PC.

<@> Selecione e copie,todo o conteúdo que está na área do Código,para o Bloco de Notas.

<@> Desabilite a proteção residente do Avast.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

File::
C:\WINDOWS\systems100b1.dll
I:\LaunchU3.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]"4f992e16"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

35j0br8.gif

<@> Reinicie o computador!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HJT,atualizado.

Abraços!

Editado por joram

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Joram,

antes de fazer esse passo queria apenas tirar uma dúvida, a unidade G: é um drive virtual utilizado pelo software daemon Tools para emular jogos.

Tenho quase certeza absoluta que meu pc foi infectado ha cerca de 1 mês quando baixei uns jogos no uTorrent e precisei emulá-los a partir dele.

Porém anteriormente eu já usava o software com outros jogos (a partir de CD's) e nunca tive problema. Inclusive o jogo (cd) que estava sendo emulado em todos os logs que passei tenho desde 2006.

Agora a dúvida: continuo fazendo tudo com o jogo emulado no G ou "desemulo" e sigo o próximo passo?

Um abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom dia Joram,

antes de fazer esse passo queria apenas tirar uma dúvida, a unidade G: é um drive virtual utilizado pelo software daemon Tools para emular jogos.

Tenho quase certeza absoluta que meu pc foi infectado ha cerca de 1 mês quando baixei uns jogos no uTorrent e precisei emulá-los a partir dele.

Porém anteriormente eu já usava o software com outros jogos (a partir de CD's) e nunca tive problema. Inclusive o jogo (cd) que estava sendo emulado em todos os logs que passei tenho desde 2006.

Agora a dúvida: continuo fazendo tudo com o jogo emulado no G ou "desemulo" e sigo o próximo passo?

Um abraço.

-----------------------

Opa! Chourisso

Agora a dúvida: continuo fazendo tudo com o jogo emulado no G ou "desemulo" e sigo o próximo passo?

<!> Neste caso,ficará à seu critério,a remoção do ficheiro ou entrada.

<!> Desde que utilize,somente,CDs para emular,o arquivo pode permanecer!

<!> Fiz a edição/correção do Post anterior! Pode seguir o próximo passo.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde Joram,

por via das dúvidas "desemulei" o cd que estava no drive virtual G: e fiz o solicitado, seguem abaixo os logs, um abraço:

COMBOFIX

ComboFix 08-07-21.2 - Cliente 2008-07-22 13:59:31.4 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.790 [GMT -3:00]

Executando de: C:\Documents and Settings\Cliente\Desktop\Kombo.exe.exe

Command switches used :: C:\Documents and Settings\Cliente\Desktop\CFScript.txt

FILE ::

C:\WINDOWS\systems100b1.dll

I:\LaunchU3.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\systems100b1.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))

.

2008-07-22 13:48 . 2008-07-22 13:48 <DIR> d-------- C:\Kombo

2008-07-16 17:11 . 2008-06-14 14:59 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-07-16 17:11 . 2008-06-14 14:59 272,384 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-07-16 17:08 . 2008-07-16 17:08 <DIR> d-------- C:\Documents and Settings\Cliente\Configuraþ§es locais

2008-07-16 12:20 . 2008-07-16 12:20 <DIR> d-------- C:\ComboFix

2008-06-25 15:40 . 2008-06-25 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Documents and Settings\Cliente\Dados de aplicativos\SUPERAntiSpyware.com

2008-06-25 15:39 . 2008-06-25 15:39 <DIR> d-------- C:\Arquivos de programas\SUPERAntiSpyware

2008-06-25 15:39 . 2008-06-25 15:39 6,467,096 --a------ C:\SUPERAntiSpyware.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-21 00:04 --------- d-----w C:\Arquivos de programas\PokerStars

2008-07-19 04:37 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-07-17 01:11 --------- d-----w C:\Arquivos de programas\avast

2008-07-08 21:49 --------- d-----w C:\Arquivos de programas\emule

2008-07-04 20:45 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-06-25 18:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-06-24 22:34 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\Command & Conquer 3 Kane's Wrath

2008-06-21 00:39 --------- d-----w C:\Arquivos de programas\TuneUp Utilities 2006

2008-06-20 18:05 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-06-20 18:04 --------- d-----w C:\Arquivos de programas\adware

2008-06-20 04:26 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-06-20 04:22 --------- d-----w C:\Arquivos de programas\Spybot - Search & Destroy

2008-06-20 04:17 691,545 ----a-w C:\WINDOWS\unins000.exe

2008-06-20 04:03 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TuneUp Software

2008-06-18 15:53 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\uTorrent

2008-06-18 04:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-06-15 05:26 --------- d-----w C:\Documents and Settings\Cliente\Dados de aplicativos\My Games

2008-06-12 16:25 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-05-16 14:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-05-07 05:15 1,292,288 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-23 07:14 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

"SUPERAntiSpyware"="C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]

"NeroFilterCheck"="C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

"avast!"="C:\ARQUIV~1\avast\ashDisp.exe" [2008-05-15 20:19 79224]

"Sony Ericsson PC Suite"="C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"Adobe Photo Downloader"="C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"DAEMON Tools-1033"="C:\Arquivos de programas\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 77824 C:\WINDOWS\SOUNDMAN.EXE]

C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\INICIA~1\

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2006-03-11 15:11:41 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= "C:\ARQUIV~1\GbPlugin\gbieh.dll" [2008-04-15 09:37 378696]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "C:\ARQUIV~1\GbPlugin\gbiehuni.dll" [2008-03-27 18:46 364448]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2008-04-15 09:37 378696 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2008-03-27 18:46 364448 C:\ARQUIV~1\GbPlugin\gbiehuni.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"vidc.X264"= x264vfw.dll

"vidc.hfyu"= huffyuv.dll

"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"StartCCC"=C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"4f992e16"=rundll32.exe "C:\WINDOWS\system32\ffviioes.dll",b

"BigDog303"=C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]

"cftmom"=C:\WINDOWS\system32\cftmom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"=

"D:\\Jogos\\gp4\\gp4\\GP4.exe"=

"C:\\Arquivos de programas\\hamachi\\hamachi.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"D:\\Jogos\\DreamTennis\\Dream Match Tennis Pro\\FA.exe"=

"D:\\Jogos\\pes6\\PES6.exe"=

"D:\\Jogos\\Warcraft III\\Warcraft III.exe"=

"C:\\Arquivos de programas\\emule\\emule.exe"=

"D:\\Jogos\\cs\\hl.exe"=

"D:\\Jogos\\cs\\hlds.exe"=

"D:\\Jogos\\cm\\cm0304.exe"=

"D:\\Jogos\\Age 2\\age2\\age2_x1.exe"=

"D:\\Jogos\\Age 2\\age2\\empires2.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\GGclient.exe"=

"D:\\Jogos\\Warcraft III\\ggg\\GG E-Sports Platform\\Garena.exe"=

"D:\\Jogos\\Diablo_II\\Diablo II.exe"=

"D:\\Jogos\\Diablo_II\\Game.exe"=

"D:\\Jogos\\trackmania\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"D:\\Jogos\\cmsheep\\cm0304.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:TCP"= 67:TCP:*:Disabled:a

"68:TCP"= 68:TCP:*:Disabled:a

R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2005-06-28 10:17]

S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 20:20]

S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 20:16]

S2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2005-06-28 10:17]

S2 PDSched;PDScheduler;C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe [2005-06-28 14:07]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{507167cf-8231-11da-b7af-806d6172696f}]

\Shell\AutoRun\command - E:\ASUSACPI.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-07-18 20:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"

- C:\Arquivos de programas\TuneUp Utilities 2006\SystemOptimizer.exe

"2008-07-18 12:24:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

"2007-04-24 19:54:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"

- C:\Arquivos de programas\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-22 14:01:58

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-07-22 14:03:52

ComboFix-quarantined-files.txt 2008-07-22 17:03:14

ComboFix2.txt 2008-07-19 04:46:40

ComboFix3.txt 2008-07-17 01:02:08

ComboFix4.txt 2008-07-16 20:06:19

Pre-Run: 16 pasta(s) 12,016,549,888 bytes disponíveis

Post-Run: 19 pasta(s) 12,483,551,232 bytes disponíveis

157 --- E O F --- 2008-07-17 15:16:42

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:06:34, on 22/7/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5321/mcfscan.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 10988 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Chourisso

<!> Desculpe-me à demora!Mas...vamos lá!

--------------------

<@> Copie,para o Bloco de Notas,as informações sob o Código.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}]
"ButtonText"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}]
"ToolTip"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}]
"ButtonText"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}]
"ToolTip"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}]
"ButtonText"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{59A861EE-32B3-42cd-8CCA-FC130EDF3A44}]
"ToolTip"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"4f992e16"=-

<@> Salve-as,no Desktop,com o nome: Del.reg

<@> Deveremos ter um ícone,do tipo: < iconeentradasderegistroby2.png >

<@> Como Tipo de arquivos,coloque: Todos os arquivos!

<@> Com todas as janelas fechadas,execute o arquivo com um duplo-clique.

<@> Aceite a inclusão,ao registro!

<@> Terminando,poste um novo log do HijackThis.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, sem problema Joram, acabei viajando tmb e só vi hj a resposta. Segue abaixo o novo log do hijack, um abraço:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:18:38, on 3/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Ventrilo\Ventrilo.exe

D:\Jogos\Warcraft III\ggg\GG E-Sports Platform\Garena.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: (no name) - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5321/mcfscan.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 11330 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Chourisso

<@> Abra o HijackThis >> Clique: Do a system scan only

O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)

O9 - Extra button: (no name) - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - D:\Jogos\Party Poker\PartyGammon\RunBackGammon.exe (file missing)

<@> Marque as entradas,àcima,e clique em Fix checked.

--------------------

<@> Faça o download do Clean.

<@> Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( Atalho ) para o Desktop.

<@> O executável é um ícone denominado: clean.cmd.

<@> Reinicie o computador em Modo de Segurança!

<@> Dê um duplo clique em clean.cmd.

<@> Abrir-se-á um prompt,com 3 opções!

<@> Escolha o dois!. ( 2 )

<@> Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

<@> Aperte Enter,novamente!

<@> Copie o relatório,e poste na sua resposta. ( rapport_clean )

--------------------

<@> Vá a este Link,e baixe: < Malwarebytes >

<@> Salve-o em Arquivos de Programa.

<@> Atualize o Malwarebytes!

<@> Escolha o escaneamento Completo! ( Full Scan )

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<!> Para maiores detalhes,leia o Tutorial: < Link >

<@> Terminando,procure enviar os ficheiros detectados para a quarentena.

-----------------------------

<@> Poste,os relatórios:

<!> mbam.(..).txt + rapport_clean.txt + HijackThis,atualizado.

Abraços!

Editado por joram

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Joram,

Na primeira vez que rodei o clean.cmd em safe mode não havia habilitado a rede, então a página que abre após o clean não foi aberta e o prompt aparentemente não concluiu, mostrando-me onde estaria o rapport. Então reiniciei o pc em safe mode com rede e refiz o primeiro passo, mas acho q o log do resultado ficou prejudicado para sua análise. De qualquer forma segue abaixo o log do clean passado pela 2ª vez. Daqui a pouco edito o post e coloco aqui os outros relatórios, um abraço:

Script executed in Safe Mode

Rapport clean par Malekal_morte - http://www.malekal.com

Script executed in Safe Mode qua 06/08/2008 a 12:38:19,73

RAPPORT_CLEAN

Microsoft Windows XP [versÆo 5.1.2600]

*** Suppression C:

*** Suppression C:\WINDOWS\

*** Suppression C:\WINDOWS\system32

*** Suppression C:\Arquivos de programas

*** Deletion of the registry keys successful..

*** End of the report !

EDIT: seguem os outros relatórios, um abraço. Estou postando o relatório do Malware como "rápido" mas anteriormente fiz o scan completo e deu o mesmo resultado.

MALWAREBYTES

Malwarebytes' Anti-Malware 1.24

Versão do banco de dados: 1028

Windows 5.1.2600 Service Pack 2

14:16:27 6/8/2008

mbam-log-8-6-2008 (14-16-27).txt

Tipo de Verificação: Rápida

Objetos verificados: 40953

Tempo decorrido: 4 minute(s), 12 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\vrmdtneg.bxwk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:37:16, on 6/8/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Arquivos de programas\adware\aawservice.exe

C:\Arquivos de programas\avast\aswUpdSv.exe

C:\Arquivos de programas\avast\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

C:\Arquivos de programas\avast\ashMaiSv.exe

C:\Arquivos de programas\avast\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ARQUIV~1\avast\ashDisp.exe

C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Arquivos comuns\Teleca Shared\Generic.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\avast\ashDisp.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Arquivos de programas\Sony Ericsson\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033 -noicon

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Converter links selecionados em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter seleção em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converter seleção em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: (no name) - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Jogos\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - D:\Jogos\partybingo\PartyBingo\RunBingo.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://download.mcafee.com/molbin/shared/mcinsctl/pt-br/4,0,0,83/mcinsctl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://atrativa.uol.com.br/games/applets/gamehouse/luxor/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/pt-br/1,0,0,20/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5321/mcfscan.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\adware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\avast\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\avast\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\avast\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDSched.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Arquivos de programas\Alcohol\Alcohol 120\StarWind\StarWindService.exe (file missing)

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Arquivos de programas\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--

End of file - 10464 bytes

Editado por Chourisso

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Chourisso

Na primeira vez que rodei o clean.cmd em safe mode não havia habilitado a rede, então a página que abre após o clean não foi aberta e o prompt aparentemente não concluiu, mostrando-me onde estaria o rapport. Então reiniciei o pc em safe mode com rede e refiz o primeiro passo, mas acho q o log do resultado ficou prejudicado para sua análise.

<!> Creio que não houve a sobrescrição,pois os ficheiros relacionados aos seus jogos,online,não foram removidos pela ferramenta.Cabe ressaltar,que ainda são pontos frágeis no sistema,propiciando a exploração por malwares.

TuneUp Utilities 2006 <-- Desatualizado!

jre1.5.0_11 <-- Java desatualizado!

Windows XP SP2 (WinNT 5.01.2600) <-- Baixe o pacote SP3!

<!> Alguns programas,encontram-se desatualizados!

<!> Busque,na medida do possível,atualizá-los.

--------------------

<!> O seu Java está desatualizado!

<!> Versões antigas e desatualizadas,estão vulneráveis à ataques.

BAIXE: < Java Runtime Environment >

<!> Faça o download da última versão!

<!> Salve-a no Desktop!

<!> Navegue até "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".

<!> Clique em "Download". ( Está à direita! )

<!> Leia a Licença de uso e marque a caixa: "Accept License Agreement".

<!> A página será reatualizada!

<!> Clique no link,para baixar: Windows Offline Installation

<!> Salve-o no Desktop!

<!> Feche todos os programas em uso: >> Especialmente o seu Navegador! ( IE,Firefox,etc...)

<!> Clique em Iniciar >> Painel de Controle >> Adicionar e remover...

<!> Em Adicionar/Remover Programas,remova todas as versões antigas do Java.

<!> Marque qualquer item,que tenha no nome,Java Runtime Environment! ( JRE ou J2SE )

<!> Deverá ter um ícone como este: < javaicon.jpg >

<!> Clique em Remover ou Modificar/Remover.

<!> Repita,quantas vezes forem necessário,até que tenha removido todas as versões antigas,do Java.

<!> Reinicie o computador,após te-las removido!

--------------------

<!> INSTALANDO A NOVA VERSÃO:

<!> Dê,então,um duplo-clique em: jre-6u7-windows-i586-p.exe

<!> Terminando,reinicie o computador!

--------------------

<@> No Executar,digite: ComboFix.exe /u --> Clique: OK

<@> Na solicitação,escolha o dois. ( 2 ) >> Aguarde a desinstalação!

--------------------

<!> Algum problema,ainda,com o computador?

<!> Pois o log,do HijackThis,está limpo! :D

Abraços!

Editado por joram

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×