Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Lcnanias

Ajuda com Adwares, por favor...

Recommended Posts

Por favor, olhem isso e vejam se vocês podem me ajudar.

Logfile of HijackThis v1.99.1

Scan saved at 20:32:41, on 20/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\buja\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {A81C59D3-EEC5-493C-9371-93F5195E4B72} - C:\WINDOWS\system32\khfCrQgE.dll (file missing)

O2 - BHO: (no name) - {D0DC2547-DF58-4CF2-8FA2-25DEE29426F6} - C:\WINDOWS\system32\wvUoOGyA.dll (file missing)

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdfvj.exe] C:\WINDOWS\system32\kdfvj.exe

O4 - HKLM\..\Run: [bM3fa024aa] Rundll32.exe "C:\WINDOWS\system32\opbxubcl.dll",s

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212937990937

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: wvUoOGyA - wvUoOGyA.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

Quarentena

----------

Status Objeto Tamanho Adicionado às

------ ------ ------- -------------

Possivelmente infectado: nova ameaça Hidden.Object (modificação) C:\WINDOWS\system32\kdfvj.exe 50,5 KB 20/8/2008 20:42:57

Backup

------

Status Objeto Tamanho

------ ------ -------

Infectado: adware not-a-virus:AdWare.Win32.SuperJuan.csx c:\windows\system32\eagpsw.dll 112 KB

Infectado: Programa de cavalo de Tróia Trojan.Win32.Monderb.am c:\system volume information\_restore{dc84c4b8-ce44-485a-89ae-42f31d03f8c8}\rp100\a0023208.dll 30,5 KB

Infectado: adware not-a-virus:AdWare.Win32.SuperJuan.csx c:\windows\system32\tisgqlni.dll 112 KB

Infectado: adware not-a-virus:AdWare.Win32.Virtumonde.abnb ati2evxx.exe\opbxubcl.dll 196 KB

Infectado: adware not-a-virus:AdWare.Win32.SuperJuan.csx c:\windows\system32\hxtxgjun.dll 112 KB

Infectado: Programa de cavalo de Tróia Trojan.Win32.Monder.gdp c:\windows\system32\qvowffkx.dll 83,5 KB

Infectado: Programa de cavalo de Tróia Trojan.Win32.Monder.gdo C:\WINDOWS\system32\khfCrQgE.dll 278,5 KB

Infectado: adware not-a-virus:AdWare.Win32.Virtumonde.abnb explorer.exe\opbxubcl.dll 196 KB

Infectado: adware not-a-virus:AdWare.Win32.SuperJuan.csx c:\system volume information\_restore{dc84c4b8-ce44-485a-89ae-42f31d03f8c8}\rp101\a0023456.dll 112 KB

Infectado: adware not-a-virus:AdWare.Win32.SuperJuan.csx c:\system volume information\_restore{dc84c4b8-ce44-485a-89ae-42f31d03f8c8}\rp100\a0023243.dll 112 KB

Infectado: adware not-a-virus:AdWare.Win32.SuperJuan.csx c:\system volume information\_restore{dc84c4b8-ce44-485a-89ae-42f31d03f8c8}\rp101\a0023467.dll 112 KB

Infectado: adware not-a-virus:AdWare.Win32.Virtumonde.abnb rundll32.exe\opbxubcl.dll 196 KB

Obrigado!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Siga as instruções contidas no link abaixo e instale e execute o Combofix:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

  • É importante que instale a console de recuperação também.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt).
  • Cole o conteúdo desse arquivo e faça também um novo log do HijackThis para colocar na sua resposta.

Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver rodando, isso pode fazer com que o pc pare.

Nota: Por favor, NÃO utilize o ComboFix sozinho. É uma ferramenta poderosa criada pra lidar com infeções sofisticadas e caso não a utilize correctamente poderá danificar o seu computador. A ferramenta apenas deve ser utilizada sob supervisão de Assistentes de remoção de malware.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela ajuda...

segue abaixo o log do ComboFix e Hijack:

ComboFix 08-08-19.06 - buja 2008-08-21 13:30:40.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.654 [GMT -3:00]

Executando de: C:\Documents and Settings\buja\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\buja\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusäes )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Arquivos de programas\ActivationManager

C:\Arquivos de programas\ActivationManager\Uninstall.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\ADSTechnology.lnk

C:\Documents and Settings\All Users\Menu Iniciar\Programas\ADSTechnology\Uninstall.lnk

C:\Documents and Settings\buja\Dados de aplicativos\inst.exe

C:\WINDOWS\BM3fa024aa.txt

C:\WINDOWS\BM3fa024aa.xml

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bn.dll

C:\WINDOWS\system32\dqgyhjoo.ini

C:\WINDOWS\system32\EgQrCfhk.ini

C:\WINDOWS\system32\EgQrCfhk.ini2

C:\WINDOWS\system32\fbyksruf.dll

C:\WINDOWS\system32\kdfvj.exe

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\narsmsga.exe

C:\WINDOWS\system32\opbxubcl.dll

C:\WINDOWS\system32\txqecagx.exe

C:\WINDOWS\system32\xkffwovq.ini

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))

.

2008-08-21 13:22 . 2008-08-21 13:34 216,864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-08-21 13:22 . 2008-08-21 13:34 4,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-08-21 13:22 . 2008-08-21 13:34 3,980 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-08-21 13:22 . 2008-08-21 13:34 1,484 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-08-20 19:31 . 2008-08-20 19:31 <DIR> d-------- C:\VundoFix Backups

2008-08-20 15:44 . 2008-08-21 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-08-20 15:38 . 2008-03-03 09:39 31,896,064 --a------ C:\kav.br.msi

2008-08-20 15:38 . 2007-09-05 13:56 2,684,884 --a------ C:\kav7.0pb.pdf

2008-08-20 15:38 . 2008-07-03 12:07 646 --a------ C:\setup.reg

2008-08-20 01:02 . 2008-08-20 16:11 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-08-20 01:02 . 2008-08-20 16:11 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-08-20 01:01 . 2008-08-20 15:44 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-08-20 01:00 . 2008-08-20 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-19 14:59 . 2008-08-21 10:33 <DIR> d-------- C:\WINDOWS\system32\734914

2008-08-19 14:49 . 2008-08-20 01:32 <DIR> d-------- C:\Arquivos de programas\Applications

2008-08-16 01:12 . 2008-08-16 01:15 <DIR> d-------- C:\Arquivos de programas\NASA

2008-08-11 20:09 . 2008-08-11 20:09 <DIR> d-------- C:\Arquivos de programas\Control Tower SFO

2008-08-09 14:42 . 2008-08-11 18:47 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-08-06 13:08 . 2008-08-19 18:53 10 --a------ C:\WINDOWS\popcinfo.dat

2008-08-06 13:06 . 2008-08-06 13:07 <DIR> d-------- C:\Arquivos de programas\Zuma Deluxe

2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll

.

((((((((((((((((((((((((((((((((((((( Relat¢rio Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 16:36 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Akamai

2008-08-20 19:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-08-20 04:37 --------- d-----w C:\Arquivos de programas\Teen Spirit

2008-08-20 04:37 --------- d-----w C:\Arquivos de programas\Segurança Doctor Speedy

2008-08-20 04:37 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-08-16 01:37 --------- d-----w C:\Arquivos de programas\MegaJogos

2008-07-30 13:44 --------- d-----w C:\Arquivos de programas\XP Tools

2008-07-29 22:42 --------- d-----w C:\Arquivos de programas\eMule

2008-07-14 21:50 --------- d-----w C:\Arquivos de programas\Kuma Games

2008-07-10 11:53 --------- d-----w C:\Arquivos de programas\Google

2008-07-09 20:21 724,992 ----a-w C:\WINDOWS\iun6002.exe

2008-07-08 21:32 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-07-08 03:07 --------- d-----w C:\Arquivos de programas\ZEW

2008-07-07 23:11 --------- d-----w C:\Arquivos de programas\Diner Dash Hometown Hero

2008-07-07 22:54 --------- d-----w C:\Arquivos de programas\Zylom Games

2008-07-07 21:07 --------- d-----w C:\Arquivos de programas\MemoriesOnTV4

2008-07-07 19:48 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\PlayFirst

2008-07-07 19:41 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\Zylom

2008-07-07 19:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-07-07 16:08 --------- d-----w C:\Arquivos de programas\CDisplay

2008-07-04 16:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\n7-89-o9-3r-4t-r9

2008-07-04 16:35 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\GameHouse

2008-07-04 16:35 --------- d-----w C:\Arquivos de programas\GameHouse

2008-07-01 02:32 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\Total Eclipse

2008-06-30 17:18 --------- d-----w C:\Arquivos de programas\Opera

2008-06-29 23:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-06-28 06:10 --------- d-----w C:\Arquivos de programas\Corel

2008-06-28 06:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-06-24 19:16 --------- d-----w C:\Arquivos de programas\Wedding Dash

2008-06-24 19:01 --------- d-----w C:\Arquivos de programas\ElcomSoft

2008-06-24 14:58 --------- d-----w C:\Arquivos de programas\BINA PRO

2008-06-21 03:33 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\uTorrent

2008-06-18 15:08 87,608 ----a-w C:\Documents and Settings\buja\Dados de aplicativos\ezpinst.exe

2008-06-18 15:08 47,360 ----a-w C:\Documents and Settings\buja\Dados de aplicativos\pcouffin.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & leg¡timas por defeito nÆo sÆo mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 03:35 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

--a------ 2006-01-02 17:41 45056 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

--a------ 2008-02-08 18:36 227856 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-06-11 13:39 289088 C:\Arquivos de programas\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-05-15 15:55 1057328 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 16:15 221184 c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 19:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-05-15 15:55 1628208 C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]

--a------ 2006-09-28 16:17 2101248 C:\Arquivos de programas\XP Tools\xptools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Arquivos de programas\\Java\\jre1.6.0_06\\bin\\javaw.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=

"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys [2003-05-11 15:20]

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]

R2 Akamai;Akamai;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:21]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]

S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

- - - - ORFAOS REMOVIDOS - - - -

BHO-{A81C59D3-EEC5-493C-9371-93F5195E4B72} - C:\WINDOWS\system32\khfCrQgE.dll

HKLM-Run-C:\WINDOWS\system32\kdfvj.exe - C:\WINDOWS\system32\kdfvj.exe

HKLM-Run-BM3fa024aa - C:\WINDOWS\system32\opbxubcl.dll

Notify-wvUoOGyA - wvUoOGyA.dll

.

------- Ccan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\buja\Dados de aplicativos\Mozilla\Firefox\Profiles\rlzp2ed6.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.uol.com.br

FF -: plugin - C:\Arquivos de programas\DNA\plugins\npbtdna.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - C:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF -: plugin - C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-21 13:36:20

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializ veis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"C:\\WINDOWS\\system32\\kdfvj.exe"="C:\\WINDOWS\\system32\\kdfvj.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3333.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="C:/Arquivos de programas/Arquivos comuns/Akamai/rswin_3333.dll"

.

------------------------ Outros Processos em Execu‡Æo ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusÆo: 2008-08-21 13:40:18 - Maquina reiniciou

ComboFix-quarantined-files.txt 2008-08-21 16:40:13

Pre-Run: 8 pasta(s) 65,137,999,872 bytes disponíveis

Post-Run: 11 pasta(s) 65,106,350,080 bytes dispon¡veis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

203 --- E O F --- 2008-06-21 01:58:21

__________________________________________________________________________

Scan saved at 13:47:13, on 21/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\buja\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\npjpi160_06.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212937990937

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PSIService.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

O seu Java está desactualizado.

Versões antigas e desactualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 7 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 7...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu PC, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u7-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run]
"C:\\WINDOWS\\system32\\kdfvj.exe"=-

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log., cole o conteudo desse log.

[]'s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado novamente pela ajuda.

Não sei se o pc ja esta limpo, mas esta muito melhor, tive que usar outro para fazer os downloads e entrar aqui, agora ja estou no próprio.

ComboFix 08-08-19.06 - buja 2008-08-21 15:03:13.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.697 [GMT -3:00]

Executando de: C:\Documents and Settings\buja\Meus documentos\Anti trojan\ComboFix.exe

Command switches used :: C:\Documents and Settings\buja\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((( Ficheiros criados de 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))))

.

2008-08-21 15:00 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-21 14:59 . 2008-08-21 15:00 <DIR> d-------- C:\Arquivos de programas\Java

2008-08-21 14:59 . 2008-08-21 14:59 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-08-21 13:40 . 2008-08-21 13:40 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais

2008-08-21 13:40 . 2008-08-21 13:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais

2008-08-21 13:40 . 2008-08-21 13:40 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais

2008-08-21 13:40 . 2008-08-21 13:40 <DIR> d-------- C:\Documents and Settings\buja\Configuraþ§es locais

2008-08-21 13:22 . 2008-08-21 15:07 645,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-08-21 13:22 . 2008-08-21 15:06 20,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-08-21 13:22 . 2008-08-21 14:55 9,116 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-08-21 13:22 . 2008-08-21 14:55 2,756 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-08-20 19:31 . 2008-08-20 19:31 <DIR> d-------- C:\VundoFix Backups

2008-08-20 15:44 . 2008-08-21 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-08-20 15:38 . 2008-03-03 09:39 31,896,064 --a------ C:\kav.br.msi

2008-08-20 15:38 . 2007-09-05 13:56 2,684,884 --a------ C:\kav7.0pb.pdf

2008-08-20 15:38 . 2008-07-03 12:07 646 --a------ C:\setup.reg

2008-08-20 01:02 . 2008-08-20 16:11 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-08-20 01:02 . 2008-08-20 16:11 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-08-20 01:01 . 2008-08-20 15:44 <DIR> d-------- C:\Arquivos de programas\Kaspersky Lab

2008-08-20 01:00 . 2008-08-20 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-19 14:59 . 2008-08-21 10:33 <DIR> d-------- C:\WINDOWS\system32\734914

2008-08-19 14:49 . 2008-08-21 14:22 <DIR> d-------- C:\Arquivos de programas\Applications

2008-08-16 01:12 . 2008-08-16 01:15 <DIR> d-------- C:\Arquivos de programas\NASA

2008-08-11 20:09 . 2008-08-11 20:09 <DIR> d-------- C:\Arquivos de programas\Control Tower SFO

2008-08-09 14:42 . 2008-08-11 18:47 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-08-06 13:08 . 2008-08-19 18:53 10 --a------ C:\WINDOWS\popcinfo.dat

2008-08-06 13:06 . 2008-08-06 13:07 <DIR> d-------- C:\Arquivos de programas\Zuma Deluxe

2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-21 17:12 --------- d-----w C:\Arquivos de programas\Kuma Games

2008-08-20 19:11 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-08-20 04:37 --------- d-----w C:\Arquivos de programas\Teen Spirit

2008-08-20 04:37 --------- d-----w C:\Arquivos de programas\Segurança Doctor Speedy

2008-08-20 04:37 --------- d-----w C:\Arquivos de programas\Atrativa Games

2008-08-16 01:37 --------- d-----w C:\Arquivos de programas\MegaJogos

2008-07-30 13:44 --------- d-----w C:\Arquivos de programas\XP Tools

2008-07-29 22:42 --------- d-----w C:\Arquivos de programas\eMule

2008-07-29 22:23 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-07-10 11:53 --------- d-----w C:\Arquivos de programas\Google

2008-07-09 20:21 724,992 ----a-w C:\WINDOWS\iun6002.exe

2008-07-08 21:32 --------- d-----w C:\Arquivos de programas\Microsoft Games

2008-07-08 03:07 --------- d-----w C:\Arquivos de programas\ZEW

2008-07-07 23:11 --------- d-----w C:\Arquivos de programas\Diner Dash Hometown Hero

2008-07-07 22:54 --------- d-----w C:\Arquivos de programas\Zylom Games

2008-07-07 21:07 --------- d-----w C:\Arquivos de programas\MemoriesOnTV4

2008-07-07 19:48 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\PlayFirst

2008-07-07 19:41 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\Zylom

2008-07-07 19:41 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\PlayFirst

2008-07-07 16:08 --------- d-----w C:\Arquivos de programas\CDisplay

2008-07-04 16:36 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\n7-89-o9-3r-4t-r9

2008-07-04 16:35 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\GameHouse

2008-07-04 16:35 --------- d-----w C:\Arquivos de programas\GameHouse

2008-07-01 02:32 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\Total Eclipse

2008-06-30 17:18 --------- d-----w C:\Arquivos de programas\Opera

2008-06-29 23:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-06-28 06:10 --------- d-----w C:\Arquivos de programas\Corel

2008-06-28 06:10 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Corel

2008-06-24 19:16 --------- d-----w C:\Arquivos de programas\Wedding Dash

2008-06-24 19:01 --------- d-----w C:\Arquivos de programas\ElcomSoft

2008-06-24 14:58 --------- d-----w C:\Arquivos de programas\BINA PRO

2008-06-23 15:11 668,160 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-21 03:33 --------- d-----w C:\Documents and Settings\buja\Dados de aplicativos\uTorrent

2008-06-18 15:08 87,608 ----a-w C:\Documents and Settings\buja\Dados de aplicativos\ezpinst.exe

2008-06-18 15:08 47,360 ----a-w C:\Documents and Settings\buja\Dados de aplicativos\pcouffin.sys

2008-06-06 04:27 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll

2008-06-06 04:27 233,472 ------w C:\WINDOWS\system32\REX Shared Library.dll

.

((((((((((((((((((((((((((((( snapshot@2008-08-21_13.39.53.15 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-08-16 04:16:58 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-08-21 17:18:19 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2008-08-16 04:17:05 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-08-21 17:18:45 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2008-08-16 04:17:05 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-08-21 17:18:46 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2008-08-16 04:17:06 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-08-21 17:18:48 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2008-08-16 04:17:03 2,878,976 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-08-21 17:18:38 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2008-08-16 04:16:55 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-08-21 17:18:03 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2008-08-16 04:16:55 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-08-21 17:18:03 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2008-08-16 04:17:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-08-21 17:18:54 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2008-08-16 04:17:01 5,025,792 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-08-21 17:18:26 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2008-08-16 04:16:58 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-08-21 17:18:17 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2008-08-16 04:16:55 503,808 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-08-21 17:18:02 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2008-08-16 04:16:56 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-08-21 17:18:10 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2008-08-16 04:17:04 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-08-21 17:18:40 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2008-08-16 04:17:04 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-08-21 17:18:41 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2008-08-16 04:17:05 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-08-21 17:18:43 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2008-08-16 04:16:56 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-08-21 17:18:13 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2008-08-16 04:16:57 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-08-21 17:18:14 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2008-08-16 04:16:57 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-08-21 17:18:15 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2008-08-16 04:16:57 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-08-21 17:18:16 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2008-08-16 04:16:56 745,472 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-08-21 17:18:12 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2008-08-16 04:17:11 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-08-21 17:18:57 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2008-08-16 04:17:11 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-08-21 17:18:56 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2008-08-16 04:16:53 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-08-21 17:17:59 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2008-08-16 04:17:11 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-08-21 17:18:55 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2008-08-16 04:17:12 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-08-21 17:18:57 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2008-08-16 04:16:54 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-08-21 17:18:01 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2008-08-16 04:16:54 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-08-21 17:18:00 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2008-08-16 04:16:54 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-08-21 17:18:01 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2008-08-16 04:17:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-08-21 17:18:51 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2008-08-16 04:16:59 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-08-21 17:18:20 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2008-08-16 04:17:08 389,120 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-08-21 17:18:52 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2008-08-16 04:17:07 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-08-21 17:18:49 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2008-08-16 04:16:55 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-08-21 17:18:06 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2008-08-16 04:17:03 5,050,368 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-08-21 17:18:39 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2008-08-16 04:17:00 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-08-21 17:18:22 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2008-08-16 04:16:59 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-08-21 17:18:20 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2008-08-16 04:17:00 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-08-21 17:18:24 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2008-08-16 04:17:09 700,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-08-21 17:18:53 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2008-08-16 04:17:07 368,640 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-08-21 17:18:49 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2008-08-16 04:17:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-08-21 17:18:54 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2008-08-16 04:17:07 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-08-21 17:18:50 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2008-08-16 04:17:08 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-08-21 17:18:50 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2008-08-16 04:16:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-08-21 17:18:18 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2008-08-16 04:17:00 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-08-21 17:18:25 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2008-08-16 04:17:10 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-08-21 17:18:55 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2008-08-16 04:17:01 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-08-21 17:18:29 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2008-08-16 04:17:01 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-08-21 17:18:31 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2008-08-16 04:17:02 5,316,608 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-08-21 17:18:33 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2008-08-16 04:17:03 2,035,712 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-08-21 17:18:35 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2008-08-16 04:17:09 3,018,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-08-21 17:18:53 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-08-21 17:44:38 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\b2a71d15f31652482164c6b7abbdaf03\Accessibility.ni.dll

+ 2008-08-21 17:44:40 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\9335720f7adb515c047696b38b309400\AspNetMMCExt.ni.dll

+ 2008-08-21 17:44:42 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\15ccb53f0052b862997f34f272eb1186\CustomMarshalers.ni.dll

+ 2008-08-21 17:44:41 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\5439dff92f929e6ced9733f677474616\dfsvc.ni.exe

+ 2008-08-21 17:44:45 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a986cc2aee6eb13c488fdaa8e91f2645\Microsoft.Build.Engine.ni.dll

+ 2008-08-21 17:44:45 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\53138c7bfc86cffe695a0de178224e8c\Microsoft.Build.Framework.ni.dll

+ 2008-08-21 17:44:50 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\823640baee1b5a3ace6a55b5770b2e44\Microsoft.Build.Tasks.ni.dll

+ 2008-08-21 17:44:51 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\e68ea6302e474b22dac544e62407690a\Microsoft.Build.Utilities.ni.dll

+ 2008-08-21 17:44:55 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9d83b2ea9693045b55ae52f3edb39699\Microsoft.VisualBasic.ni.dll

+ 2008-08-21 17:21:54 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5811ec94aee09423b666d4d259fe52e0\mscorlib.ni.dll

+ 2008-08-21 17:44:58 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\a305a3f8b0a3b5d09ed9068f1f00ca4a\System.Configuration.ni.dll

+ 2008-08-21 17:25:42 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\aaefaf607ef2c55789272bbc0cb6b815\System.Data.ni.dll

+ 2008-08-21 17:45:01 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc0730e90a9972aeb53d73121f6f1075\System.Deployment.ni.dll

+ 2008-08-21 17:29:41 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\d7c8dcf832136d580b839e003d66c705\System.Design.ni.dll

+ 2008-08-21 17:45:07 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\114f720ae97043a15c4a79fd9816379e\System.DirectoryServices.Protocols.ni.dll

+ 2008-08-21 17:45:05 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\50b28678e4fefda87ea00505548c274b\System.DirectoryServices.ni.dll

+ 2008-08-21 17:30:04 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\8790685bfa7a4fc2f26f31299480d161\System.Drawing.Design.ni.dll

+ 2008-08-21 17:29:51 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e5a26b95c1365ac99d6020878bcbbaa\System.Drawing.ni.dll

+ 2008-08-21 17:45:10 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\96c7d166583cdf26fba3b4bb50d1a5cb\System.EnterpriseServices.ni.dll

+ 2008-08-21 17:45:10 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\96c7d166583cdf26fba3b4bb50d1a5cb\System.EnterpriseServices.Wrapper.dll

+ 2008-08-21 17:45:12 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\abe7c33485661b71b1c9fec42705a2c0\System.Security.ni.dll

+ 2008-08-21 17:45:14 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\e2468d8b187c486c2729e30b197af92b\System.Transactions.ni.dll

+ 2008-08-21 17:45:57 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\528f4c848b0792bc99c6c4901f55abbc\System.Web.Mobile.ni.dll

+ 2008-08-21 17:45:58 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c8a927f61033ce254628b5df4856842\System.Web.RegularExpressions.ni.dll

+ 2008-08-21 17:46:03 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9f3f04fd6bff8f3eff822c28150f3121\System.Web.Services.ni.dll

+ 2008-08-21 17:45:49 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f16645c7c9e4a4760cb7873091e4bfbe\System.Web.ni.dll

+ 2008-08-21 17:32:45 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ce19fc0b4fb742ac1ca44f49916f929b\System.Windows.Forms.ni.dll

+ 2008-08-21 17:33:10 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\68db0e988d4a3e8ff0fda789458c08f1\System.Xml.ni.dll

+ 2008-08-21 17:23:02 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\c6504f17bae30d609d74fb2387ce0990\System.ni.dll

- 2005-09-23 10:28:58 55,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2007-04-13 06:21:18 58,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

- 2005-09-23 10:28:32 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2007-04-13 06:20:52 10,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

- 2005-09-23 10:28:32 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2007-04-13 06:20:52 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

- 2005-09-23 10:28:32 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2007-04-13 06:20:52 23,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

- 2005-09-23 10:28:32 70,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2007-04-13 06:20:50 75,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

- 2005-09-23 10:28:32 26,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2007-04-13 06:20:52 32,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

- 2005-09-23 10:28:32 29,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2007-04-13 06:20:52 33,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

- 2005-09-23 10:28:32 29,888 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2007-04-13 06:20:52 32,600 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

- 2005-09-23 10:28:32 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2007-04-13 06:20:52 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

- 2005-09-23 10:28:56 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2007-04-13 06:21:16 88,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

- 2005-09-23 10:28:38 4,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2007-04-13 06:20:58 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

- 2005-09-23 10:28:56 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2007-04-13 06:21:16 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

- 2005-09-23 10:28:56 224,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2007-04-13 06:21:16 228,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

- 2005-09-23 10:28:56 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2007-04-13 06:21:16 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

- 2005-09-23 10:28:48 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2007-04-13 06:21:10 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

- 2005-09-23 10:28:48 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2007-04-13 06:21:10 647,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

- 2005-09-23 10:28:48 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2007-04-13 06:21:08 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

- 2005-09-23 10:28:32 87,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2007-04-13 06:20:52 87,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

- 2005-09-23 10:28:56 800,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2007-04-13 06:21:18 802,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

- 2005-09-23 10:28:56 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2007-04-13 06:21:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

- 2005-09-23 10:28:56 326,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2007-04-13 06:21:16 326,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

- 2005-09-23 10:28:56 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2007-04-13 06:21:16 4,308,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2005-09-23 10:28:56 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2007-04-13 06:21:16 102,912 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

- 2005-09-23 10:28:56 226,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2007-04-13 06:21:18 227,328 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

- 2005-09-23 10:28:56 66,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2007-04-13 06:21:18 68,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

- 2005-09-23 10:28:50 5,615,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2007-04-13 06:21:12 5,634,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2005-09-23 10:28:56 96,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2007-04-13 06:21:16 99,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe

- 2005-09-23 10:28:56 14,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2007-04-13 06:21:18 15,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll

- 2005-09-23 10:28:50 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2007-04-13 06:21:12 136,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll

- 2005-09-23 10:28:56 377,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2007-04-13 06:21:18 382,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll

- 2005-09-23 10:28:56 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2007-04-13 06:21:18 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

- 2005-09-23 10:28:58 389,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2007-04-13 06:21:18 413,696 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

- 2005-09-23 10:28:56 2,878,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2007-04-13 06:21:16 2,902,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

- 2005-09-23 10:28:56 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2007-04-13 06:21:18 482,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

- 2005-09-23 10:28:56 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2007-04-13 06:21:18 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

- 2005-09-23 10:28:38 884,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2007-04-13 06:20:58 888,832 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

- 2005-09-23 10:28:56 5,050,368 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2007-04-13 06:21:16 5,001,216 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

- 2005-09-23 10:28:56 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2007-04-13 06:21:18 188,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

- 2005-09-23 10:28:56 3,018,752 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2007-04-13 06:21:16 2,940,928 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll

- 2005-09-23 10:28:56 700,416 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2007-04-13 06:21:16 577,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

- 2005-09-23 10:28:56 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2007-04-13 06:21:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

- 2005-09-23 10:28:56 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2007-04-13 06:21:18 47,616 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

- 2005-09-23 10:28:56 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2007-04-13 06:21:18 114,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

- 2005-09-23 10:28:56 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2007-04-13 06:21:16 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

- 2005-09-23 10:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2007-04-13 06:21:16 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

- 2005-09-23 10:28:56 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2007-04-13 06:21:18 260,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

- 2005-09-23 10:28:56 5,025,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2007-04-13 06:21:16 5,156,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

- 2005-09-23 10:28:56 5,316,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2007-04-13 06:21:16 5,152,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

- 2005-09-23 10:28:56 2,035,712 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2007-04-13 06:21:16 2,027,520 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

- 2005-09-23 10:29:06 1,140,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2007-04-13 06:21:28 1,166,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe

- 2005-09-23 10:28:30 1,306,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2007-04-13 06:20:50 1,330,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

- 2005-09-23 10:28:32 298,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2007-04-13 06:20:52 406,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2008-08-21 17:09:57 3,606 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{E5151C76-3137-4C21-8240-9A002139996D}.bin

- 2008-04-21 06:44:07 3,087,872 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-06-23 15:11:15 3,088,384 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2008-06-26 08:14:06 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll

+ 2008-06-26 08:14:06 619,520 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2008-04-21 06:44:08 668,160 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-06-23 15:11:15 668,160 -c----w C:\WINDOWS\system32\dllcache\wininet.dll

- 2008-03-25 04:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-10 04:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2008-03-25 04:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-10 04:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2008-03-25 05:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 05:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2008-05-29 19:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2008-08-05 14:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe

- 2006-12-22 15:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

+ 2007-04-13 06:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll

- 2008-04-21 06:44:07 3,087,872 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-06-23 15:11:15 3,088,384 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2008-08-16 04:19:39 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-08-21 17:19:15 62,344 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-08-16 04:19:39 70,980 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-08-21 17:19:15 70,980 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-08-16 04:19:39 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-08-21 17:19:15 401,064 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-08-16 04:19:39 433,840 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-08-21 17:19:15 433,840 ----a-w C:\WINDOWS\system32\perfh016.dat

- 2008-04-13 22:20:42 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

+ 2008-06-26 08:14:06 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll

- 2007-11-30 11:18:16 18,296 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 ------w C:\WINDOWS\system32\spmsg.dll

- 2008-04-13 22:20:42 620,544 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-06-26 08:14:06 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2008-08-16 04:16:55 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-08-21 17:18:03 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2008-08-16 04:16:55 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2008-08-21 17:18:03 114,176 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias & legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 03:35 188416]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:20 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

--a------ 2006-01-02 17:41 45056 C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-06-11 13:39 289088 C:\Arquivos de programas\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

--a------ 2007-05-15 15:55 1057328 C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-02-16 16:15 221184 c:\ARQUIV~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-13 19:21 1695232 C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

--a------ 2007-05-15 15:55 1628208 C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Tools]

--a------ 2006-09-28 16:17 2101248 C:\Arquivos de programas\XP Tools\xptools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"C:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Documents and Settings\\All Users\\Dados de aplicativos\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\English\\setup.exe"=

"C:\\Arquivos de programas\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys [2003-05-11 15:20]

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]

S3 SBRE;SBRE;C:\WINDOWS\system32\drivers\SBREdrv.sys []

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-21 15:06:57

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-08-21 15:08:57

ComboFix-quarantined-files.txt 2008-08-21 18:08:48

ComboFix2.txt 2008-08-21 16:40:19

Pre-Run: 9 pasta(s) 64,702,816,256 bytes disponíveis

Post-Run: 11 pasta(s) 64,692,273,152 bytes disponíveis

422 --- E O F --- 2008-08-21 17:22:39

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

" Tópico Resolvido "

Se você necessita que o tópico seja reaberto, entre em contato com um dos membros da equipe de moderação (Lusitano ou RenatoMejias) e inclua no seu pedido o link para este tópico.

Caso tenha um novo problema, por favor inicie um novo tópico.

O acima exposto aplica-se apenas ao autor do tópico. Todos os outros usuários deverão obrigatóriamente iniciar um novo tópico.

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×