Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
rdelpizzo

PLANET.EXE infectando computador

Recommended Posts

Olá,

Estou com um problema em meu laptop. O meu antivirus Avast reconhece 3 virus, PLANET.EXE, HOSTS.EXE e INFMGR.EXE, os remove, mas eles insistem em continuar aparecendo.

Já formatei o computador, e mesmo assim, eles continuam lá.

O local dos arquivos é sempre o mesmo: C:Documents and Settings\(user)\

Não sei mais o que fazer.. executei o Combofix, por um tempo passou, mas novamente estes virus apareceram.

Tenho suspeitas que o vitus possa estar no meu pendrive, mas ja formatei ele e mesmo assim nada dele sair.

Não sei mais o que faço. Segue um log do Hijack que fiz.

Se alguém sofreu do mesmo problema, e souber me ajudar, agradeço.

Logfile of HijackThis v1.99.1

Scan saved at 16:31:02, on 28/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.266\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [EPSON TX105 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE /FU "C:\WINDOWS\TEMP\E_S112.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225134738484

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, poste um novo log do Hijackthis.

Obs: Não abra um novo tópico, poste seu novo log clicando no botão Responder.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 15:00:41, on 4/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\ARQUIV~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.860\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://br.rd.yahoo.com/customize/ycomp/defaults/sb/*http://br.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://br.rd.yahoo.com/customize/ycomp/defaults/sp/*http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [YSearchProtection] "C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKCU\..\Run: [EPSON TX105 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE /FU "C:\WINDOWS\TEMP\E_S112.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [YSearchProtection] C:\Arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [Antispyware] C:\Arquivos de programas\Antispyware\Antispyware.exe -boot

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Arquivos de programas\Yahoo!\Common\Yinsthelper200711281.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225134738484

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.266\Hi jackThis.exe

O hijackthis deve ser salvo no computador e não apenas executado.

----

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu já rodei anteriormente o Combofix. Não tem problema se eu rodar ele de novo?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça conforme estou pedindo, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-04.02 - Administrador 2008-11-10 0:07:36.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.197 [GMT -3:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Antispyware

c:\arquivos de programas\Antispyware\Antispyware.exe

c:\arquivos de programas\Antispyware\Antispyware.url

c:\arquivos de programas\Antispyware\DataBase.ref

c:\arquivos de programas\Antispyware\TCL.dll

c:\arquivos de programas\Antispyware\vistaCPtasks.xml

c:\arquivos de programas\Antispyware\zlib.dll

c:\windows\hosts

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))

.

2008-11-07 02:20 . 2008-11-07 02:20 <DIR> d-------- c:\arquivos de programas\MSXML 4.0

2008-11-06 17:27 . 2008-11-09 16:01 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-06 14:09 . 2008-08-14 10:45 2,184,576 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-11-06 14:09 . 2008-08-14 10:45 2,140,160 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-11-06 14:09 . 2008-08-14 10:45 2,061,952 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-11-06 14:09 . 2008-08-14 10:45 2,019,840 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-11-06 01:26 . 2008-11-07 02:25 1,374 --a------ c:\windows\imsins.BAK

2008-11-05 23:16 . 2008-06-14 14:59 272,384 --------- c:\windows\system32\drivers\bthport.sys

2008-11-05 23:16 . 2008-06-14 14:59 272,384 -----c--- c:\windows\system32\dllcache\bthport.sys

2008-11-05 21:55 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll

2008-11-05 21:55 . 2007-07-30 19:19 207,736 --a------ c:\windows\system32\muweb.dll

2008-11-05 21:55 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui

2008-11-04 16:09 . 2008-11-04 16:09 54,156 --ah----- c:\windows\QTFont.qfn

2008-11-04 16:09 . 2008-11-04 16:09 1,409 --a------ c:\windows\QTFont.for

2008-10-31 00:39 . 2008-11-05 08:38 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Antispyware

2008-10-29 17:24 . 2008-10-29 22:09 16,827 --a------ c:\windows\system32\drivers\hosts

2008-10-29 00:32 . 2008-10-29 00:33 <DIR> dr-h----- c:\documents and settings\All Users\Dados de aplicativos\yahoo!

2008-10-29 00:32 . 2008-10-29 00:32 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Yahoo!

2008-10-28 20:04 . 2008-10-29 00:34 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-10-28 18:35 . 2008-10-29 00:32 <DIR> d-------- c:\arquivos de programas\Yahoo!

2008-10-28 18:35 . 2008-10-28 18:35 <DIR> d-------- c:\arquivos de programas\CCleaner

2008-10-28 10:49 . 2008-11-08 01:17 <DIR> d-------- c:\documents and settings\Administrador\Contacts

2008-10-28 10:34 . 2008-10-28 10:34 169 --a------ c:\windows\RtlRack.ini

2008-10-28 00:32 . 2008-10-28 00:32 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2008-10-28 00:32 . 2005-12-08 13:56 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx

2008-10-28 00:32 . 2005-12-08 13:56 49,152 --a------ c:\windows\system32\QuickTime.qts

2008-10-28 00:31 . 2008-10-28 02:05 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\bsplayer

2008-10-28 00:31 . 2008-10-28 00:31 <DIR> d-------- c:\arquivos de programas\K-Lite Codec Pack

2008-10-27 17:39 . 2008-10-27 17:40 <DIR> d-------- c:\arquivos de programas\ABBYY FineReader 6.0 Sprint

2008-10-27 17:38 . 2008-10-27 17:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\UDL

2008-10-27 17:37 . 2008-10-27 17:37 <DIR> d-------- c:\arquivos de programas\Epson Software

2008-10-27 17:36 . 2007-12-06 22:08 86,528 --a------ c:\windows\system32\E_FLBEDB.DLL

2008-10-27 17:36 . 2007-12-06 22:01 78,848 --a------ c:\windows\system32\E_FD4BEDB.DLL

2008-10-27 17:36 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2008-10-27 17:36 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

2008-10-27 17:36 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-10-27 17:36 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-10-27 17:35 . 2008-10-27 17:37 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\EPSON

2008-10-27 17:35 . 2008-10-27 17:35 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\InstallShield

2008-10-27 17:34 . 2008-10-27 17:40 <DIR> d-------- c:\arquivos de programas\epson

2008-10-27 17:34 . 2007-07-13 00:00 71,680 --a------ c:\windows\system32\escwiad.dll

2008-10-27 17:34 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys

2008-10-27 17:34 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

2008-10-27 17:34 . 2008-10-27 17:40 71 --a------ c:\windows\EPSTX105.ini

2008-10-27 16:30 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2008-10-27 16:25 . 2008-10-28 10:38 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller

2008-10-27 16:25 . 2008-10-28 10:47 <DIR> d-------- c:\arquivos de programas\Windows Live

2008-10-27 16:25 . 2008-10-28 10:47 <DIR> d--hsc--- c:\arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-10-27 16:23 . 2008-11-07 02:24 <DIR> d--h----- c:\windows\$hf_mig$

2008-10-27 16:23 . 2005-02-25 00:34 22,752 --a------ c:\windows\system32\spupdsvc.exe

2008-10-27 16:14 . 2008-10-27 16:14 <DIR> d-------- c:\arquivos de programas\Foxit Software

2008-10-27 16:13 . 2007-07-30 19:19 43,352 --a------ c:\windows\system32\wups2.dll

2008-10-27 16:13 . 2007-07-30 19:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui

2008-10-27 16:13 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui

2008-10-27 16:13 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuapi.dll.mui

2008-10-27 16:13 . 2007-07-30 19:18 20,824 --a------ c:\windows\system32\wuaueng.dll.mui

2008-10-27 15:56 . 2008-10-27 15:56 <DIR> d---s---- c:\documents and settings\Administrador\UserData

2008-10-27 14:42 . 2001-09-05 23:20 12,288 --a------ c:\windows\system32\drivers\mouhid.sys

2008-10-27 14:42 . 2001-09-05 23:20 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys

2008-10-27 14:42 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2008-10-27 14:42 . 2001-08-17 22:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

2008-10-27 14:29 . 2008-10-27 14:29 <DIR> d-------- c:\arquivos de programas\Microsoft Works

2008-10-27 14:25 . 2008-10-27 14:26 <DIR> d-------- c:\windows\SHELLNEW

2008-10-27 14:24 . 2008-10-27 14:24 <DIR> dr-h----- C:\MSOCache

2008-10-27 14:24 . 2008-11-07 02:25 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-27 14:13 . 2008-10-27 14:13 <DIR> d-------- c:\documents and settings\Administrador\Dados de aplicativos\Corel

2008-10-27 14:13 . 2008-11-08 01:01 2,776 --ahs---- c:\windows\system32\KGyGaAvL.sys

2008-10-27 14:09 . 2008-10-27 14:09 <DIR> d-------- c:\documents and settings\All Users\Dados de aplicativos\InstallShield

2008-10-27 14:07 . 2008-10-27 14:07 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\Corel

2008-10-27 14:04 . 2008-10-27 14:07 <DIR> d-------- c:\arquivos de programas\Corel

2008-10-27 13:51 . 2004-12-21 14:32 1,396,831 --------- c:\windows\system32\AegisE5.dll

2008-10-27 13:51 . 2004-12-21 14:32 1,261,676 --------- c:\windows\system32\BCMWLCPL.CPL

2008-10-27 13:51 . 2004-12-21 14:32 827,499 --------- c:\windows\system32\BCMWLTRY.EXE

2008-10-27 13:51 . 2004-12-21 14:32 647,272 --------- c:\windows\system32\WLTRAY.EXE

2008-10-27 13:51 . 2004-12-21 14:32 369,024 --------- c:\windows\system32\drivers\BCMWL5.SYS

2008-10-27 13:51 . 2004-12-21 14:32 192,512 --------- c:\windows\system32\AegisI5.exe

2008-10-27 13:51 . 2004-12-21 14:32 184,320 --------- c:\windows\system32\BCMWLU00.EXE

2008-10-27 13:51 . 2004-12-21 14:32 172,032 --------- c:\windows\system32\BCMLogon.dll

2008-10-27 13:51 . 2004-12-21 14:32 81,920 --------- c:\windows\system32\wltrynt.dll

2008-10-27 13:51 . 2004-12-21 14:32 69,632 --------- c:\windows\system32\BCMWLD2K.EXE

2008-10-27 13:51 . 2004-12-21 14:32 65,536 --------- c:\windows\system32\WLTRYSVC.EXE

2008-10-27 13:51 . 2008-10-27 13:51 17,801 --a------ c:\windows\system32\drivers\AegisP.sys

2008-10-27 11:58 . 2008-10-27 11:58 <DIR> d-------- c:\arquivos de programas\Realtek Sound Manager

2008-10-27 11:58 . 2008-10-27 17:37 <DIR> d--h----- c:\arquivos de programas\InstallShield Installation Information

2008-10-27 11:58 . 2008-10-27 11:58 <DIR> d-------- c:\arquivos de programas\AvRack

2008-10-27 11:57 . 2008-10-27 14:09 <DIR> d-------- c:\arquivos de programas\Arquivos comuns\InstallShield

2008-10-27 11:57 . 2005-03-01 05:49 192,512 --------- c:\windows\RtlExUpd.dll

2008-10-27 11:37 . 2005-03-01 12:47 862,208 -ra------ c:\windows\system32\sisgrv.dll

2008-10-27 11:37 . 2005-03-01 12:47 862,208 --a--c--- c:\windows\system32\dllcache\sisgrv.dll

2008-10-27 11:37 . 2005-03-01 13:09 240,640 -ra------ c:\windows\system32\drivers\sisgrp.sys

2008-10-27 11:37 . 2005-03-01 13:09 240,640 --a--c--- c:\windows\system32\dllcache\sisgrp.sys

2008-10-27 11:37 . 2005-02-25 08:35 49,152 -ra------ c:\windows\system32\SiSPower.dll

2008-10-27 11:37 . 2005-02-25 08:34 28,672 -ra------ c:\windows\system32\_SiSPInst.dll

2008-10-27 11:37 . 2008-10-27 11:43 1 --a------ c:\windows\~sisRslt

2008-10-27 11:34 . 2008-10-27 13:50 6 --a------ C:\ISACER.ID

2008-10-27 11:16 . 2008-10-27 11:16 <DIR> d-------- c:\arquivos de programas\Alwil Software

2008-10-27 11:16 . 2003-03-18 18:20 1,060,864 --a------ c:\windows\system32\MFC71.dll

2008-10-27 11:16 . 2003-03-18 17:14 499,712 --a------ c:\windows\system32\MSVCP71.dll

2008-10-27 11:16 . 2003-02-21 01:42 348,160 --a------ c:\windows\system32\MSVCR71.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-27 13:52 --------- d-----w c:\arquivos de programas\microsoft frontpage

2008-10-27 13:50 --------- d-----w c:\arquivos de programas\Serviços on-line

2008-10-27 13:49 --------- d-----w c:\arquivos de programas\Arquivos comuns\Serviços

2008-09-15 15:40 1,846,144 ----a-w c:\windows\system32\win32k.sys

2008-08-20 05:37 661,504 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:45 2,184,576 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:45 2,061,952 ----a-w c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-27_17.53.41.37 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-18 14:33:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll

+ 2007-12-18 14:33:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll

+ 2007-03-06 01:00:55 15,072 ----a-w c:\windows\$hf_mig$\KB944338-v2\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w c:\windows\$hf_mig$\KB944338-v2\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll

+ 2008-07-07 20:18:39 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:28:46 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:25:26 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:38:57 395,128 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe

+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe

+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll

+ 2008-05-07 04:55:49 1,292,800 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll

+ 2008-05-07 05:11:33 1,292,800 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll

+ 2008-05-07 05:04:43 1,292,800 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll

+ 2008-06-24 16:30:35 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:43:36 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:53:55 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-08-20 05:34:00 1,024,512 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\browseui.dll

+ 2008-08-20 05:33:52 151,552 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\cdfview.dll

+ 2008-08-20 05:33:53 1,055,744 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\danim.dll

+ 2008-08-20 05:33:53 357,888 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtmsft.dll

+ 2008-08-20 05:33:53 205,312 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\dxtrans.dll

+ 2008-08-20 05:33:53 55,808 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\extmgr.dll

+ 2008-08-19 09:38:57 18,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iedw.exe

+ 2008-08-20 05:33:54 251,904 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\iepeers.dll

+ 2008-08-20 05:33:54 96,768 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\inseng.dll

+ 2008-08-20 05:33:58 16,384 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\jsproxy.dll

+ 2008-08-20 05:34:05 3,088,384 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll

+ 2008-08-20 05:33:58 449,024 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mshtmled.dll

+ 2008-08-20 05:33:54 146,432 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\msrating.dll

+ 2008-08-20 05:33:54 532,480 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\mstime.dll

+ 2008-08-20 05:33:54 39,424 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\pngfilt.dll

+ 2008-08-20 05:33:56 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shdocvw.dll

+ 2008-08-20 05:33:58 474,112 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\shlwapi.dll

+ 2008-08-19 09:51:24 360,448 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\spru0416.dll

+ 2008-08-20 05:34:00 620,032 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\urlmon.dll

+ 2008-08-20 05:33:57 669,696 ----a-w c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll

+ 2008-08-20 05:09:54 3,088,896 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll

+ 2008-08-20 05:09:53 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\shdocvw.dll

+ 2008-08-20 05:09:53 619,520 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\urlmon.dll

+ 2008-08-20 05:09:53 668,160 ----a-w c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll

+ 2008-08-20 05:07:35 3,088,896 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll

+ 2008-08-20 05:07:32 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll

+ 2008-08-20 05:07:33 620,032 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll

+ 2008-08-20 05:07:33 668,672 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll

+ 2008-10-04 23:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

+ 2008-06-14 17:59:51 272,384 ------w c:\windows\Driver Cache\i386\bthport.sys

+ 2008-08-14 13:45:20 2,140,160 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-08-14 13:45:24 2,061,952 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-08-14 13:45:20 2,019,840 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2008-08-14 13:45:25 2,184,576 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2006-10-27 18:16:36 133,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL

+ 2006-10-26 23:55:32 87,344 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL

+ 2006-10-27 18:07:36 17,891,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE

+ 2006-10-26 23:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL

+ 2006-10-26 23:55:48 340,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL

+ 2006-10-27 18:26:40 16,870,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL

+ 2006-10-26 23:42:36 8,423,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL

+ 2006-10-27 18:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL

+ 2006-10-27 18:16:46 2,939,704 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL

+ 2006-10-26 23:34:12 660,792 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL

+ 2006-10-26 23:34:10 192,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL

+ 2006-09-15 19:25:18 3,611,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT

+ 2006-10-27 18:16:44 594,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL

+ 2006-10-27 18:16:48 12,813,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE

+ 2006-10-27 18:16:40 176,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL

+ 2006-10-27 18:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL

+ 2006-10-27 18:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE

+ 2006-10-27 18:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL

+ 2006-10-26 23:55:54 413,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL

+ 2006-10-26 23:55:44 263,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL

+ 2006-10-26 23:55:44 272,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL

+ 2006-10-27 18:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE

+ 2006-10-27 18:11:38 4,235,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL

+ 2006-10-27 18:11:36 21,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE

+ 2006-10-27 18:23:08 17,483,560 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL

+ 2006-10-27 00:13:08 14,674,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE

+ 2006-10-27 00:17:08 11,072 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL

+ 2008-10-31 03:39:38 90,112 ----a-r c:\windows\Installer\{4C1A5FEB-C6C5-4E47-8E99-CFD14C8EC240}\Icon.exe

+ 2008-10-28 13:47:13 29,926 ----a-r c:\windows\Installer\{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}\MsblIco.Exe

- 2008-10-27 17:30:13 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-07 05:25:54 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-10-27 17:30:14 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-11-07 05:25:54 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-10-27 17:30:13 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-07 05:25:54 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-10-27 17:30:13 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-11-07 05:25:54 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-10-27 17:30:13 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-11-07 05:25:54 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-27 17:30:14 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-11-07 05:25:54 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-27 17:30:14 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-11-07 05:25:55 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-10-27 17:30:13 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-11-07 05:25:54 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-10-27 17:30:13 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-11-07 05:25:54 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-27 17:30:14 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-11-07 05:25:54 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-10-27 17:30:14 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-11-07 05:25:54 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-10-27 17:30:13 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-07 05:25:54 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-07 05:20:44 32,768 ----a-r c:\windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe

- 2008-10-27 13:51:34 8,738 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin

+ 2008-10-28 17:45:25 8,972 ----a-w c:\windows\pchealth\helpctr\Config\Cntstore.bin

- 2008-10-27 13:51:30 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

+ 2008-10-28 17:46:27 86,327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

- 2008-10-27 13:51:34 2,112 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin

+ 2008-10-28 17:46:27 2,426 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin

+ 2008-11-10 03:05:29 4,328 ----a-w c:\windows\SoftwareDistribution\EventCache\{F072A2EA-32E7-46CF-8BA3-28638878A6A8}.bin

- 2004-08-04 03:45:22 1,017,344 ----a-w c:\windows\system32\browseui.dll

+ 2008-08-20 05:37:26 1,024,000 ----a-w c:\windows\system32\browseui.dll

- 2004-08-04 03:45:22 151,040 ----a-w c:\windows\system32\cdfview.dll

+ 2008-08-20 05:37:17 151,552 ----a-w c:\windows\system32\cdfview.dll

- 2004-08-04 03:45:22 1,055,232 ----a-w c:\windows\system32\danim.dll

+ 2008-08-20 05:37:18 1,055,744 ----a-w c:\windows\system32\danim.dll

+ 2006-06-27 06:32:34 620,180 ----a-w c:\windows\system32\divx.dll

- 2004-08-04 02:14:16 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys

+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys

- 2004-08-04 03:45:22 1,017,344 -c--a-w c:\windows\system32\dllcache\browseui.dll

+ 2008-08-20 05:37:26 1,024,000 -c--a-w c:\windows\system32\dllcache\browseui.dll

- 2004-08-04 03:45:22 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll

+ 2008-08-20 05:37:17 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll

- 2004-08-04 03:45:22 1,055,232 -c--a-w c:\windows\system32\dllcache\danim.dll

+ 2008-08-20 05:37:18 1,055,744 -c--a-w c:\windows\system32\dllcache\danim.dll

- 2004-08-04 03:45:22 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-08-20 05:37:19 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2004-08-04 03:45:22 201,728 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-08-20 05:37:19 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2004-08-04 03:45:22 243,200 -c--a-w c:\windows\system32\dllcache\es.dll

+ 2008-07-07 20:31:58 253,952 -c--a-w c:\windows\system32\dllcache\es.dll

- 2004-08-04 03:45:22 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-08-20 05:37:19 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2004-08-04 03:45:36 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe

+ 2008-08-19 09:30:39 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe

- 2004-08-04 03:45:24 249,344 -c--a-w c:\windows\system32\dllcache\iepeers.dll

+ 2008-08-20 05:37:19 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll

- 2004-08-04 03:45:24 678,400 -c--a-w c:\windows\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:51:08 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll

- 2004-08-04 03:45:24 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll

+ 2008-08-20 05:37:19 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll

- 2004-08-04 03:45:24 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll

+ 2007-12-18 14:42:09 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll

- 2004-08-04 03:45:24 15,872 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-08-20 05:37:24 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 03:45:24 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll

+ 2008-05-01 14:32:24 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll

- 2004-08-04 03:45:24 73,728 -c--a-w c:\windows\system32\dllcache\mscms.dll

+ 2008-06-24 16:24:13 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll

- 2004-08-04 03:45:24 3,003,392 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-08-20 05:37:30 3,081,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2004-08-04 03:45:24 448,512 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-08-20 05:37:24 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2004-08-04 03:45:26 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-08-20 05:37:20 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2004-08-04 03:45:26 530,432 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-08-20 05:37:20 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 03:45:26 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll

+ 2008-10-15 16:59:29 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll

- 2004-08-04 03:45:26 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-08-20 05:37:20 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2004-08-04 03:45:26 1,292,288 -c--a-w c:\windows\system32\dllcache\quartz.dll

+ 2008-05-07 05:15:38 1,292,288 -c--a-w c:\windows\system32\dllcache\quartz.dll

- 2001-10-28 17:07:24 200,064 -c--a-w c:\windows\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys

- 2004-08-04 03:45:28 1,483,264 -c--a-w c:\windows\system32\dllcache\shdocvw.dll

+ 2008-08-20 05:37:23 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll

- 2004-08-04 03:45:28 473,600 -c--a-w c:\windows\system32\dllcache\shlwapi.dll

+ 2008-08-20 05:37:25 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll

- 2004-08-04 02:14:46 336,256 -c--a-w c:\windows\system32\dllcache\srv.sys

+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys

- 2004-08-04 03:45:28 602,112 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-08-20 05:37:27 616,960 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2004-08-04 03:45:28 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll

+ 2007-12-18 14:42:09 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll

- 2004-08-04 03:38:20 1,836,032 -c--a-w c:\windows\system32\dllcache\win32k.sys

+ 2008-09-15 15:40:06 1,846,144 -c--a-w c:\windows\system32\dllcache\win32k.sys

- 2004-08-04 03:45:28 658,432 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-08-20 05:37:24 661,504 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2006-04-08 06:13:04 90,112 ----a-w c:\windows\system32\dpl100.dll

- 2004-08-04 02:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys

+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys

- 2001-10-28 17:07:24 200,064 ----a-w c:\windows\system32\drivers\RMCast.sys

+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys

- 2004-08-04 02:14:46 336,256 ----a-w c:\windows\system32\drivers\srv.sys

+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys

+ 2006-05-25 03:46:44 200,704 ----a-w c:\windows\system32\dtu100.dll

- 2004-08-04 03:45:22 357,888 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-08-20 05:37:19 357,888 ----a-w c:\windows\system32\dxtmsft.dll

- 2004-08-04 03:45:22 201,728 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-08-20 05:37:19 205,312 ----a-w c:\windows\system32\dxtrans.dll

- 2004-08-04 03:45:22 243,200 ----a-w c:\windows\system32\es.dll

+ 2008-07-07 20:31:58 253,952 ----a-w c:\windows\system32\es.dll

- 2004-08-04 03:45:22 55,808 ----a-w c:\windows\system32\extmgr.dll

+ 2008-08-20 05:37:19 55,808 ----a-w c:\windows\system32\extmgr.dll

+ 2006-07-05 23:02:34 5,120 ----a-w c:\windows\system32\ff_vfw.dll

- 2008-10-27 18:24:54 192,976 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-11-08 21:18:38 256,576 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2004-08-04 03:45:24 249,344 ----a-w c:\windows\system32\iepeers.dll

+ 2008-08-20 05:37:19 251,392 ----a-w c:\windows\system32\iepeers.dll

- 2004-08-04 03:45:24 678,400 ----a-w c:\windows\system32\inetcomm.dll

+ 2008-04-11 18:51:08 683,520 ----a-w c:\windows\system32\inetcomm.dll

- 2004-08-04 03:45:24 96,768 ----a-w c:\windows\system32\inseng.dll

+ 2008-08-20 05:37:19 96,768 ----a-w c:\windows\system32\inseng.dll

- 2004-08-04 03:45:24 450,560 ----a-w c:\windows\system32\jscript.dll

+ 2007-12-18 14:42:09 450,560 ----a-w c:\windows\system32\jscript.dll

- 2004-08-04 03:45:24 15,872 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-08-20 05:37:24 16,384 ----a-w c:\windows\system32\jsproxy.dll

+ 2006-05-25 03:43:44 1,044,480 ----a-w c:\windows\system32\libdivx.dll

+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe

+ 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2008-10-28 13:55:09 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe

+ 2008-10-28 18:55:22 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2004-08-04 03:45:24 73,728 ----a-w c:\windows\system32\mscms.dll

+ 2008-06-24 16:24:13 74,240 ----a-w c:\windows\system32\mscms.dll

- 2004-08-04 03:45:24 3,003,392 ----a-w c:\windows\system32\mshtml.dll

+ 2008-08-20 05:37:30 3,081,216 ----a-w c:\windows\system32\mshtml.dll

- 2004-08-04 03:45:24 448,512 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-08-20 05:37:24 449,024 ----a-w c:\windows\system32\mshtmled.dll

- 2004-08-04 03:45:26 146,432 ----a-w c:\windows\system32\msrating.dll

+ 2008-08-20 05:37:20 146,432 ----a-w c:\windows\system32\msrating.dll

- 2004-08-04 03:45:26 530,432 ----a-w c:\windows\system32\mstime.dll

+ 2008-08-20 05:37:20 532,480 ----a-w c:\windows\system32\mstime.dll

- 2002-02-04 05:52:54 1,230,336 ----a-w c:\windows\system32\msxml4.dll

+ 2007-05-08 18:03:04 1,275,392 ----a-w c:\windows\system32\msxml4.dll

- 2004-08-04 03:45:26 332,288 ----a-w c:\windows\system32\netapi32.dll

+ 2008-10-15 16:59:29 332,800 ----a-w c:\windows\system32\netapi32.dll

- 2008-10-27 19:53:37 41,034 ----a-w c:\windows\system32\perfc009.dat

+ 2008-10-28 13:53:58 41,034 ----a-w c:\windows\system32\perfc009.dat

- 2008-10-27 19:53:37 49,784 ----a-w c:\windows\system32\perfc016.dat

+ 2008-10-28 13:53:58 49,784 ----a-w c:\windows\system32\perfc016.dat

- 2008-10-27 19:53:37 314,706 ----a-w c:\windows\system32\perfh009.dat

+ 2008-10-28 13:53:58 314,706 ----a-w c:\windows\system32\perfh009.dat

- 2008-10-27 19:53:37 347,532 ----a-w c:\windows\system32\perfh016.dat

+ 2008-10-28 13:53:58 347,532 ----a-w c:\windows\system32\perfh016.dat

+ 2001-06-23 04:31:20 278,528 ----a-w c:\windows\system32\pncrt.dll

+ 1998-03-26 07:57:34 6,656 ----a-w c:\windows\system32\pndx5016.dll

+ 1998-05-12 23:36:44 5,632 ----a-w c:\windows\system32\pndx5032.dll

- 2004-08-04 03:45:26 39,424 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-08-20 05:37:20 39,424 ----a-w c:\windows\system32\pngfilt.dll

+ 2006-05-25 03:47:12 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

- 2004-08-04 03:45:26 1,292,288 ----a-w c:\windows\system32\quartz.dll

+ 2008-05-07 05:15:38 1,292,288 ----a-w c:\windows\system32\quartz.dll

+ 2006-01-28 05:55:26 176,167 ----a-w c:\windows\system32\rmoc3260.dll

- 2004-08-04 03:45:28 1,483,264 ----a-w c:\windows\system32\shdocvw.dll

+ 2008-08-20 05:37:23 1,494,528 ----a-w c:\windows\system32\shdocvw.dll

- 2004-08-04 03:45:28 473,600 ----a-w c:\windows\system32\shlwapi.dll

+ 2008-08-20 05:37:25 474,112 ----a-w c:\windows\system32\shlwapi.dll

+ 2007-10-18 14:31:46 51,224 ----a-w c:\windows\system32\sirenacm.dll

- 2008-03-20 17:41:20 14,640 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 ------w c:\windows\system32\spmsg.dll

+ 2006-05-25 03:43:44 200,704 ----a-w c:\windows\system32\ssldivx.dll

+ 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe

+ 2004-01-22 22:06:32 157,696 ----a-w c:\windows\system32\unrar.dll

- 2004-08-04 03:45:28 602,112 ----a-w c:\windows\system32\urlmon.dll

+ 2008-08-20 05:37:27 616,960 ----a-w c:\windows\system32\urlmon.dll

- 2004-08-04 03:45:28 417,792 ----a-w c:\windows\system32\vbscript.dll

+ 2007-12-18 14:42:09 417,792 ----a-w c:\windows\system32\vbscript.dll

+ 2003-06-23 05:44:36 1,415,680 ----a-w c:\windows\system32\WMV9VCM.dll

+ 2006-06-30 17:11:40 580,114 ----a-w c:\windows\system32\x264vfw.dll

+ 2008-08-19 09:51:24 360,448 ------w c:\windows\system32\xpsp3res.dll

+ 2006-04-20 19:00:02 856,064 ----a-w c:\windows\system32\xvidcore.dll

+ 2006-02-27 18:30:34 217,088 ----a-w c:\windows\system32\xvidvfw.dll

+ 2008-11-10 00:03:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5a8.dat

+ 2007-05-08 18:06:44 1,275,392 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll

+ 2006-06-05 17:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll

+ 2006-06-05 17:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

+ 2006-06-05 17:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

+ 2008-04-15 17:59:06 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

2008-04-02 13:24 266240 --a------ c:\arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

2008-07-28 07:47 160496 --a------ c:\arquivos de programas\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"= "c:\arquivos de programas\Epson Software\Easy Photo Print\EPTBL.dll" [2008-04-02 266240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON TX105 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDB.EXE" [2008-02-05 188928]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"MsnMsgr"="c:\arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"YSearchProtection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

"Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2008-11-05 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"avast!"="c:\arquiv~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"ISUSPM Startup"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"YSearchProtection"="c:\arquivos de programas\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]

"SiSPower"="SiSPower.dll" [2005-02-25 c:\windows\system32\SiSPower.dll]

"SoundMan"="SOUNDMAN.EXE" [2005-02-23 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

*Newly Created Service* - CATCHME

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-11-08 c:\windows\Tasks\Antispyware Scheduled Scan.job

- c:\arquivos de programas\Antispyware\Antispyware.exe []

2008-11-08 c:\windows\Tasks\Antispyware Scheduled Scan.job

- c:\arquivos de programas\Antispyware []

2008-11-10 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Administrador\Configura []

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-Antispyware - c:\arquivos de programas\Antispyware\Antispyware.exe

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = about:blank

R1 -: HKCU-SearchURL,(Default) = hxxp://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com

O8 -: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 00:12:25

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-10 0:13:31

ComboFix-quarantined-files.txt 2008-11-10 03:13:28

ComboFix2.txt 2008-10-27 21:08:38

ComboFix3.txt 2008-10-27 20:53:59

Pré-execução: 3.519.082.496 bytes disponíveis

Pós execução: 3,516,833,792 bytes disponíveis

510 --- E O F --- 2008-11-07 05:26:06

Compartilhar este post


Link para o post
Compartilhar em outros sites

O console de recuperação não está instalado conforme explica o link que foi passado, poderia me explicar por quê?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Deu um erro na instalação, não sei o que houve, e o programa continuou rodando mesmo sem estar instalado. Ele também não reiniciou o computador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe-o novamente do link que passei acima, siga as instruções deste tópico:

http://www.bleepingcomputer.com/combofix/pt/como-usar-o-combofix

Veja como instalar o Console de Recuperação, e refaça os procedimentos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, deu certo e instalou o console, mas agora quando roda o Combofix ele aparece a tela azul do windows com erro de hardware e reinicia o Windows.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Tente executar o ComboFix novamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

a mesma coisa. o Computador desliga no meio da execução do Combofix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

Link1

Link alternativo

Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.

  • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
  • Se existirem atualizações, elas serão baixadas e instaladas.
  • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
  • O scan iniciará e poderá ser demorado. Por favor seja paciente.
  • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
  • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
  • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
  • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue abaixo o log:

Malwarebytes' Anti-Malware 1.30

Versão do banco de dados: 1414

Windows 5.1.2600 Service Pack 2

21/11/2008 14:03:28

mbam-log-2008-11-21 (14-03-28).txt

Tipo de Verificação: Rápida

Objetos verificados: 45966

Tempo decorrido: 2 minute(s), 46 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 4

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\CLSID\{44b71ad2-4f42-4312-bff3-9b68a41de078} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Installer\UpgradeCodes\e20d6ec50a67ec04083b1251f2935d09 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\e20d6ec50a67ec04083b1251f2935d09 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{44b71ad2-4f42-4312-bff3-9b68a41de078} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o HijackThis

  • Clique em Misc Tools
  • Depois em "Open Uninstall Manager"
  • Clique em "Save List" (será gerado o arquivo: uninstall_list.txt)
  • Salve e copie e cole esse resultado na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Reaberto, siga as últimas instruções solicitadas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ABBYY FineReader 6.0 Sprint

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

Adobe Photoshop 7.0

Adobe Shockwave Player

Antispyware

Arquivo do WinRAR

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB944338-v2)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB956390)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB958644)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951072-v2)

avast! Antivirus

Barra de Ferramentas do Yahoo!

BR

Broadcom 802.11 Network Adapter

CCleaner (remove only)

CorelDRAW Graphics Suite X3

Desinstalar impressora EPSON TX105 Series

Epson Easy Photo Print 2

EPSON Scan

FontNav

Foxit Reader

Google SketchUp 6

Google SketchUp 6

HijackThis 1.99.1

Hotfix para Windows XP (KB952287)

Java 6 Update 7

K-Lite Mega Codec Pack 1.54 Beta 2

Malwarebytes' Anti-Malware

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

MSXML 4.0 SP2 (KB936181)

Proteção do Yahoo! Cadê

Realtek AC'97 Audio

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB955936)

Security Update for Microsoft Office Excel 2007 (KB955470)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB951808)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office Word 2007 (KB950113)

SiS M760GX

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Office 2007 (KB934391)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb957258)

Update Manager

VBA

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Live installer

Windows Live Messenger

Yahoo! Install Manager

Compartilhar este post


Link para o post
Compartilhar em outros sites

O computador ainda apresenta problemas?

Compartilhar este post


Link para o post
Compartilhar em outros sites

O antivirus não detecta mais o arquivo planet.exe, tampouco o outro. A principio, está funcionando perfeitamente.

Eu achava que o virus poderia vir de um pendrive, porém nunca mais o coloquei no computador desde então.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Eu achava que o virus poderia vir de um pendrive, porém nunca mais o coloquei no computador desde então.

Use seu antivírus para scanear o pendrive.

Parabéns, seu log está limpo.

De agora em diante fique ALERTA!

Para finalizar faça o seguinte:

Desative e reative a Restauração do Sistema

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Mais algum problema com o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×