Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
rafael ss

log hijackthis, alguem poderia analisar ?

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:59, on 2/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\system32\fsmgmt.dll

--

End of file - 3702 bytes

eu tentei fazer uma analise sozinho, e conclui q daria fix nestas entradas, ve se eu to fazendo *****, ou me esquecendo de alguma:unsure:

R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\ARQUIV~1\DAP\SBSearch.dll (file missing)

file missing -> remover

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

CTFMON -> nao conheço

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

button -> por mim removeria todos os botões extras

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\system32\fsmgmt.dll

020 dll -> ouvi dizer q pouquissimos programas usam dll nesse sitio, eu removeria pelo menos o primeiro "AppIniT_dlls:"

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraço

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 08-11-07.01 - Rafael 2008-11-06 22:27:36.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.51 [GMT -2:00]

Executando de: c:\documents and settings\Rafael\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Autorun.inf

c:\windows\system32\fsmgmt.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-07 to 2008-11-07 ))))))))))))))))))))))))))))

.

2008-11-02 12:57 . 2008-11-02 12:57 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-10-23 12:47 . 2008-10-23 12:47 <DIR> d-------- c:\arquivos de programas\AskSearch

2008-10-22 12:20 . 2008-10-23 11:49 <DIR> d-------- c:\documents and settings\Rafael\Dados de aplicativos\Desktopicon

2008-10-22 12:20 . 2008-11-02 23:46 <DIR> d-------- c:\arquivos de programas\VDOWNLOADER

2008-10-07 08:10 . 2008-10-07 08:10 38 --a------ c:\windows\avisplitter.INI

2008-10-07 06:53 . 2008-10-07 06:53 <DIR> d-------- c:\arquivos de programas\Security Process Explorer

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 14:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-10-10 19:03 --------- d-----w c:\arquivos de programas\Circle Developement

2008-10-10 18:03 --------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-10-10 18:00 --------- d-----w c:\arquivos de programas\Norton Security Scan

2008-10-06 14:33 --------- d-----w c:\arquivos de programas\Shareaza

2008-09-24 08:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg8

2008-09-24 08:19 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys

2008-09-24 08:19 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2008-09-24 08:18 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-09-24 08:18 --------- d-----w c:\arquivos de programas\AVG

2008-09-24 07:14 --------- d-----w c:\arquivos de programas\CCleaner

2008-09-20 03:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2008-09-20 03:04 --------- d-----w c:\arquivos de programas\Windows Live

2008-09-20 03:04 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-09-20 03:04 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-09-12 14:42 --------- d-----w c:\documents and settings\Rafael\Dados de aplicativos\Uniblue

2008-09-12 14:42 --------- d-----w c:\arquivos de programas\Uniblue

2008-09-11 23:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Skype

2008-08-11 22:07 90,112 ----a-w c:\windows\DUMP4136.tmp

2008-08-11 21:38 90,112 ----a-w c:\windows\DUMP591c.tmp

.

((((((((((((((((((((((((((((( snapshot@2008-04-19_ 0.20.57,38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll

+ 2008-03-27 09:22:32 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP2QFE\tzchange.exe

+ 2008-03-27 10:40:24 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP3GDR\tzchange.exe

+ 2008-03-27 10:46:15 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP3QFE\tzchange.exe

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB942763\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB942763\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB942763\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 ----a-w c:\windows\$hf_mig$\KB942763\update\update.exe

+ 2007-11-30 11:18:17 395,128 ----a-w c:\windows\$hf_mig$\KB942763\update\updspapi.dll

+ 2007-12-18 14:33:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll

+ 2007-12-18 14:33:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll

+ 2007-03-06 01:00:55 15,072 ----a-w c:\windows\$hf_mig$\KB944338-v2\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w c:\windows\$hf_mig$\KB944338-v2\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll

+ 2008-05-02 13:33:05 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll

+ 2008-05-02 14:01:56 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll

+ 2008-05-02 13:44:58 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll

+ 2008-01-23 04:56:21 554,008 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll

+ 2007-12-10 12:41:11 518,944 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll

+ 2007-12-10 12:41:11 326,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll

+ 2007-12-10 12:41:11 1,516,568 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll

+ 2007-12-10 12:41:11 355,112 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll

+ 2007-11-01 05:14:33 183,072 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll

+ 2007-12-10 12:41:12 60,192 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll

+ 2007-12-10 12:41:12 248,608 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll

+ 2007-12-10 12:41:12 219,936 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll

+ 2007-12-10 12:41:12 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll

+ 2007-12-10 12:41:13 432,928 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll

+ 2007-12-10 12:41:13 322,336 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll

+ 2007-12-10 12:41:13 559,904 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll

+ 2007-12-10 12:41:13 264,992 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll

+ 2007-12-10 12:41:13 838,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll

+ 2007-11-01 05:14:34 621,344 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll

+ 2007-12-10 12:41:14 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll

+ 2007-03-06 01:00:55 15,072 ----a-w c:\windows\$hf_mig$\KB950749\spmsg.dll

+ 2007-03-06 01:01:00 215,264 ----a-w c:\windows\$hf_mig$\KB950749\spuninst.exe

+ 2007-03-06 01:00:53 22,752 ----a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll

+ 2007-03-06 01:01:17 721,120 ----a-w c:\windows\$hf_mig$\KB950749\update\update.exe

+ 2007-03-06 01:02:08 384,224 ----a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll

+ 2008-04-21 06:57:44 1,024,512 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\browseui.dll

+ 2008-04-21 06:57:44 151,552 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\cdfview.dll

+ 2008-04-21 06:57:45 1,055,744 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\danim.dll

+ 2008-04-21 06:57:46 357,888 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll

+ 2008-04-21 06:57:46 205,312 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\dxtrans.dll

+ 2008-04-21 06:57:46 55,808 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\extmgr.dll

+ 2008-04-17 10:46:59 18,432 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\iedw.exe

+ 2008-04-21 06:57:46 251,904 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\iepeers.dll

+ 2008-04-21 06:57:46 96,768 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\inseng.dll

+ 2008-04-21 06:57:46 16,384 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\jsproxy.dll

+ 2008-04-21 06:57:48 3,087,872 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll

+ 2008-04-21 06:57:49 449,024 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\mshtmled.dll

+ 2008-04-21 06:57:49 146,432 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\msrating.dll

+ 2008-04-21 06:57:49 532,480 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\mstime.dll

+ 2008-04-21 06:57:49 39,424 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\pngfilt.dll

+ 2008-04-21 06:57:50 1,499,136 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\shdocvw.dll

+ 2008-04-21 06:57:51 474,112 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\shlwapi.dll

+ 2008-04-17 11:03:33 360,448 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\spru0416.dll

+ 2008-04-21 06:57:51 619,520 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\urlmon.dll

+ 2008-04-21 06:57:52 668,672 ----a-w c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll

+ 2008-04-21 06:44:07 3,087,872 ----a-w c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll

+ 2008-04-21 06:44:08 668,160 ----a-w c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll

+ 2008-04-21 06:30:40 3,088,384 ----a-w c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll

+ 2008-04-21 06:30:42 668,672 ----a-w c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB950759\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB950759\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB950759\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB950759\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB950759\update\updspapi.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll

+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys

+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys

+ 2008-05-08 13:58:17 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB950762\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB950762\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll

+ 2008-07-07 20:18:39 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

+ 2008-07-07 20:28:46 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

+ 2008-07-07 20:25:26 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe

+ 2007-11-30 12:38:57 395,128 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll

+ 2008-04-11 18:40:54 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll

+ 2008-04-11 19:05:45 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll

+ 2008-04-12 03:23:28 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll

+ 2007-12-03 15:25:15 760,696 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll

+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe

+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe

+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll

+ 2008-06-14 18:05:35 272,384 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys

+ 2008-06-14 17:34:41 272,384 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys

+ 2008-06-14 17:40:23 272,384 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe

+ 2007-11-30 11:18:17 395,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll

+ 2008-05-07 04:55:49 1,292,800 ----a-w c:\windows\$hf_mig$\KB951698\SP2QFE\quartz.dll

+ 2008-05-07 05:11:33 1,292,800 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll

+ 2008-05-07 05:04:43 1,292,800 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll

+ 2006-08-16 12:14:18 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll

+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys

+ 2008-06-20 17:36:55 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll

+ 2008-06-20 17:36:55 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys

+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys

+ 2008-06-20 17:48:21 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll

+ 2008-06-20 17:48:21 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys

+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys

+ 2008-06-20 17:44:42 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll

+ 2008-06-20 17:44:42 247,808 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe

+ 2007-11-30 12:38:57 395,128 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll

+ 2008-05-01 15:06:19 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll

+ 2008-05-01 14:36:56 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll

+ 2008-05-01 14:39:19 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll

+ 2007-11-30 11:18:16 18,296 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll

+ 2007-11-30 11:18:16 233,336 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe

+ 2007-11-30 11:18:16 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll

+ 2007-11-30 11:18:16 760,696 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe

+ 2007-11-30 11:18:17 395,128 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll

+ 2008-06-24 16:30:35 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll

+ 2008-06-24 16:43:36 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll

+ 2008-06-24 16:53:55 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll

+ 2008-06-23 16:15:24 1,024,512 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\browseui.dll

+ 2008-06-23 16:15:24 151,552 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\cdfview.dll

+ 2008-06-23 16:15:29 1,055,744 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\danim.dll

+ 2008-06-23 16:15:29 357,888 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll

+ 2008-06-23 16:15:29 205,312 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\dxtrans.dll

+ 2008-06-23 16:15:29 55,808 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\extmgr.dll

+ 2008-06-23 09:53:58 18,432 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\iedw.exe

+ 2008-06-23 16:15:29 251,904 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\iepeers.dll

+ 2008-06-23 16:15:29 96,768 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\inseng.dll

+ 2008-06-23 16:15:29 16,384 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\jsproxy.dll

+ 2008-06-23 16:15:31 3,088,384 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll

+ 2008-06-23 16:15:32 449,024 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\mshtmled.dll

+ 2008-06-23 16:15:32 146,432 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\msrating.dll

+ 2008-06-23 16:15:32 532,480 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\mstime.dll

+ 2008-06-23 16:15:32 39,424 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\pngfilt.dll

+ 2008-06-23 16:15:34 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\shdocvw.dll

+ 2008-06-23 16:15:34 474,112 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\shlwapi.dll

+ 2008-07-03 09:42:22 360,448 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\spru0416.dll

+ 2008-06-23 16:15:35 619,520 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\urlmon.dll

+ 2008-06-23 16:15:36 669,184 ----a-w c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll

+ 2008-06-23 15:11:15 3,088,384 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll

+ 2008-06-26 08:14:06 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\shdocvw.dll

+ 2008-06-26 08:14:06 619,520 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\urlmon.dll

+ 2008-06-23 15:11:15 668,160 ----a-w c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll

+ 2008-06-25 04:26:28 3,088,896 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll

+ 2008-06-26 08:00:50 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\shdocvw.dll

+ 2008-06-26 08:00:50 619,520 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\urlmon.dll

+ 2008-06-23 14:56:27 668,672 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB953838\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB953838\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB953838\update\spcustom.dll

+ 2007-11-30 12:38:57 760,696 ----a-w c:\windows\$hf_mig$\KB953838\update\update.exe

+ 2007-11-30 12:38:57 395,128 ----a-w c:\windows\$hf_mig$\KB953838\update\updspapi.dll

+ 2007-11-30 12:39:04 18,296 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll

+ 2007-11-30 12:39:04 233,336 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe

+ 2007-11-30 12:39:04 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll

+ 2007-11-30 12:39:05 760,696 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe

+ 2007-11-30 12:39:05 395,128 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB938464$\spuninst\updspapi.dll

+ 2005-06-28 13:23:32 215,264 -c----w c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe

+ 2005-06-28 13:23:54 371,424 -c----w c:\windows\$NtUninstallKB941569$\spuninst\updspapi.dll

+ 2005-01-28 16:44:28 224,768 -c----w c:\windows\$NtUninstallKB941569$\wmasf.dll

+ 2007-11-30 11:18:16 233,336 -c----w c:\windows\$NtUninstallKB942763$\spuninst\spuninst.exe

+ 2007-11-30 11:18:17 395,128 -c----w c:\windows\$NtUninstallKB942763$\spuninst\updspapi.dll

+ 2007-07-18 12:42:22 60,416 -c----w c:\windows\$NtUninstallKB942763$\tzchange.exe

+ 2006-05-18 05:36:07 450,560 -c----w c:\windows\$NtUninstallKB944338-v2$\jscript.dll

+ 2007-03-06 01:01:00 215,264 -c----w c:\windows\$NtUninstallKB944338-v2$\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w c:\windows\$NtUninstallKB944338-v2$\spuninst\updspapi.dll

+ 2004-08-04 03:45:28 417,792 -c----w c:\windows\$NtUninstallKB944338-v2$\vbscript.dll

+ 2004-08-04 03:56:52 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB946648$\spuninst\updspapi.dll

+ 2004-08-04 03:45:22 561,179 -c----w c:\windows\$NtUninstallKB950749$\dao360.dll

+ 2004-08-04 03:45:24 512,029 -c----w c:\windows\$NtUninstallKB950749$\msexch40.dll

+ 2004-08-04 03:45:24 319,517 -c----w c:\windows\$NtUninstallKB950749$\msexcl40.dll

+ 2004-08-04 03:45:26 1,507,356 -c----w c:\windows\$NtUninstallKB950749$\msjet40.dll

+ 2004-07-17 14:34:48 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetol1.dll

+ 2004-07-17 14:34:48 358,976 -c----w c:\windows\$NtUninstallKB950749$\msjetoledb40.dll

+ 2004-08-04 03:45:26 176,159 -c----w c:\windows\$NtUninstallKB950749$\msjint40.dll

+ 2004-08-04 03:45:26 53,279 -c----w c:\windows\$NtUninstallKB950749$\msjter40.dll

+ 2004-08-04 03:45:26 241,693 -c----w c:\windows\$NtUninstallKB950749$\msjtes40.dll

+ 2004-08-04 03:45:26 213,023 -c----w c:\windows\$NtUninstallKB950749$\msltus40.dll

+ 2004-08-04 03:45:26 348,189 -c----w c:\windows\$NtUninstallKB950749$\mspbde40.dll

+ 2004-08-04 03:45:26 421,919 -c----w c:\windows\$NtUninstallKB950749$\msrd2x40.dll

+ 2004-08-04 03:45:26 315,423 -c----w c:\windows\$NtUninstallKB950749$\msrd3x40.dll

+ 2004-08-04 03:45:26 552,989 -c----w c:\windows\$NtUninstallKB950749$\msrepl40.dll

+ 2004-08-04 03:45:26 258,077 -c----w c:\windows\$NtUninstallKB950749$\mstext40.dll

+ 2004-08-04 03:45:26 831,519 -c----w c:\windows\$NtUninstallKB950749$\mswdat10.dll

+ 2004-08-04 03:45:26 614,429 -c----w c:\windows\$NtUninstallKB950749$\mswstr10.dll

+ 2004-08-04 03:45:26 348,189 -c----w c:\windows\$NtUninstallKB950749$\msxbde40.dll

+ 2007-03-06 01:01:00 215,264 -c----w c:\windows\$NtUninstallKB950749$\spuninst\spuninst.exe

+ 2007-03-06 01:02:08 384,224 -c----w c:\windows\$NtUninstallKB950749$\spuninst\updspapi.dll

+ 2007-08-22 13:13:26 1,023,488 -c----w c:\windows\$NtUninstallKB950759$\browseui.dll

+ 2007-08-22 13:13:26 151,552 -c----w c:\windows\$NtUninstallKB950759$\cdfview.dll

+ 2007-08-22 13:13:27 1,055,744 -c----w c:\windows\$NtUninstallKB950759$\danim.dll

+ 2007-08-22 13:13:27 357,888 -c----w c:\windows\$NtUninstallKB950759$\dxtmsft.dll

+ 2007-08-22 13:13:27 205,312 -c----w c:\windows\$NtUninstallKB950759$\dxtrans.dll

+ 2007-08-22 13:13:27 55,808 -c----w c:\windows\$NtUninstallKB950759$\extmgr.dll

+ 2007-08-21 10:30:45 18,432 -c----w c:\windows\$NtUninstallKB950759$\iedw.exe

+ 2007-08-22 13:13:28 251,392 -c----w c:\windows\$NtUninstallKB950759$\iepeers.dll

+ 2007-08-22 13:13:28 96,768 -c----w c:\windows\$NtUninstallKB950759$\inseng.dll

+ 2007-08-22 13:13:28 16,384 -c----w c:\windows\$NtUninstallKB950759$\jsproxy.dll

+ 2007-08-22 13:13:29 3,079,168 -c----w c:\windows\$NtUninstallKB950759$\mshtml.dll

+ 2007-08-22 13:13:29 449,024 -c----w c:\windows\$NtUninstallKB950759$\mshtmled.dll

+ 2007-08-22 13:13:29 146,432 -c----w c:\windows\$NtUninstallKB950759$\msrating.dll

+ 2007-08-22 13:13:30 532,480 -c----w c:\windows\$NtUninstallKB950759$\mstime.dll

+ 2007-08-22 13:13:30 39,424 -c----w c:\windows\$NtUninstallKB950759$\pngfilt.dll

+ 2007-08-22 13:13:31 1,494,528 -c----w c:\windows\$NtUninstallKB950759$\shdocvw.dll

+ 2007-08-22 13:13:32 474,112 -c----w c:\windows\$NtUninstallKB950759$\shlwapi.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB950759$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB950759$\spuninst\updspapi.dll

+ 2007-08-22 13:13:32 616,448 -c----w c:\windows\$NtUninstallKB950759$\urlmon.dll

+ 2007-08-22 13:13:32 660,992 -c----w c:\windows\$NtUninstallKB950759$\wininet.dll

+ 2007-08-21 10:53:16 119,296 -c----w c:\windows\$NtUninstallKB950759$\xpsp3res.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB950760$\spuninst\updspapi.dll

+ 2006-07-13 08:48:58 202,240 -c----w c:\windows\$NtUninstallKB950762$\rmcast.sys

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB950762$\spuninst\updspapi.dll

+ 2005-07-26 04:40:30 243,200 -c----w c:\windows\$NtUninstallKB950974$\es.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe

+ 2007-11-30 12:38:57 395,128 -c----w c:\windows\$NtUninstallKB950974$\spuninst\updspapi.dll

+ 2007-08-21 06:17:40 683,520 -c----w c:\windows\$NtUninstallKB951066$\inetcomm.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB951066$\spuninst\updspapi.dll

+ 2007-11-30 11:18:16 233,336 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB951072-v2$\spuninst\updspapi.dll

+ 2008-03-27 09:24:20 60,416 -c----w c:\windows\$NtUninstallKB951072-v2$\tzchange.exe

+ 2007-11-30 11:18:16 233,336 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe

+ 2007-11-30 11:18:17 395,128 -c----w c:\windows\$NtUninstallKB951376-v2$\spuninst\updspapi.dll

+ 2005-08-30 03:55:37 1,291,776 -c----w c:\windows\$NtUninstallKB951698$\quartz.dll

+ 2007-11-30 11:18:16 233,336 -c----w c:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB951698$\spuninst\updspapi.dll

+ 2004-08-04 02:14:16 138,496 -c----w c:\windows\$NtUninstallKB951748$\afd.sys

+ 2006-06-26 17:41:41 148,480 -c----w c:\windows\$NtUninstallKB951748$\dnsapi.dll

+ 2004-08-04 03:45:26 247,808 -c----w c:\windows\$NtUninstallKB951748$\mswsock.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe

+ 2007-11-30 12:38:57 395,128 -c----w c:\windows\$NtUninstallKB951748$\spuninst\updspapi.dll

+ 2006-04-20 11:51:50 359,808 -c----w c:\windows\$NtUninstallKB951748$\tcpip.sys

+ 2006-08-16 09:37:30 225,664 -c----w c:\windows\$NtUninstallKB951748$\tcpip6.sys

+ 2004-08-04 03:45:24 331,776 -c----w c:\windows\$NtUninstallKB952287$\msadce.dll

+ 2007-11-30 11:18:16 233,336 -c----w c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe

+ 2007-11-30 11:18:17 395,128 -c----w c:\windows\$NtUninstallKB952287$\spuninst\updspapi.dll

+ 2005-06-29 01:49:48 74,240 -c----w c:\windows\$NtUninstallKB952954$\mscms.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB952954$\spuninst\updspapi.dll

+ 2008-04-21 07:02:31 1,024,000 -c----w c:\windows\$NtUninstallKB953838$\browseui.dll

+ 2008-04-21 07:02:31 151,552 -c----w c:\windows\$NtUninstallKB953838$\cdfview.dll

+ 2008-04-21 07:02:33 1,055,744 -c----w c:\windows\$NtUninstallKB953838$\danim.dll

+ 2008-04-21 07:02:33 357,888 -c----w c:\windows\$NtUninstallKB953838$\dxtmsft.dll

+ 2008-04-21 07:02:33 205,312 -c----w c:\windows\$NtUninstallKB953838$\dxtrans.dll

+ 2008-04-21 07:02:34 55,808 -c----w c:\windows\$NtUninstallKB953838$\extmgr.dll

+ 2008-04-17 10:52:54 18,432 -c----w c:\windows\$NtUninstallKB953838$\iedw.exe

+ 2008-04-21 07:02:34 251,392 -c----w c:\windows\$NtUninstallKB953838$\iepeers.dll

+ 2008-04-21 07:02:34 96,768 -c----w c:\windows\$NtUninstallKB953838$\inseng.dll

+ 2008-04-21 07:02:34 16,384 -c----w c:\windows\$NtUninstallKB953838$\jsproxy.dll

+ 2008-04-21 07:02:39 3,080,704 -c----w c:\windows\$NtUninstallKB953838$\mshtml.dll

+ 2008-04-21 07:02:39 449,024 -c----w c:\windows\$NtUninstallKB953838$\mshtmled.dll

+ 2008-04-21 07:02:39 146,432 -c----w c:\windows\$NtUninstallKB953838$\msrating.dll

+ 2008-04-21 07:02:40 532,480 -c----w c:\windows\$NtUninstallKB953838$\mstime.dll

+ 2008-04-21 07:02:40 39,424 -c----w c:\windows\$NtUninstallKB953838$\pngfilt.dll

+ 2008-04-21 07:02:41 1,494,528 -c----w c:\windows\$NtUninstallKB953838$\shdocvw.dll

+ 2008-04-21 07:02:42 474,112 -c----w c:\windows\$NtUninstallKB953838$\shlwapi.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB953838$\spuninst\spuninst.exe

+ 2007-11-30 12:38:57 395,128 -c----w c:\windows\$NtUninstallKB953838$\spuninst\updspapi.dll

+ 2008-04-21 07:02:42 616,960 -c----w c:\windows\$NtUninstallKB953838$\urlmon.dll

+ 2008-04-21 07:02:42 661,504 -c----w c:\windows\$NtUninstallKB953838$\wininet.dll

+ 2008-04-17 11:03:33 360,448 -c----w c:\windows\$NtUninstallKB953838$\xpsp3res.dll

+ 2007-11-30 12:39:04 233,336 -c----w c:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe

+ 2007-11-30 12:39:05 395,128 -c----w c:\windows\$NtUninstallKB953839$\spuninst\updspapi.dll

+ 2008-06-14 17:59:51 272,384 ------w c:\windows\Driver Cache\i386\bthport.sys

- 2005-10-20 23:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-20 22:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE

- 2000-08-31 11:00:00 73,728 ----a-w c:\windows\fdsv.exe

+ 2000-08-31 10:00:00 89,504 ----a-w c:\windows\fdsv.exe

- 2000-08-31 11:00:00 80,412 ----a-w c:\windows\grep.exe

+ 2000-08-31 10:00:00 80,412 ----a-w c:\windows\grep.exe

+ 2008-07-20 05:28:37 29,184 ----a-r c:\windows\Installer\{EFDD2861-0FE9-4083-815F-E9146A45FBA9}\IconEFDD2861.exe

- 2000-08-31 11:00:00 28,160 ----a-w c:\windows\Nircmd.exe

+ 2000-08-31 10:00:00 28,672 ----a-w c:\windows\nircmd.exe

+ 2008-03-28 04:55:01 181,314 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat

+ 2008-03-28 04:55:01 181,314 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1046.dat.bak

- 2000-08-31 11:00:00 98,816 ----a-w c:\windows\sed.exe

+ 2000-08-31 10:00:00 98,816 ----a-w c:\windows\sed.exe

- 2000-08-31 11:00:00 161,792 ----a-w c:\windows\swreg.exe

+ 2000-08-31 10:00:00 161,792 ----a-w c:\windows\SWREG.exe

- 2000-08-31 11:00:00 136,704 ----a-w c:\windows\swsc.exe

+ 2000-08-31 10:00:00 136,704 ----a-w c:\windows\SWSC.exe

- 2000-08-31 11:00:00 212,480 ----a-w c:\windows\swxcacls.exe

+ 2000-08-31 10:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe

+ 2008-08-06 19:22:02 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll

+ 2008-08-06 19:30:48 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll

+ 2008-08-06 19:22:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll

+ 2008-08-06 18:45:40 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll

+ 2008-08-06 19:22:44 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2008-08-06 18:35:52 706,048 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll

+ 2008-08-06 18:35:52 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll

+ 2008-08-06 18:42:04 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-08-06 18:35:52 54,656 ----a-w c:\windows\system32\Adobe\Shockwave 11\pccuapi.dll

+ 2008-08-06 19:21:14 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll

+ 2008-08-06 19:24:14 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-08-06 19:30:30 447,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1100465.exe

+ 2008-08-06 19:24:56 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-08-06 19:21:04 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2008-08-06 18:35:52 50,808 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 1999-06-25 13:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 1999-12-20 16:16:40 15,360 ----a-w c:\windows\system32\asfsipc.dll

+ 2002-12-10 13:20:24 73,766 ----a-w c:\windows\system32\atrc3260.dll

- 2007-08-22 13:13:26 1,023,488 ----a-w c:\windows\system32\browseui.dll

+ 2008-06-23 15:40:03 1,024,000 ----a-w c:\windows\system32\browseui.dll

- 2007-08-22 13:13:26 151,552 ----a-w c:\windows\system32\cdfview.dll

+ 2008-06-23 15:40:03 151,552 ----a-w c:\windows\system32\cdfview.dll

- 2007-07-30 22:19:20 92,504 ----a-w c:\windows\system32\cdm.dll

+ 2008-07-19 01:10:48 94,920 ----a-w c:\windows\system32\cdm.dll

- 2007-10-12 19:47:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-05-02 12:32:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-05-02 16:38:19 42,093 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\2FYZI1WX\NewServer[1].dll

- 2007-10-12 19:47:11 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-02 12:32:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2007-10-12 19:47:11 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-05-02 12:32:05 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-08-02 01:21:38 249,856 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat

+ 2002-12-10 13:20:10 65,575 ----a-w c:\windows\system32\cook3260.dll

- 2007-08-22 13:13:27 1,055,744 ----a-w c:\windows\system32\danim.dll

+ 2008-06-23 15:40:04 1,055,744 ----a-w c:\windows\system32\danim.dll

- 2007-09-28 20:05:40 739,840 ----a-w c:\windows\system32\divx.dll

+ 2007-09-28 21:05:40 739,840 ----a-w c:\windows\system32\divx.dll

- 2004-08-04 02:14:16 138,496 -c--a-w c:\windows\system32\dllcache\afd.sys

+ 2008-06-20 10:44:38 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys

- 2007-08-22 13:13:26 1,023,488 -c--a-w c:\windows\system32\dllcache\browseui.dll

+ 2008-06-23 15:40:03 1,024,000 -c--a-w c:\windows\system32\dllcache\browseui.dll

+ 2008-06-14 17:59:51 272,384 -c----w c:\windows\system32\dllcache\bthport.sys

- 2007-08-22 13:13:26 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll

+ 2008-06-23 15:40:03 151,552 -c--a-w c:\windows\system32\dllcache\cdfview.dll

- 2007-07-30 22:19:20 92,504 -c--a-w c:\windows\system32\dllcache\cdm.dll

+ 2008-07-19 01:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll

- 2007-08-22 13:13:27 1,055,744 -c--a-w c:\windows\system32\dllcache\danim.dll

+ 2008-06-23 15:40:04 1,055,744 -c--a-w c:\windows\system32\dllcache\danim.dll

- 2004-08-04 03:45:22 561,179 -c--a-w c:\windows\system32\dllcache\dao360.dll

+ 2008-03-25 04:50:25 554,008 -c--a-w c:\windows\system32\dllcache\dao360.dll

- 2006-06-26 17:41:41 148,480 -c--a-w c:\windows\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 -c--a-w c:\windows\system32\dllcache\dnsapi.dll

- 2007-08-22 13:13:27 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

+ 2008-06-23 15:40:05 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll

- 2007-08-22 13:13:27 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

+ 2008-06-23 15:40:05 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll

- 2005-07-26 04:40:30 243,200 -c--a-w c:\windows\system32\dllcache\es.dll

+ 2008-07-07 20:31:58 253,952 -c--a-w c:\windows\system32\dllcache\es.dll

- 2007-08-22 13:13:27 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll

+ 2008-06-23 15:40:05 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll

- 2007-08-21 10:30:45 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe

+ 2008-06-23 09:49:29 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe

- 2007-08-22 13:13:28 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll

+ 2008-06-23 15:40:05 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll

- 2007-08-21 06:17:40 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll

+ 2008-04-11 18:51:08 683,520 -c--a-w c:\windows\system32\dllcache\inetcomm.dll

- 2007-08-22 13:13:28 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll

+ 2008-06-23 15:40:05 96,768 -c--a-w c:\windows\system32\dllcache\inseng.dll

- 2006-05-18 05:36:07 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll

+ 2007-12-18 14:42:09 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll

- 2007-08-22 13:13:28 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

+ 2008-06-23 15:40:05 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 03:45:24 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll

+ 2008-05-01 14:32:24 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll

- 2005-06-29 01:49:48 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll

+ 2008-06-24 16:24:13 74,240 -c--a-w c:\windows\system32\dllcache\mscms.dll

- 2004-08-04 03:45:24 512,029 -c--a-w c:\windows\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:28 518,944 -c--a-w c:\windows\system32\dllcache\msexch40.dll

- 2004-08-04 03:45:24 319,517 -c--a-w c:\windows\system32\dllcache\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 -c--a-w c:\windows\system32\dllcache\msexcl40.dll

- 2007-08-22 13:13:29 3,079,168 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2008-06-23 15:40:09 3,080,704 -c--a-w c:\windows\system32\dllcache\mshtml.dll

- 2007-08-22 13:13:29 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

+ 2008-06-23 15:40:10 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll

- 2004-08-04 03:45:26 1,507,356 -c--a-w c:\windows\system32\dllcache\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 -c--a-w c:\windows\system32\dllcache\msjet40.dll

- 2004-07-17 14:34:48 358,976 -c--a-w c:\windows\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 -c--a-w c:\windows\system32\dllcache\msjetol1.dll

- 2004-08-04 03:45:26 176,159 -c--a-w c:\windows\system32\dllcache\msjint40.dll

+ 2008-03-25 04:49:45 183,072 -c--a-w c:\windows\system32\dllcache\msjint40.dll

- 2004-08-04 03:45:26 53,279 -c--a-w c:\windows\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 60,192 -c--a-w c:\windows\system32\dllcache\msjter40.dll

- 2004-08-04 03:45:26 241,693 -c--a-w c:\windows\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 -c--a-w c:\windows\system32\dllcache\msjtes40.dll

- 2004-08-04 03:45:26 213,023 -c--a-w c:\windows\system32\dllcache\msltus40.dll

+ 2008-03-25 04:50:44 219,936 -c--a-w c:\windows\system32\dllcache\msltus40.dll

- 2004-08-04 03:45:26 348,189 -c--a-w c:\windows\system32\dllcache\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 -c--a-w c:\windows\system32\dllcache\mspbde40.dll

- 2007-08-22 13:13:29 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll

+ 2008-06-23 15:40:10 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll

- 2004-08-04 03:45:26 421,919 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 -c--a-w c:\windows\system32\dllcache\msrd2x40.dll

- 2004-08-04 03:45:26 315,423 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 -c--a-w c:\windows\system32\dllcache\msrd3x40.dll

- 2004-08-04 03:45:26 552,989 -c--a-w c:\windows\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 -c--a-w c:\windows\system32\dllcache\msrepl40.dll

- 2004-08-04 03:45:26 258,077 -c--a-w c:\windows\system32\dllcache\mstext40.dll

+ 2008-03-25 04:50:55 264,992 -c--a-w c:\windows\system32\dllcache\mstext40.dll

- 2007-08-22 13:13:30 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll

+ 2008-06-23 15:40:10 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 03:45:26 831,519 -c--a-w c:\windows\system32\dllcache\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 -c--a-w c:\windows\system32\dllcache\mswdat10.dll

- 2004-08-04 03:45:26 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll

+ 2008-06-20 17:41:07 247,808 -c--a-w c:\windows\system32\dllcache\mswsock.dll

- 2004-08-04 03:45:26 614,429 -c--a-w c:\windows\system32\dllcache\mswstr10.dll

+ 2008-03-25 04:49:46 621,344 -c--a-w c:\windows\system32\dllcache\mswstr10.dll

- 2004-08-04 03:45:26 348,189 -c--a-w c:\windows\system32\dllcache\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 -c--a-w c:\windows\system32\dllcache\msxbde40.dll

- 2007-08-22 13:13:30 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

+ 2008-06-23 15:40:10 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll

- 2005-08-30 03:55:37 1,291,776 -c--a-w c:\windows\system32\dllcache\quartz.dll

+ 2008-05-07 05:15:38 1,292,288 -c--a-w c:\windows\system32\dllcache\quartz.dll

- 2006-07-13 08:48:58 202,240 -c--a-w c:\windows\system32\dllcache\rmcast.sys

+ 2008-05-08 12:28:49 202,752 -c--a-w c:\windows\system32\dllcache\rmcast.sys

- 2007-08-22 13:13:31 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll

+ 2008-06-23 15:40:12 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll

- 2007-08-22 13:13:32 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll

+ 2008-06-23 15:40:12 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll

- 2006-04-20 11:51:50 359,808 -c--a-w c:\windows\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:13 360,320 -c--a-w c:\windows\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 -c--a-w c:\windows\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 -c--a-w c:\windows\system32\dllcache\tcpip6.sys

- 2007-08-22 13:13:32 616,448 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2008-06-23 15:40:12 616,960 -c--a-w c:\windows\system32\dllcache\urlmon.dll

- 2004-08-04 03:45:28 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll

+ 2007-12-18 14:42:09 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll

- 2007-08-22 13:13:32 660,992 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2008-06-23 15:40:13 661,504 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2005-01-28 16:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll

+ 2007-10-20 09:01:32 227,328 -c--a-w c:\windows\system32\dllcache\wmasf.dll

- 2005-01-28 16:44:28 2,370,296 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

+ 2006-12-07 05:29:34 2,374,472 -c--a-w c:\windows\system32\dllcache\wmvcore.dll

- 2007-07-30 22:19:36 549,720 -c--a-w c:\windows\system32\dllcache\wuapi.dll

+ 2008-07-19 01:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll

- 2007-07-30 22:19:16 53,080 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

+ 2008-07-19 01:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe

- 2007-07-30 22:19:42 1,712,984 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

+ 2008-07-19 01:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll

- 2007-07-30 22:19:32 325,976 -c--a-w c:\windows\system32\dllcache\wucltui.dll

+ 2008-07-19 01:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll

- 2007-07-30 22:18:40 33,624 -c--a-w c:\windows\system32\dllcache\wups.dll

+ 2008-07-19 01:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll

- 2007-07-30 22:19:28 203,096 -c--a-w c:\windows\system32\dllcache\wuweb.dll

+ 2008-07-19 01:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll

- 2006-06-26 17:41:41 148,480 ----a-w c:\windows\system32\dnsapi.dll

+ 2008-06-20 17:41:07 148,992 ----a-w c:\windows\system32\dnsapi.dll

- 2007-09-28 20:05:50 81,920 ----a-w c:\windows\system32\dpl100.dll

+ 2007-09-28 21:05:50 81,920 ----a-w c:\windows\system32\dpl100.dll

- 2004-08-04 02:14:16 138,496 ----a-w c:\windows\system32\drivers\afd.sys

+ 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys

+ 2008-09-24 08:18:53 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys

+ 2008-06-14 17:59:51 272,384 ------w c:\windows\system32\drivers\bthport.sys

- 2006-07-13 08:48:58 202,240 ----a-w c:\windows\system32\drivers\rmcast.sys

+ 2008-05-08 12:28:49 202,752 ----a-w c:\windows\system32\drivers\rmcast.sys

- 2006-04-20 11:51:50 359,808 ----a-w c:\windows\system32\drivers\tcpip.sys

+ 2008-06-20 10:45:13 360,320 ----a-w c:\windows\system32\drivers\tcpip.sys

- 2006-08-16 09:37:30 225,664 ----a-w c:\windows\system32\drivers\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 ----a-w c:\windows\system32\drivers\tcpip6.sys

+ 2002-12-10 13:21:20 102,437 ----a-w c:\windows\system32\drv13260.dll

+ 2002-12-10 13:22:42 176,165 ----a-w c:\windows\system32\drv23260.dll

+ 2002-12-10 13:24:52 208,935 ----a-w c:\windows\system32\drv33260.dll

+ 2002-12-10 13:27:24 217,127 ----a-w c:\windows\system32\drv43260.dll

- 2007-08-22 13:13:27 357,888 ----a-w c:\windows\system32\dxtmsft.dll

+ 2008-06-23 15:40:05 357,888 ----a-w c:\windows\system32\dxtmsft.dll

- 2007-08-22 13:13:27 205,312 ----a-w c:\windows\system32\dxtrans.dll

+ 2008-06-23 15:40:05 205,312 ----a-w c:\windows\system32\dxtrans.dll

- 2005-07-26 04:40:30 243,200 ----a-w c:\windows\system32\es.dll

+ 2008-07-07 20:31:58 253,952 ----a-w c:\windows\system32\es.dll

- 2007-08-22 13:13:27 55,808 ----a-w c:\windows\system32\extmgr.dll

+ 2008-06-23 15:40:05 55,808 ----a-w c:\windows\system32\extmgr.dll

- 2007-07-29 19:51:44 7,680 ----a-w c:\windows\system32\ff_vfw.dll

+ 2007-07-29 20:51:44 7,680 ----a-w c:\windows\system32\ff_vfw.dll

+ 2005-10-15 19:45:50 1,706,800 ----a-w c:\windows\system32\gdiplus.dll

- 2007-08-22 13:13:28 251,392 ----a-w c:\windows\system32\iepeers.dll

+ 2008-06-23 15:40:05 251,392 ----a-w c:\windows\system32\iepeers.dll

- 2007-08-21 06:17:40 683,520 ----a-w c:\windows\system32\inetcomm.dll

+ 2008-04-11 18:51:08 683,520 ----a-w c:\windows\system32\inetcomm.dll

+ 2002-12-27 17:54:04 198,656 ----a-w c:\windows\system32\inked.dll

- 2007-08-22 13:13:28 96,768 ----a-w c:\windows\system32\inseng.dll

+ 2008-06-23 15:40:05 96,768 ----a-w c:\windows\system32\inseng.dll

- 2006-05-18 05:36:07 450,560 ----a-w c:\windows\system32\jscript.dll

+ 2007-12-18 14:42:09 450,560 ----a-w c:\windows\system32\jscript.dll

- 2007-08-22 13:13:28 16,384 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-06-23 15:40:05 16,384 ----a-w c:\windows\system32\jsproxy.dll

+ 2008-03-20 21:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL

- 2007-08-07 15:35:56 585,728 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll

+ 2008-03-15 02:29:22 581,632 ----a-w c:\windows\system32\Macromed\Shockwave 10\Control.dll

+ 2008-03-15 02:12:30 1,490,944 ----a-w c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll

- 2007-08-07 15:36:32 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2008-03-15 02:29:58 24,576 ----a-w c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll

+ 2008-03-15 02:10:06 606,208 ----a-w c:\windows\system32\Macromed\Shockwave 10\iml32X.dll

- 2007-08-07 15:35:22 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll

+ 2008-03-15 02:28:48 339,968 ----a-w c:\windows\system32\Macromed\Shockwave 10\Plugin.dll

- 2007-08-07 15:35:32 483,328 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll

+ 2008-03-15 02:28:56 475,136 ----a-w c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll

- 2007-08-07 15:28:38 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll

+ 2008-03-15 02:21:52 180,224 ----a-w c:\windows\system32\Macromed\Shockwave 10\Proj.dll

- 2007-08-07 15:37:56 77,824 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2008-03-15 02:31:28 77,824 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwInit.exe

+ 2008-03-15 14:38:08 86,016 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll

- 2007-08-07 15:37:58 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll

+ 2008-03-15 02:31:28 98,304 ----a-w c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll

+ 2003-03-19 05:19:58 1,060,864 ----a-w c:\windows\system32\MFC71.dll

- 2008-02-04 18:09:48 18,214,008 ----a-w c:\windows\system32\MRT.exe

+ 2008-08-26 20:28:12 16,208,504 ----a-w c:\windows\system32\MRT.exe

- 2005-06-29 01:49:48 74,240 ----a-w c:\windows\system32\mscms.dll

+ 2008-06-24 16:24:13 74,240 ----a-w c:\windows\system32\mscms.dll

- 2004-08-04 03:45:24 512,029 ----a-w c:\windows\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w c:\windows\system32\msexch40.dll

- 2004-08-04 03:45:24 319,517 ----a-w c:\windows\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w c:\windows\system32\msexcl40.dll

- 2007-08-22 13:13:29 3,079,168 ----a-w c:\windows\system32\mshtml.dll

+ 2008-06-23 15:40:09 3,080,704 ----a-w c:\windows\system32\mshtml.dll

- 2007-08-22 13:13:29 449,024 ----a-w c:\windows\system32\mshtmled.dll

+ 2008-06-23 15:40:10 449,024 ----a-w c:\windows\system32\mshtmled.dll

- 2004-08-04 03:45:26 1,507,356 ----a-w c:\windows\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w c:\windows\system32\msjet40.dll

- 2004-07-17 14:34:48 358,976 ----a-w c:\windows\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w c:\windows\system32\msjetoledb40.dll

- 2004-08-04 03:45:26 176,159 ----a-w c:\windows\system32\msjint40.dll

+ 2008-03-25 04:49:45 183,072 ----a-w c:\windows\system32\msjint40.dll

- 2004-08-04 03:45:26 53,279 ----a-w c:\windows\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w c:\windows\system32\msjter40.dll

- 2004-08-04 03:45:26 241,693 ----a-w c:\windows\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w c:\windows\system32\msjtes40.dll

- 2004-08-04 03:45:26 213,023 ----a-w c:\windows\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w c:\windows\system32\msltus40.dll

- 2004-08-04 03:45:26 348,189 ----a-w c:\windows\system32\mspbde40.dll

+ 2008-03-25 04:50:45 355,104 ----a-w c:\windows\system32\mspbde40.dll

- 2007-08-22 13:13:29 146,432 ----a-w c:\windows\system32\msrating.dll

+ 2008-06-23 15:40:10 146,432 ----a-w c:\windows\system32\msrating.dll

- 2004-08-04 03:45:26 421,919 ----a-w c:\windows\system32\msrd2x40.dll

+ 2008-03-25 04:50:47 432,928 ----a-w c:\windows\system32\msrd2x40.dll

- 2004-08-04 03:45:26 315,423 ----a-w c:\windows\system32\msrd3x40.dll

+ 2008-03-25 04:50:49 322,336 ----a-w c:\windows\system32\msrd3x40.dll

- 2004-08-04 03:45:26 552,989 ----a-w c:\windows\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w c:\windows\system32\msrepl40.dll

- 2004-08-04 03:45:26 258,077 ----a-w c:\windows\system32\mstext40.dll

+ 2008-03-25 04:50:55 264,992 ----a-w c:\windows\system32\mstext40.dll

- 2007-08-22 13:13:30 532,480 ----a-w c:\windows\system32\mstime.dll

+ 2008-06-23 15:40:10 532,480 ----a-w c:\windows\system32\mstime.dll

+ 2003-03-18 20:14:50 499,712 ----a-w c:\windows\system32\msvcp71.dll

+ 2002-01-05 18:37:26 344,064 ----a-w c:\windows\system32\msvcr70.dll

- 2004-08-04 03:45:26 831,519 ----a-w c:\windows\system32\mswdat10.dll

+ 2008-03-25 04:50:57 838,432 ----a-w c:\windows\system32\mswdat10.dll

- 2004-08-04 03:45:26 247,808 ----a-w c:\windows\system32\mswsock.dll

+ 2008-06-20 17:41:07 247,808 ----a-w c:\windows\system32\mswsock.dll

- 2004-08-04 03:45:26 614,429 ----a-w c:\windows\system32\mswstr10.dll

+ 2008-03-25 04:49:46 621,344 ----a-w c:\windows\system32\mswstr10.dll

- 2004-08-04 03:45:26 348,189 ----a-w c:\windows\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w c:\windows\system32\msxbde40.dll

+ 1999-12-20 16:16:40 8,704 ----a-w c:\windows\system32\npwmsdrm.dll

+ 2005-10-15 19:45:38 61,440 ----a-w c:\windows\system32\ogg.dll

+ 2005-10-15 19:45:54 421,888 ----a-w c:\windows\system32\OpenQuicktimeLib.dll

- 2008-02-10 18:04:06 39,992 ----a-w c:\windows\system32\perfc009.dat

+ 2008-10-13 03:03:52 39,992 ----a-w c:\windows\system32\perfc009.dat

- 2008-02-10 18:04:06 48,628 ----a-w c:\windows\system32\perfc016.dat

+ 2008-10-13 03:03:52 48,628 ----a-w c:\windows\system32\perfc016.dat

- 2008-02-10 18:04:06 311,604 ----a-w c:\windows\system32\perfh009.dat

+ 2008-10-13 03:03:52 311,604 ----a-w c:\windows\system32\perfh009.dat

- 2008-02-10 18:04:06 344,380 ----a-w c:\windows\system32\perfh016.dat

+ 2008-10-13 03:03:52 344,380 ----a-w c:\windows\system32\perfh016.dat

- 2007-10-25 05:00:00 278,528 ----a-w c:\windows\system32\pncrt.dll

+ 2007-10-25 06:00:00 278,528 ----a-w c:\windows\system32\pncrt.dll

- 2007-10-25 05:00:00 6,656 ----a-w c:\windows\system32\pndx5016.dll

+ 2007-10-25 06:00:00 6,656 ----a-w c:\windows\system32\pndx5016.dll

- 2007-10-25 05:00:00 5,632 ----a-w c:\windows\system32\pndx5032.dll

+ 2007-10-25 06:00:00 5,632 ----a-w c:\windows\system32\pndx5032.dll

- 2007-08-22 13:13:30 39,424 ----a-w c:\windows\system32\pngfilt.dll

+ 2008-06-23 15:40:10 39,424 ----a-w c:\windows\system32\pngfilt.dll

- 2007-09-28 20:07:52 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

+ 2007-09-28 21:07:52 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

+ 2002-11-09 06:04:42 225,280 ----a-w c:\windows\system32\qtmlClient.dll

- 2005-08-30 03:55:37 1,291,776 ----a-w c:\windows\system32\quartz.dll

+ 2008-05-07 05:15:38 1,292,288 ----a-w c:\windows\system32\quartz.dll

+ 2008-08-05 21:41:01 483,920 ----a-w c:\windows\system32\Restore\rstrlog.dat

- 2007-10-25 05:00:00 185,688 ----a-w c:\windows\system32\rmoc3260.dll

+ 2007-10-25 06:00:00 185,688 ----a-w c:\windows\system32\rmoc3260.dll

- 2007-08-22 13:13:31 1,494,528 ----a-w c:\windows\system32\shdocvw.dll

+ 2008-06-23 15:40:12 1,494,528 ----a-w c:\windows\system32\shdocvw.dll

- 2007-08-22 13:13:32 474,112 ----a-w c:\windows\system32\shlwapi.dll

+ 2008-06-23 15:40:12 474,112 ----a-w c:\windows\system32\shlwapi.dll

+ 2002-12-10 13:20:04 102,439 ----a-w c:\windows\system32\sipr3260.dll

+ 2008-07-19 01:10:20 36,552 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll

+ 2008-07-19 01:10:40 45,768 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll

- 2006-01-19 19:29:07 15,072 ------w c:\windows\system32\spmsg.dll

+ 2007-11-30 12:39:04 18,296 ------w c:\windows\system32\spmsg.dll

+ 2002-06-10 04:34:38 49,152 ----a-w c:\windows\system32\tokr3260.dll

- 2007-11-15 04:11:59 1,536 ----a-w c:\windows\system32\TrueSoft.dat

+ 2008-09-12 03:13:58 1,536 ----a-w c:\windows\system32\TrueSoft.dat

- 2007-07-18 12:42:22 60,416 ------w c:\windows\system32\tzchange.exe

+ 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe

- 2007-09-04 20:56:10 164,352 ----a-w c:\windows\system32\unrar.dll

+ 2007-09-04 21:56:10 164,352 ----a-w c:\windows\system32\unrar.dll

- 2007-08-22 13:13:32 616,448 ----a-w c:\windows\system32\urlmon.dll

+ 2008-06-23 15:40:12 616,960 ----a-w c:\windows\system32\urlmon.dll

- 2004-08-04 03:45:28 417,792 ----a-w c:\windows\system32\vbscript.dll

+ 2007-12-18 14:42:09 417,792 ----a-w c:\windows\system32\vbscript.dll

+ 2005-10-15 19:45:38 1,163,264 ----a-w c:\windows\system32\vorbis.dll

+ 2005-10-15 19:45:40 1,040,384 ----a-w c:\windows\system32\vorbisenc.dll

+ 2005-10-15 19:45:40 77,824 ----a-w c:\windows\system32\vorbisfile.dll

+ 2004-08-04 03:55:42 23,552 ----a-w c:\windows\system32\wdmaud(2).drv

- 2007-08-22 13:13:32 660,992 ----a-w c:\windows\system32\wininet.dll

+ 2008-06-23 15:40:13 661,504 ----a-w c:\windows\system32\wininet.dll

+ 2002-12-27 17:54:06 194,560 ----a-w c:\windows\system32\wisptis.exe

- 2005-01-28 16:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll

+ 2007-10-20 09:01:32 227,328 ----a-w c:\windows\system32\wmasf.dll

- 2005-01-28 16:44:28 2,370,296 ----a-w c:\windows\system32\wmvcore.dll

+ 2006-12-07 05:29:34 2,374,472 ----a-w c:\windows\system32\wmvcore.dll

+ 2000-08-08 15:31:24 446,736 ----a-w c:\windows\system32\wmvdmoe.dll

- 2007-07-30 22:19:36 549,720 ----a-w c:\windows\system32\wuapi.dll

+ 2008-07-19 01:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll

- 2007-07-30 22:19:16 53,080 ----a-w c:\windows\system32\wuauclt.exe

+ 2008-07-19 01:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe

- 2007-07-30 22:19:42 1,712,984 ----a-w c:\windows\system32\wuaueng.dll

+ 2008-07-19 01:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll

- 2007-07-30 22:19:32 325,976 ----a-w c:\windows\system32\wucltui.dll

+ 2008-07-19 01:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll

- 2007-07-30 22:18:40 33,624 ----a-w c:\windows\system32\wups.dll

+ 2008-07-19 01:10:20 36,552 ----a-w c:\windows\system32\wups.dll

- 2007-07-30 22:19:12 43,352 ----a-w c:\windows\system32\wups2.dll

+ 2008-07-19 01:10:40 45,768 ----a-w c:\windows\system32\wups2.dll

- 2007-07-30 22:19:28 203,096 ----a-w c:\windows\system32\wuweb.dll

+ 2008-07-19 01:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll

- 2007-08-21 10:53:16 119,296 ----a-w c:\windows\system32\xpsp3res.dll

+ 2008-07-03 09:42:22 360,448 ----a-w c:\windows\system32\xpsp3res.dll

- 2007-07-25 17:24:30 1,559,040 ----a-w c:\windows\system32\xvidcore.dll

+ 2007-07-25 18:24:30 1,559,040 ----a-w c:\windows\system32\xvidcore.dll

- 2007-03-10 15:51:50 282,624 ----a-w c:\windows\system32\xvidvfw.dll

+ 2007-03-10 16:51:50 282,624 ----a-w c:\windows\system32\xvidvfw.dll

- 2004-01-25 20:18:44 217,088 ----a-w c:\windows\system32\yv12vfw.dll

+ 2004-01-25 21:18:44 217,088 ----a-w c:\windows\system32\yv12vfw.dll

- 2000-08-31 11:00:00 49,152 ----a-w c:\windows\VFind.exe

+ 2000-08-31 10:00:00 49,152 ----a-w c:\windows\VFIND.exe

+ 2006-12-02 01:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2006-12-02 01:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll

+ 2006-12-02 01:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

+ 2006-12-02 01:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

+ 2006-12-02 03:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 03:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 03:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 03:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-02 03:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-02 03:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-02 03:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-02 03:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-02 03:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-02 03:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-02 03:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-02 03:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

+ 2008-04-15 17:59:06 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

- 2000-08-31 11:00:00 68,096 ----a-w c:\windows\zip.exe

+ 2000-08-31 10:00:00 68,096 ----a-w c:\windows\zip.exe

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

--a------ 2008-09-24 06:18 1235736 c:\arquiv~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

--a------ 2004-03-08 22:03 176128 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sdCoreService"=2 (0x2)

"sdAuxService"=2 (0x2)

"SandraTheSrv"=3 (0x3)

"SandraDataSrv"=3 (0x3)

"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-24 97928]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-09-24 76040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec306e0-da87-11dc-a936-000ae6ebd906}]

\Shell\AutoRun\command - E:\diskdrive.exe

\Shell\open\command - E:\diskdrive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef9d280-2485-11dd-879c-000ae6ebd906}]

\Shell\Auto\command - E:\fun.xls.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bafcbfd2-e802-11dc-a96c-000ae6ebd906}]

\Shell\AutoRun\command - E:\kn6jhgc.cmd

\Shell\explore\Command - E:\kn6jhgc.cmd

\Shell\open\Command - E:\kn6jhgc.cmd

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-10 c:\windows\Tasks\Norton Security Scan.job

- c:\arquivos de programas\Norton Security Scan\Nss.exe [2007-09-19 00:42]

.

- - - - ORFÃOS REMOVIDOS - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - c:\arquiv~1\DAP\SBSearch.dll

HKU-Default-RunOnce-<NO NAME> - (no file)

MSConfigStartUp-Disk Drive Full - c:\windows\system32\diskdrive.exe

MSConfigStartUp-Irom Mask - c:\arquivos de programas\Windows32.exe

MSConfigStartUp-ISTray - c:\arquivos de programas\Spyware Doctor\pctsTray.exe

MSConfigStartUp-SiS KHooker - c:\windows\system32\khooker.exe

MSConfigStartUp-Skype - c:\arquivos de programas\Skype\Phone\Skype.exe

MSConfigStartUp-Steam - c:\arquivos de programas\Steam\Steam.exe

MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\arquivos de programas\Uniblue\RegistryBooster\RegistryBooster.exe

MSConfigStartUp-WinampAgent - c:\arquivos de programas\Winamp\winampa.exe

MSConfigStartUp-Windows Explorer - c:\windows\system32\Explorer.exe

MSConfigStartUp-Windows IInternet - c:\windows\system32\kork.exe

MSConfigStartUp-Cmaudio - cmicnfg.cpl

MSConfigStartUp-IMJPMIG8 - msime82.exe

MSConfigStartUp-MsServer - msfun80.exe

.

------- Scan Suplementar -------

.

FireFox -: Profile - c:\documents and settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\2yb7spxz.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

.

------- Associação de arquivos/ficheiros -------

.

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-06 22:30:56

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-06 22:35:42

ComboFix-quarantined-files.txt 2008-11-07 00:35:34

ComboFix2.txt 2008-04-19 03:21:37

ComboFix3.txt 2008-02-24 20:25:00

Pré-execução: 18 pasta(s) 11,759,538,176 bytes disponíveis

Pós execução: 18 pasta(s) 11,890,495,488 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

861 --- E O F --- 2008-09-11 00:22:53

obrigado por sua ajuda moderador .. =)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

( 1 ) Nota muito importante: Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reactive as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

( 2 ) Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Quote":

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec306e0-da87-11dc-a936-000ae6ebd906}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef9d280-2485-11dd-879c-000ae6ebd906}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bafcbfd2-e802-11dc-a96c-000ae6ebd906}]
Folder::
c:\arquivos de programas\AskSearch

  • Salve este arquivo como: CFScript.txt
    CFScriptB-4.gif
  • Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para o ComboFix.exe
  • Quando a ferramenta terminar de rodar, gerará um log. Cole o conteúdo desse arquivo C:\ComboFix.txt.
  • Faça também um novo log do HijackThis para colocar na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:44:18, on 10/11/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Arquivos de programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Shareaza\Shareaza.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

--

End of file - 3469 bytes

combofix

ComboFix 08-11-07.01 - Rafael 2008-11-10 15:21:05.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.46 [GMT -2:00]

Executando de: c:\documents and settings\Rafael\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Rafael\Desktop\CFScript.txt

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\AskSearch

c:\arquivos de programas\AskSearch\bin\DefaultSearch.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-10-10 to 2008-11-10 ))))))))))))))))))))))))))))

.

2008-11-02 12:57 . 2008-11-02 12:57 <DIR> d-------- c:\arquivos de programas\Trend Micro

2008-10-22 12:20 . 2008-10-23 11:49 <DIR> d-------- c:\documents and settings\Rafael\Dados de aplicativos\Desktopicon

2008-10-22 12:20 . 2008-11-02 23:46 <DIR> d-------- c:\arquivos de programas\VDOWNLOADER

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-23 14:47 --------- d-----w c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

2008-10-10 19:03 --------- d-----w c:\arquivos de programas\Circle Developement

2008-10-10 18:03 --------- d-----w c:\arquivos de programas\Arquivos comuns\Symantec Shared

2008-10-10 18:00 --------- d-----w c:\arquivos de programas\Norton Security Scan

2008-10-07 08:53 --------- d-----w c:\arquivos de programas\Security Process Explorer

2008-10-06 14:33 --------- d-----w c:\arquivos de programas\Shareaza

2008-09-24 08:23 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\avg8

2008-09-24 08:19 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys

2008-09-24 08:19 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2008-09-24 08:18 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-09-24 08:18 --------- d-----w c:\arquivos de programas\AVG

2008-09-24 07:14 --------- d-----w c:\arquivos de programas\CCleaner

2008-09-20 03:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

2008-09-20 03:04 --------- d-----w c:\arquivos de programas\Windows Live

2008-09-20 03:04 --------- d-----w c:\arquivos de programas\MSN Messenger

2008-09-20 03:04 --------- d-----w c:\arquivos de programas\Messenger Plus! Live

2008-09-12 14:42 --------- d-----w c:\documents and settings\Rafael\Dados de aplicativos\Uniblue

2008-09-12 14:42 --------- d-----w c:\arquivos de programas\Uniblue

2008-09-11 23:04 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dados de aplicativos\Skype

2008-08-11 22:07 90,112 ----a-w c:\windows\DUMP4136.tmp

2008-08-11 21:38 90,112 ----a-w c:\windows\DUMP591c.tmp

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

--a------ 2008-09-24 06:18 1235736 c:\arquiv~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 c:\arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]

--a------ 2004-03-08 22:03 176128 c:\windows\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"sdCoreService"=2 (0x2)

"sdAuxService"=2 (0x2)

"SandraTheSrv"=3 (0x3)

"SandraDataSrv"=3 (0x3)

"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgemc.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\Shareaza\\Shareaza.exe"=

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-10 c:\windows\Tasks\Norton Security Scan.job

- c:\arquivos de programas\Norton Security Scan\Nss.exe [2007-09-19 00:42]

.

- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 15:23:49

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-11-10 13:36:33

ComboFix-quarantined-files.txt 2008-11-10 15:36:28

ComboFix2.txt 2008-11-07 00:35:45

ComboFix3.txt 2008-04-19 03:21:37

ComboFix4.txt 2008-02-24 20:25:00

Pré-execução: 18 pasta(s) 11.831.709.696 bytes disponíveis

Pós execução: 18 pasta(s) 11,853,451,264 bytes disponíveis

102 --- E O F --- 2008-09-11 00:22:53

esta bom ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 10 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u10-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

No mais o seu log está limpo

  • Clique em Iniciar depois em Executar
  • Digite agora Combofix /u e clique OK, tal como exemplificado na imagem abaixo.

CF_Cleanup.png

Faça o download de OTCleanIt by OldTimer

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone otcleanitdesktopicon.png
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Agora que seu pc está limpo, siga estes passos para manter seu computador limpo e protegido:

  • Elimine a Pasta (caso exista): Backups do HijackThis
  • Utilize um navegador alternativo e mais seguro:
    firefox-spread-btn-1b.png ou Opera_logo1.gif
  • Utilize uma Firewall - É extremamente importante na proteção ao seu computador.
    Boas opções grátis são:
    Comodo Firewall Pro
    Online Armor Free edition
  • Instale o SpywareBlaster - SpywareBlaster adiciona uma lista de programas e sites maliciosos ao Internet Explorer e FireFox que o irão proteger desses sites e programas.
  • Visite o Secunia Software Inspector e veja o estado dos seus programas no que diz respeito às actualizações.
  • Mantenha seus programas devidamente actualizados.
    Estar actualizado é estar seguro. Clique aqui

Algumas utilidades extras que podem aumentar a proteção ao seu computador:

  • IE/Spyad <=
    IE/Spyad adiciona para cima de 4000 websites e dominios à lista de restrições do IE.
  • MVPS Hosts <= O MVPS Hosts cria um novo arquivo HOSTS contendo sites conhecidos, IP's, etc. Basicamente, irá prevenir que o seu pc se conecte a esses sites maliciosos
  • Google Toolbar <= A toolbar do Google previne os pop up's.

Foi um prazer ajudar thumbsup.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

desculpa a demora, mais eu nao me esqueci de agradecer ...

muito obrigado moderador ..

foi um prazer ser ajudado por você .. huahaa

pode fechar o topico .. :)

:bye:

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×