Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
p_montoya

Analise hijjack this - PWS banker

Recommended Posts

Meu Macafee detectou arquivos com PWS banker. Poderiam fazer o favor de analisar meu log do hijack para saber se estou livre da praga!!

Grato

Pablo Moreno

Logfile of HijackThis v1.99.1

Scan saved at 14:24:21, on 7/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOPInv3\TOPInv3.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Program Files\JetAudio\jetAudio.exe

C:\Program Files\AIKO 82D\AIKO 82D.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\VPN Client\vpngui.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Documents and Settings\a168351\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://extranet.atosorigin.com.br

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://extranet.atosorigin.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 216.10.242.251 internetbanking.caixa.gov.br

O1 - Hosts: 216.10.242.250 www2.bancobrasil.com.br

O1 - Hosts: 216.10.242.249 aapj.bb.com.br

O1 - Hosts: 216.10.242.240 wwws.nossacaixa.com.br

O1 - Hosts: 216.10.242.230 infobusca.experianmarketing.com.br

O1 - Hosts: 209.85.193.99 imagem.caixa.gov.br

O1 - Hosts: 209.85.193.99 www14.bancobrasil.com.br

O1 - Hosts: 209.85.193.99 www5.infoseg.gov.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - Global Startup: Atos Origin VPN Client.lnk = C:\VPN Client\vpngui.exe

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\Software\..\Telephony: DomainName = samerica.br.int.atosorigin.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{68F0D05C-FDDC-4BE9-968A-76750A6CEC65}: NameServer = 200.220.227.101 200.142.130.10

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\VPN Client\cvpnd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: TOP Inventory Service 3.0 (TOPInv3) - Atos Origin Brasil - C:\Program Files\TOPInv3\TOPInv3.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Diego, Obrigado pela ajuda. Como pediu segue os logs.

Pelo que vi não estou livre ainda, acabei de reparar que ele altera minha página do banco do brasil.

Grato.

Montoya

GMER

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-19 10:48:32

Windows 5.1.2600 Service Pack 3

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\d346prt\Cfg\0Jf40@hj34z0 0xA9 0xA3 0xAA 0x97 ...

---- User code sections - GMER 1.0.14 ----

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 15, 00 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1400] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ]

.text C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2624] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ]

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A88DF56C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP A88DF556 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP A88DF52A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP A88DF514 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 7 Bytes JMP A88DF540 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Msfs \Device\Mailslot 86563360

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 865AB958

Device \FileSystem\MRxSmb \Device\LanmanRedirector 865AB958

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86863CF8

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86863CF8

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86863CF8

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86863CF8

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86863CF8

Device \FileSystem\Npfs \Device\NamedPipe 868A6CF8

Device \FileSystem\Rdbss \Device\FsWrap 8695CB20

Device \Driver\Cdrom \Device\CdRom0 86982B80

Device \Driver\Cdrom \Device\CdRom1 86982B80

Device \FileSystem\Srv \Device\LanmanServer 869B0EE8

Device \Driver\usbstor \Device\00000089 869BE910

Device \Driver\usbstor \Device\0000008b 869BE910

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 869F69F0

Device \Driver\atapi \Device\Ide\IdePort0 869F69F0

Device \Driver\atapi \Device\Ide\IdePort1 869F69F0

Device \Driver\atapi \Device\Ide\IdePort2 869F69F0

Device \Driver\atapi \Device\Ide\IdePort3 869F69F0

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 869F69F0

Device \Driver\d346prt \Device\Scsi\d346prt1 869F9F00

Device \Driver\d346prt \Device\Scsi\d346prt1Port4Path0Target0Lun0 869F9F00

Device \FileSystem\Cdfs \Cdfs 86A6DCB8

Device \FileSystem\Ntfs \Ntfs 86DC9DD8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}@DisplayName DAEMON Tools

Reg HKLM\SOFTWARE\Classes\Installer\Products\B3D5AC652003B7E409EF70D1F8FD8341@ProductName DAEMON Tools

---- Modules - GMER 1.0.14 ----

Module _________ F7479000-F7491000 (98304 bytes)

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- System - GMER 1.0.14 ----

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwClose [0xF7522D08]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF7522CC0]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7516A20]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA88DF510]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA88DF53C]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF75174FC]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF7522E00]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenFile [0xF7516A60]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF7522C84]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF751751C]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF7522D56]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA88DF526]

SSDT d346bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF7522230]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA88DF552]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA88DF568]

---- EOF - GMER 1.0.14 ----

--------------------------------------------------------------------------

RSIT

Logfile of random's system information tool 1.04 (written by random/random)

Run by A168351 at 2008-11-19 10:49:52

Microsoft Windows XP Professional Service Pack 3

System drive C: has 91 GB (60%) free of 153 GB

Total RAM: 1014 MB (60% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-09-29 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]

"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-29 144792]

"Monitor"=C:\WINDOWS\PixArt\PAC7311\Monitor.exe [2006-11-03 319488]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"Google Update"=C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

"BitComet"=C:\Program Files\BitComet\BitComet.exe [2008-10-10 2497336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

C:\Program Files\BitComet\BitComet.exe [2008-10-10 2497336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

C:\Program Files\D-Tools\daemon.exe [2004-03-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

C:\PROGRA~1\WinZip\WZQKPICK.EXE [2004-02-11 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Atos Origin VPN Client.lnk - C:\VPN Client\vpngui.exe

Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"DisallowRun"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe"="C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe:*:Disabled:Wireless Manager"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\AIKO 82D\AIKO 82D.exe"="C:\Program Files\AIKO 82D\AIKO 82D.exe:*:Enabled:AIKO 82D"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e8784b6-784a-11dd-a121-0015afd4b1db}]

shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58735be6-6de6-11dd-a109-0015afd4b1db}]

shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad16ba3f-6d60-11dd-a106-0015afd4b1db}]

shell\AutoRun\command - G:\AutoRun.exe

======List of files/folders created in the last 2 months======

2008-11-19 10:48:55 ----D---- C:\Program Files\trend micro

2008-11-19 10:48:54 ----D---- C:\rsit

2008-11-19 10:35:15 ----A---- C:\WINDOWS\gmer.ini

2008-11-19 10:35:14 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-19 10:35:13 ----A---- C:\WINDOWS\gmer.exe

2008-11-19 10:35:13 ----A---- C:\WINDOWS\gmer.dll

2008-11-13 01:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-13 01:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-13 01:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-05 19:58:19 ----D---- C:\QUARANTINE

2008-10-29 17:39:32 ----D---- C:\Program Files\MSECache

2008-10-28 17:59:26 ----D---- C:\Program Files\CDisplay

2008-10-27 09:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-20 20:40:03 ----D---- C:\WINDOWS\Downloaded Installations

2008-10-19 11:20:31 ----D---- C:\Documents and Settings\a168351\Application Data\Real

2008-10-19 11:20:20 ----D---- C:\Documents and Settings\a168351\Application Data\InstallShield

2008-10-19 11:20:19 ----D---- C:\WINDOWS\system32\1222999226

2008-10-19 11:20:08 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-10-19 11:20:06 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2008-10-19 11:19:57 ----D---- C:\Documents and Settings\a168351\Application Data\WinRAR

2008-10-18 18:21:55 ----D---- C:\Config.Msi

2008-10-17 19:38:27 ----D---- C:\Documents and Settings\a168351\Application Data\LucasArts

2008-10-17 19:25:00 ----D---- C:\Program Files\D-Tools

2008-10-16 04:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-16 04:05:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-16 04:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-16 04:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-16 04:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-06 23:01:18 ----D---- C:\Documents and Settings\a168351\Application Data\Apple Computer

2008-10-06 13:02:12 ----A---- C:\WINDOWS\system32\z6f.exe

2008-10-06 13:02:11 ----A---- C:\WINDOWS\system32\m5p.dll

2008-10-03 14:56:33 ----D---- C:\Program Files\Common Files\Apple

2008-10-03 14:56:29 ----D---- C:\Program Files\QuickTime

2008-10-03 14:56:13 ----D---- C:\Program Files\Apple Software Update

2008-10-03 14:50:59 ----A---- C:\WINDOWS\system32\unrar.dll

2008-10-03 14:50:59 ----A---- C:\WINDOWS\avisplitter.ini

2008-10-03 14:50:53 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2008-10-03 14:50:53 ----A---- C:\WINDOWS\system32\huffyuv.dll

2008-10-03 14:50:52 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2008-10-03 14:50:52 ----A---- C:\WINDOWS\system32\xvidcore.dll

2008-10-03 14:50:52 ----A---- C:\WINDOWS\system32\x264vfw.dll

2008-10-03 14:50:52 ----A---- C:\WINDOWS\system32\vp7vfw.dll

2008-10-03 14:50:52 ----A---- C:\WINDOWS\system32\vp6vfw.dll

2008-10-03 14:50:51 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2008-10-03 14:50:51 ----A---- C:\WINDOWS\system32\dpl100.dll

2008-10-03 14:50:51 ----A---- C:\WINDOWS\system32\divx.dll

2008-10-03 14:50:50 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-10-03 14:50:50 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2008-10-03 14:50:48 ----D---- C:\Program Files\K-Lite Codec Pack

2008-10-02 17:54:15 ----D---- C:\Program Files\WinRAR

2008-09-30 20:45:05 ----D---- C:\Downloads

2008-09-30 20:44:45 ----D---- C:\Program Files\BitComet

2008-09-29 21:05:00 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-09-24 10:09:49 ----D---- C:\WINDOWS\Minidump

2008-09-20 02:33:33 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2008-09-20 02:32:54 ----D---- C:\WINDOWS\Pixart

2008-09-20 02:32:54 ----D---- C:\Program Files\Dlink

2008-09-20 02:32:54 ----D---- C:\Program Files\Common Files\PCVGACamera

======List of files/folders modified in the last 2 months======

2008-11-19 10:48:58 ----D---- C:\WINDOWS\Prefetch

2008-11-19 10:48:55 ----RD---- C:\Program Files

2008-11-19 10:36:46 ----D---- C:\Program Files\AIKO 82D

2008-11-19 10:35:15 ----D---- C:\WINDOWS

2008-11-19 10:35:14 ----D---- C:\WINDOWS\system32\drivers

2008-11-19 10:34:58 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem.txt

2008-11-19 10:34:27 ----D---- C:\WINDOWS\system32\FxsTmp

2008-11-19 10:32:12 ----D---- C:\WINDOWS\Temp

2008-11-19 09:53:18 ----D---- C:\Program Files\Mozilla Firefox

2008-11-19 09:01:28 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-19 09:00:28 ----D---- C:\WINDOWS\system32

2008-11-19 09:00:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-19 08:56:27 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt

2008-11-18 23:22:10 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-18 15:36:38 ----A---- C:\WINDOWS\WDIC.INI

2008-11-18 14:33:15 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-18 12:34:44 ----D---- C:\WINDOWS\security

2008-11-15 00:43:01 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-11-14 12:33:53 ----SD---- C:\Documents and Settings\a168351\Application Data\Microsoft

2008-11-13 20:43:53 ----HD---- C:\WINDOWS\inf

2008-11-13 20:43:53 ----D---- C:\WINDOWS\Help

2008-11-13 20:10:19 ----D---- C:\Program Files\JetAudio

2008-11-13 01:03:48 ----SHD---- C:\WINDOWS\Installer

2008-11-13 01:03:28 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-13 01:02:07 ----A---- C:\WINDOWS\imsins.BAK

2008-11-07 17:41:13 ----RASH---- C:\boot.ini

2008-11-07 17:41:13 ----A---- C:\WINDOWS\win.ini

2008-11-07 17:41:13 ----A---- C:\WINDOWS\system.ini

2008-11-07 15:55:41 ----SD---- C:\WINDOWS\Tasks

2008-11-06 17:55:09 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem #3.txt

2008-11-03 22:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-10-31 15:21:09 ----D---- C:\Program Files\GbPlugin

2008-10-31 03:00:41 ----D---- C:\WINDOWS\WinSxS

2008-10-30 12:05:42 ----SHD---- C:\WINDOWS\CSC

2008-10-30 03:35:16 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary USB Modem #2.txt

2008-10-29 17:39:54 ----RSD---- C:\WINDOWS\Fonts

2008-10-29 17:39:49 ----D---- C:\Program Files\Microsoft Office

2008-10-29 17:39:45 ----D---- C:\Program Files\Common Files\Microsoft Shared

2008-10-27 14:21:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-10-23 16:45:20 ----SHD---- C:\RECYCLER

2008-10-23 16:44:46 ----A---- C:\WINDOWS\OEWABLog.txt

2008-10-23 16:44:38 ----D---- C:\Documents and Settings

2008-10-23 16:27:06 ----D---- C:\Pessoal

2008-10-23 16:26:11 ----D---- C:\Atos

2008-10-22 09:09:13 ----D---- C:\WINDOWS\system32\CatRoot

2008-10-20 09:02:09 ----D---- C:\WINDOWS\system32\wbem

2008-10-20 03:58:55 ----D---- C:\Program Files\Internet Explorer

2008-10-19 11:21:42 ----D---- C:\WINDOWS\system32\config

2008-10-19 11:21:34 ----D---- C:\WINDOWS\Registration

2008-10-19 11:20:26 ----D---- C:\Program Files\Common Files\COWON

2008-10-18 18:21:15 ----D---- C:\WINDOWS\system32\Restore

2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll

2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll

2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll

2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll

2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll

2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll

2008-10-15 14:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-03 15:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

2008-10-03 14:56:33 ----D---- C:\Program Files\Common Files

2008-09-29 21:04:48 ----A---- C:\WINDOWS\system32\javaws.exe

2008-09-29 21:04:48 ----A---- C:\WINDOWS\system32\javaw.exe

2008-09-29 21:04:47 ----A---- C:\WINDOWS\system32\java.exe

2008-09-29 21:04:46 ----D---- C:\Program Files\Java

2008-09-29 20:45:33 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-09-20 02:33:05 ----HD---- C:\Program Files\InstallShield Installation Information

2008-09-20 02:32:55 ----D---- C:\WINDOWS\twain_32

2008-09-20 02:32:32 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []

R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]

R2 CVPNDRVA;Atos Origin IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]

R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2006-02-07 935424]

R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-02-07 196608]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]

R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]

R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]

R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]

R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-07-18 264576]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2006-02-07 672256]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-05-03 259712]

R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-01-30 100864]

R3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-01-30 100864]

R3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-01-30 100864]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-19 85969]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 PAC7311;Dlink DSB-C320; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2006-11-08 530304]

S3 sith_bus;SIT HYBRID USB Composite Device; C:\WINDOWS\System32\Drivers\sith_bus.sys [2007-06-17 22144]

S3 sith_flt;SIT Hybrid USB Filter Service; C:\WINDOWS\system32\DRIVERS\sith_flt.sys [2007-06-17 4224]

S3 sith_mdm;SIT HYBRID Modem; C:\WINDOWS\System32\Drivers\sith_mdm.sys [2007-08-03 39936]

S3 sith_prt;SIT HYBRID Status; C:\WINDOWS\System32\Drivers\sith_prt.sys [2007-08-03 38912]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autorun CDROM Monitor;Autorun CDROM Monitor; C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe [2008-01-30 81920]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\VPN Client\cvpnd.exe [2004-06-16 1433616]

R2 FwcAgent;Firewall Client Agent; C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe [2006-12-09 128832]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-29 147456]

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]

R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]

R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 TOPInv3;TOP Inventory Service 3.0; C:\Program Files\TOPInv3\TOPInv3.exe [2006-07-04 135168]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Diego,

Este procedimento demorará um pouco mais do que os outros visto que não tenho uma conexão tão alta no serviço, apenas em casa.

Assim que tiver realizado o procedimento postarei aqui.

Grato pela ajuda.

Att,

Montoya

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Assim que tiver realizado o procedimento postarei aqui.
Beleza, estarei aguardando :)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego,

Este novo procedimento parece um tanto quanto perigoso, qual a possibilidade dele dar errado. Este PC não é pessoal, dependendo da periculosidade acho melhor levar para a equipe responsável formatar a máquina. Por enquanto estou vivendo com este virus, existe algum problema que ele possa causar além de buscar minhas senhas de bancos??

Grato pela ajuda

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Este novo procedimento parece um tanto quanto perigoso, qual a possibilidade dele dar errado.
Meu amigo, se você seguir o tutorial à risca não haverá problema... Portanto a probabilidade de ele dar errado, e entendo este seu 'errado' em desconfigurar o computador, é praticamente nula :)

E vamos supor que algo dê de errado, somos capacitados para reverter essas situações :)

Por enquanto estou vivendo com este virus, existe algum problema que ele possa causar além de buscar minhas senhas de bancos??
Fazendo uma analogia, quem é que gosta de conviver com alguma doença, veja aqui mais informações sobre: http://www.popupsentry.com/G/GBIEH.DLL-3537.html

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fala Diego,

Desculpe a demora mas realizei o procedimento do combo fix.

Segue o log... preciso me livrar dessa praga, acho que ele muda o site do submarino também. Você acha que deveria mudar minhas senhas de email e logins tb?

Att

Montoya

------------------------------------------------------------------------

ComboFix 08-11-30.02 - A168351 2008-12-01 12:28:05.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.665 [GMT -2:00]

Running from: c:\documents and settings\a168351\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\x64

c:\windows\system32\z6f.exe

.

((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))

.

2008-12-01 10:41 . 2008-12-01 10:41 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-19 10:48 . 2008-11-19 10:48 <DIR> d-------- C:\rsit

2008-11-19 10:48 . 2008-11-19 10:48 <DIR> d-------- c:\program files\trend micro

2008-11-19 10:35 . 2008-11-19 10:36 250 --a------ c:\windows\gmer.ini

2008-11-12 14:25 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 14:22 . 2008-09-04 15:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-05 19:58 . 2008-11-07 13:30 <DIR> d-------- C:\QUARANTINE

2008-11-04 20:48 . 2008-11-04 20:48 664 --a------ c:\windows\system32\d3d9caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-01 13:28 --------- d-----w c:\program files\AIKO 82D

2008-11-13 22:10 --------- d-----w c:\program files\JetAudio

2008-10-31 17:21 --------- d-----w c:\program files\GbPlugin

2008-10-29 19:39 --------- d-----w c:\program files\MSECache

2008-10-28 19:59 --------- d-----w c:\program files\CDisplay

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 19:01 --------- d-----w c:\documents and settings\cris\Application Data\COWON

2008-10-20 22:40 --------- d-----w c:\program files\D-Tools

2008-10-19 13:20 --------- d-----w c:\program files\QuickTime

2008-10-19 13:20 --------- d-----w c:\program files\K-Lite Codec Pack

2008-10-19 13:20 --------- d-----w c:\program files\Common Files\COWON

2008-10-19 13:20 --------- d-----w c:\program files\Apple Software Update

2008-10-19 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-10-19 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-10-19 13:20 --------- d-----w c:\documents and settings\a168351\Application Data\InstallShield

2008-10-17 21:38 --------- d-----w c:\documents and settings\a168351\Application Data\LucasArts

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 23:05 --------- d-----w c:\program files\BitComet

2008-10-07 01:01 --------- d-----w c:\documents and settings\a168351\Application Data\Apple Computer

2008-10-03 16:56 --------- d-----w c:\program files\Common Files\Apple

2008-09-29 23:04 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-05-20 14:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Google Update"="c:\documents and settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2008-10-10 2497336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Atos Origin VPN Client.lnk - c:\vpn client\vpngui.exe [2008-05-20 1466384]

Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 117568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

"1"= winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-10-10 05:53 2497336 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-03-12 22:43 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2007-04-20 14:57 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2007-04-20 14:57 142104 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

--a------ 2006-11-03 12:01 319488 c:\windows\Pixart\PAC7311\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

--a------ 2007-04-20 14:57 138008 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-09-29 21:20 144792 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 19:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2007-04-10 16:28 16126464 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WLSetupSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"MDM"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\AIKO 82D\\AIKO 82D.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25457:TCP"= 25457:TCP:BitComet 25457 TCP

"25457:UDP"= 25457:UDP:BitComet 25457 UDP

R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2008-10-20 156800]

R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2008-10-20 5248]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-08-18 81920]

R2 FwcAgent;Firewall Client Agent;"c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe" [2006-12-09 128832]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-05-20 264576]

S2 TOPInv3;TOP Inventory Service 3.0;c:\program files\TOPInv3\TOPInv3.exe [2008-08-26 135168]

S3 PAC7311;Dlink DSB-C320;c:\windows\system32\DRIVERS\PA707UCM.SYS [2006-11-08 530304]

S3 sith_bus;SIT HYBRID USB Composite Device;c:\windows\system32\Drivers\sith_bus.sys [2007-06-17 22144]

S3 sith_flt;SIT Hybrid USB Filter Service;c:\windows\system32\DRIVERS\sith_flt.sys [2007-06-17 4224]

S3 sith_mdm;SIT HYBRID Modem;c:\windows\system32\Drivers\sith_mdm.sys [2007-08-03 39936]

S3 sith_prt;SIT HYBRID Status;c:\windows\system32\Drivers\sith_prt.sys [2007-08-03 38912]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ebef40-6d65-11dd-a108-0015afd4b1db}]

\Shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e8784b6-784a-11dd-a121-0015afd4b1db}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58735be6-6de6-11dd-a109-0015afd4b1db}]

\Shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad16ba3f-6d60-11dd-a106-0015afd4b1db}]

\Shell\AutoRun\command - G:\AutoRun.exe

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:00]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\a168351\Application Data\Mozilla\Firefox\Profiles\1gn1g051.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ikariam.com.pt/

FF -: plugin - c:\documents and settings\a168351\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-01 12:30:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1256)

c:\windows\system32\igfxdev.dll

.

Completion time: 2008-12-01 12:30:58

ComboFix-quarantined-files.txt 2008-12-01 14:30:54

Pre-Run: 91,797,114,880 bytes free

Post-Run: 91,948,466,176 bytes free

186 --- E O F --- 2008-11-13 03:05:28

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

Firefox::
FireFox -: Profile - c:\documents and settings\a168351\Application Data\Mozilla\Firefox\Profiles\1gn1g051.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ikariam.com.pt/
FF -: plugin - c:\documents and settings\a168351\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dl l
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ebef40-6d65-11dd-a108-0015afd4b1db}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e8784b6-784a-11dd-a121-0015afd4b1db}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58735be6-6de6-11dd-a109-0015afd4b1db}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad16ba3f-6d60-11dd-a106-0015afd4b1db}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Puts velho,

Se eu soubesse que ia ter de fazer mais scans não tinha instalado uns esquemas do cel. O log ficou gigante...

Ah, não sei se tem a ver, mas meu antivirus pegou um arquivo com um vírus Generic.tx recentemente e deletou, algo a ver com esse ou ele abriu alguma porta pra esse cara??

Valeu pela ajuda

----------------------------------------------------------------------

ComboFix 08-12-02.02 - A168351 2008-12-03 19:49:19.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.673 [GMT -2:00]

Running from: c:\documents and settings\a168351\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\a168351\Desktop\CFScript.txt

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))

.

2008-12-02 20:42 . 2008-12-02 20:49 <DIR> d-------- c:\program files\gMapMaker

2008-12-02 17:37 . 2008-12-02 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\GARMIN

2008-12-02 13:33 . 2008-12-02 13:33 <DIR> d-------- c:\program files\Tracksource

2008-12-02 13:33 . 2008-12-02 17:37 <DIR> d-------- c:\documents and settings\a168351\Application Data\GARMIN

2008-12-02 11:49 . 2008-12-02 17:36 <DIR> d-------- C:\Garmin

2008-12-02 11:11 . 2008-12-02 11:11 <DIR> d-------- c:\program files\MSXML 4.0

2008-12-02 10:08 . 2008-12-02 10:08 <DIR> d-------- c:\program files\PC Connectivity Solution

2008-12-02 10:08 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys

2008-12-02 09:54 . 2008-12-02 09:54 <DIR> d-------- c:\program files\MSBuild

2008-12-02 09:51 . 2008-12-02 09:51 <DIR> d-------- c:\windows\system32\XPSViewer

2008-12-02 09:50 . 2008-12-02 09:50 <DIR> d-------- c:\program files\Reference Assemblies

2008-12-02 09:49 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll

2008-12-02 09:11 . 2008-12-02 09:11 <DIR> d-------- C:\Backup

2008-12-02 00:16 . 2008-04-14 00:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys

2008-12-02 00:16 . 2008-04-14 00:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys

2008-12-02 00:15 . 2008-09-15 08:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll

2008-12-02 00:15 . 2008-09-15 08:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll

2008-12-02 00:15 . 2008-09-15 08:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys

2008-12-02 00:15 . 2008-09-15 08:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys

2008-12-02 00:15 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll

2008-12-02 00:15 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys

2008-12-02 00:15 . 2008-09-15 08:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys

2008-12-02 00:15 . 2008-12-02 00:15 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2008-12-02 00:15 . 2008-12-02 00:15 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2008-12-02 00:14 . 2008-12-02 00:14 <DIR> d-------- c:\program files\MSXML 6.0

2008-12-02 00:14 . 2008-12-02 00:14 <DIR> d-------- c:\program files\Common Files\Nokia

2008-12-02 00:13 . 2008-12-02 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations

2008-12-02 00:03 . 2008-12-02 00:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia

2008-12-01 23:39 . 2008-12-01 23:39 <DIR> d-------- c:\documents and settings\a168351\Application Data\NSeries

2008-12-01 23:22 . 2008-12-01 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite

2008-12-01 23:22 . 2008-12-02 10:14 <DIR> d-------- c:\documents and settings\a168351\Application Data\Nokia

2008-12-01 22:57 . 2008-12-02 10:08 <DIR> d-------- c:\program files\Nokia

2008-12-01 22:57 . 2008-12-02 10:08 <DIR> d-------- c:\program files\DIFX

2008-12-01 22:57 . 2008-12-02 10:08 <DIR> d-------- c:\program files\Common Files\PCSuite

2008-12-01 22:57 . 2008-12-02 10:14 <DIR> d-------- c:\documents and settings\a168351\Application Data\PC Suite

2008-12-01 22:57 . 2008-09-15 08:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll

2008-12-01 10:41 . 2008-12-01 10:41 <DIR> d-------- c:\windows\system32\CatRoot_bak

2008-11-19 10:48 . 2008-11-19 10:48 <DIR> d-------- C:\rsit

2008-11-19 10:48 . 2008-11-19 10:48 <DIR> d-------- c:\program files\trend micro

2008-11-19 10:35 . 2008-11-19 10:36 250 --a------ c:\windows\gmer.ini

2008-11-12 14:25 . 2008-10-24 09:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 14:22 . 2008-09-04 15:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-05 19:58 . 2008-12-02 12:41 <DIR> d-------- C:\QUARANTINE

2008-11-04 20:48 . 2008-11-04 20:48 664 --a------ c:\windows\system32\d3d9caps.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-03 21:48 --------- d-----w c:\program files\AIKO 82D

2008-11-13 22:10 --------- d-----w c:\program files\JetAudio

2008-10-31 17:21 --------- d-----w c:\program files\GbPlugin

2008-10-29 19:39 --------- d-----w c:\program files\MSECache

2008-10-28 19:59 --------- d-----w c:\program files\CDisplay

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 19:01 --------- d-----w c:\documents and settings\cris\Application Data\COWON

2008-10-20 22:40 --------- d-----w c:\program files\D-Tools

2008-10-19 13:20 --------- d-----w c:\program files\QuickTime

2008-10-19 13:20 --------- d-----w c:\program files\K-Lite Codec Pack

2008-10-19 13:20 --------- d-----w c:\program files\Common Files\COWON

2008-10-19 13:20 --------- d-----w c:\program files\Apple Software Update

2008-10-19 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-10-19 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-10-19 13:20 --------- d-----w c:\documents and settings\a168351\Application Data\InstallShield

2008-10-17 21:38 --------- d-----w c:\documents and settings\a168351\Application Data\LucasArts

2008-10-16 16:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 16:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 16:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 16:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 16:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 16:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 16:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 16:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 16:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 16:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-15 23:05 --------- d-----w c:\program files\BitComet

2008-10-07 01:01 --------- d-----w c:\documents and settings\a168351\Application Data\Apple Computer

2008-10-03 16:56 --------- d-----w c:\program files\Common Files\Apple

2008-09-30 18:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-29 23:04 410,976 ----a-w c:\windows\system32\deploytk.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-05-20 14:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat

.

((((((((((((((((((((((((((((( snapshot@2008-12-01_12.30.30.18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-12-02 11:47:35 68,608 ----a-w c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2008-12-02 11:47:43 72,192 ----a-w c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2008-12-02 11:50:36 151,552 ----a-w c:\windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2008-12-02 11:47:43 4,308,992 ----a-w c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2008-12-02 11:51:06 3,915,776 ----a-w c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2008-12-02 11:47:44 482,304 ----a-w c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2008-12-02 11:47:40 2,878,976 ----a-w c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2008-12-02 11:47:32 258,048 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2008-12-02 11:47:32 114,176 ----a-w c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2008-12-02 11:51:08 344,064 ----a-w c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2008-12-02 11:47:47 260,096 ----a-w c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2008-12-02 11:47:37 5,025,792 ----a-w c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2008-12-02 11:47:35 10,752 ----a-w c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2008-12-02 11:47:31 503,808 ----a-w c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2008-12-02 11:47:33 13,312 ----a-w c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2008-12-02 11:47:41 8,192 ----a-w c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2008-12-02 11:47:42 36,864 ----a-w c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2008-12-02 11:47:42 5,632 ----a-w c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2008-12-02 11:47:33 413,696 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2008-12-02 11:47:34 36,864 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2008-12-02 11:47:34 647,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2008-12-02 11:47:34 73,728 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2008-12-02 11:47:33 745,472 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2008-12-02 11:50:36 352,256 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2008-12-02 11:47:49 110,592 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2008-12-02 11:47:49 372,736 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2008-12-02 11:47:30 28,672 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2008-12-02 11:47:48 667,648 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2008-12-02 11:47:49 5,632 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2008-12-02 11:47:31 12,800 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2008-12-02 11:47:31 32,768 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2008-12-02 11:47:31 7,168 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2008-12-02 11:51:06 593,920 ----a-w c:\windows\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll

+ 2008-12-02 11:51:06 32,768 ----a-w c:\windows\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll

+ 2008-12-02 11:51:07 184,320 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2008-12-02 11:51:07 126,976 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2008-12-02 11:51:07 376,832 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2008-12-02 11:51:07 151,552 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2008-12-02 11:51:06 4,972,544 ----a-w c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2008-12-02 11:51:07 897,024 ----a-w c:\windows\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2008-12-02 11:51:07 528,384 ----a-w c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2008-12-02 11:50:37 94,208 ----a-w c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2008-12-02 11:47:46 110,592 ----a-w c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2008-12-02 11:47:36 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2008-12-02 11:47:46 389,120 ----a-w c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2008-12-02 11:47:44 716,800 ----a-w c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2008-12-02 11:47:32 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2008-12-02 11:47:41 5,050,368 ----a-w c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2008-12-02 11:47:36 188,416 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2008-12-02 11:47:36 397,312 ----a-w c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2008-12-02 11:47:37 81,920 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2008-12-02 11:47:47 700,416 ----a-w c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2008-12-02 11:50:37 126,976 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2008-12-02 11:50:37 401,408 ----a-w c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2008-12-02 11:50:37 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2008-12-02 11:47:45 368,640 ----a-w c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2008-12-02 11:47:47 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2008-12-02 11:47:45 299,008 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2008-12-02 11:47:45 131,072 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2008-12-02 11:50:38 884,736 ----a-w c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2008-12-02 11:47:35 258,048 ----a-w c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2008-12-02 11:50:40 159,744 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

+ 2008-12-02 11:50:40 16,384 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

+ 2008-12-02 11:50:38 5,623,808 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2008-12-02 11:47:37 114,688 ----a-w c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2008-12-02 11:51:08 688,128 ----a-w c:\windows\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2008-12-02 11:47:48 835,584 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2008-12-02 11:47:38 86,016 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2008-12-02 11:47:38 823,296 ----a-w c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2008-12-02 11:47:39 5,316,608 ----a-w c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2008-12-02 11:54:53 1,108,784 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll

+ 2008-12-02 11:54:54 1,641,272 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll

+ 2008-12-02 11:54:54 588,592 ----a-w c:\windows\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll

+ 2008-12-02 11:47:40 2,035,712 ----a-w c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2008-12-02 11:47:47 3,018,752 ----a-w c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2008-12-02 11:51:07 163,840 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2008-12-02 11:51:07 372,736 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2008-12-02 11:51:07 32,768 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2008-12-02 11:51:07 86,016 ----a-w c:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2008-12-02 11:51:06 1,167,360 ----a-w c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2008-12-02 11:51:08 81,920 ----a-w c:\windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2008-12-02 11:52:12 26,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc170eec33b8284da1ab89421eb86a83\Accessibility.ni.dll

+ 2008-12-02 14:20:01 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\2718870fd153494f96888f7db6daed36\AspNetMMCExt.ni.dll

+ 2008-12-02 14:19:29 434,176 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\253e9cfffa85b745acb171a378eb9221\ComSvcConfig.ni.exe

+ 2008-12-02 14:20:02 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\7b6418ef8d58c248855e6bf589da7e36\CustomMarshalers.ni.dll

+ 2008-12-02 14:20:02 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\5932d99512e9f340ab45968a22f01581\dfsvc.ni.exe

+ 2008-12-02 14:20:03 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\91b2c9db3f5e8b42b2855c9bd47ee531\Microsoft.Build.Engine.ni.dll

+ 2008-12-02 11:55:13 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c839df7cd7198c4a8ca7176b0def9359\Microsoft.Build.Framework.ni.dll

+ 2008-12-02 11:55:16 1,691,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\da923feaa5c5654394d53ef395e0b2b3\Microsoft.Build.Tasks.ni.dll

+ 2008-12-02 11:55:13 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\ab650669c941e24cbb1b4515681cd43e\Microsoft.Build.Utilities.ni.dll

+ 2008-12-02 14:19:32 1,069,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\df9ce052e23d2140aedbd0e0c954f20f\Microsoft.Transactions.Bridge.ni.dll

+ 2008-12-02 14:19:33 405,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0c9d0a4ba87b6449ae27dfacbf02ab3\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2008-12-02 14:20:05 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e6110d89381b4941b6da5140509d406d\Microsoft.VisualBasic.ni.dll

+ 2008-12-02 11:51:42 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\e86a8e72f64a404aac3ce51cb252314f\Microsoft.VisualC.ni.dll

+ 2008-12-02 11:48:21 11,415,552 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c208822e2873eb42a61302432ed29877\mscorlib.ni.dll

+ 2008-12-02 14:20:07 1,576,960 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\181ffe4082a89d47a5979428714824d1\PresentationBuildTasks.ni.dll

+ 2008-12-02 11:53:05 40,448 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\9918ac74c7440c4d9b12a35a49f3c695\PresentationCFFRasterizer.ni.dll

+ 2008-12-02 11:53:04 12,038,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fd927128e18da24f86e95eb7fcbece60\PresentationCore.ni.dll

+ 2008-12-02 11:54:40 49,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\1baca205e1954841b943d829158acf18\PresentationFontCache.ni.exe

+ 2008-12-02 11:54:37 266,240 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1e4727067e097a41a2272404354bcfb0\PresentationFramework.Royale.ni.dll

+ 2008-12-02 11:54:36 548,864 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\47de19f1c1c9d347a88dda948cbb2f91\PresentationFramework.Luna.ni.dll

+ 2008-12-02 11:54:35 204,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e2ca01bdada9d4a8cfe4af203fffbe2\PresentationFramework.Classic.ni.dll

+ 2008-12-02 11:54:16 14,643,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8592f23d743a54ebfac658800e63667\PresentationFramework.ni.dll

+ 2008-12-02 11:54:38 393,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f9af3483d897554b9d3bd58bfeca7751\PresentationFramework.Aero.ni.dll

+ 2008-12-02 11:54:23 1,757,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\7c5c9cb0936780409edfa13055657021\PresentationUI.ni.dll

+ 2008-12-02 11:54:30 2,334,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\d2ac7d57e9f1644dbc6a6c04930ca2cb\ReachFramework.ni.dll

+ 2008-12-02 14:19:33 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\8fb5ac0e727f2c4f87b552fafc215c11\ServiceModelReg.ni.exe

+ 2008-12-02 14:19:34 286,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\865c8c52c64b0a4d8407b8504e3de789\SMDiagnostics.ni.dll

+ 2008-12-02 14:19:34 323,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c99b9851be959943bc87b3d4366ccc64\SMSvcHost.ni.exe

+ 2008-12-02 14:20:10 262,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\032bf53dbae8fb45b215aa10606f030c\sysglobl.ni.dll

+ 2008-12-02 11:52:20 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\94897c1bbdc4104588d7b5715a40259d\System.Configuration.Install.ni.dll

+ 2008-12-02 11:51:36 962,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a2b3b95a0807a847a700c17789478afe\System.Configuration.ni.dll

+ 2008-12-02 11:52:17 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\e6d75b3535d0f24289e893106ccecc72\System.Data.OracleClient.ni.dll

+ 2008-12-02 11:51:41 2,703,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\6a6d39e75fda1642819b088d10f469fd\System.Data.SqlXml.ni.dll

+ 2008-12-02 11:49:20 6,688,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\82a98108b767364691b3573149d32000\System.Data.ni.dll

+ 2008-12-02 11:52:15 1,712,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e19d04d2de9c394a936eff8e5a408c38\System.Deployment.ni.dll

+ 2008-12-02 11:49:36 10,723,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a715e2cf05528b4c9635879b7d776bf0\System.Design.ni.dll

+ 2008-12-02 11:51:48 1,220,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5c3893a53c100545b66a073f48625d68\System.DirectoryServices.ni.dll

+ 2008-12-02 11:52:19 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\fc353eecc9617040adf3adeb97df7165\System.DirectoryServices.Protocols.ni.dll

+ 2008-12-02 11:48:39 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\16228cfdca78b441a09460c9bf61273f\System.Drawing.Design.ni.dll

+ 2008-12-02 11:48:42 1,626,112 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\39b6333324be7142aa6f69068bb221a6\System.Drawing.ni.dll

+ 2008-12-02 11:51:46 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94dde0bbb451d8498ab91d028e0453e0\System.EnterpriseServices.ni.dll

+ 2008-12-02 11:51:45 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\94dde0bbb451d8498ab91d028e0453e0\System.EnterpriseServices.Wrapper.dll

+ 2008-12-02 14:18:56 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ecee06d3d2c736418969b1c9c0a8ee9b\System.IdentityModel.Selectors.ni.dll

+ 2008-12-02 14:18:54 995,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\536381665e178b46ab655f81fe4caedc\System.IdentityModel.ni.dll

+ 2008-12-02 14:18:57 425,984 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\af6267fd69b7d54387b3b7d64458ea50\System.IO.Log.ni.dll

+ 2008-12-02 11:55:22 655,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\4791a46d991dd247af28f66becb8c403\System.Messaging.ni.dll

+ 2008-12-02 11:54:33 1,052,672 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\fc9946a36fedfd448a6d09c75310cff8\System.Printing.ni.dll

+ 2008-12-02 11:51:50 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\25590e3a91948e45b2c54b4ea004afc4\System.Runtime.Remoting.ni.dll

+ 2008-12-02 14:19:01 2,371,584 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\303b63786d6ee949a21219fba65eebe4\System.Runtime.Serialization.ni.dll

+ 2008-12-02 11:52:13 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ec32b81fbc41584f8fbf198e5f2ed275\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2008-12-02 11:51:42 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\af5218f85ab2714ba609587460045dcc\System.Security.ni.dll

+ 2008-12-02 14:19:28 17,506,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\b679a613a00d8744982834b834f7601a\System.ServiceModel.ni.dll

+ 2008-12-02 11:52:19 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\296246f37b7cf14db0445a77d2844774\System.ServiceProcess.ni.dll

+ 2008-12-02 14:20:10 2,043,904 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\82cc2f120d765d4283f5379a6287d322\System.Speech.ni.dll

+ 2008-12-02 11:51:44 684,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\45be14f2bd3d4f4681ddd242034a74b3\System.Transactions.ni.dll

+ 2008-12-02 14:20:15 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\fbc90121a36a43448010915da54a84b2\System.Web.Mobile.ni.dll

+ 2008-12-02 11:52:18 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\ba40c9511ca14f45ad788b73b97d2065\System.Web.RegularExpressions.ni.dll

+ 2008-12-02 11:52:12 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\fedb0f4bfa940b4788c2e5a819e8c6f6\System.Web.Services.ni.dll

+ 2008-12-02 11:52:08 11,808,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d195ee0afabe4a4a91cf5f8b9b125c62\System.Web.ni.dll

+ 2008-12-02 11:49:00 13,107,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4dd46f9db2e5164d84c4a26141ff2803\System.Windows.Forms.ni.dll

+ 2008-12-02 11:55:03 2,965,504 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\3b1d3ef32d9b6944b1f0b30a852955b2\System.Workflow.Activities.ni.dll

+ 2008-12-02 11:55:12 4,599,808 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1fdce67f82dae44398ec4f23c1ac1651\System.Workflow.ComponentModel.ni.dll

+ 2008-12-02 11:55:21 2,064,384 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6560699d3b23ff47a7daf94286ca423a\System.Workflow.Runtime.ni.dll

+ 2008-12-02 11:49:10 5,640,192 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\366337df666fcf4e9a53cbc43549885e\System.Xml.ni.dll

+ 2008-12-02 11:48:37 8,093,696 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\892be56d5f28454d8228c1f617669f6c\System.ni.dll

+ 2008-12-02 14:20:16 483,328 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\a030bc973a2d6447a3312a78cb1a82d8\UIAutomationClient.ni.dll

+ 2008-12-02 14:20:18 1,122,304 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\b8c400f81d55eb468aeabd2df72fa10d\UIAutomationClientsideProviders.ni.dll

+ 2008-12-02 11:53:04 51,200 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8b8f54cd61eec84da37c613b935fc050\UIAutomationProvider.ni.dll

+ 2008-12-02 11:53:05 196,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\1d5b9dbc4c13eb4c8cbe90250fac1105\UIAutomationTypes.ni.dll

+ 2008-12-02 11:51:33 3,289,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5dfc41156354f64c9e48495d333dbcce\WindowsBase.ni.dll

+ 2008-12-02 14:20:20 245,760 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\81291989b5121e4caa6bf18284853a8d\WindowsFormsIntegration.ni.dll

+ 2008-12-02 14:19:35 380,928 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\2d0613bcd416eb4d8cb8ebbad4a8df45\WsatConfig.ni.exe

+ 2008-12-02 02:14:33 10,134 ----a-r c:\windows\Installer\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\ARPPRODUCTICON.exe

+ 2008-12-02 02:14:33 8,854 ----a-r c:\windows\Installer\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\NewShortcut15_E2CBBE559A074AF98E8596196B075190.exe

+ 2008-12-02 02:14:33 458,752 ----a-r c:\windows\Installer\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe

+ 2008-12-02 02:14:33 8,854 ----a-r c:\windows\Installer\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe

+ 2008-12-02 02:14:33 458,752 ----a-r c:\windows\Installer\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe

+ 2008-12-02 02:14:33 8,854 ----a-r c:\windows\Installer\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe

+ 2008-12-02 11:56:30 25,214 ----a-r c:\windows\Installer\{18B5996A-643E-4176-9BEB-27C45C9F1FC3}\ARPPRODUCTICON.exe

+ 2008-12-02 11:56:30 207,886 ----a-r c:\windows\Installer\{18B5996A-643E-4176-9BEB-27C45C9F1FC3}\NewShortcut14_E863725B9FA14F91A34D6C9ECDD439AB.exe

+ 2008-12-02 11:56:30 207,886 ----a-r c:\windows\Installer\{18B5996A-643E-4176-9BEB-27C45C9F1FC3}\NewShortcut15_E863725B9FA14F91A34D6C9ECDD439AB.exe

+ 2008-12-02 11:56:30 25,214 ----a-r c:\windows\Installer\{18B5996A-643E-4176-9BEB-27C45C9F1FC3}\UNINST_Uninstall_N_03528A017E5E4C5F94DF1D8012E969EF.exe

+ 2008-12-02 12:08:35 10,134 ----a-r c:\windows\Installer\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}\ARPPRODUCTICON.exe

+ 2008-12-02 02:14:43 3,262 ----a-r c:\windows\Installer\{2A0A6470-FD0F-4F45-9B11-85F3167DB943}\ARPPRODUCTICON.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\ARPPRODUCTICON.exe

+ 2008-12-02 01:23:57 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut1_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:57 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut2_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:57 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut4_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut41_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut410_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut42_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut43_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut44_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut45_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:57 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut46_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut47_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:56 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut48_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:57 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut49_2D21ECE38EC14315AE4E1970FB3AF17A.exe

+ 2008-12-02 01:23:57 8,854 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\UNINST_Uninstall_N_2D21ECE38EC14315AE4E1970FB3AF17A_1.exe

+ 2008-12-02 13:11:50 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

+ 2008-12-02 00:57:44 53,248 ----a-r c:\windows\Installer\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}\ConnectionManager._B92F3B0BBF53469CBCC10EF40F27B950.exe

+ 2008-12-02 00:57:44 53,248 ----a-r c:\windows\Installer\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}\GetConnected.exe_B92F3B0BBF53469CBCC10EF40F27B950.exe

+ 2008-12-02 00:57:44 53,248 ----a-r c:\windows\Installer\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}\NewShortcut1_B92F3B0BBF53469CBCC10EF40F27B950.exe

+ 2008-12-02 01:22:40 287,934 ----a-r c:\windows\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\ARPPRODUCTICON.exe

+ 2008-12-02 01:22:40 327,680 ----a-r c:\windows\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\NSLauncher2_8C75ED63874746D18905B6C4AF1D7A30.exe

+ 2008-12-02 01:22:40 327,680 ----a-r c:\windows\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\UpdateManager1_8C75ED63874746D18905B6C4AF1D7A30.exe

+ 2008-12-02 02:15:05 3,262 ----a-r c:\windows\Installer\{CBDE9C7D-CF52-4558-B23E-B66359CB586A}\ARPPRODUCTICON.exe

+ 2008-12-02 12:09:15 15,086 ----a-r c:\windows\Installer\{D5577624-0626-4C4B-87AA-D966DA1739D6}\ARPPRODUCTICON.exe

+ 2008-12-02 01:23:39 17,542 ----a-r c:\windows\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\ARPPRODUCTICON.exe

+ 2008-12-02 01:23:39 57,344 ----a-r c:\windows\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\NewShortcut1_84286F5379AD4EED8488EA5F9B6C2260.exe

+ 2008-12-02 01:23:39 57,344 ----a-r c:\windows\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\NewShortcut2_84286F5379AD4EED8488EA5F9B6C2260.exe

+ 2008-12-02 01:24:13 53,248 ----a-r c:\windows\Installer\{F4EE8763-EAA8-4BC1-8594-8501F5F00414}\OneTouchAccess.exe_798444D892B841D0974FD036F183E4F6.exe

+ 2008-12-02 00:57:50 53,248 ----a-r c:\windows\Installer\{F779EC8D-6703-4C4A-817C-37B07898E647}\NewShortcut1_7E0E14B4308047F9BF740889375E0D12.exe

+ 2008-12-02 01:24:08 126,976 ----a-r c:\windows\Installer\{F89E5AD8-AE47-49B5-B9F9-C498791E6255}\MusicManager.exe_58E2399BE04F47D0938CE6D57AD2B893.exe

+ 2008-12-02 01:22:59 53,248 ----a-r c:\windows\Installer\{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}\MultimediaPlayer.e_8AE366AE32CF4CE180FEA01AF94D63E8.exe

+ 2008-12-02 00:57:55 53,248 ----a-r c:\windows\Installer\{FD349381-D79C-4E5C-8980-015DFFB962D5}\ApplicationInstall_EA4C92A9D39C4B42BE70DAD133D61BC1.exe

- 2003-03-05 07:57:46 57,344 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2005-09-23 09:28:52 72,704 ----a-w c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

- 2003-03-05 08:02:44 5,120 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2005-09-23 09:28:52 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2005-09-23 09:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2005-09-23 09:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2005-09-23 09:28:56 7,680 ----a-w c:\windows\Microsoft.NET\Framework\SharedReg12.dll

- 2003-03-05 07:57:44 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2005-09-23 09:28:52 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll

+ 2005-09-23 09:28:36 18,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll

+ 2005-09-23 09:28:42 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

+ 2005-09-23 09:28:44 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll

+ 2005-09-23 09:29:04 183,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll

+ 2005-09-23 09:28:28 208,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll

+ 2005-09-23 09:28:56 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll

+ 2005-09-23 09:28:58 138,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll

+ 2005-09-23 09:28:36 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll

+ 2005-09-23 09:28:58 55,488 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe

+ 2005-09-23 09:28:32 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe

+ 2005-09-23 09:28:32 10,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll

+ 2005-09-23 09:28:32 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll

+ 2005-09-23 09:28:32 23,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll

+ 2005-09-23 09:28:32 70,656 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll

+ 2005-09-23 09:28:32 13,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe

+ 2005-09-23 09:28:32 26,824 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe

+ 2005-09-23 09:28:32 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe

+ 2005-09-23 09:28:32 29,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

+ 2005-09-23 09:28:32 29,888 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2005-09-23 09:28:32 503,808 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll

+ 2005-09-23 09:28:56 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe

+ 2005-09-23 09:28:56 88,576 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll

+ 2005-09-23 09:28:42 76,984 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe

+ 2005-09-23 09:28:42 1,144,832 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll

+ 2005-09-23 09:28:42 13,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll

+ 2005-09-23 09:28:58 17,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll

+ 2005-09-23 09:28:56 68,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll

+ 2005-09-23 09:28:44 31,936 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe

+ 2005-09-23 09:28:38 52,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll

+ 2005-09-23 09:28:38 4,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

+ 2005-09-23 09:29:12 547,840 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

+ 2005-09-23 09:28:56 788,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

+ 2005-09-23 09:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll

+ 2005-09-23 09:28:56 9,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe

+ 2005-09-23 09:28:56 8,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll

+ 2005-09-23 09:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll

+ 2005-09-23 09:28:56 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll

+ 2005-09-23 09:28:56 224,952 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe

+ 2005-09-23 09:28:56 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe

+ 2005-09-23 09:28:56 55,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll

+ 2005-09-23 09:28:56 72,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll

+ 2005-09-23 09:28:48 40,960 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe

+ 2008-12-02 11:46:34 609,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

+ 2008-12-02 11:46:34 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll

+ 2008-12-02 11:46:34 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll

+ 2008-12-02 11:46:34 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll

+ 2008-12-02 11:46:34 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll

+ 2008-12-02 11:46:34 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll

+ 2008-12-02 11:46:34 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll

+ 2008-12-02 11:46:34 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll

+ 2008-12-02 11:46:34 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll

+ 2008-12-02 11:46:35 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll

+ 2008-12-02 11:46:35 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll

+ 2008-12-02 11:46:35 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll

+ 2008-12-02 11:46:35 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll

+ 2008-12-02 11:46:35 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll

+ 2008-12-02 11:46:35 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll

+ 2008-12-02 11:46:35 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll

+ 2008-12-02 11:46:35 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll

+ 2008-12-02 11:46:35 83,456 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll

+ 2008-12-02 11:46:35 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll

+ 2008-12-02 11:46:35 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll

+ 2008-12-02 11:46:35 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll

+ 2008-12-02 11:46:35 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll

+ 2008-12-02 11:46:35 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll

+ 2008-12-02 11:46:35 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll

+ 2008-12-02 11:46:35 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll

+ 2008-12-02 11:46:35 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll

+ 2008-12-02 11:46:37 245,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll

+ 2005-09-23 09:28:48 413,696 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll

+ 2005-09-23 09:28:48 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll

+ 2005-09-23 09:28:48 647,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll

+ 2005-09-23 09:28:48 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll

+ 2005-09-23 09:28:48 745,472 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll

+ 2005-09-23 09:29:10 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2005-09-23 09:29:10 372,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll

+ 2005-09-23 09:29:08 667,648 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll

+ 2005-09-23 09:28:30 28,672 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll

+ 2005-09-23 09:29:10 5,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll

+ 2005-09-23 09:28:30 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll

+ 2005-09-23 09:28:30 12,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2005-09-23 09:28:30 7,168 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll

+ 2005-09-23 09:28:32 87,552 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll

+ 2005-09-23 09:28:48 69,632 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

+ 2005-09-23 09:28:56 800,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2005-09-23 09:28:56 73,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll

+ 2005-09-23 09:28:56 288,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll

+ 2005-09-23 09:28:56 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll

+ 2005-09-23 09:28:56 326,144 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

+ 2005-09-23 09:28:56 81,408 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll

+ 2005-09-23 09:28:56 4,308,992 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2005-09-23 09:28:56 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll

+ 2005-09-23 09:29:00 330,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

+ 2005-09-23 09:28:56 67,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

+ 2005-09-23 09:28:50 9,216 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll

+ 2005-09-23 09:28:56 226,816 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll

+ 2005-09-23 09:28:56 66,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

+ 2005-09-23 09:28:56 10,240 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll

+ 2005-09-23 09:28:50 5,615,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2005-09-23 09:29:00 22,528 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll

+ 2005-09-23 09:28:56 96,440 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

+ 2005-09-23 09:28:56 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll

+ 2005-09-23 09:28:56 78,336 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll

+ 2005-09-23 09:28:50 136,192 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll

+ 2005-09-23 09:28:56 53,248 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe

+ 2005-09-23 09:28:56 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

+ 2005-09-23 09:29:02 59,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe

+ 2005-09-23 09:28:58 7,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2005-09-23 09:28:56 107,520 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll

+ 2005-09-23 09:29:00 85,504 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll

+ 2005-09-23 09:28:56 377,344 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll

+ 2005-09-23 09:28:56 110,592 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll

+ 2005-09-23 09:28:58 389,120 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll

+ 2005-09-23 09:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll

+ 2005-09-23 09:28:56 2,878,976 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll

+ 2005-09-23 09:28:56 482,304 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll

+ 2005-09-23 09:28:56 716,800 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll

+ 2005-09-23 09:28:38 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll

+ 2005-09-23 09:28:56 5,050,368 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll

+ 2005-09-23 09:28:56 397,312 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll

+ 2005-09-23 09:28:56 188,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll

+ 2005-09-23 09:28:56 3,018,752 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2005-09-23 09:28:56 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll

+ 2005-09-23 09:28:56 700,416 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2005-09-23 09:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll

+ 2005-09-23 09:28:56 47,616 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll

+ 2005-09-23 09:28:56 114,176 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll

+ 2005-09-23 09:28:56 368,640 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll

+ 2005-09-23 09:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll

+ 2005-09-23 09:28:56 299,008 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll

+ 2005-09-23 09:28:56 131,072 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll

+ 2005-09-23 09:28:56 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2005-09-23 09:28:56 114,688 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll

+ 2005-09-23 09:28:56 260,096 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll

+ 2005-09-23 09:28:56 5,025,792 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2005-09-23 09:28:56 835,584 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll

+ 2005-09-23 09:28:56 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll

+ 2005-09-23 09:28:56 823,296 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll

+ 2005-09-23 09:28:56 5,316,608 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll

+ 2005-09-23 09:28:56 2,035,712 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll

+ 2005-09-23 09:28:56 71,680 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL

+ 2005-09-23 09:29:06 1,140,920 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

+ 2005-09-23 09:28:30 1,306,624 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll

+ 2005-09-23 09:28:32 298,496 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2005-09-23 09:28:56 28,160 ----a-w c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

+ 2006-10-30 06:06:24 74,012 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\baseline.dat

+ 2006-10-30 05:25:56 99,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\DeleteTemp.exe

+ 2006-10-30 01:15:06 220,672 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\dlmgr.dll

+ 2006-10-30 01:17:56 1,054,720 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\gencomp.dll

+ 2006-10-30 01:14:26 163,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\HtmlLite.dll

+ 2006-10-30 05:25:54 194,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\RebootStub.exe

+ 2006-10-30 05:25:56 167,176 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\runmsi.exe

+ 2006-10-30 05:25:56 365,320 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

+ 2006-10-30 05:17:12 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1025.dll

+ 2006-10-30 05:17:30 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1028.dll

+ 2006-10-30 05:17:36 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1029.dll

+ 2006-10-30 05:17:44 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1030.dll

+ 2006-10-30 05:17:50 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1031.dll

+ 2006-10-30 05:17:56 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1032.dll

+ 2006-10-30 05:18:10 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1035.dll

+ 2006-10-30 05:18:16 91,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1036.dll

+ 2006-10-30 05:18:22 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1037.dll

+ 2006-10-30 05:18:30 89,600 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1038.dll

+ 2006-10-30 05:18:36 88,064 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1040.dll

+ 2006-10-30 05:18:42 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1041.dll

+ 2006-10-30 05:18:48 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1042.dll

+ 2006-10-30 05:18:56 87,040 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1043.dll

+ 2006-10-30 05:19:02 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1044.dll

+ 2006-10-30 05:19:08 86,528 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1045.dll

+ 2006-10-30 05:19:14 84,480 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1046.dll

+ 2006-10-30 05:19:28 82,944 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1049.dll

+ 2006-10-30 05:19:34 83,968 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1053.dll

+ 2006-10-30 05:19:42 82,432 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.1055.dll

+ 2006-10-30 05:17:24 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2052.dll

+ 2006-10-30 05:19:22 90,624 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.2070.dll

+ 2006-10-30 05:18:02 90,112 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.3082.dll

+ 2006-10-30 01:15:20 80,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setupres.dll

+ 2006-10-30 01:15:22 1,621,504 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\SITSetup.dll

+ 2006-10-30 01:16:52 1,139,712 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs_setup.dll

+ 2006-10-30 01:18:26 590,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vs70uimgr.dll

+ 2006-10-30 01:20:20 541,184 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsbasereqs.dll

+ 2006-10-30 01:18:12 816,128 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\vsscenario.dll

+ 2006-10-30 05:17:14 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1025.dll

+ 2006-10-30 05:17:30 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1028.dll

+ 2006-10-30 05:17:38 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1029.dll

+ 2006-10-30 05:17:44 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1030.dll

+ 2006-10-30 05:17:50 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1031.dll

+ 2006-10-30 05:17:58 104,448 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1032.dll

+ 2006-10-30 05:18:10 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1035.dll

+ 2006-10-30 05:18:16 103,424 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1036.dll

+ 2006-10-30 05:18:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1037.dll

+ 2006-10-30 05:18:30 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1038.dll

+ 2006-10-30 05:18:36 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1040.dll

+ 2006-10-30 05:18:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1041.dll

+ 2006-10-30 05:18:50 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1042.dll

+ 2006-10-30 05:18:56 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1043.dll

+ 2006-10-30 05:19:02 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1044.dll

+ 2006-10-30 05:19:08 99,840 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1045.dll

+ 2006-10-30 05:19:16 99,328 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1046.dll

+ 2006-10-30 05:19:28 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1049.dll

+ 2006-10-30 05:19:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1053.dll

+ 2006-10-30 05:19:42 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.1055.dll

+ 2006-10-30 05:17:24 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2052.dll

+ 2006-10-30 05:19:22 101,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.2070.dll

+ 2006-10-30 05:18:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.3082.dll

+ 2006-10-30 01:18:36 98,816 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapRes.dll

+ 2006-10-30 01:19:30 1,103,872 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\WapUI.dll

+ 2006-10-30 05:34:02 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe

+ 2006-10-30 05:33:58 741,376 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

+ 2008-12-02 11:50:27 626,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.exe

+ 2008-12-02 11:50:27 80,896 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\install.res.1033.dll

+ 2006-10-30 05:34:00 352,256 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll

+ 2006-10-30 05:34:00 151,552 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll

+ 2006-10-30 05:34:02 2,560 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll

+ 2006-10-30 05:34:02 61,440 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe

+ 2006-10-30 05:34:02 11,264 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll

+ 2006-10-30 05:34:00 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMDiagnostics.dll

+ 2006-10-30 05:34:02 122,880 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

+ 2006-10-30 05:34:02 884,736 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

+ 2006-10-30 05:34:02 5,623,808 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

+ 2006-10-30 05:34:00 159,744 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll

+ 2006-10-30 05:34:00 16,384 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2006-10-30 05:34:02 143,360 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe

+ 2006-07-25 23:32:00 14,648 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe

+ 2006-10-20 18:08:52 797,696 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll

+ 2006-10-20 18:09:02 4,874,240 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll

+ 2006-10-20 16:03:40 2,628,608 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll

+ 2006-10-20 23:29:46 72,992 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll

+ 2006-10-20 23:21:24 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll

+ 2006-10-20 23:21:24 36,864 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

+ 2006-10-20 23:29:52 106,272 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2006-10-20 23:21:26 897,024 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll

+ 2006-10-20 23:21:26 14,848 ----a-w c:\windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe

+ 2006-07-11 20:07:30 89,600 ----a-w c:\windows\system32\atl71.dll

+ 2007-03-30 01:00:40 203,264 ----a-r c:\windows\system32\CddbCdda.dll

+ 2005-09-23 09:28:38 83,456 ----a-w c:\windows\system32\dfshim.dll

+ 2006-10-14 18:43:18 27,648 -c----w c:\windows\system32\dllcache\FilterPipelinePrintProc.dll

+ 2006-10-14 18:44:44 671,744 -c----w c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe

+ 2006-10-14 22:21:58 580,352 -c----w c:\windows\system32\dllcache\XPSSHHDR.dll

+ 2006-10-14 22:22:00 1,698,048 -c----w c:\windows\system32\dllcache\XpsSvcs.dll

+ 2008-03-27 18:27:46 503,008 ------w c:\windows\system32\drivers\wdf01000.sys

+ 2008-03-27 18:27:48 35,040 ------w c:\windows\system32\drivers\wdfldr.sys

+ 2008-09-15 10:56:24 17,664 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\ccdcmb.sys

+ 2008-09-15 10:56:26 91,136 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\nmwcdcls.dll

+ 2008-09-15 10:56:26 659,968 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\nmwcdcocls.dll

+ 2008-09-15 10:29:28 1,112,288 -c--a-w c:\windows\system32\DRVSTORE\ccdcmb_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\wdfcoinstaller01007.dll

+ 2008-09-15 10:56:34 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbcj_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\usbser_lowerfltj.sys

+ 2008-09-15 10:56:24 8,064 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbm_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\usbser_lowerflt.sys

+ 2008-09-15 10:56:24 22,016 -c--a-w c:\windows\system32\DRVSTORE\ccdcmbo_338785DB262FD86AC1597B0D3A9EE1F4A4B5E460\ccdcmbo.sys

+ 2008-02-01 18:17:12 138,112 -c--a-w c:\windows\system32\DRVSTORE\nmwcdnsu_44DA5D9994D88495A1C1116BFFF6763CF67ABD72\nmwcdnsu.sys

+ 2008-02-01 18:17:06 8,320 -c--a-w c:\windows\system32\DRVSTORE\nmwcdnsuc_44DA5D9994D88495A1C1116BFFF6763CF67ABD72\nmwcdnsuc.sys

+ 2007-09-17 17:53:26 21,632 -c--a-w c:\windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys

+ 2008-05-20 12:37:00 525,824 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\PCCSWpdDriver.dll

+ 2008-05-20 12:32:30 831,048 -c--a-w c:\windows\system32\DRVSTORE\pccswpddri_66268C3E0C6968D7F539EAEAD801C68E0DB54FE9\WudfUpdate_01005.dll

+ 2006-10-20 23:29:46 69,408 ----a-w c:\windows\system32\dxva2.dll

+ 2006-10-20 23:30:00 478,496 ----a-w c:\windows\system32\evr.dll

- 2008-10-29 21:22:45 260,640 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-12-02 12:12:09 263,824 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2006-10-30 05:33:58 556,296 ----a-w c:\windows\system32\icardagt.exe

+ 2006-10-30 05:33:58 9,480 ----a-w c:\windows\system32\icardres.dll

+ 2000-08-04 16:25:30 49,152 ----a-w c:\windows\system32\INETWH32.dll

+ 2006-10-30 05:33:58 83,968 ----a-w c:\windows\system32\infocardapi.dll

+ 2006-07-11 20:43:32 1,060,864 ----a-w c:\windows\system32\mfc71.dll

+ 2006-07-11 21:02:30 1,053,184 ----a-w c:\windows\system32\mfc71u.dll

+ 2006-10-20 23:30:06 1,980,704 ----a-w c:\windows\system32\milcore.dll

- 2004-07-15 02:34:06 16,896 ----a-w c:\windows\system32\mscorier.dll

+ 2005-09-23 09:28:52 150,016 ----a-w c:\windows\system32\mscorier.dll

- 2003-03-05 07:57:44 106,496 ----a-w c:\windows\system32\mscories.dll

+ 2005-09-23 09:28:52 74,240 ----a-w c:\windows\system32\mscories.dll

- 2006-12-19 18:06:00 499,712 ----a-w c:\windows\system32\msvcp71.dll

+ 2006-07-11 20:35:42 503,808 ----a-w c:\windows\system32\msvcp71.dll

- 2006-12-19 18:06:00 348,160 ----a-w c:\windows\system32\msvcr71.dll

+ 2006-07-11 20:35:38 348,160 ----a-w c:\windows\system32\msvcr71.dll

+ 2003-04-18 18:29:26 82,432 ----a-w c:\windows\system32\msxml4r.dll

- 2008-12-01 11:15:55 57,080 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-03 21:35:04 74,440 ----a-w c:\windows\system32\perfc009.dat

- 2008-12-01 11:15:55 390,696 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-03 21:35:04 446,706 ----a-w c:\windows\system32\perfh009.dat

+ 2006-10-20 23:29:52 104,224 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

+ 2006-10-20 23:29:58 344,352 ----a-w c:\windows\system32\PresentationHost.exe

+ 2006-10-20 23:29:46 20,768 ----a-w c:\windows\system32\PresentationHostProxy.dll

+ 2006-10-20 23:30:02 769,312 ----a-w c:\windows\system32\PresentationNative_v0300.dll

+ 2006-10-14 18:43:38 124,416 ------w c:\windows\system32\prntvpt.dll

+ 2006-08-24 18:15:06 150,808 ----a-w c:\windows\system32\rgb9rast_2.dll

+ 2002-09-21 01:33:28 1,089,536 ----a-w c:\windows\system32\ROBOEX32.DLL

+ 2006-10-14 18:43:18 751,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll

+ 2006-10-14 18:42:40 131,584 ----a-w c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.dll

+ 2006-10-14 18:42:18 376,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrv.dll

+ 2006-10-14 18:42:28 510,464 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll

+ 2006-10-14 18:40:36 619,008 ----a-w c:\windows\system32\spool\drivers\w32x86\3\unires.dll

+ 2006-10-14 22:22:00 1,698,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\XpsSvcs.dll

+ 2006-10-14 18:43:18 27,648 ----a-w c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

+ 2006-10-14 18:44:44 671,744 ------w c:\windows\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe

+ 2006-10-14 19:13:02 34,304 ----a-w c:\windows\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

+ 2006-10-14 19:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll

+ 2006-10-14 22:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll

+ 2006-10-14 19:12:14 737,792 ----a-w c:\windows\system32\spool\XPSEP\amd64\mxdwdrv.dll

+ 2006-10-14 22:09:04 2,946,304 ----a-w c:\windows\system32\spool\XPSEP\amd64\xpssvcs.dll

+ 2006-10-14 18:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\mxdwdrv.dll

+ 2006-10-14 22:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\i386\xpssvcs.dll

+ 2006-10-14 18:43:18 751,104 ----a-w c:\windows\system32\spool\XPSEP\i386\mxdwdrv.dll

+ 2006-10-14 22:22:00 1,698,048 ----a-w c:\windows\system32\spool\XPSEP\i386\xpssvcs.dll

+ 2006-10-20 23:29:54 159,008 ----a-w c:\windows\system32\UIAutomationCore.dll

+ 2006-10-14 22:21:58 580,352 ------w c:\windows\system32\XPSSHHDR.dll

+ 2006-10-14 22:22:00 1,698,048 ------w c:\windows\system32\XpsSvcs.dll

+ 2006-10-20 23:29:54 304,928 ----a-w c:\windows\system32\XPSViewer\XPSViewer.exe

+ 2008-12-03 21:30:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_220.dat

+ 2008-09-30 18:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-09-30 18:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

+ 2006-12-02 00:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2005-09-23 03:16:02 1,093,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll

+ 2005-09-23 03:16:06 1,079,808 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll

+ 2005-09-23 03:16:08 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll

+ 2005-09-23 03:16:10 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll

+ 2006-12-02 02:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

+ 2006-12-02 02:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

+ 2006-12-02 02:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll

+ 2006-12-02 02:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll

+ 2006-12-02 02:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll

+ 2006-12-02 02:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll

+ 2006-12-02 02:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll

+ 2006-12-02 02:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll

+ 2006-12-02 02:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll

+ 2006-12-02 02:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll

+ 2006-12-02 02:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll

+ 2006-12-02 02:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll

+ 2008-12-02 11:47:32 258,048 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2008-12-02 11:47:32 114,176 ----a-w c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Google Update"="c:\documents and settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Atos Origin VPN Client.lnk - c:\vpn client\vpngui.exe [2008-05-20 1466384]

Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 117568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"disablecad"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]

"1"= winvnc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2008-10-10 05:53 2497336 c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-03-12 22:43 81920 c:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2007-04-20 14:57 162584 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

--a------ 2007-04-20 14:57 142104 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

--a------ 2006-11-03 12:01 319488 c:\windows\Pixart\PAC7311\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]

--a------ 2007-09-07 14:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-10-02 07:00 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

--a------ 2007-04-20 14:57 138008 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-09-29 21:20 144792 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 19:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2007-04-10 16:28 16126464 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WLSetupSvc"=3 (0x3)

"MDM"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\AIKO 82D\\AIKO 82D.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25457:TCP"= 25457:TCP:BitComet 25457 TCP

"25457:UDP"= 25457:UDP:BitComet 25457 UDP

R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2008-10-20 156800]

R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2008-10-20 5248]

R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2008-08-18 81920]

R2 FwcAgent;Firewall Client Agent;"c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe" [2006-12-09 128832]

R2 TOPInv3;TOP Inventory Service 3.0;c:\program files\TOPInv3\TOPInv3.exe [2008-08-26 135168]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-05-20 264576]

S3 PAC7311;Dlink DSB-C320;c:\windows\system32\DRIVERS\PA707UCM.SYS [2006-11-08 530304]

S3 sith_bus;SIT HYBRID USB Composite Device;c:\windows\system32\Drivers\sith_bus.sys [2007-06-17 22144]

S3 sith_flt;SIT Hybrid USB Filter Service;c:\windows\system32\DRIVERS\sith_flt.sys [2007-06-17 4224]

S3 sith_mdm;SIT HYBRID Modem;c:\windows\system32\Drivers\sith_mdm.sys [2007-08-03 39936]

S3 sith_prt;SIT HYBRID Status;c:\windows\system32\Drivers\sith_prt.sys [2007-08-03 38912]

.

Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-12-03 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 11:00]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-03 19:51:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-12-03 19:51:57

ComboFix-quarantined-files.txt 2008-12-03 21:51:46

ComboFix2.txt 2008-12-01 14:30:59

Pre-Run: 89,043,783,680 bytes free

Post-Run: 89,154,752,512 bytes free

744 --- E O F --- 2008-12-02 13:11:50

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Temporariamente desative o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives Scan Mail Bases
Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com
os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa,

Esse foi o mais demorado hein

Segue o log do scan na net e depois do hijack

Valeu pelo help

----------------------------------------------------------------

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Thursday, December 4, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Thursday, December 04, 2008 17:03:39

Records in database: 1436568

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

Scan statistics:

Files scanned: 55262

Threat name: 2

Infected objects: 3

Suspicious objects: 0

Duration of the scan: 01:47:07

File name / Threat name / Threats count

C:\Downloads\History's Strongest Disciple Kenichi\History's Strongest Disciple Kenichi - Volume 15 [JohnnyD].rar Infected: Virus.DOS.PS-MPC.418 1

C:\SW_UTIL\UTILITARIOS\CMDOW.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows 1

C:\WINDOWS\system32\CMDOW.EXE Infected: not-a-virus:RiskTool.Win32.HideWindows 1

The selected area was scanned.

--------------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 23:31, on 04/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOPInv3\TOPInv3.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Program Files\AIKO 82D\AIKO 82D.exe

C:\Program Files\JetAudio\jetAudio.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Documents and Settings\a168351\Desktop\CoreCodec[1].CorePlayer.1.2.0.including.keygen.by.[wl]\KgCorePlayer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Pessoal\extras\manutenção\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 216.10.242.251 internetbanking.caixa.gov.br

O1 - Hosts: 216.10.242.250 www2.bancobrasil.com.br

O1 - Hosts: 216.10.242.249 aapj.bb.com.br

O1 - Hosts: 216.10.242.240 wwws.nossacaixa.com.br

O1 - Hosts: 216.10.242.230 infobusca.experianmarketing.com.br

O1 - Hosts: 209.85.193.99 imagem.caixa.gov.br

O1 - Hosts: 209.85.193.99 www14.bancobrasil.com.br

O1 - Hosts: 209.85.193.99 www5.infoseg.gov.br

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Atos Origin VPN Client.lnk = C:\VPN Client\vpngui.exe

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\Software\..\Telephony: DomainName = samerica.br.int.atosorigin.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{68F0D05C-FDDC-4BE9-968A-76750A6CEC65}: NameServer = 200.220.227.101 200.142.130.10

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\VPN Client\cvpnd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOP Inventory Service 3.0 (TOPInv3) - Atos Origin Brasil - C:\Program Files\TOPInv3\TOPInv3.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

# Etapa nº 1 #

Amigo, as entradas abaixo mostram domínios que foram configurados no sistema; pergunto se é de seu conhecimento?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\Software\..\Telephony: DomainName = samerica.br.int.atosorigin.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

# Etapa nº 2 #

O seu programa HijackThis está sendo executado a partir duma localização não recomendável e assim os backups que fizermos não estarão seguros.

Antes de iniciarmos a resolução dos problemas do seu PC, necessitamos de corrigir a localização do HijackThis; por favor, faça o seguinte:

  • Clique com o botão direito do mouse numa área vazia do seu desktop (área de trabalho).
  • Escolha Nova -> Pasta -> escreva HJT e dê o Enter.
  • Agora clique direito do mouse em HijackThis.exe, escolha -> recortar
  • Clique direito do mouse numa área vazia e escolha colar.
  • Agora, clique direito do mouse pasta HJT e escolha -> recortar.
  • Clique em -> Iniciar -> O Meu Computador -> clique direito do mouse em -> Disco Local (normalmente C:\) -> Explorar.
  • Clique direito do mouse numa área vazia e escolha colar.

# Etapa nº 3 #
Faça o download do HostsXpert.zip
  • Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)
  • Duplo clique em HostsXpert.exe para executar o programa.
  • Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).
  • Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".
  • Clique no X para sair do programa.
  • Nota: Se você está usando um arquivo Hosts personalizado, terá novamente de o personalizar.

# Etapa nº 4 #

Faça um novo log do Hijackthis e poste aqui!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Caro p_montoya

# Etapa nº 1 #

Amigo, as entradas abaixo mostram domínios que foram configurados no sistema; pergunto se é de seu conhecimento?

Sim, esses domínios são de meu conhecimento

# Etapa nº 2 #

O seu programa HijackThis está sendo executado a partir duma localização não recomendável e assim os backups que fizermos não estarão seguros.

Antes de iniciarmos a resolução dos problemas do seu PC, necessitamos de corrigir a localização do HijackThis; por favor, faça o seguinte:

  • Clique com o botão direito do mouse numa área vazia do seu desktop (área de trabalho).
  • Escolha Nova -> Pasta -> escreva HJT e dê o Enter.
  • Agora clique direito do mouse em HijackThis.exe, escolha -> recortar
  • Clique direito do mouse numa área vazia e escolha colar.
  • Agora, clique direito do mouse pasta HJT e escolha -> recortar.
  • Clique em -> Iniciar -> O Meu Computador -> clique direito do mouse em -> Disco Local (normalmente C:\) -> Explorar.
  • Clique direito do mouse numa área vazia e escolha colar.

Imaginei que fosse pra criar uma pasta do hijackthi no C: e colei ele lá dentro, apesar das insturções parecerem dizer que é pra ele ficar no desktop.

# Etapa nº 3 #

Faça o download do HostsXpert.zip

  • Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)
  • Duplo clique em HostsXpert.exe para executar o programa.
  • Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).
  • Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".
  • Clique no X para sair do programa.
  • Nota: Se você está usando um arquivo Hosts personalizado, terá novamente de o personalizar.

Procedimento Realizado

# Etapa nº 4 #

Faça um novo log do Hijackthis e poste aqui!

Abraços :D

Logfile of HijackThis v1.99.1

Scan saved at 13:43, on 05/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

C:\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TOPInv3\TOPInv3.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

C:\Program Files\AIKO 82D\AIKO 82D.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\VPN Client\vpngui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\a168351\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Atos Origin VPN Client.lnk = C:\VPN Client\vpngui.exe

O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe

O8 - Extra context menu item: Baixar link usando &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: Baixar todos os links usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Baixar todos os vídeos usando BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\microsoft firewall client 2004\fwcwsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\Software\..\Telephony: DomainName = samerica.br.int.atosorigin.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{68F0D05C-FDDC-4BE9-968A-76750A6CEC65}: NameServer = 200.220.227.101 200.142.130.10

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = samerica.br.int.atosorigin.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\VPN Client\cvpnd.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOP Inventory Service 3.0 (TOPInv3) - Atos Origin Brasil - C:\Program Files\TOPInv3\TOPInv3.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro p_montoya

Log limpo :joia:

Etapa nº 1 #

Vamos desinstalar o ComboFix:

Vá em,

iniciar > executar e digite Combofix /u e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido!

Etapa nº 2 #

O seu Java está desatualizado.

Versões antigas e desatualizadas, estão mais vulneráveis aos malwares.

  • Faça o download da última versão do Java Runtime Environment (JRE) 6 Update 11 e salve no seu ambiente de trabalho (Desktop).
  • Navegue até "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Clique em "Download". (está do lado direito)
  • Selecione a sua Plataforma: "Windows".
  • Selecione a sua linguagem: "Português".
  • Leia a Licença de uso e marque a caixa: "Accept License Agreement".
  • Clique "Continue".
  • Clique no link para download Windows Offline Installation e salve o arquivo no seu Ambiente de Trabalho.
  • Feche todos os programas que esteja usar. Especialmente o seu Navegador (IE, Firefox, etc)
  • Clique em Iniciar -> Configurações -> Painel de Controle, duplo clique em Adicionar/Remover Programas e remova todas as versões antigas de Java.
  • Marque qualquer item , que tenha no nome: Java Runtime Environment (JRE ou J2SE). Deverá ter um icone como este javaicon.jpg
  • Clique em Remover ou Modificar/Remover.
  • Repita quantas vezes for necessário, até que tenha removido todas as versões antigas de Java que existam no seu PC.
  • Reinicie o seu computador, após ter removido as versões antigas de Java.
  • Dê agora o duplo-clique em jre-6u11-windows-i586-p.exe (está no seu desktop), para instalar a nova e mais segura versão de Java.

Etapa nº 3 #

<<@>> Instale o CCleaner

O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador.

Faça o download dele aqui CCleaner


  • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×