Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
manoeladriano

Pc travando, internet muito lenta (2)

Recommended Posts

Esses sao os ultimos logs que eu tinha postado.

Logs Systemlook e Reglook

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 20:14 on 26/07/2010 by MANU (Administrator - Elevation successful)

========== filefind ==========

Searching for "*tcpip.sys"

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys --a--- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys --a--- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys -----c 360576 bytes [16:29 24/07/2010] [00:27 03/09/2007] BD8686216E34E22C4ED45A2320B2BEA1

C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2qfe\tcpip.sys --a--- 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys --a--- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys --a--- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys --a--- 361344 bytes [19:48 23/07/2010] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733

C:\WINDOWS\system32\dllcache\tcpip.sys ------ 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

C:\WINDOWS\system32\drivers\tcpip.sys --a--- 360960 bytes [00:27 03/09/2007] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

Searching for "*sfcfiles.dll"

C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll --a--- 1571840 bytes [19:48 23/07/2010] [02:20 14/04/2008] 698F9583D1EB213B09F12DD5826A46E2

C:\WINDOWS\system32\sfcfiles.dll --a--- 1548288 bytes [17:15 02/09/2007] [17:15 02/09/2007] DB3AA410ED1228B9DF98C06549AE0763

Searching for "*mspmsnsv.dll"

C:\WINDOWS\system32\mspmsnsv.dll --a--c 27136 bytes [17:20 02/09/2007] [17:20 02/09/2007] C51B4A5C05A5475708E3C81C7765B71D

-=End Of File=-

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows

DeviceNotSelectedTimeout REG_SZ 15

GDIProcessHandleQuota REG_DWORD 0x2710

Spooler REG_SZ yes

swapdisk REG_SZ

TransmissionRetryTimeout REG_SZ 90

USERProcessHandleQuota REG_DWORD 0x2710

LoadAppInit_DLLs REG_DWORD 0x1

Compartilhar este post


Link para o post
Compartilhar em outros sites

log malwarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4341

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

23/7/2010 13:15:55

mbam-log-2010-07-23 (13-15-55).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 126919

Tempo decorrido: 8 minuto(s), 5 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 4

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoelaadriano

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::
C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll | c:\windows\system32\sfcfiles.dll
C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-08-02.03 - MANU 03/08/2010 10:45:45.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1214.651 [GMT -3:00]

Executando de: c:\documents and settings\MANU\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\MANU\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll

c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-03 to 2010-08-03 ))))))))))))))))))))))))))))

.

2010-07-26 23:01 . 2010-07-26 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 17:35 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-07-24 17:35 . 2004-08-04 03:45 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-07-24 16:34 . 2010-07-24 16:34 -------- d-----w- c:\windows\system32\KB905474

2010-07-23 17:40 . 2010-07-23 19:49 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-23 17:10 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-23 17:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-23 16:53 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-23 16:52 . 2010-05-06 10:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-23 16:52 . 2010-05-06 10:34 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-23 16:52 . 2010-05-06 10:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-23 16:52 . 2010-05-06 10:34 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-23 16:52 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-23 16:52 . 2010-05-06 10:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-23 16:52 . 2010-05-06 10:34 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-23 16:42 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-23 16:41 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-23 16:41 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-23 16:40 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-23 15:16 . 2010-07-23 15:16 -------- d-----w- c:\documents and settings\MANU\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ServicePackFiles

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ie8updates

2010-07-21 19:22 . 2009-10-15 16:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 19:22 . 2009-10-15 16:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 19:21 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 18:56 . 2009-07-31 04:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 18:42 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-21 18:37 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 18:29 . 2008-04-21 21:27 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 17:34 . 2010-07-21 17:34 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2010-07-21 17:34 . 2010-07-21 17:34 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2010-07-21 17:34 . 2010-07-21 17:34 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2010-07-20 04:03 . 2010-07-20 04:03 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-18 20:52 . 2010-07-18 20:52 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-07-18 20:52 . 2010-07-18 20:52 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-07-18 20:46 . 2010-07-18 20:46 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-07-18 20:46 . 2010-07-18 20:46 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-07-18 20:46 . 2010-07-18 20:46 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-07-18 20:46 . 2010-07-18 20:46 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 03:27 . 2007-07-21 21:40 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-07-28 03:27 . 2007-07-21 21:40 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-07-26 23:08 . 2009-06-18 01:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-18 20:52 . 2009-12-31 17:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 20:52 . 2009-12-31 17:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-18 20:51 . 2009-12-31 17:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 14:30 . 2009-06-18 00:53 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 18:10 . 2009-12-31 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-06-03 20:30 . 2010-06-03 20:30 22 ----a-w- c:\windows\Fonts\Times.txt

2010-06-03 15:27 . 2009-12-31 17:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-06 10:34 . 2007-09-02 17:27 916480 ----a-w- c:\windows\system32\wininet.dll

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2qfe\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-07-27_21.30.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-31 03:16 . 2010-03-31 03:16 99176 c:\windows\system32\PresentationHostProxy.dll

+ 2007-07-21 21:40 . 2010-07-28 03:27 67312 c:\windows\system32\perfc009.dat

- 2007-07-21 21:40 . 2010-07-26 23:14 67312 c:\windows\system32\perfc009.dat

+ 2009-11-07 04:07 . 2009-11-07 04:07 49488 c:\windows\system32\netfxperf.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 11600 c:\windows\system32\mui\0409\mscorees.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

- 2008-07-29 22:16 . 2008-07-29 22:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2010-03-23 08:31 . 2010-03-23 08:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2010-07-29 15:08 . 2010-07-29 15:08 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe

+ 2010-07-29 15:07 . 2010-07-29 15:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2010-07-29 15:08 . 2010-07-29 15:08 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2010-07-26 23:08 . 2010-07-26 23:08 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-07-26 23:14 . 2010-07-26 23:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2010-03-31 03:10 . 2010-03-31 03:10 295264 c:\windows\system32\PresentationHost.exe

- 2007-07-21 21:40 . 2010-07-26 23:14 432356 c:\windows\system32\perfh009.dat

+ 2007-07-21 21:40 . 2010-07-28 03:27 432356 c:\windows\system32\perfh009.dat

+ 2009-11-07 04:07 . 2009-11-07 04:07 297808 c:\windows\system32\mscoree.dll

+ 2010-03-31 03:16 . 2010-03-31 03:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

- 2008-07-29 22:16 . 2008-07-29 22:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-03-23 08:31 . 2010-03-23 08:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-02-09 15:22 . 2010-02-09 15:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2008-07-25 14:17 . 2008-07-25 14:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2009-08-08 02:51 . 2009-08-08 02:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-03-20 14:48 . 2009-03-20 14:48 183808 c:\windows\Installer\149393e.msp

+ 2010-02-25 03:14 . 2010-02-25 03:14 543232 c:\windows\Installer\1493917.msp

+ 2010-08-01 13:30 . 2010-08-01 13:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe

+ 2010-07-29 15:13 . 2010-07-29 15:13 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll

+ 2010-08-01 13:33 . 2010-08-01 13:33 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\07da2b0e44d62f3c65d6516f4e2f94bb\System.Messaging.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\3677b81a93d21c46cbac72c051f8c986\sysglobl.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe

+ 2010-08-01 13:30 . 2010-08-01 13:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe

+ 2010-07-29 15:11 . 2010-07-29 15:11 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe

+ 2010-08-01 13:30 . 2010-08-01 13:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe

+ 2010-08-01 13:30 . 2010-08-01 13:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

- 2010-07-26 23:08 . 2010-07-26 23:08 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-11-07 04:06 . 2009-11-07 04:06 1130824 c:\windows\system32\dfshim.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

- 2008-11-25 07:59 . 2008-11-25 07:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-03-23 08:32 . 2010-03-23 08:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-03-23 08:32 . 2010-03-23 08:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2009-08-08 02:51 . 2009-08-08 02:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2008-11-25 07:59 . 2008-11-25 07:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-08-08 02:51 . 2009-08-08 02:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-11-09 03:25 . 2009-11-09 03:25 1935360 c:\windows\Installer\1493959.msp

+ 2010-04-12 01:17 . 2010-04-12 01:17 2607104 c:\windows\Installer\1493924.msp

+ 2010-04-12 01:17 . 2010-04-12 01:17 4210688 c:\windows\Installer\1493923.msp

+ 2010-07-29 15:07 . 2010-07-29 15:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll

+ 2010-07-29 15:06 . 2010-07-29 15:06 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll

+ 2010-08-01 13:33 . 2010-08-01 13:33 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll

+ 2010-07-29 15:10 . 2010-07-29 15:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll

Compartilhar este post


Link para o post
Compartilhar em outros sites

+ 2010-08-01 13:31 . 2010-08-01 13:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll

+ 2010-07-28 03:22 . 2010-07-28 03:22 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-07-28 03:22 . 2010-07-28 03:22 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-07-26 23:08 . 2010-07-26 23:08 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2010-07-28 03:22 . 2010-07-28 03:22 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-08-14 23:32 . 2009-08-14 23:32 11110912 c:\windows\Installer\1493970.msp

+ 2010-03-31 04:23 . 2010-03-31 04:23 15638528 c:\windows\Installer\1493966.msp

+ 2010-04-12 01:17 . 2010-04-12 01:17 14599680 c:\windows\Installer\1493933.msp

+ 2010-07-29 15:08 . 2010-07-29 15:08 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll

+ 2010-07-29 15:06 . 2010-07-29 15:06 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-6-18 331776]

WinZip Quick Pick.lnk - d:\winzip\WZQKPICK.EXE [2007-12-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-18 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/12/2009 14:32 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/12/2009 14:33 243024]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [31/12/2009 14:32 308136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-08-03 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-07-24 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405726

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MANU\Dados de aplicativos\Mozilla\Firefox\Profiles\m0qjn3u5.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-MixVibesPRO.exe - c:\program files\MixVibesPro5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-03 10:50

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]

"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]

"ImagePath"="\"c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\arquivos de programas\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\docume~1\MANU\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]

"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdatacard]

"ImagePath"="system32\DRIVERS\ewusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 4.0]

"ImagePath"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo]

"ImagePath"="\"c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]

"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]

"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNIC]

"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]

"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BC5916C-C86D-45E5-BA6A-F9327DBC3DB4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{504C1D11-0C93-4E4C-864C-BFBF2AE94260}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BF83DA1A-1EF6-448A-AC36-71159725D2A2}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3632)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2010-08-03 10:52:36

ComboFix-quarantined-files.txt 2010-08-03 13:52

ComboFix2.txt 2010-07-27 21:32

ComboFix3.txt 2010-07-23 15:58

ComboFix4.txt 2010-07-20 03:18

Pré-execução: 8 pasta(s) 13.908.590.592 bytes disponíveis

Pós execução: 10 pasta(s) 13.948.690.432 bytes disponíveis

- - End Of File - - A491034E6015760F5853F6C40ACE19E5

Compartilhar este post


Link para o post
Compartilhar em outros sites

Uma janelinha escrito

"REGT.cfxxe - Não foi possivel localizar o componente - esse aplicativo não pode ser iniciado porque não foi encontrado a ACLUI.dll. A reinstalação do aplicativo pode resolver o problema"

fica abrindo insistentemente toda vez que executo o combofix... e se eu nao ficar fechando, ela não deixa o combofix trabalhar...

Editado por manoeladriano

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoelaadriano

# Etapa nº 1 #

Baixe o arquivo do link abaixo;

http://www.driverskit.com/dll/mspmsnsv.dll/2314.html

http://www.driverskit.com/dll/sfcfiles.dll/3282.html

Descompacte-os;

Transfira-os para C:

Desta forma ficariam assim:

c:\mspmsnsv.dll

C:\sfcfiles.dll

Agora faça

# Etapa nº 2 #

Faça o download do Avenger2 by Swandog46 para o seu Desktop.

  • Clique com o botão direito do mouse em Avenger.zip e escolha "Extrair tudo...", para que a pasta da ferramenta avenger seja extraida para em seu desktop.

# Etapa nº 3 #
  • Execute o Avenger, clicando duas vezes em seu ícone;
  • Na janela que aparecer clique em Ok;
  • Certifique a caixa abaixo Scan for rootkits esteja selecionada;
  • E que a caixa abaixo, Automatically disable any rootkits found não esteja selecionada;
  • Em Input script here: copie (control + c) agora todo o texto (realçado em verde) que está dentro da "citação" abaixo:

Begin copying here:

files to move:

c:\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll

C:\sfcfiles.dll | c:\windows\system32\sfcfiles.dll

  • Clique no botão Execute;
  • Clique em Yes;
  • Se for perguntado: First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?
    Clique em Yes para reiniciar o computador;
  • Ao iniciar será gerado um log, caso não aparece o mesmo se encontra em C:\avenger.txt;
  • Selecione todo conteúdo, copie e cole em sua próxima resposta.

# Etapa nº 3 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abrços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "c:\mspmsnsv.dll|c:\windows\system32\mspmsnsv.dll" completed successfully.

File move operation "C:\sfcfiles.dll|c:\windows\system32\sfcfiles.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 4.0]

"ImagePath"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo]

"ImagePath"="\"c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]

"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]

"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNIC]

"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]

"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BC5916C-C86D-45E5-BA6A-F9327DBC3DB4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{504C1D11-0C93-4E4C-864C-BFBF2AE94260}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BF83DA1A-1EF6-448A-AC36-71159725D2A2}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(460)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2010-08-05 00:30:40

ComboFix-quarantined-files.txt 2010-08-05 03:30

ComboFix2.txt 2010-08-03 13:52

ComboFix3.txt 2010-07-27 21:32

ComboFix4.txt 2010-07-23 15:58

ComboFix5.txt 2010-08-05 03:22

Pré-execução: 10 pasta(s) 14.382.862.336 bytes disponíveis

Pós execução: 11 pasta(s) 14.372.593.664 bytes disponíveis

- - End Of File - - 4F92277D0C709CE4712BB496761A7EA2

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-08-02.03 - MANU 05/08/2010 0:23.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1214.747 [GMT -3:00]

Executando de: c:\documents and settings\MANU\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\MANU\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))

.

2010-07-26 23:01 . 2010-07-26 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 17:35 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-07-24 17:35 . 2004-08-04 03:45 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-07-24 16:34 . 2010-07-24 16:34 -------- d-----w- c:\windows\system32\KB905474

2010-07-23 17:40 . 2010-07-23 19:49 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-23 17:10 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-23 17:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-23 16:53 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-23 16:52 . 2010-05-06 10:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-23 16:52 . 2010-05-06 10:34 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-23 16:52 . 2010-05-06 10:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-23 16:52 . 2010-05-06 10:34 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-23 16:52 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-23 16:52 . 2010-05-06 10:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-23 16:52 . 2010-05-06 10:34 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-23 16:42 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-23 16:41 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-23 16:41 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-23 16:40 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-23 15:16 . 2010-07-23 15:16 -------- d-----w- c:\documents and settings\MANU\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ServicePackFiles

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ie8updates

2010-07-21 19:22 . 2009-10-15 16:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 19:22 . 2009-10-15 16:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 19:21 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 18:56 . 2009-07-31 04:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 18:42 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-21 18:37 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 18:29 . 2008-04-21 21:27 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 17:34 . 2010-07-21 17:34 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2010-07-21 17:34 . 2010-07-21 17:34 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2010-07-21 17:34 . 2010-07-21 17:34 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2010-07-20 04:03 . 2010-07-20 04:03 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-18 20:52 . 2010-07-18 20:52 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-07-18 20:52 . 2010-07-18 20:52 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-07-18 20:46 . 2010-07-18 20:46 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-07-18 20:46 . 2010-07-18 20:46 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-07-18 20:46 . 2010-07-18 20:46 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-07-18 20:46 . 2010-07-18 20:46 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 03:27 . 2007-07-21 21:40 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-07-28 03:27 . 2007-07-21 21:40 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-07-26 23:08 . 2009-06-18 01:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-18 20:52 . 2009-12-31 17:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 20:52 . 2009-12-31 17:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-18 20:51 . 2009-12-31 17:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 14:30 . 2009-06-18 00:53 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 18:10 . 2009-12-31 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-06-03 20:30 . 2010-06-03 20:30 22 ----a-w- c:\windows\Fonts\Times.txt

2010-06-03 15:27 . 2009-12-31 17:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

------- Sigcheck -------

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2004-05-13 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll

[-] 2002-11-26 23:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-6-18 331776]

WinZip Quick Pick.lnk - d:\winzip\WZQKPICK.EXE [2007-12-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-18 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/12/2009 14:32 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/12/2009 14:33 243024]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [31/12/2009 14:32 308136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-08-05 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-07-24 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405726

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MANU\Dados de aplicativos\Mozilla\Firefox\Profiles\m0qjn3u5.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-MixVibesPRO.exe - c:\program files\MixVibesPro5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-05 00:28

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]

"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]

"ImagePath"="\"c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\arquivos de programas\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\docume~1\MANU\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]

"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdatacard]

"ImagePath"="system32\DRIVERS\ewusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu segui a ordem das etapas: primeiro executei o Avenger e depois o Combofix. Executei o Avenger numa noite e como tava tarde, executei o Combofix no dia seguinte de manhã. Não sei se isso de repente influi em alguma coisa...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\mspmsnsv.dll" not found!

File move operation "c:\mspmsnsv.dll|c:\windows\system32\mspmsnsv.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\sfcfiles.dll" not found!

File move operation "C:\sfcfiles.dll|c:\windows\system32\sfcfiles.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-08-08.03 - MANU 09/08/2010 12:36:12.6.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1214.731 [GMT -3:00]

Executando de: c:\documents and settings\MANU\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-09 to 2010-08-09 ))))))))))))))))))))))))))))

.

2010-07-26 23:01 . 2010-07-26 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 17:35 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-07-24 17:35 . 2004-08-04 03:45 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-07-24 16:34 . 2010-07-24 16:34 -------- d-----w- c:\windows\system32\KB905474

2010-07-23 17:40 . 2010-07-23 19:49 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-23 17:10 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-23 17:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-23 16:53 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-23 16:52 . 2010-05-06 10:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-23 16:52 . 2010-05-06 10:34 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-23 16:52 . 2010-05-06 10:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-23 16:52 . 2010-05-06 10:34 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-23 16:52 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-23 16:52 . 2010-05-06 10:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-23 16:52 . 2010-05-06 10:34 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-23 16:42 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-23 16:41 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-23 16:41 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-23 16:40 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-23 15:16 . 2010-07-23 15:16 -------- d-----w- c:\documents and settings\MANU\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ServicePackFiles

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ie8updates

2010-07-21 19:22 . 2009-10-15 16:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 19:22 . 2009-10-15 16:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 19:21 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 18:56 . 2009-07-31 04:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 18:42 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-21 18:37 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 18:29 . 2008-04-21 21:27 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 17:34 . 2010-07-21 17:34 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2010-07-21 17:34 . 2010-07-21 17:34 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2010-07-21 17:34 . 2010-07-21 17:34 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2010-07-20 04:03 . 2010-07-20 04:03 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-18 20:52 . 2010-07-18 20:52 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-07-18 20:52 . 2010-07-18 20:52 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-07-18 20:46 . 2010-07-18 20:46 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-07-18 20:46 . 2010-07-18 20:46 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-07-18 20:46 . 2010-07-18 20:46 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-07-18 20:46 . 2010-07-18 20:46 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 03:27 . 2007-07-21 21:40 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-07-28 03:27 . 2007-07-21 21:40 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-07-26 23:08 . 2009-06-18 01:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-18 20:52 . 2009-12-31 17:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 20:52 . 2009-12-31 17:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-18 20:51 . 2009-12-31 17:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 14:30 . 2009-06-18 00:53 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 18:10 . 2009-12-31 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-06-03 20:30 . 2010-06-03 20:30 22 ----a-w- c:\windows\Fonts\Times.txt

2010-06-03 15:27 . 2009-12-31 17:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

------- Sigcheck -------

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2004-05-13 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll

[-] 2002-11-26 23:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-6-18 331776]

WinZip Quick Pick.lnk - d:\winzip\WZQKPICK.EXE [2007-12-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-18 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/12/2009 14:32 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/12/2009 14:33 243024]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [31/12/2009 14:32 308136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-08-09 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-07-24 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405726

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MANU\Dados de aplicativos\Mozilla\Firefox\Profiles\m0qjn3u5.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-MixVibesPRO.exe - c:\program files\MixVibesPro5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-09 12:41

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]

"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]

"ImagePath"="\"c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\arquivos de programas\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\docume~1\MANU\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]

"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdatacard]

"ImagePath"="system32\DRIVERS\ewusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 4.0]

"ImagePath"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo]

"ImagePath"="\"c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]

"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]

"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNIC]

"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]

"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BC5916C-C86D-45E5-BA6A-F9327DBC3DB4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{504C1D11-0C93-4E4C-864C-BFBF2AE94260}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BF83DA1A-1EF6-448A-AC36-71159725D2A2}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1240)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2010-08-09 12:43:41

ComboFix-quarantined-files.txt 2010-08-09 15:43

Pré-execução: 9 pasta(s) 16.059.006.976 bytes disponíveis

Pós execução: 10 pasta(s) 16.051.118.080 bytes disponíveis

- - End Of File - - 05856EC6F94F5DA438D90B3AA5A4504D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoeladriano

# Etapa nº 1 #

Perguntas:

1) Você está usando pendrive?

2) O que seria a unidade D: de seu computador?

# Etapa nº 2 #

Faça o download do Gmer e salve no seu Desktop.

  • Extraia/tire do zip o arquivo para uma pasta própria.
  • Feito isso, desligue o PC da Internet e feche todos os programas.
  • Existe uma pequena hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.
  • Clique duas vezes em 3869050764_8a76e542bd_o.gif
  • Se lhe for perguntado, permita que o driver gmer.sys seja rodado.
  • Se receber um aviso acerca de atividade de rootkit e se quer fazer um scan clique em NO.
  • Clique nas setas ao lado de Rootkit/Malware
  • No lado direito (debaixo de file, desmarque todos os drives excepto o seu disco, usualmente o C:\).
  • Certifique-se que todas as outras caixas, do lado direito do ecrã estejam marcadas, EXCETO para Show All
  • Clique em Scan e aguarde que o scan seja efetuado.
  • Nota: Antes do scan, certifique-se que todos os outros programas estejam fechados. Também não use o computador durante o scan.
  • Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha Novo e depois -> Documento de Texto.
  • Ao ter criado o arquivo, abra-o e novamente botão direito do mouse clique Colar ou Ctrl+V.
  • Salve o arquivo como gmer.txt e poste o conteúdo em sua próxima resposta.
  • Nota: Caso tenha problemas, tente executar o GMER em Modo Seguro

Importante!
Por favor não marque a caixa "
Show all
" durante o scan.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Respondendo:

1- É um HD externo. Mas ele fica desligado quando executo os procedimentos.

2- D é o segundo HD interno do meu PC. Não tem quase nada nele.

Eu já tinha executado o Gmer antes. Dessa vez executei marcando também o HD D.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-11 16:00:39

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\MANU\CONFIG~1\Temp\kxriyaog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoeladriano

1- É um HD externo. Mas ele fica desligado quando executo os procedimentos.
Deixe seu HD externo ligado agora...

# Etapa nº 1 #

Faça download do Norman Malware Cleaner e salve o arquivo na pasta Desktop da conta Administrador:

C:\Documents and Settings\Administrador\Desktop <- a PASTA

# Etapa nº 2 #

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

# Etapa nº 3 #

  • Em Modo Seguro, clique duas vezes em Norman_Malware_Cleaner.exe
  • Na janela que abrir clique em Accept
  • No programa veja se em Scan areas está escrito o drive aonde seu Sistema Operacional está instalado, normalmente C:\*.*
  • Utilizando o botão Add adicione a letra do HD externo e do outro HD interno.
  • Clque no botão Options... e certifique que esteja selecionado (por default):
    • Enable process scaning
  • Unpack Archives
  • Do not system restore scan after cleaning file

[*]Clique agora no botão Start Scan e aguarde...[*]Em Scan results poderá ir acompanhando os resultados a medida que o scan é executado.[*]Ao término do scan clique Quit[*]Quando questionado se quer reiniciar o computador (Do you want restart now?) clique em Sim[*]Depois repare que no desktop existe um arquivo em texto (.txt) cujo nome é NFix_a_m_d (onde a = ano, m = mês e d = dia).[*]Clique no arquivo, selecione todo conteúdo (ctrl + A), copie (ctrl + C) e cole (crtl + V) em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá. Não consegui executar o Norman Malware no modo seguro. Sempre que tentava abrir o Norman no modo seguro, ele abria e só aparecia uma mensagem assim: unable to load nsak.sys. error (0x00000001)

Então executei o programa no modo normal mesmo. Segue o Log:

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/08/11 21:28:46

Norman Scanner Engine Version: 6.05.11

Nvcbin.def Version: 6.05.00, Date: 2010/08/11 21:28:46, Variants: 6478417

Scan started: 12/08/2010 12:54:49

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: MANU-5CBC28F321\MANU

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable = 0xFFFFFF9D -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scanning bootsectors...

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

Scanning running processes and process memory...

Number of processes/threads found: 3899

Number of processes/threads scanned: 3899

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 59s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\xfonts.7z/fonts/Type1/.fonts-config-timestamp (Error whilst scanning file: I/O Error (0x00220005))

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Smalltroj.YWRV)

Deleted file

C:\Documents and Settings\MANU\Documents.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Music.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\New Folder.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Passwords.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Pictures.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Video.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057091.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057093.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057094.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057095.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057096.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057097.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

Scanning: D:\*.*

Scanning: F:\*.*

F:\ATALHOS\aTubeCatcher_1_0_236_setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\IRPF2008win32v1.0.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\uolvoip.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\WDM_A400.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\WM9Codecs.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Atualização de Segurança\AcerLAppFix.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcchkid.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcrmv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcrmv9x.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcupd.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\ChCfg.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\GETDXVER.EXE (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\SetCDfmt.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\alcrmv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\ChCfg.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\RTLCPL.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\SoundMan.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\inf2cat.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\refresh.exe (Infected with W32/Agent.RZRM)

Deleted file

F:\Drires Acer Aspire 5000\Lan\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\SRV2003\uninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\Win2000\uninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\WinXP\uninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\QtZgAcer.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\RMDEVICE.EXE (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\Setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\UNINST32.EXE (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\InstNT.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynMood.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynTPEnh.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynTPLpr.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynZMetr.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\Tutorial.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\SISfiles\ata133ap.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\SISfiles\instdrv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\SISfiles\waitwnd.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\USB\Win2K_XP\WinXPUSB\SiSUSBrg.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\USB\Win9x\SiSFiles\Mp_s3.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\Instdrv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\IsUninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\Progress.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\waitwnd.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\WinXP_2K\InstFunc.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwld2k.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwlhom.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwltry.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwlu00.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\wltray.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\wltrysvc.exe (Infected with W32/Slugin.A)

Deleted file

F:\Mascaras Digitais de Coracoes Profissionais\MUSICAS MP3\MPB\14 Bis - Discografia - 13 Cds\eManager\ePrjNormal.exe (Infected with W32/Slugin.A)

Deleted file

F:\Mascaras Digitais de Coracoes Profissionais\MUSICAS MP3\MPB\14 Bis - Discografia - 13 Cds\eManager\ePrjXGA.exe (Infected with W32/Slugin.A)

Deleted file

F:\Mascaras Digitais de Coracoes Profissionais\MUSICAS MP3\MPB\14 Bis - Discografia - 13 Cds\eManager\instnt.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\CLASSICAS, OPERAS E AFINS\-Enya--Complete-Discography-1987-2004-Albums,Singels,Covers,Videos-(mp3-avi-mpg)\Collections\2002--Only Time (The 4 CD Collection)\CD 4 incl. Bonus Video & Galerie\Bonus\ENYAPC.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\CLASSICAS, OPERAS E AFINS\-Enya--Complete-Discography-1987-2004-Albums,Singels,Covers,Videos-(mp3-avi-mpg)\Collections\2002--Only Time (The 4 CD Collection)\CD 4 incl. Bonus Video & Galerie\Bonus\quicktimeinstallerpc.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\dj manu rock nacional\ana carolina\+Ana Carolina eJorge Vercilo - Abismo.mp3 (Error opening file: Not found)

F:\MUSICAS MP3\musicas de aniversario\MUSICAS DE NOVELAS\Novela.Esperança.Nacional.com.Faixa.Interativa.e.Capas.192k.by.VampiroLestat\Esperanca.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\MUSICAS ESPANICAS\Los Nocheros - Discografía Completa\Los Nocheros - Noche Amiga Mia - 2004\Interactivo\nocheros.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\ROCKY INTERNACIONAL\SELEÇÃO NIGHTWISH\meu mp4\diversos rock\rock nacinal\ana carolina\+Ana Carolina eJorge Vercilo - Abismo.mp3 (Error opening file: Not found)

F:\PROGRAMINHAS\aTubeCatcher_1_0_236_setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Recycled.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{4380075F-5414-419B-B18A-31381750CA7E}\RP110\A0022923.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{4380075F-5414-419B-B18A-31381750CA7E}\RP110\A0022924.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041782.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041783.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041784.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041785.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041786.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP200\A0071030.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP200\A0071031.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP107\A0025183.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP111\A0028599.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP112\A0028626.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP113\A0030696.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP136\A0042322.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP138\A0042399.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP164\A0054240.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057098.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057099.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057100.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057101.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057102.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057103.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057104.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057105.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057106.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057107.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057108.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057109.EXE (Infected with W32/Slugin.A)

Deleted file

Compartilhar este post


Link para o post
Compartilhar em outros sites

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057110.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057111.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057112.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057113.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057114.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057115.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057116.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057117.exe (Infected with W32/Agent.RZRM)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057118.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057119.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057120.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057121.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057122.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057123.EXE (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057124.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057125.EXE (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057126.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057127.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057128.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057129.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057130.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057131.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057132.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057133.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057134.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057135.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057136.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057137.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057138.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057139.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057140.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057141.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057142.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057143.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057144.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057145.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057146.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057147.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057148.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057149.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057150.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057151.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057152.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057153.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057154.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057155.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057156.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057157.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057158.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057159.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP50\A0009371.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP51\A0009465.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP52\A0009560.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP57\A0011106.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP58\A0011143.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP58\A0011258.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP59\A0011300.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP59\A0011626.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP59\A0011648.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP60\A0012793.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP61\A0012800.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP62\A0012843.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP63\A0012861.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP63\A0012918.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP64\A0013005.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP65\A0013055.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP65\A0013094.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP66\A0013119.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP66\A0013125.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP67\A0013281.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP68\A0013339.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013410.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013450.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013490.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013505.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP70\A0013562.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP71\A0013643.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP71\A0013711.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP71\A0013713.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP72\A0013720.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP75\A0013950.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP75\A0013952.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP76\A0014062.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP80\A0016352.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP81\A0016436.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016587.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016588.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016589.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016590.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016591.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016597.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016598.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016691.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP83\A0016739.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP83\A0016832.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017012.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017043.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017063.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017089.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017100.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017159.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017161.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017187.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP91\A0019610.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP91\A0019630.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\VIDEOS DIVERSOS\História do Mundo. 1981. Mel Brooks. Legendado. O.avi (Error opening file: Not found)

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 265241

Number of archives unpacked: 1697

Number of files scanned: 265230

Number of files not scanned: 11

Number of files skipped due to exclude list: 0

Number of infected files found: 208

Number of infected files repaired/deleted: 208

Number of infections removed: 208

Total scanning time: 1h 47m 57s

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×