Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
manoeladriano

Pc travando, internet muito lenta (2)

Recommended Posts

Esses sao os ultimos logs que eu tinha postado.

Logs Systemlook e Reglook

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 20:14 on 26/07/2010 by MANU (Administrator - Elevation successful)

========== filefind ==========

Searching for "*tcpip.sys"

C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys --a--- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys --a--- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys -----c 360576 bytes [16:29 24/07/2010] [00:27 03/09/2007] BD8686216E34E22C4ED45A2320B2BEA1

C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2qfe\tcpip.sys --a--- 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys --a--- 361600 bytes [11:51 20/06/2008] [11:51 20/06/2008] 9AEFA14BD6B182D61E3119FA5F436D3D

C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys --a--- 361600 bytes [11:59 20/06/2008] [11:59 20/06/2008] AD978A1B783B5719720CFF204B666C8E

C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys --a--- 361344 bytes [19:48 23/07/2010] [19:20 13/04/2008] 93EA8D04EC73A85DB02EB8805988F733

C:\WINDOWS\system32\dllcache\tcpip.sys ------ 360960 bytes [10:44 20/06/2008] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

C:\WINDOWS\system32\drivers\tcpip.sys --a--- 360960 bytes [00:27 03/09/2007] [10:44 20/06/2008] 744E57C99232201AE98C49168B918F48

Searching for "*sfcfiles.dll"

C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll --a--- 1571840 bytes [19:48 23/07/2010] [02:20 14/04/2008] 698F9583D1EB213B09F12DD5826A46E2

C:\WINDOWS\system32\sfcfiles.dll --a--- 1548288 bytes [17:15 02/09/2007] [17:15 02/09/2007] DB3AA410ED1228B9DF98C06549AE0763

Searching for "*mspmsnsv.dll"

C:\WINDOWS\system32\mspmsnsv.dll --a--c 27136 bytes [17:20 02/09/2007] [17:20 02/09/2007] C51B4A5C05A5475708E3C81C7765B71D

-=End Of File=-

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows

DeviceNotSelectedTimeout REG_SZ 15

GDIProcessHandleQuota REG_DWORD 0x2710

Spooler REG_SZ yes

swapdisk REG_SZ

TransmissionRetryTimeout REG_SZ 90

USERProcessHandleQuota REG_DWORD 0x2710

LoadAppInit_DLLs REG_DWORD 0x1

Compartilhar este post


Link para o post
Compartilhar em outros sites

log malwarebytes

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4341

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

23/7/2010 13:15:55

mbam-log-2010-07-23 (13-15-55).txt

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 126919

Tempo decorrido: 8 minuto(s), 5 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 4

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoelaadriano

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::
C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll | c:\windows\system32\sfcfiles.dll
C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-08-02.03 - MANU 03/08/2010 10:45:45.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1214.651 [GMT -3:00]

Executando de: c:\documents and settings\MANU\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\MANU\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Criado um novo ponto de restauração

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll

c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-03 to 2010-08-03 ))))))))))))))))))))))))))))

.

2010-07-26 23:01 . 2010-07-26 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 17:35 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-07-24 17:35 . 2004-08-04 03:45 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-07-24 16:34 . 2010-07-24 16:34 -------- d-----w- c:\windows\system32\KB905474

2010-07-23 17:40 . 2010-07-23 19:49 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-23 17:10 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-23 17:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-23 16:53 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-23 16:52 . 2010-05-06 10:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-23 16:52 . 2010-05-06 10:34 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-23 16:52 . 2010-05-06 10:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-23 16:52 . 2010-05-06 10:34 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-23 16:52 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-23 16:52 . 2010-05-06 10:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-23 16:52 . 2010-05-06 10:34 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-23 16:42 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-23 16:41 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-23 16:41 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-23 16:40 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-23 15:16 . 2010-07-23 15:16 -------- d-----w- c:\documents and settings\MANU\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ServicePackFiles

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ie8updates

2010-07-21 19:22 . 2009-10-15 16:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 19:22 . 2009-10-15 16:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 19:21 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 18:56 . 2009-07-31 04:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 18:42 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-21 18:37 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 18:29 . 2008-04-21 21:27 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 17:34 . 2010-07-21 17:34 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2010-07-21 17:34 . 2010-07-21 17:34 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2010-07-21 17:34 . 2010-07-21 17:34 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2010-07-20 04:03 . 2010-07-20 04:03 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-18 20:52 . 2010-07-18 20:52 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-07-18 20:52 . 2010-07-18 20:52 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-07-18 20:46 . 2010-07-18 20:46 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-07-18 20:46 . 2010-07-18 20:46 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-07-18 20:46 . 2010-07-18 20:46 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-07-18 20:46 . 2010-07-18 20:46 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 03:27 . 2007-07-21 21:40 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-07-28 03:27 . 2007-07-21 21:40 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-07-26 23:08 . 2009-06-18 01:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-18 20:52 . 2009-12-31 17:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 20:52 . 2009-12-31 17:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-18 20:51 . 2009-12-31 17:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 14:30 . 2009-06-18 00:53 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 18:10 . 2009-12-31 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-06-03 20:30 . 2010-06-03 20:30 22 ----a-w- c:\windows\Fonts\Times.txt

2010-06-03 15:27 . 2009-12-31 17:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-06 10:34 . 2007-09-02 17:27 916480 ----a-w- c:\windows\system32\wininet.dll

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2qfe\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-09-03 . BD8686216E34E22C4ED45A2320B2BEA1 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

((((((((((((((((((((((((((((( SnapShot_2010-07-27_21.30.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-31 03:16 . 2010-03-31 03:16 99176 c:\windows\system32\PresentationHostProxy.dll

+ 2007-07-21 21:40 . 2010-07-28 03:27 67312 c:\windows\system32\perfc009.dat

- 2007-07-21 21:40 . 2010-07-26 23:14 67312 c:\windows\system32\perfc009.dat

+ 2009-11-07 04:07 . 2009-11-07 04:07 49488 c:\windows\system32\netfxperf.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 11600 c:\windows\system32\mui\0409\mscorees.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

- 2008-07-29 22:16 . 2008-07-29 22:16 32768 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll

+ 2010-03-23 08:31 . 2010-03-23 08:31 30544 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\SharedReg12.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13648 c:\windows\Microsoft.NET\Framework\sbscmp10.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13688 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13696 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13656 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13672 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 13664 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll

+ 2009-11-07 04:07 . 2009-11-07 04:07 86864 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe

+ 2010-07-29 15:08 . 2010-07-29 15:08 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ea1b4fbde0e772748c6ac42d627cf684\UIAutomationProvider.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\f46915dfc57bc7e49c5402e9b8f7ec18\System.Windows.Presentation.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1464c662c302ea6372a885161b983732\System.Web.DynamicData.Design.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\18729514178d458aa1225dd068718d4e\PresentationFontCache.ni.exe

+ 2010-07-29 15:07 . 2010-07-29 15:07 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\0375dfa28e2f6ef7e89df9edede4b83d\PresentationCFFRasterizer.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\4a52287444c36c89310856b38ff52fe0\Microsoft.Vsa.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2010-07-29 15:08 . 2010-07-29 15:08 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2010-07-26 23:08 . 2010-07-26 23:08 32768 c:\windows\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2010-07-26 23:14 . 2010-07-26 23:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2010-03-31 03:10 . 2010-03-31 03:10 295264 c:\windows\system32\PresentationHost.exe

- 2007-07-21 21:40 . 2010-07-26 23:14 432356 c:\windows\system32\perfh009.dat

+ 2007-07-21 21:40 . 2010-07-28 03:27 432356 c:\windows\system32\perfh009.dat

+ 2009-11-07 04:07 . 2009-11-07 04:07 297808 c:\windows\system32\mscoree.dll

+ 2010-03-31 03:16 . 2010-03-31 03:16 130408 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 970752 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll

- 2008-07-29 22:16 . 2008-07-29 22:16 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 110592 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll

+ 2010-03-23 08:31 . 2010-03-23 08:31 435024 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll

+ 2010-02-09 15:22 . 2010-02-09 15:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

- 2008-07-25 14:17 . 2008-07-25 14:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll

+ 2009-08-08 02:51 . 2009-08-08 02:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-03-20 14:48 . 2009-03-20 14:48 183808 c:\windows\Installer\149393e.msp

+ 2010-02-25 03:14 . 2010-02-25 03:14 543232 c:\windows\Installer\1493917.msp

+ 2010-08-01 13:30 . 2010-08-01 13:30 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\4d07b1ccecca66f320c1a0971dd614d1\WsatConfig.ni.exe

+ 2010-07-29 15:13 . 2010-07-29 15:13 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3a9fac9aea3ad913781fafbdcbb0cae\WindowsFormsIntegration.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\4131a3627fec69291dbaed236f30dc65\UIAutomationClient.ni.dll

+ 2010-08-01 13:33 . 2010-08-01 13:33 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\436dde9611932489da3dc8a1be170843\System.Web.RegularExpressions.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e8ef769b3e899e62b26daadee50b97ed\System.Web.Extensions.Design.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c97ecf9250c2f0794262534f27f98b72\System.Web.Abstractions.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9c56656c88979cf18de6cbcb6587ba8f\System.Transactions.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3231473e2ec4451c8f218930fda80d19\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2077ce69bd24a095dd54683ae26454d4\System.Runtime.Remoting.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\f90965b9d9a6a6604c9a66f57c37c026\System.Net.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\07da2b0e44d62f3c65d6516f4e2f94bb\System.Messaging.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\16670b6870746e5a8dc4a73a76a90bed\System.Management.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\e3eb86170cba4c80e6e22ca33c63c218\System.IO.Log.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cfa48936affc9a5fb89f0bf66cc52a47\System.IdentityModel.Selectors.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.Wrapper.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\e9edc5cd12ebb513b4a3c53cb4640771\System.EnterpriseServices.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\aeba6820f20655dec7fe0fe05aaeb818\System.Drawing.Design.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\9ef70079beca3a9982a3aa76ebc0ddd8\System.DirectoryServices.Protocols.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\277619716d9136216065bea970365c65\System.DirectoryServices.AccountManagement.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\39e4f9a276fb12125d8a1444d8b65a84\System.Configuration.Install.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\849916c5cb3ff7763d15a3976766c2f6\System.AddIn.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\3677b81a93d21c46cbac72c051f8c986\sysglobl.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\f38a426b90e6c526dcb2c435c7380450\SMSvcHost.ni.exe

+ 2010-08-01 13:30 . 2010-08-01 13:30 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5c8f5ca36498f43980d64820d8186c8a\ServiceModelReg.ni.exe

+ 2010-07-29 15:11 . 2010-07-29 15:11 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a10c2c7e38291c3ada631ad13e762818\PresentationFramework.Aero.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7579c76fa81eb309d3170b62467be58d\PresentationFramework.Luna.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bef0992fb684e71dbfab5c0a99316af\PresentationFramework.Classic.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2f6687d394813d760496f60acf046384\PresentationFramework.Royale.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7700963610c1af364aa934c3c824b7b4\MSBuild.ni.exe

+ 2010-08-01 13:30 . 2010-08-01 13:30 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c74d4c69c49992dfb23ba512081dc3de\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a6a9f24b1a8984eaafbabb1ee968e359\Microsoft.Build.Utilities.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2fa81d363cb1496be2427d848a867409\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\c4c360df9c1024ebc3f0de77f5cf8b1c\Microsoft.Build.Engine.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c9386dcd89c2518a74115f3bfd861830\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\abb62e3ed74c974f0282bc7ea5d3f1c1\ComSvcConfig.ni.exe

+ 2010-08-01 13:30 . 2010-08-01 13:30 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\6d34f00b6a782d15bec70d6cdb00b5e8\AspNetMMCExt.ni.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 970752 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 438272 c:\windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

- 2010-07-26 23:08 . 2010-07-26 23:08 110592 c:\windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-11-07 04:06 . 2009-11-07 04:06 1130824 c:\windows\system32\dfshim.dll

+ 2010-04-08 02:48 . 2010-04-08 02:48 5967872 c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll

- 2008-11-25 07:59 . 2008-11-25 07:59 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-03-23 08:32 . 2010-03-23 08:32 5242880 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll

+ 2010-03-23 08:32 . 2010-03-23 08:32 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll

+ 2009-08-08 02:51 . 2009-08-08 02:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

- 2008-11-25 07:59 . 2008-11-25 07:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-08-08 02:51 . 2009-08-08 02:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-11-09 03:25 . 2009-11-09 03:25 1935360 c:\windows\Installer\1493959.msp

+ 2010-04-12 01:17 . 2010-04-12 01:17 2607104 c:\windows\Installer\1493924.msp

+ 2010-04-12 01:17 . 2010-04-12 01:17 4210688 c:\windows\Installer\1493923.msp

+ 2010-07-29 15:07 . 2010-07-29 15:07 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\d8549ce90b26cdc3071224ab6f020189\UIAutomationClientsideProviders.ni.dll

+ 2010-07-29 15:06 . 2010-07-29 15:06 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll

+ 2010-08-01 13:33 . 2010-08-01 13:33 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\016b75f60a18535c8d6b3e5d861ab559\System.WorkflowServices.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6dacae37d337004345518976fb57099e\System.Workflow.Runtime.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c7b832bbc5bb11c6c7f128c801ce90d7\System.Workflow.ComponentModel.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\b9ea6ea910293cd6f13f765775867ebd\System.Workflow.Activities.ni.dll

+ 2010-07-29 15:10 . 2010-07-29 15:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8ef8d556899a4a10b7f288a80925489f\System.Web.Services.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\5dfda43f1991ee6ba345d62b2be4801c\System.Web.Mobile.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll

+ 2010-07-29 15:13 . 2010-07-29 15:13 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\2d6a5dbee4506bf643b853e41668afa3\System.Speech.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\169fe0ad9d59982a2a6b89779c09885b\System.ServiceModel.Web.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\af217ef58e5558991f331d482c2bdba6\System.Printing.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f3440ea00eb3c40dc073b2fe03843638\System.Drawing.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7deab2494d53763cd83c567e71e0d8e0\System.DirectoryServices.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\50130ef751b98a4a11bd4ab73af7cab5\System.Data.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f71abf392c5ca05a4e46a5d1c4c72856\System.Data.SqlXml.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\f249a2dbc8dcb91860d0997c163c73ff\System.Data.OracleClient.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll

+ 2010-07-29 15:12 . 2010-07-29 15:12 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll

+ 2010-07-29 15:07 . 2010-07-29 15:07 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\20ef773b20f6ce721ae60e5c2c2e8f80\PresentationBuildTasks.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\935b855860088a86bb65d37a19f059cc\Microsoft.VisualBasic.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\7a266de493d30eed21cb60ebe300be53\Microsoft.Transactions.Bridge.ni.dll

+ 2010-08-01 13:32 . 2010-08-01 13:32 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\9db8f9f7fe63ca4451bb5316a3ebb009\Microsoft.JScript.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2010-08-01 13:31 . 2010-08-01 13:31 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll

Compartilhar este post


Link para o post
Compartilhar em outros sites

+ 2010-08-01 13:31 . 2010-08-01 13:31 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\43fc6723d08e9ce88701c29653efd224\Microsoft.Build.Engine.ni.dll

+ 2010-07-28 03:22 . 2010-07-28 03:22 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2010-07-28 03:18 . 2010-07-28 03:18 5967872 c:\windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2010-07-28 03:22 . 2010-07-28 03:22 5279744 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

+ 2010-07-28 03:26 . 2010-07-28 03:26 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2010-07-26 23:13 . 2010-07-26 23:13 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2010-07-26 23:08 . 2010-07-26 23:08 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2010-07-28 03:22 . 2010-07-28 03:22 4210688 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2010-07-28 03:27 . 2010-07-28 03:27 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2010-07-26 23:14 . 2010-07-26 23:14 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-08-14 23:32 . 2009-08-14 23:32 11110912 c:\windows\Installer\1493970.msp

+ 2010-03-31 04:23 . 2010-03-31 04:23 15638528 c:\windows\Installer\1493966.msp

+ 2010-04-12 01:17 . 2010-04-12 01:17 14599680 c:\windows\Installer\1493933.msp

+ 2010-07-29 15:08 . 2010-07-29 15:08 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 11797504 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll

+ 2010-08-01 13:30 . 2010-08-01 13:30 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll

+ 2010-07-29 15:11 . 2010-07-29 15:11 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f352c5cb50bee105e4c873ca050f9f46\System.Design.ni.dll

+ 2010-07-29 15:09 . 2010-07-29 15:09 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll

+ 2010-07-29 15:08 . 2010-07-29 15:08 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll

+ 2010-07-29 15:06 . 2010-07-29 15:06 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-6-18 331776]

WinZip Quick Pick.lnk - d:\winzip\WZQKPICK.EXE [2007-12-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-18 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/12/2009 14:32 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/12/2009 14:33 243024]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [31/12/2009 14:32 308136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-08-03 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-07-24 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405726

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MANU\Dados de aplicativos\Mozilla\Firefox\Profiles\m0qjn3u5.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-MixVibesPRO.exe - c:\program files\MixVibesPro5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-03 10:50

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]

"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]

"ImagePath"="\"c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\arquivos de programas\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\docume~1\MANU\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]

"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdatacard]

"ImagePath"="system32\DRIVERS\ewusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 4.0]

"ImagePath"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo]

"ImagePath"="\"c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]

"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]

"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNIC]

"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]

"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BC5916C-C86D-45E5-BA6A-F9327DBC3DB4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{504C1D11-0C93-4E4C-864C-BFBF2AE94260}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BF83DA1A-1EF6-448A-AC36-71159725D2A2}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3632)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2010-08-03 10:52:36

ComboFix-quarantined-files.txt 2010-08-03 13:52

ComboFix2.txt 2010-07-27 21:32

ComboFix3.txt 2010-07-23 15:58

ComboFix4.txt 2010-07-20 03:18

Pré-execução: 8 pasta(s) 13.908.590.592 bytes disponíveis

Pós execução: 10 pasta(s) 13.948.690.432 bytes disponíveis

- - End Of File - - A491034E6015760F5853F6C40ACE19E5

Compartilhar este post


Link para o post
Compartilhar em outros sites

Uma janelinha escrito

"REGT.cfxxe - Não foi possivel localizar o componente - esse aplicativo não pode ser iniciado porque não foi encontrado a ACLUI.dll. A reinstalação do aplicativo pode resolver o problema"

fica abrindo insistentemente toda vez que executo o combofix... e se eu nao ficar fechando, ela não deixa o combofix trabalhar...

Editado por manoeladriano

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoelaadriano

# Etapa nº 1 #

Baixe o arquivo do link abaixo;

http://www.driverskit.com/dll/mspmsnsv.dll/2314.html

http://www.driverskit.com/dll/sfcfiles.dll/3282.html

Descompacte-os;

Transfira-os para C:

Desta forma ficariam assim:

c:\mspmsnsv.dll

C:\sfcfiles.dll

Agora faça

# Etapa nº 2 #

Faça o download do Avenger2 by Swandog46 para o seu Desktop.

  • Clique com o botão direito do mouse em Avenger.zip e escolha "Extrair tudo...", para que a pasta da ferramenta avenger seja extraida para em seu desktop.

# Etapa nº 3 #
  • Execute o Avenger, clicando duas vezes em seu ícone;
  • Na janela que aparecer clique em Ok;
  • Certifique a caixa abaixo Scan for rootkits esteja selecionada;
  • E que a caixa abaixo, Automatically disable any rootkits found não esteja selecionada;
  • Em Input script here: copie (control + c) agora todo o texto (realçado em verde) que está dentro da "citação" abaixo:

Begin copying here:

files to move:

c:\mspmsnsv.dll | c:\windows\system32\mspmsnsv.dll

C:\sfcfiles.dll | c:\windows\system32\sfcfiles.dll

  • Clique no botão Execute;
  • Clique em Yes;
  • Se for perguntado: First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?
    Clique em Yes para reiniciar o computador;
  • Ao iniciar será gerado um log, caso não aparece o mesmo se encontra em C:\avenger.txt;
  • Selecione todo conteúdo, copie e cole em sua próxima resposta.

# Etapa nº 3 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Abrços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "c:\mspmsnsv.dll|c:\windows\system32\mspmsnsv.dll" completed successfully.

File move operation "C:\sfcfiles.dll|c:\windows\system32\sfcfiles.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 4.0]

"ImagePath"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo]

"ImagePath"="\"c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]

"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]

"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNIC]

"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]

"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BC5916C-C86D-45E5-BA6A-F9327DBC3DB4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{504C1D11-0C93-4E4C-864C-BFBF2AE94260}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BF83DA1A-1EF6-448A-AC36-71159725D2A2}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(460)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2010-08-05 00:30:40

ComboFix-quarantined-files.txt 2010-08-05 03:30

ComboFix2.txt 2010-08-03 13:52

ComboFix3.txt 2010-07-27 21:32

ComboFix4.txt 2010-07-23 15:58

ComboFix5.txt 2010-08-05 03:22

Pré-execução: 10 pasta(s) 14.382.862.336 bytes disponíveis

Pós execução: 11 pasta(s) 14.372.593.664 bytes disponíveis

- - End Of File - - 4F92277D0C709CE4712BB496761A7EA2

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-08-02.03 - MANU 05/08/2010 0:23.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1214.747 [GMT -3:00]

Executando de: c:\documents and settings\MANU\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\MANU\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))

.

2010-07-26 23:01 . 2010-07-26 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 17:35 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-07-24 17:35 . 2004-08-04 03:45 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-07-24 16:34 . 2010-07-24 16:34 -------- d-----w- c:\windows\system32\KB905474

2010-07-23 17:40 . 2010-07-23 19:49 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-23 17:10 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-23 17:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-23 16:53 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-23 16:52 . 2010-05-06 10:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-23 16:52 . 2010-05-06 10:34 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-23 16:52 . 2010-05-06 10:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-23 16:52 . 2010-05-06 10:34 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-23 16:52 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-23 16:52 . 2010-05-06 10:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-23 16:52 . 2010-05-06 10:34 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-23 16:42 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-23 16:41 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-23 16:41 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-23 16:40 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-23 15:16 . 2010-07-23 15:16 -------- d-----w- c:\documents and settings\MANU\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ServicePackFiles

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ie8updates

2010-07-21 19:22 . 2009-10-15 16:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 19:22 . 2009-10-15 16:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 19:21 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 18:56 . 2009-07-31 04:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 18:42 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-21 18:37 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 18:29 . 2008-04-21 21:27 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 17:34 . 2010-07-21 17:34 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2010-07-21 17:34 . 2010-07-21 17:34 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2010-07-21 17:34 . 2010-07-21 17:34 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2010-07-20 04:03 . 2010-07-20 04:03 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-18 20:52 . 2010-07-18 20:52 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-07-18 20:52 . 2010-07-18 20:52 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-07-18 20:46 . 2010-07-18 20:46 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-07-18 20:46 . 2010-07-18 20:46 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-07-18 20:46 . 2010-07-18 20:46 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-07-18 20:46 . 2010-07-18 20:46 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 03:27 . 2007-07-21 21:40 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-07-28 03:27 . 2007-07-21 21:40 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-07-26 23:08 . 2009-06-18 01:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-18 20:52 . 2009-12-31 17:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 20:52 . 2009-12-31 17:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-18 20:51 . 2009-12-31 17:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 14:30 . 2009-06-18 00:53 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 18:10 . 2009-12-31 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-06-03 20:30 . 2010-06-03 20:30 22 ----a-w- c:\windows\Fonts\Times.txt

2010-06-03 15:27 . 2009-12-31 17:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

------- Sigcheck -------

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2004-05-13 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll

[-] 2002-11-26 23:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-6-18 331776]

WinZip Quick Pick.lnk - d:\winzip\WZQKPICK.EXE [2007-12-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-18 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/12/2009 14:32 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/12/2009 14:33 243024]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [31/12/2009 14:32 308136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-08-05 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-07-24 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405726

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MANU\Dados de aplicativos\Mozilla\Firefox\Profiles\m0qjn3u5.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-MixVibesPRO.exe - c:\program files\MixVibesPro5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-05 00:28

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]

"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]

"ImagePath"="\"c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\arquivos de programas\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\docume~1\MANU\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]

"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdatacard]

"ImagePath"="system32\DRIVERS\ewusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu segui a ordem das etapas: primeiro executei o Avenger e depois o Combofix. Executei o Avenger numa noite e como tava tarde, executei o Combofix no dia seguinte de manhã. Não sei se isso de repente influi em alguma coisa...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\mspmsnsv.dll" not found!

File move operation "c:\mspmsnsv.dll|c:\windows\system32\mspmsnsv.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "C:\sfcfiles.dll" not found!

File move operation "C:\sfcfiles.dll|c:\windows\system32\sfcfiles.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Delete o combofix.exe de seu desktop, baixe uma nova versão, faça o scan e poste o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-08-08.03 - MANU 09/08/2010 12:36:12.6.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1214.731 [GMT -3:00]

Executando de: c:\documents and settings\MANU\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-07-09 to 2010-08-09 ))))))))))))))))))))))))))))

.

2010-07-26 23:01 . 2010-07-26 23:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 17:35 . 2001-09-06 02:50 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-07-24 17:35 . 2004-08-04 03:45 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-07-24 16:34 . 2010-07-24 16:34 -------- d-----w- c:\windows\system32\KB905474

2010-07-23 17:40 . 2010-07-23 19:49 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\drivers\bthport.sys

2010-07-23 17:15 . 2008-06-14 17:59 272384 ------w- c:\windows\system32\dllcache\bthport.sys

2010-07-23 17:10 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2010-07-23 17:09 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-07-23 16:53 . 2008-05-08 12:14 203008 ------w- c:\windows\system32\dllcache\rmcast.sys

2010-07-23 16:52 . 2010-05-06 10:34 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-07-23 16:52 . 2010-05-06 10:34 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll

2010-07-23 16:52 . 2010-05-06 10:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-07-23 16:52 . 2010-05-06 10:34 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-07-23 16:52 . 2010-05-06 10:34 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-07-23 16:52 . 2010-05-06 10:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll

2010-07-23 16:52 . 2010-05-06 10:34 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll

2010-07-23 16:42 . 2009-12-31 15:06 352640 ------w- c:\windows\system32\dllcache\srv.sys

2010-07-23 16:41 . 2010-02-24 12:48 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2010-07-23 16:41 . 2009-11-21 16:42 470528 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-07-23 16:40 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-23 15:16 . 2010-07-23 15:16 -------- d-----w- c:\documents and settings\MANU\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-07-23 15:15 . 2010-07-23 15:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2010-07-23 15:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ServicePackFiles

2010-07-21 19:24 . 2010-07-21 19:24 -------- d-----w- c:\windows\ie8updates

2010-07-21 19:22 . 2009-10-15 16:56 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2010-07-21 19:22 . 2009-10-15 16:56 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2010-07-21 19:21 . 2008-05-01 14:32 331776 ------w- c:\windows\system32\dllcache\msadce.dll

2010-07-21 18:56 . 2009-07-31 04:36 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-07-21 18:42 . 2009-06-05 07:48 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2010-07-21 18:37 . 2008-10-15 16:55 339456 ------w- c:\windows\system32\dllcache\netapi32.dll

2010-07-21 18:29 . 2008-04-21 21:27 216064 ------w- c:\windows\system32\dllcache\wordpad.exe

2010-07-21 17:34 . 2010-07-21 17:34 1615200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2010-07-21 17:34 . 2010-07-21 17:34 1107296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2010-07-21 17:34 . 2010-07-21 17:34 4368224 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2010-07-20 04:03 . 2010-07-20 04:03 -------- d-----w- c:\windows\SxsCaPendDel

2010-07-18 20:52 . 2010-07-18 20:52 242896 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtdix.sys

2010-07-18 20:52 . 2010-07-18 20:52 216200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgldx86.sys

2010-07-18 20:46 . 2010-07-18 20:46 813336 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2010-07-18 20:46 . 2010-07-18 20:46 624920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgiproxy.exe

2010-07-18 20:46 . 2010-07-18 20:46 1690464 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2010-07-18 20:46 . 2010-07-18 20:46 1038688 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-28 03:27 . 2007-07-21 21:40 79022 ----a-w- c:\windows\system32\perfc016.dat

2010-07-28 03:27 . 2007-07-21 21:40 468108 ----a-w- c:\windows\system32\perfh016.dat

2010-07-26 23:08 . 2009-06-18 01:45 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2010-07-18 20:52 . 2009-12-31 17:33 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-18 20:52 . 2009-12-31 17:33 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-18 20:51 . 2009-12-31 17:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-14 14:30 . 2009-06-18 00:53 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-10 18:10 . 2009-12-31 17:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2010-06-03 20:30 . 2010-06-03 20:30 22 ----a-w- c:\windows\Fonts\Times.txt

2010-06-03 15:27 . 2009-12-31 17:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

------- Sigcheck -------

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll

[-] 2004-05-13 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\system32\sfcfiles.dll

[-] 2002-11-26 23:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Gamma Loader.lnk - c:\arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-6-18 331776]

WinZip Quick Pick.lnk - d:\winzip\WZQKPICK.EXE [2007-12-15 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-18 20:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31/12/2009 14:32 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31/12/2009 14:33 243024]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [31/12/2009 14:32 308136]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-08-09 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2010-07-24 01:18]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405726

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\MANU\Dados de aplicativos\Mozilla\Firefox\Profiles\m0qjn3u5.default\

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-MixVibesPRO.exe - c:\program files\MixVibesPro5\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-09 12:41

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]

"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]

"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVG]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avg9wd]

"ImagePath"="\"c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgLdx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgldx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgMfx86]

"ImagePath"="\SystemRoot\System32\Drivers\avgmfx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvgTdiX]

"ImagePath"="\SystemRoot\System32\Drivers\avgtdix.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCM43XX]

"ImagePath"="system32\DRIVERS\bcmwl5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BCMLogon]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]

"ServiceDll"="c:\windows\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]

"ImagePath"="\"c:\arquivos de programas\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]

"ImagePath"="\??\c:\docume~1\MANU\CONFIG~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]

"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]

"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwcdcmdm0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwdatacard]

"ImagePath"="system32\DRIVERS\ewusbmdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbapp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hwusbser]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]

"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

Compartilhar este post


Link para o post
Compartilhar em outros sites

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="c:\windows\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 3]

"ImagePath"="c:\arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nero BackItUp Scheduler 4.0]

"ImagePath"="c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NMIndexingService]

"ImagePath"="\"c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RichVideo]

"ImagePath"="\"c:\arquivos de programas\CyberLink\Shared Files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiS315]

"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSkp]

"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNIC]

"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISNICXP]

"ImagePath"="system32\DRIVERS\sisnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8BC5916C-C86D-45E5-BA6A-F9327DBC3DB4}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\arquivos de programas\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{504C1D11-0C93-4E4C-864C-BFBF2AE94260}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BF83DA1A-1EF6-448A-AC36-71159725D2A2}]

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(700)

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1240)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2010-08-09 12:43:41

ComboFix-quarantined-files.txt 2010-08-09 15:43

Pré-execução: 9 pasta(s) 16.059.006.976 bytes disponíveis

Pós execução: 10 pasta(s) 16.051.118.080 bytes disponíveis

- - End Of File - - 05856EC6F94F5DA438D90B3AA5A4504D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoeladriano

# Etapa nº 1 #

Perguntas:

1) Você está usando pendrive?

2) O que seria a unidade D: de seu computador?

# Etapa nº 2 #

Faça o download do Gmer e salve no seu Desktop.

  • Extraia/tire do zip o arquivo para uma pasta própria.
  • Feito isso, desligue o PC da Internet e feche todos os programas.
  • Existe uma pequena hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.
  • Clique duas vezes em 3869050764_8a76e542bd_o.gif
  • Se lhe for perguntado, permita que o driver gmer.sys seja rodado.
  • Se receber um aviso acerca de atividade de rootkit e se quer fazer um scan clique em NO.
  • Clique nas setas ao lado de Rootkit/Malware
  • No lado direito (debaixo de file, desmarque todos os drives excepto o seu disco, usualmente o C:\).
  • Certifique-se que todas as outras caixas, do lado direito do ecrã estejam marcadas, EXCETO para Show All
  • Clique em Scan e aguarde que o scan seja efetuado.
  • Nota: Antes do scan, certifique-se que todos os outros programas estejam fechados. Também não use o computador durante o scan.
  • Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha Novo e depois -> Documento de Texto.
  • Ao ter criado o arquivo, abra-o e novamente botão direito do mouse clique Colar ou Ctrl+V.
  • Salve o arquivo como gmer.txt e poste o conteúdo em sua próxima resposta.
  • Nota: Caso tenha problemas, tente executar o GMER em Modo Seguro

Importante!
Por favor não marque a caixa "
Show all
" durante o scan.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Respondendo:

1- É um HD externo. Mas ele fica desligado quando executo os procedimentos.

2- D é o segundo HD interno do meu PC. Não tem quase nada nele.

Eu já tinha executado o Gmer antes. Dessa vez executei marcando também o HD D.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-11 16:00:39

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\MANU\CONFIG~1\Temp\kxriyaog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara manoeladriano

1- É um HD externo. Mas ele fica desligado quando executo os procedimentos.
Deixe seu HD externo ligado agora...

# Etapa nº 1 #

Faça download do Norman Malware Cleaner e salve o arquivo na pasta Desktop da conta Administrador:

C:\Documents and Settings\Administrador\Desktop <- a PASTA

# Etapa nº 2 #

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

# Etapa nº 3 #

  • Em Modo Seguro, clique duas vezes em Norman_Malware_Cleaner.exe
  • Na janela que abrir clique em Accept
  • No programa veja se em Scan areas está escrito o drive aonde seu Sistema Operacional está instalado, normalmente C:\*.*
  • Utilizando o botão Add adicione a letra do HD externo e do outro HD interno.
  • Clque no botão Options... e certifique que esteja selecionado (por default):
    • Enable process scaning
  • Unpack Archives
  • Do not system restore scan after cleaning file

[*]Clique agora no botão Start Scan e aguarde...[*]Em Scan results poderá ir acompanhando os resultados a medida que o scan é executado.[*]Ao término do scan clique Quit[*]Quando questionado se quer reiniciar o computador (Do you want restart now?) clique em Sim[*]Depois repare que no desktop existe um arquivo em texto (.txt) cujo nome é NFix_a_m_d (onde a = ano, m = mês e d = dia).[*]Clique no arquivo, selecione todo conteúdo (ctrl + A), copie (ctrl + C) e cole (crtl + V) em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá. Não consegui executar o Norman Malware no modo seguro. Sempre que tentava abrir o Norman no modo seguro, ele abria e só aparecia uma mensagem assim: unable to load nsak.sys. error (0x00000001)

Então executei o programa no modo normal mesmo. Segue o Log:

Norman Malware Cleaner

Version 1.6.2

Copyright © 1990 - 2009, Norman ASA. Built 2010/08/11 21:28:46

Norman Scanner Engine Version: 6.05.11

Nvcbin.def Version: 6.05.00, Date: 2010/08/11 21:28:46, Variants: 6478417

Scan started: 12/08/2010 12:54:49

Running pre-scan cleanup routine:

Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2

Logged on user: MANU-5CBC28F321\MANU

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable = 0xFFFFFF9D -> 0x00000000

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scanning bootsectors...

Number of sectors found: 0

Number of sectors scanned: 0

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s

Scanning running processes and process memory...

Number of processes/threads found: 3899

Number of processes/threads scanned: 3899

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 59s

Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\xfonts.7z/fonts/Type1/.fonts-config-timestamp (Error whilst scanning file: I/O Error (0x00220005))

C:\Arquivos de programas\WinRAR\Default.SFX (Infected with W32/Smalltroj.YWRV)

Deleted file

C:\Documents and Settings\MANU\Documents.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Music.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\New Folder.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Passwords.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Pictures.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\Documents and Settings\MANU\Video.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057091.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057093.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057094.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057095.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057096.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

C:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057097.lnk (Infected with Exploit/CVE-2010-2568.A)

Deleted file

Scanning: D:\*.*

Scanning: F:\*.*

F:\ATALHOS\aTubeCatcher_1_0_236_setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\IRPF2008win32v1.0.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\uolvoip.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\WDM_A400.exe (Infected with W32/Slugin.A)

Deleted file

F:\ATALHOS\WM9Codecs.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Atualização de Segurança\AcerLAppFix.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcchkid.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcrmv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcrmv9x.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\alcupd.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\ChCfg.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\GETDXVER.EXE (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\SetCDfmt.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\alcrmv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\ChCfg.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\RTLCPL.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Audio\WDM\SoundMan.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\inf2cat.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\refresh.exe (Infected with W32/Agent.RZRM)

Deleted file

F:\Drires Acer Aspire 5000\Lan\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\SRV2003\uninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\Win2000\uninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Lan\WinXP\uninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\QtZgAcer.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\RMDEVICE.EXE (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\Setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Modem\UNINST32.EXE (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\InstNT.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynMood.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynTPEnh.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynTPLpr.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\SynZMetr.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Touchpad\Tutorial.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\SISfiles\ata133ap.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\SISfiles\instdrv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\SISfiles\waitwnd.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\USB\Win2K_XP\WinXPUSB\SiSUSBrg.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\AGPPack\USB\Win9x\SiSFiles\Mp_s3.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\Instdrv.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\IsUninst.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\Progress.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\setupDLL\waitwnd.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\Video\WinXP_2K\InstFunc.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwld2k.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwlhom.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwltry.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\bcmwlu00.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\wltray.exe (Infected with W32/Slugin.A)

Deleted file

F:\Drires Acer Aspire 5000\WiFi\wltrysvc.exe (Infected with W32/Slugin.A)

Deleted file

F:\Mascaras Digitais de Coracoes Profissionais\MUSICAS MP3\MPB\14 Bis - Discografia - 13 Cds\eManager\ePrjNormal.exe (Infected with W32/Slugin.A)

Deleted file

F:\Mascaras Digitais de Coracoes Profissionais\MUSICAS MP3\MPB\14 Bis - Discografia - 13 Cds\eManager\ePrjXGA.exe (Infected with W32/Slugin.A)

Deleted file

F:\Mascaras Digitais de Coracoes Profissionais\MUSICAS MP3\MPB\14 Bis - Discografia - 13 Cds\eManager\instnt.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\CLASSICAS, OPERAS E AFINS\-Enya--Complete-Discography-1987-2004-Albums,Singels,Covers,Videos-(mp3-avi-mpg)\Collections\2002--Only Time (The 4 CD Collection)\CD 4 incl. Bonus Video & Galerie\Bonus\ENYAPC.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\CLASSICAS, OPERAS E AFINS\-Enya--Complete-Discography-1987-2004-Albums,Singels,Covers,Videos-(mp3-avi-mpg)\Collections\2002--Only Time (The 4 CD Collection)\CD 4 incl. Bonus Video & Galerie\Bonus\quicktimeinstallerpc.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\dj manu rock nacional\ana carolina\+Ana Carolina eJorge Vercilo - Abismo.mp3 (Error opening file: Not found)

F:\MUSICAS MP3\musicas de aniversario\MUSICAS DE NOVELAS\Novela.Esperança.Nacional.com.Faixa.Interativa.e.Capas.192k.by.VampiroLestat\Esperanca.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\MUSICAS ESPANICAS\Los Nocheros - Discografía Completa\Los Nocheros - Noche Amiga Mia - 2004\Interactivo\nocheros.exe (Infected with W32/Slugin.A)

Deleted file

F:\MUSICAS MP3\ROCKY INTERNACIONAL\SELEÇÃO NIGHTWISH\meu mp4\diversos rock\rock nacinal\ana carolina\+Ana Carolina eJorge Vercilo - Abismo.mp3 (Error opening file: Not found)

F:\PROGRAMINHAS\aTubeCatcher_1_0_236_setup.exe (Infected with W32/Slugin.A)

Deleted file

F:\Recycled.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{4380075F-5414-419B-B18A-31381750CA7E}\RP110\A0022923.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{4380075F-5414-419B-B18A-31381750CA7E}\RP110\A0022924.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041782.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041783.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041784.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041785.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP103\A0041786.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP200\A0071030.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{451E7FF4-CBCE-4C39-99BD-2A3AC1A2A97E}\RP200\A0071031.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP107\A0025183.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP111\A0028599.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP112\A0028626.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP113\A0030696.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP136\A0042322.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP138\A0042399.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP164\A0054240.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057098.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057099.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057100.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057101.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057102.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057103.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057104.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057105.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057106.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057107.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057108.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057109.EXE (Infected with W32/Slugin.A)

Deleted file

Compartilhar este post


Link para o post
Compartilhar em outros sites

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057110.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057111.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057112.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057113.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057114.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057115.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057116.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057117.exe (Infected with W32/Agent.RZRM)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057118.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057119.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057120.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057121.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057122.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057123.EXE (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057124.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057125.EXE (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057126.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057127.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057128.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057129.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057130.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057131.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057132.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057133.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057134.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057135.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057136.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057137.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057138.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057139.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057140.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057141.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057142.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057143.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057144.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057145.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057146.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057147.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057148.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057149.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057150.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057151.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057152.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057153.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057154.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057155.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057156.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057157.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057158.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP183\A0057159.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP50\A0009371.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP51\A0009465.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP52\A0009560.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP57\A0011106.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP58\A0011143.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP58\A0011258.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP59\A0011300.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP59\A0011626.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP59\A0011648.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP60\A0012793.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP61\A0012800.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP62\A0012843.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP63\A0012861.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP63\A0012918.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP64\A0013005.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP65\A0013055.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP65\A0013094.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP66\A0013119.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP66\A0013125.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP67\A0013281.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP68\A0013339.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013410.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013450.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013490.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP69\A0013505.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP70\A0013562.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP71\A0013643.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP71\A0013711.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP71\A0013713.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP72\A0013720.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP75\A0013950.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP75\A0013952.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP76\A0014062.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP80\A0016352.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP81\A0016436.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016587.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016588.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016589.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016590.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016591.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016597.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016598.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP82\A0016691.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP83\A0016739.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP83\A0016832.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017012.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017043.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017063.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP86\A0017089.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017100.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017159.exe (Infected with W32/Slugin.A)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017161.com (Infected with OnLineGames.IAPV)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP87\A0017187.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP91\A0019610.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\System Volume Information\_restore{EE50EB58-1AA9-4D47-AC9A-9266668F8BA1}\RP91\A0019630.exe (Infected with Suspicious_Gen2.BEJKT)

Deleted file

F:\VIDEOS DIVERSOS\História do Mundo. 1981. Mel Brooks. Legendado. O.avi (Error opening file: Not found)

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 265241

Number of archives unpacked: 1697

Number of files scanned: 265230

Number of files not scanned: 11

Number of files skipped due to exclude list: 0

Number of infected files found: 208

Number of infected files repaired/deleted: 208

Number of infections removed: 208

Total scanning time: 1h 47m 57s

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×