PC Trava pastas e acesso a Rede durante os 10 primeiros minutos de uso.

dayvid.ti · 21 de junho de 2012

Boa noite,

Preciso muito da ajuda de vocês, Toda vez que eu ligo o pc com windows XP ele loga tudo certinho porém fica travado durante uns 10 minutos sem abrir nada. Nem pastas e nem acesso a rede.

Ja rodei o ComboFix, segue o log abaixo...

ComboFix 12-06-20.02 - nti.bl 20/06/2012 20:18:18.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3070.2464 [GMT -3:00]

Executando de: d:\documents and settings\nti.bl.SRV02\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 212 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\atualiza.exe

c:\bginfo\Root\Documents and Settings\selma.cristina\Ambiente de rede\Alterdat em srv01\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Ambiente de rede\fileserver em Falcon\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Ambiente de rede\My Web Sites on MSN\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Configurações locais\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Configurações locais\Histórico\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Configurações locais\Histórico\History.IE5\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Configurações locais\Temporary Internet Files\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Dados de aplicativos\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Dados de aplicativos\Microsoft\Office\Recente\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Favoritos\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Menu Iniciar\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Menu Iniciar\Programas\Acessórios\Acessibilidade\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Menu Iniciar\Programas\Acessórios\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Menu Iniciar\Programas\Acessórios\Entretenimento\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Menu Iniciar\Programas\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Menu Iniciar\Programas\Inicializar\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Meus documentos\desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Meus documentos\Minhas fontes de dados\DESKTOP_1.INI

c:\bginfo\Root\Documents and Settings\selma.cristina\Meus documentos\Minhas imagens\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Meus documentos\Minhas músicas\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\Recent\Desktop_1.ini

c:\bginfo\Root\Documents and Settings\selma.cristina\SendTo\desktop_1.ini

c:\documents and settings\admin\WINDOWS

c:\windows\IsUn0416.exe

c:\windows\system\IDAPI32.DLL

c:\windows\system32\AutoRun.inf

c:\windows\system32\default_user_class.dat.LOG

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini

c:\windows\system32\ijl11.dll

c:\windows\system32\Logof.dll

c:\windows\system32\MSMAsk32.ocx

c:\windows\system32\netlogin.dll

c:\windows\system32\Thumbs.db

c:\windows\system32\WinUpdate

d:\documents and settings\All Users\Dados de aplicativos\AMMYY

d:\documents and settings\All Users\Dados de aplicativos\AMMYY\hr

d:\documents and settings\All Users\Dados de aplicativos\AMMYY\settings.bin

d:\documents and settings\All Users\Dados de aplicativos\TEMP

d:\documents and settings\All Users\Dados de aplicativos\TEMP\KXR81.tmp

d:\documents and settings\elen.cristina\signver1.dll

d:\documents and settings\kelly.cristiane\signver.dll

d:\documents and settings\kelly.cristiane\signver1.dll

d:\documents and settings\nti.bl.SRV02\signver.dll

d:\documents and settings\nti.bl.SRV02\signver1.dll

d:\documents and settings\nti.bl.SRV02\WINDOWS

d:\documents and settings\selma.cristina\signver.dll

d:\documents and settings\selma.cristina\signver1.dll

D:\install.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-05-20 to 2012-06-20 ))))))))))))))))))))))))))))

.

.

2012-06-20 16:05 . 2012-06-20 16:05 -------- d-----w- d:\documents and settings\myrian.cristina\Dados de aplicativos\Malwarebytes

2012-06-20 15:30 . 2012-06-20 15:30 -------- d-----w- d:\documents and settings\priscila.ferreira\Dados de aplicativos\Malwarebytes

2012-06-20 14:41 . 2012-06-20 14:41 -------- d-----w- d:\documents and settings\dayvid.hallan

2012-06-20 14:01 . 2012-06-20 14:01 -------- d-----w- d:\documents and settings\kely.carvalho\Dados de aplicativos\Malwarebytes

2012-06-20 13:55 . 2012-06-20 13:55 -------- d-----w- d:\documents and settings\nti.bl.SRV02\Dados de aplicativos\TeamViewer

2012-06-19 19:11 . 2012-06-19 19:11 -------- d-----w- d:\documents and settings\nti.bl.SRV02\Dados de aplicativos\Thinstall

2012-06-15 12:28 . 2012-06-15 12:28 -------- d-----w- c:\arquivos de programas\Sun

2012-06-15 11:29 . 2012-06-15 11:29 -------- d-----w- c:\arquivos de programas\Oracle

2012-06-14 13:17 . 2012-04-16 12:39 3807232 ----a-w- c:\windows\system32\Ponto4DLL.dll

2012-06-14 13:17 . 2009-03-18 16:03 290816 ----a-w- c:\windows\system32\seccontrols.ocx

2012-06-08 14:56 . 2012-06-08 16:40 -------- d-----w- c:\arquivos de programas\GRRF

2012-06-06 14:07 . 2012-06-06 14:07 -------- d-----w- d:\documents and settings\priscila.ferreira\Configurações locais\Dados de aplicativos\Sun

2012-06-05 16:36 . 2012-06-05 17:18 -------- d-----w- C:\TesteICP

2012-06-05 14:05 . 2012-06-05 14:05 -------- d-----w- d:\documents and settings\nti.bl.SRV02\Configurações locais\Dados de aplicativos\Sun

2012-06-05 14:04 . 2012-06-05 14:04 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2012-06-05 14:01 . 2012-06-05 14:01 -------- d-----w- d:\documents and settings\nti.bl.SRV02\Dados de aplicativos\Oracle

2012-06-05 14:00 . 2012-05-15 21:59 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-05 14:00 . 2012-05-04 22:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-04 17:55 . 2012-06-04 17:55 -------- d-----w- C:\Programas PMM

2012-06-04 17:55 . 2012-06-04 17:55 -------- d-----w- d:\documents and settings\NTIBL~1~SR~

2012-06-01 11:10 . 2012-06-01 11:10 565248 ----a-w- c:\windows\system32\CriticasCalculo.dll

2012-05-25 18:39 . 2012-05-25 18:39 -------- d-----w- d:\documents and settings\nti.bl.SRV02\Dados de aplicativos\Skype

2012-05-25 11:15 . 2012-05-25 11:16 -------- d-----w- c:\arquivos de programas\Mozilla Maintenance Service

2012-05-25 11:15 . 2012-05-25 11:15 157352 ----a-w- c:\arquivos de programas\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-25 11:15 . 2012-05-25 11:15 129976 ----a-w- c:\arquivos de programas\Mozilla Firefox\maintenanceservice.exe

2012-05-24 17:32 . 2012-05-24 17:32 -------- d-----w- d:\documents and settings\kely.carvalho\Configurações locais\Dados de aplicativos\Microsoft Help

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-20 21:21 . 2011-10-11 13:17 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2012-06-20 20:52 . 2012-04-05 11:58 1324 ----a-w- d:\documents and settings\kely.carvalho\Configurações locais\Dados de aplicativos\d3d9caps.tmp

2012-06-20 16:33 . 2012-04-10 11:04 1324 ----a-w- d:\documents and settings\myrian.cristina\Configurações locais\Dados de aplicativos\d3d9caps.tmp

2012-06-06 21:51 . 2012-04-24 11:06 46016 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2012-05-04 23:16 . 2012-04-24 11:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 23:16 . 2011-06-11 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-04 22:29 . 2010-05-07 18:34 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-23 17:51 . 2012-05-09 20:53 1241600 ----a-w- c:\windows\system32\altpack_wdp_51326.bpl

2012-04-17 18:51 . 2011-01-05 21:04 227328 ----a-w- c:\windows\system32\AltPackNx_SendMail_v513.bpl

2012-04-17 18:51 . 2011-01-05 21:03 53760 ----a-w- c:\windows\system32\altlib_integracao_packweb_v513.bpl

2011-06-06 18:49 . 2011-06-06 18:49 697376 ------w- c:\arquivos de programas\unins000.exe

2009-06-30 19:44 . 2011-01-07 11:49 94208 ------w- c:\arquivos de programas\Atualizar.exe

2012-05-25 11:15 . 2012-01-04 11:32 97208 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

.

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys

[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

.

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys

[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

.

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

.

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys

[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

.

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys

[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

.

[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll

[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

.

[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe

[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

.

[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll

[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

.

[-] 2008-04-14 12:00 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2008-04-14 12:00 . D3F8E8DBE93A80440CAC78B305B40A67 . 821760 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll

.

[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll

[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

.

[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3QFE\rpcss.dll

[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3GDR\rpcss.dll

[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2GDR\rpcss.dll

[-] 2009-02-09 . CB6BBDCCC9F7984E2CA6CA5842746635 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2QFE\rpcss.dll

[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\rpcss.dll

[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\rpcss.dll

[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rpcss.dll

.

[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3GDR\services.exe

[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3QFE\services.exe

[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2GDR\services.exe

[-] 2009-02-09 . E64296F1D45C776FAC6EE8F89EF3C303 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2QFE\services.exe

[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\services.exe

[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\services.exe

[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\services.exe

.

[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe

[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe

[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

.

[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe

[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

.

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2010-08-23 . 3976FAE773878603E12188B29B86FD69 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll

[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\InstallTemp\81402\comctl32.dll

[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2004-08-03 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll

[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

.

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[-] 2008-04-14 12:00 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 12:00 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ERDNT\cache\es.dll

[-] 2004-08-03 21:45 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974_0$\es.dll

.

[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll

[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

.

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2009-03-21 . 424919C0378FD828E0FE4683B480BE9B . 1028096 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll

[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kernel32.dll

[-] 2004-08-03 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll

.

[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll

[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

.

[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll

[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

.

[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll

[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll

[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-04-14 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

[-] 2004-08-03 . B7BDD03E2D7422CE226DA4029CE8C13C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll

.

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\mswsock.dll

[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll

[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll

[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\mswsock.dll

[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\system32\mswsock.dll

[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\mswsock.dll

[-] 2004-08-03 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

.

[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll

[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll

[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

.

[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll

[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll

[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

.

[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll

[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll

[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

.

[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll

[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll

[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

.

[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe

[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe

[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

.

[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll

[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll

[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

.

[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll

[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

.

[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe

[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

.

[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll

[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll

[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

.

[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll

[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

.

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

.

[-] 2008-04-14 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\regedit.exe

[-] 2008-04-14 . B01DFF9DDE3A5155D7121BF813AC6DB0 . 150528 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe

.

[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll

[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll

.

[-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\usp10.dll

[-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\system32\dllcache\usp10.dll

.

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll

[-] 2008-04-13 . 9B1CCC2EB2E18985A9153A983E335AAF . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll

.

[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe

[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

.

[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll

[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll

[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

.

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

.

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

.

[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll

[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll

[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

.

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

.

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

.

[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll

[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll

[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

.

[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll

[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll

[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

.

[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll

[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

.

[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll

[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll

[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

.

[-] 2008-04-14 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll

[-] 2008-04-14 . 4059795B00B6B23B7814018D2FBB84FB . 346624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll

.

[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll

[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

.

[-] 2008-04-14 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys

[-] 2008-04-14 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

.

[-] 2008-04-14 12:00 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys

[-] 2008-04-14 12:00 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

.

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys

.

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys

[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

.

[-] 2008-04-14 12:00 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll

[-] 2008-04-14 12:00 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll

[-] 2008-04-14 12:00 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

.

[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll

[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll

[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

.

[-] 2008-04-14 12:00 . 60103CA5992F18B1EEF8D4511318C4B3 . 52736 . . [9.0.1.56] . . c:\windows\ERDNT\cache\mspmsnsv.dll

[-] 2008-04-14 12:00 . 60103CA5992F18B1EEF8D4511318C4B3 . 52736 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

[-] 2008-04-14 12:00 . 60103CA5992F18B1EEF8D4511318C4B3 . 52736 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll

.

[-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3GDR\ntkrnlpa.exe

[-] 2009-02-09 . 2C3F8E5094FC3AE90F5964581E1DA023 . 2061952 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2GDR\ntkrnlpa.exe

[-] 2009-02-09 . 9CFC9992BF7C7AFE6FF7E5DE76D74A5F . 2067200 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2QFE\ntkrnlpa.exe

[-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3QFE\ntkrnlpa.exe

[-] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntkrnlpa.exe

[-] 2008-04-14 . 763EE1C250EC83EFD11FBF51AC4A6D82 . 2028032 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe

.

[-] 2008-04-14 12:00 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll

[-] 2008-04-14 12:00 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 12:00 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

.

[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll

[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

.

[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll

[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

.

[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll

[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

.

[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll

[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

.

[-] 2008-04-14 12:00 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll

[-] 2008-04-14 12:00 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

.

[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll

[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll

.

[-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll

[-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll

.

[-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3QFE\ntoskrnl.exe

[-] 2009-02-09 . 62135608ED3198885A545BF61272CD9A . 2184704 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2GDR\ntoskrnl.exe

[-] 2009-02-09 . AF8A3B4150C87E692E5CD27836BFA83D . 2190336 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP2QFE\ntoskrnl.exe

[-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\bbfa966f5bf9f2b0043d0200c4a97a49\SP3GDR\ntoskrnl.exe

[-] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntoskrnl.exe

[-] 2008-04-14 . 0ED0AB8E279126064A46A73A5ED59069 . 2149376 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

.

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

.

[-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll

[-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll

.

[-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll

[-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll

.

[-] 2008-04-14 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll

[-] 2008-04-14 . F70CCB59E0A325896D679A4935E4F835 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll

.

[-] 2008-04-14 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll

[-] 2008-04-14 . 889A287A7B2393109EA6847AA68CD4E9 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HpMessage"="c:\arquivos de programas\NComputing vSpace\KmMsg.exe" [2009-04-16 610356]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

d:\documents and settings\nti.bl.SRV02\Menu Iniciar\Programas\Inicializar\

Atalho para ClienteSMS.lnk - c:\alerta24h\sms_client\ClienteSMS.exe [2010-6-23 455168]

nxServer.lnk - c:\arquivos de programas\Alterdata\Servidor\nxServer.Exe [2009-9-12 4202496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDisconnect"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquivos de programas\GbPlugin\gbiehuni.dll" [2012-06-06 615104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

2012-06-06 21:49 615104 ----a-w- c:\arquivos de programas\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KmWinLog]

2009-04-16 23:39 442425 ------w- c:\windows\system32\Kmlogon.dll

.

[HKLM\~\startupfolder\D:^Documents and Settings^nti.bl.SRV02^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=d:\documents and settings\nti.bl.SRV02\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=c:\windows\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inetinfo

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svchost

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CertificateRegistration]

2008-03-12 18:45 208896 ------w- c:\windows\system32\aetcrss1.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]

2008-04-14 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-03-03 03:40 16859648 ------r- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SmcService"=3 (0x3)

"SepMasterService"=2 (0x2)

"Smcinst"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Arquivos de programas\\Alterdata\\Servidor\\nxServer.Exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"3581:TCP"= 3581:TCP:MultiuserPortTCP3581

"3581:UDP"= 3581:UDP:MultiuserPortUDP3581

"3597:TCP"= 3597:TCP:MultiuserPortTCP3597

"3645:TCP"= 3645:TCP:MultiuserPortTCP3645

"3646:TCP"= 3646:TCP:MultiuserPortTCP3646

"1283:UDP"= 1283:UDP:MultiuserPortUDP1283

"27605:TCP"= 27605:TCP:MultiuserPortTCP27605

"27615:TCP"= 27615:TCP:MultiuserPortTCP27615

"1027:UDP"= 1027:UDP:MultiuserPortUDP1027

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundTimestampRequest"= 1 (0x1)

"AllowInboundMaskRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundDestinationUnreachable"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

"AllowOutboundParameterProblem"= 1 (0x1)

"AllowOutboundTimeExceeded"= 1 (0x1)

"AllowRedirect"= 1 (0x1)

"AllowOutboundPacketTooBig"= 1 (0x1)

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [24/04/2012 08:06 46016]

R0 HpPciVga;Multiuser PCI VGA Station Driver (MultiScreen);c:\windows\system32\drivers\KmWpsMs.sys [14/10/2011 09:53 168738]

R0 HpStore;Multiuser Devices Control Service;c:\windows\system32\drivers\KmStore.sys [14/10/2011 09:53 13688]

R0 HpUsbKeyboard;Multiuser USB Keyboard Class Driver;c:\windows\system32\drivers\KmKbdCls.sys [14/10/2011 09:53 32065]

R0 HpUsbMouse;Multiuser USB Mouse Class Driver;c:\windows\system32\drivers\KmMouCls.sys [14/10/2011 09:53 29089]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [18/06/2011 09:24 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [18/06/2011 09:24 756856]

R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Dados de aplicativos\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120608.011\BHDrvx86.sys [18/06/2012 20:46 821880]

R1 HpHelper;Multiuser User Mode Helper Driver;c:\windows\system32\drivers\KmHlprk.sys [14/10/2011 09:53 24131]

R1 HpVcard;UTMA Video-Accelerator;c:\windows\system32\drivers\hpvcard.sys [14/10/2011 09:53 4064]

R1 Hstd;Multiuser hstd driver;c:\windows\system32\drivers\hstd.sys [14/10/2011 09:53 100144]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [18/06/2011 09:24 136312]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [24/04/2012 08:06 213696]

R2 HpLegacyKeyboard;Multiuser Legacy Keyboard Port Driver;c:\windows\system32\drivers\KmJBox.sys [14/10/2011 09:53 49951]

R2 HpService;Multiuser Service;System32\KmServc.exe --> System32\KmServc.exe [?]

R2 TeamViewer4;TeamViewer 4;c:\arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe [07/10/2009 09:50 185640]

R2 TeamViewer5;TeamViewer 5;c:\arquivos de programas\TeamViewer\Version5\TeamViewer_Service.exe [14/12/2009 06:46 185640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29/05/2012 12:32 106656]

R3 HpXpKbdPnp;Multiuser Keyboard Control Service;c:\windows\system32\drivers\KmKbdPnp.sys [14/10/2011 09:53 6753]

R3 HpXpMouPnp;Multiuser mouse Control Service;c:\windows\system32\drivers\KmMouPnp.sys [14/10/2011 09:53 6337]

R3 htsatran;UTSA/UTMA Virtual Transport Driver;c:\windows\system32\drivers\htsatran.sys [14/10/2011 09:15 144600]

R3 htsaudio;UTMA Virtual Audio Driver;c:\windows\system32\drivers\htsaudio.sys [14/10/2011 09:15 29944]

R3 HtsBusEnum;UTMA Devices Enumerator;c:\windows\system32\drivers\htsbus.sys [14/10/2011 09:15 28340]

R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Dados de aplicativos\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120619.001\IDSXpx86.sys [20/06/2012 01:15 356792]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/10/2011 17:17 136176]

S2 HpBootSrv;Multiuser Boot Server for Miniterm;c:\arquivos de programas\Common Files\NComputer\BOOTSRV.EXE [14/10/2011 09:53 540729]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24/04/2012 08:04 257696]

S3 AKSUP;AKSUP;c:\windows\system32\drivers\aksup.sys [07/10/2010 13:10 34472]

S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]

S3 cpudrv;cpudrv;c:\arquivos de programas\SystemRequirementsLab\cpudrv.sys [18/12/2009 11:58 11336]

S3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys --> c:\windows\system32\Drivers\GemCCID.sys [?]

S3 GTwinUSB;GTwinUSB;c:\windows\system32\Drivers\GTwinUSB.sys --> c:\windows\system32\Drivers\GTwinUSB.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [26/10/2011 17:17 136176]

S3 HpXpHidCls;Multiuser HID Device Control Service;c:\windows\system32\drivers\KmHidCls.sys [14/10/2011 09:53 6016]

S3 htsxhci;NComputing UTMA USB Host Controller;c:\windows\system32\drivers\htsxhci.sys [14/10/2011 09:15 20118]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [25/05/2012 08:15 129976]

S3 PERTO38U;PertoSmart EMV - Leitor USB de Cartoes Inteligentes;c:\windows\system32\DRIVERS\perto38u.sys --> c:\windows\system32\DRIVERS\perto38u.sys [?]

S3 SyDvCtrl;SyDvCtrl;c:\arquivos de programas\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [18/06/2011 09:24 23984]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25/01/2008 06:12 25088]

S4 Smcinst;Symantec Auto-upgrade Agent;c:\arquivos de programas\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\arquivos de programas\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]

.

--- =Outros Serviços/Drivers Na Memória ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\aetsprov]

2008-03-26 15:09 81920 ------w- c:\windows\system32\aetsprov.dll

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 23:16]

.

2012-04-06 c:\windows\Tasks\Reinicia Computador.job

- c:\windows\system32\shutdown.exe [2008-04-14 12:00]

.

2012-06-20 c:\windows\Tasks\User_Feed_Synchronization-{965BBEB8-1AFE-4294-90D7-0489A4378E21}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.bussolalogistica.com.br/

uInternet Settings,ProxyServer = 192.168.100.205:3128

uInternet Settings,ProxyOverride = <local>

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{035E680E-B668-472F-91F3-E850BCC5051F} - c:\arquivos de programas\Crawler\Notes\CNotes.exe

Trusted Zone: caixa.gov.br\conectividade

Trusted Zone: caixa.gov.br\sicse

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: Interfaces\{16559765-0EEB-4F90-AA85-11D2D269C1F6}: NameServer = 192.168.100.203,8.8.8.8

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: PrivateWire - hxxp://cmt.caixa.gov.br/cse/jpw.cab

FF - ProfilePath - d:\documents and settings\nti.bl.SRV02\Dados de aplicativos\Mozilla\Firefox\Profiles\m5t0id6x.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

Notify-SEP - c:\arquivos de programas\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll

SafeBoot-ccEvtMgr

SafeBoot-ccSetMgr

SafeBoot-Symantec Antivirus

MSConfigStartUp-ccApp - c:\arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

MSConfigStartUp-Winupdate - c:\windows\rotinomrb\inetinfo.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-20 20:36

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SmcService]

"ImagePath"="\"c:\arquivos de programas\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(1112)

c:\arquivos de programas\GbPlugin\gbiehuni.dll

c:\windows\system32\Kmlogon.dll

c:\arquivos de programas\TeamViewer\Version5\tv.dll

.

Tempo para conclusão: 2012-06-20 20:41:28

ComboFix-quarantined-files.txt 2012-06-20 23:41

ComboFix2.txt 2009-10-01 16:55

.

Pré-execução: 46 pasta(s) 74.170.630.144 bytes disponíveis

Pós execução: 48 pasta(s) 74.148.114.432 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 04C926149B0E348DEE0DC189A09029A8

Depois de 10 minutos ele volta a funcionar perfeitamente.

dayvid.ti · 21 de junho de 2012

Por favor Alguem me ajudar com esse com log...

Depois de muita porrada acredito que eu descobrir a origem do problema... Toda vez que o Windows liga ele fica de 10 a 20 minutos quase inoperante na tela da area de trabalho. logo depois aparece uma mensagem que o Message Queuing Service encontrou um problema e precisa ser fechado. Por curiosidade fui no log do Windows e vi que esse processo deu erro exatamente antes do tempo que a maquina ficou parada.

O nome do excutavel desse serviço é mqsvc.exe

Alguem sabe pra que serve ?