Remoção de vírus

Ferps · 20/05/2010

Ta ai os Log Mr.Wolf.

Csskeys:
CCScheck.exe
SWreg.exe courtesy of Bobbi Flekman
Run at: 12:36:43,73
On qui 20/05/2010

Run from C:\Documents and Settings\User\Desktop\CCSkeys

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Fornece três serviços de gerenciamento: serviço de banco de dados de catálogo, que confirma as assinaturas dos arquivos do Windows; serviço de raiz protegida, que adiciona e remove certificados de autoridades de certificação raiz deste computador, e o serviço de chave, que ajuda a registrar este computador para certificados. Se este serviço for interrompido, esses serviços de gerenciamento não funcionarão adequadamente. Se este serviço for desativado, quaisquer serviços que dele dependam diretamente deixarão de ser iniciados.
DisplayName REG_SZ CryptSvc
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 32 (0x20)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Security
Security REG_BINARY 00000e0001

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon
Description REG_SZ Ativa a inicialização de processos sob credenciais alternadas. Se este serviço for interrompido, este tipo de acesso por logon não estará disponível. Se este serviço for desativado, quaisquer serviços que dele dependam diretamente não serão iniciados.
DisplayName REG_SZ Secondary Logon
ErrorControl REG_DWORD 0 (0x0)
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
Objectname REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 288 (0x120)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\seclogon.dll
ServiceMain REG_SZ SvcEntry_Seclogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200600004000000000014008d01020001010000000000050b000000000018009d0102000102000000000005200000002302000000001800ff010f000102000000000005200000002002000000001400fd010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon\Enum
0 REG_SZ Root\LEGACY_SECLOGON\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler
DependOnService REG_MULTI_SZ RPCSS\0\0
Description REG_SZ Carrega arquivos na memória para impressão posterior.
DisplayName REG_SZ Spooler de impressão
ErrorControl REG_DWORD 1 (0x1)
Group REG_SZ SpoolerGroup
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\spoolsv.exe
ObjectName REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 272 (0x110)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Parameters

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Performance
Close REG_SZ PerfClose
Collect REG_SZ PerfCollect
Collect Timeout REG_DWORD 2000 (0x7d0)
Library REG_SZ winspool.drv
Object List REG_SZ 1450
Open REG_SZ PerfOpen
Open Timeout REG_DWORD 4000 (0xfa0)
WbemAdapFileSignature REG_BINARY bd83aba61e8accc8d9ffb869f29418ce00
WbemAdapFileTime REG_BINARY 002952e37a79c401
WbemAdapFileSize REG_DWORD 146432 (0x23c00)
WbemAdapStatus REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f000101000000000001000000000200600004000000000014008d01020001010000000000050b000000000018009d0102000102000000000005200000002302000000001800ff010f000102000000000005200000002002000000001400fd010200010100000000000512000000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spooler\Enum
0 REG_SZ Root\LEGACY_SPOOLER\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 (C)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc
Type REG_DWORD 32 (0x20)
Start REG_DWORD 2 (0x2)
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
DisplayName REG_SZ Central de Segurança
DependOnService REG_MULTI_SZ RpcSs\0winmgmt\0\0
ObjectName REG_SZ LocalSystem
Description REG_SZ Monitora as configurações e definições de segurança do sistema.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc\Parameters
ServiceDll REG_EXPAND_SZ %SYSTEMROOT%\system32\wscsvc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc\Security
Security REG_BINARY 01001480900000009c000000140000003000000002001c000100000002801400ff010f00010100000000000100000000020060000400000000001400fd01020001010000000000051200000000001800ff010f0001020000000000052000000020020000000014008d01020001010000000000050b00000000001800fd01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wscsvc\Enum
0 REG_SZ Root\LEGACY_WSCSVC\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

-----------------EOF-----------------

SdFix:

SDFix: Version 1.240
Run by User on qui 20/05/2010 at 12:48

Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 12:56:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"="C:\\Arquivos de programas\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Arquivos de programas\\Magebot\\server.exe"="C:\\Arquivos de programas\\Magebot\\server.exe:*:Enabled:server"
"C:\\Arquivos de programas\\Tibia\\Tibia.exe"="C:\\Arquivos de programas\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"
"C:\\Arquivos de programas\\ElfBot NG\\navserv.exe"="C:\\Arquivos de programas\\ElfBot NG\\navserv.exe:*:Enabled:navserv"
"C:\\Arquivos de programas\\tibia 8.54\\Tibia\\Tibia.exe"="C:\\Arquivos de programas\\tibia 8.54\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"
"C:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe"="C:\\Arquivos de programas\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\Arquivos de programas\\mb 8.54\\Magebot\\server.exe"="C:\\Arquivos de programas\\mb 8.54\\Magebot\\server.exe:*:Enabled:server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Arquivos de programas\\tibia 8.4\\Tibia\\Tibia.exe"="C:\\Arquivos de programas\\tibia 8.4\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"
"C:\\Arquivos de programas\\tibia 8.55\\Tibia\\Tibia.exe"="C:\\Arquivos de programas\\tibia 8.55\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"
"C:\\Arquivos de programas\\tibia 8.41\\Tibia\\Tibia.exe"="C:\\Arquivos de programas\\tibia 8.41\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"="C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Windows Explorer"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo"
"C:\\Documents and Settings\\User\\Configura‡äes locais\\temp\\Rar$EX04.812\\Magebot\\server.exe"="C:\\Documents and Settings\\User\\Configura‡äes locais\\temp\\Rar$EX04.812\\Magebot\\server.exe:*:Enabled:server"
"C:\\Arquivos de programas\\mb 8.57 tibiaking\\Magebot\\server.exe"="C:\\Arquivos de programas\\mb 8.57 tibiaking\\Magebot\\server.exe:*

isabled:server"
"C:\\Documents and Settings\\User\\Configura‡äes locais\\temp\\Rar$EX00.969\\Magebot\\server.exe"="C:\\Documents and Settings\\User\\Configura‡äes locais\\temp\\Rar$EX00.969\\Magebot\\server.exe:*:Enabled:server"
"C:\\Arquivos de programas\\Tibia 8.57\\Tibia\\Tibia.exe"="C:\\Arquivos de programas\\Tibia 8.57\\Tibia\\Tibia.exe:*:Enabled:Tibia Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled

xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :

Files with Hidden Attributes :

Fri 16 Apr 2010 2,304 A..H. --- "C:\Documents and Settings\All Users\Dados de aplicativos\avg9\srmcheck.tmp"
Tue 12 Jan 2010 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

e o hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:19, on 20/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\windows\IntelMon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\\userinit.exe,userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7FE393D6-2A55-4BCF-9588-78A89F9A49FF} - c:\windows\system32\lbycdxv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Intel Monitor] C:\windows\IntelMon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBE0016-319E-45D1-BF51-CDB4AFB448F8}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: c:\windows\elf_key.dll
O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 6314 bytes

Elthon RJ · 20/05/2010

Mr.Wolf disse:
Opa Elthon RJ, tudo bem e você?

Complicado a sua situação amigo, mas você não é o primeiro, e nem será o último, a ter um site hackeado. Sinceramente, hoje isso virou moda para os cibercriminosos.

Sim, isso é totalmente possível. É o que chamamos de Autoinfect's. Autoinfect é um código malicioso (geralmente desenhado em Javascript) inserido nos códigos do site, que contamina a máquina dos usuários automaticamente e sorrateiramente, isto é, sem que a vítima perceba que a infecção está ocorrendo. Antivirus dificilmente detectam ou bloqueiam a execução de um Autoinfect no computador, bem como anti-spywares, anti-rootkits, e etc. Você só percebe que um Autoinfect está no sistema, se abrir o gerenciador de tarefas e procurar por processos suspeitos: normalmente possuem nomes como java.exe, exec.exe, runbat.exe; ou se possuir um HIPS monitorando as atividades do sistema em real-time. Talvez, depois de algumas semanas, pode ser que o seu antivirus venha a detectá-lo, porém, será tarde demais, visto que, Autoinfect's comprometem arquivos legítimos do sistema e podem roubar dados pessoais.

Existem os Drive-by-Downloads também, que se encaixam no mesmo contexto dos Autoinfect's, mas não são a mesma coisa.

Na realidade, isso foi somente um aviso de que algo havia sido alterado. Neste exato momento, você deveria ter tirado o site do ar para corrigir o problema, pois Autoinfect não é removido de um dia para o outro dos códigos do site, pode ser prolongada a sua remoção completa.

No entanto, o WordPress está sendo bastante alvejado por crackers desde o início de 2010. Mais de 120 sites hospedados neste SGC foram atacados, e tudo isso somente em fevereiro.

Negativo.

No máximo, o e-mail seria alvo de spams.

Para que um Autoinfect seja inserido na página, ela deve, obrigatoriamente, ser hackeada por completo. Do contrário, impossível!

Olá Mr.Wolf tudo bem por aqui.

Muito obrigado pelo esclarecimento, tirou todas as minhas duvidas e muito mais pq nunca ouvi esse termo Drive-by-Downloads, Autoinfect eu já ouvi mas não tinha a minima noção que era isso.

Então pelo que entendi Mr.Wolf todos nós estamos propensos a ser atacados por esses Autoinfects e Drive-by-Downloads certo? Existe alguma maneira de evitar isso já que os anti-virus dificilmente pegam isso como vc mesmo disse? Pq as pessoas assim como eu que não entendem muito de segurança não sabem quais sites são seguros e quais são inseguros.

Lendo tudo isso, começa a cair minha ficha de que meu pc e os dos meus visitantes podem estar todos infectados por este Autoinfect não?

Estou pensando em criar um novo site com domínio proprio .com.br, o que achas? Como o Wordpress está sendo atacado como vc esclareceu acho melhor criar um proprio, pelo menos terei mais segurança não é?

Agradeço todo o esclarecimento Mr.Wolf

Abração meu querido

Mr.Wolf · 20/05/2010

arturmelhor disse:
Mr. Wolf, tem como saber se alguem instalou ou foi pego em site ou email?

arturmelhor, é difícil dizer isso. Mas posso lhe garantir que de e-mail não foi. Também é pouco provável que alguém tenha instalado-o manualmente, acredito eu. No entanto, alguém aí anda com hábitos inseguros de navegação, o malware certamente infectou seu PC a partir de um site mal-intencionado. Isso é típico de droppers.

Os logs estão limpos Artur. Pode deletar o Avenger e o RSIT.

______________________________________________

utR', o log.txt está bem incompleto. Mas pelo pouco que deu para ver, está limpo.

______________________________________________

Ferps, abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique no botão Fix checked

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\\userinit.exe,userini t.exe

Os logs estão limpos.

______________________________________________

Elthon RJ disse:
Então pelo que entendi Mr.Wolf todos nós estamos propensos a ser atacados por esses Autoinfects e Drive-by-Downloads certo?

Exato.

Existe alguma maneira de evitar isso já que os anti-virus dificilmente pegam isso como vc mesmo disse?

Evitar Autoinfect's resume-se, basicamente, em bloquear o Javascript do navegador. Lógico, isso não irá barrar qualquer tipo de Autoinfect, tampouco os desenhados em outra linguagem, mas já reduzirá 80% do risco de infecção, visto que a maioria é programado em java mesmo.

O NoScript é a solução mais eficaz para isso, porém, só funciona no Firefox. Para usuários do Chrome, basta clicar no botão

e ir em Opções > Configurações avançadas > Configurações de conteúdo > JavaScript e marcar a opção "Não permitir que nenhum site execute JavaScript". No IE vá em Ferramentas > Opções da Internet > Segurança > Nível personalizado > Desça até "Script Ativo" e selecione Desabilitar. Nos demais browsers não vou saber lhe informar.

Quanto a deter um Drive-by-Download, o link que passei anteriormente, explicando sobre esta ameaça, ensina alguns dos métodos de prevenção.

Lendo tudo isso, começa a cair minha ficha de que meu pc e os dos meus visitantes podem estar todos infectados por este Autoinfect não?

É possível. Dê uma espiada nos processos do gerenciador de tarefas, e veja se há algum suspeito.

Estou pensando em criar um novo site com domínio proprio .com.br, o que achas? Como o Wordpress está sendo atacado como vc esclareceu acho melhor criar um proprio, pelo menos terei mais segurança não é?

Não, não é. Um hacker experiente consegue explorar e hackear o que ele quiser, seja um site com domínio próprio, um sistema, um software, dados pessoais, etc. Nunca subestime-os.

A partir do momento em que um site começa a ter uma significativa movimentação, ganhar reconhecimento por parte dos internautas, desperta o interesse dos hackers também, e o site, ou seja lá o que for, torna-se um alvo iminente. Hackear algo complexo é motivo de honra para os hackers, além de ser um desafio que eles adoram.

AJFLevenhagen · 20/05/2010

Tenho quase certeza que tenho o virus infostealer.bancos algo assim
me ajudem!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:20, on 20/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ngsrv\epsng_certd.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Users\Casa\AppData\Local\Temp\service
C:\Users\Casa\AppData\Local\Temp\jqs
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Casa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tjmg.jus.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [epsng_certd] C:\Program Files\ngsrv\epsng_certd.exe -r
O4 - HKLM\..\Run: [epsng_certd_2000] C:\Program Files\ngsrv\epsng_certd.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Google Update] "C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: ngSlotDaemon (ngSlotD) - Feitian Technologies Co.,Ltd. - C:\Program Files\ngsrv\ngslotd.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: Oracle Forms Server [Forms60Server] (OracleFormsServer-Forms60Server) - Oracle Corporation - C:\orant\bin\ifsrv60.exe
O23 - Service: Oracle Reports Server [Rep60_TJMG-THINK] (OracleReportServer-Rep60_TJMG-THINK) - Oracle Corp - C:\orant\bin\rwmts60.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 11977 bytes

Elthon RJ · 21/05/2010

Mr.Wolf disse:
arturmelhor, é difícil dizer isso. Mas posso lhe garantir que de e-mail não foi. Também é pouco provável que alguém tenha instalado-o manualmente, acredito eu. No entanto, alguém aí anda com hábitos inseguros de navegação, o malware certamente infectou seu PC a partir de um site mal-intencionado. Isso é típico de droppers.

Os logs estão limpos Artur. Pode deletar o Avenger e o RSIT.

______________________________________________

utR', o log.txt está bem incompleto. Mas pelo pouco que deu para ver, está limpo.

______________________________________________

Ferps, abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique no botão Fix checked

Os logs estão limpos.

______________________________________________

Exato.

Evitar Autoinfect's resume-se, basicamente, em bloquear o Javascript do navegador. Lógico, isso não irá barrar qualquer tipo de Autoinfect, tampouco os desenhados em outra linguagem, mas já reduzirá 80% do risco de infecção, visto que a maioria é programado em java mesmo.

O NoScript é a solução mais eficaz para isso, porém, só funciona no Firefox. Para usuários do Chrome, basta clicar no botão

e ir em Opções > Configurações avançadas > Configurações de conteúdo > JavaScript e marcar a opção "Não permitir que nenhum site execute JavaScript". No IE vá em Ferramentas > Opções da Internet > Segurança > Nível personalizado > Desça até "Script Ativo" e selecione Desabilitar. Nos demais browsers não vou saber lhe informar.

Quanto a deter um Drive-by-Download, o link que passei anteriormente, explicando sobre esta ameaça, ensina alguns dos métodos de prevenção.

É possível. Dê uma espiada nos processos do gerenciador de tarefas, e veja se há algum suspeito.

Não, não é. Um hacker experiente consegue explorar e hackear o que ele quiser, seja um site com domínio próprio, um sistema, um software, dados pessoais, etc. Nunca subestime-os.

A partir do momento em que um site começa a ter uma significativa movimentação, ganhar reconhecimento por parte dos internautas, desperta o interesse dos hackers também, e o site, ou seja lá o que for, torna-se um alvo iminente. Hackear algo complexo é motivo de honra para os hackers, além de ser um desafio que eles adoram.

Olá Mr.Wolf Obrigadão mais uma vez. Vc está sanando todas as minhas dúvidas totalmente. Bom fiz tudo como disse, instalei o Noscript pq uso o firefox, segui as recomendações para não pegar um Drive-by-download que nem tava no site lá e dei uma olhada no gerenciador do pc para ver se tinha algum processo suspeito, mas sinceramente não faço a mínima idéia de quais são suspeitos e quais são originais do pc. Vc poderia me ajudar a verificar isso em meu pc? Se puder qual seria o jeito mais facil para vc me ajudar, não quero tomar seu tempo por isso quero que me diga o jeito mais simples. Rapaz eu tenho muito medo desse negócio de hacker viu. Eu to pensando mesmo em criar um site proprio, pensei que seria mais seguro mas pelo que vc disse é o mesmo risco. Teria algum jeito de evitar tanto risco em meu site pessoal? Algumas medidas, sei lá, algo assim? Muito obrigado de coração Mr.Wolf, agradeço muito mesmo Abração meu querido

Rodrimack · 23/05/2010

Mr.Wolf Bom Dia! Estou com um notebook(uso empresarial) e gostaria que vc analisasse o log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:18:52, on 23/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe
C:\Impressora\RSPrinter.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\SoftExpert\ISOSYSTEM\Server\SEServer.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Documents and Settings\lopes\Desktop\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/portal/
R3 - URLSearchHook: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnl1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnl1.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Online Radio Brazil Toolbar - {f4c23ca5-ed6c-4376-80ad-62f9161a7286} - C:\Arquivos de programas\Online_Radio_Brazil\tbOnl1.dll
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nodfix] regedit /s c:\regepica.reg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TrayHabil] C:\Arquivos de programas\Koinonia Software\Habil for Windows\TrayHabil.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RSPrinter.lnk = C:\Impressora\RSPrinter.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD6E7CE9-25D6-4D7B-ACB3-39B8F862E5A3}: NameServer = 189.1.1.10 189.1.1.249
O17 - HKLM\System\CCS\Services\Tcpip\..\{F646CDD2-14C2-4B65-9585-4D7A01842DF6}: NameServer = 200.202.193.76,200.202.193.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EvtEng - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Iap - Dell Inc - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe
O23 - Service: ISOSystem - Server (ISOSystemServer) - SoftExpert Informática e Automação Ltda. - C:\SoftExpert\ISOSYSTEM\Server\SEServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\WLKeeper.exe

Rodrimack · 23/05/2010

Continuando o resultado do Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da Base de Dados: 4132

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

23/5/2010 09:58:00
mbam-log-2010-05-23 (09-58-00).txt

Tipo de Verificação: Verificação Completa (C:\|)
Objetos escaneados: 217921
Tempo decorrido: 1 hora(s), 26 minuto(s), 53 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 2

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP854\A0114008.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP854\A0113964.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

Fernandometal2 · 25/05/2010

Grande Favor

Boa noite, sou novo por aqui, o motivo pelo que me registrei no forum foi este topico. mas achei muito legal.

Mr Wolf boa noite, poderia dar um check no meu log do hijack por favor?

Aguardo seus comentarios e instruções

Muito obrigado,

Fernando

Desculpe nao achei aonde pendurar o log entao vai na resposta mesm:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:21, on 24/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\iTunes\iTunesHelper.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe
C:\Arquivos de programas\Labtec\WebCam10\WebCam10.exe
C:\Arquivos de programas\DAEMON Tools\daemon.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\LVComSX.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\iPod\bin\iPodService.exe
C:\ARQUIV~1\MI3AA1~1\rapimgr.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\TechSmith\Snagit 9\Snagit32.exe
C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Documents and Settings\Fernando\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\TechSmith\Snagit 9\TSCHelp.exe
C:\Arquivos de programas\TechSmith\Snagit 9\SnagPriv.exe
C:\Arquivos de programas\TechSmith\Snagit 9\snagiteditor.exe
C:\Documents and Settings\Fernando\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Arquivos de programas\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Fernando\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Arquivos de programas\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Arquivos de programas\Arquivos comuns\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Arquivos de programas\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Fernando\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Network Data Management System Service] "C:\DOCUME~1\Fernando\CONFIG~1\Temp\863.exe" *
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RGSC] C:\Arquivos de programas\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [C:\Documents and Settings\Fernando\Dados de aplicativos\Sprinx Systems\SprinxCRM 6.1.3.3\install.exe] C:\Documents and Settings\Fernando\Dados de aplicativos\Sprinx Systems\SprinxCRM 6.1.3.3\install.exe /l*v "C:\Documents and Settings\Fernando\Dados de aplicativos\Sprinx Systems\SprinxCRM 6.1.3.3\msilog.txt" ProductLanguage=3082 INSTALL_TYPE=1 DB_INSTALL=1 CLOG="C:\Documents and Settings\Fernando\Dados de aplicativos\Sprinx Systems\SprinxCRM 6.1.3.3\CLOG.txt" WEB_SITE_NEW_HOST="CASA" CM="false" UID="{0069F2A6-E917-47FC-ADE5-97D280A25A17}" WIN_EDITION=""
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.miniclip.com/games/leo-steel/br/content_iframe.php"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk = C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: Snagit 9.lnk = C:\Arquivos de programas\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Atomic Email Hunter - C:\Arquivos de programas\AtomPark\Atomic Email Hunter\ie.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Criar Favorito Móvel... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARQUIV~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra button: Atomic Email Hunter - {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} - C:\Arquivos de programas\AtomPark\Atomic Email Hunter\ie.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Atomic Email Hunter - {491A6C2B-1046-486b-8A8F-7D26BCB79A9B} - C:\Arquivos de programas\AtomPark\Atomic Email Hunter\ie.htm (file missing) (HKCU)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Network Data Management System Service (BNDMSS) - Unknown owner - C:\WINDOWS\system32\bndmss.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 19797 bytes

juniorain · 27/05/2010

Mr.Wolf disse:
juniorain, siga abaixo:

Selecione e copie o texto abaixo. Cole no Bloco de Notas e salve-o no desktop como CFScript.txt

Código:

KILLALL:: File:: c:\windows\KlD.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Manager 1"=- Reglock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Arraste o CFScript para o ComboFix como na imagem aqui abaixo e aguarde a execução automática da ferramenta:

● Se for solicitado à você, pressione Enter para iniciar o processo de remoção;
● Não use o mouse nem o teclado quando o ComboFix estiver rodando;
● Quando terminar, será gerado um novo log que estará em C:\ComboFix.txt;
● Talvez seu computador seja reiniciado automaticamente. Caso não ocorra, reinicie-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Olá Mr. Wolf, desculpe por não responder por quase duas semanas, eu estive fora por um tempo, mas hoje eu fiz o passo que você disse, aqui estão os logs:
Finalmente o KlD.exe parou de iniciar com o sistema, aquilo me deixava frustrado, e por isso já agradeço.
O log do Combo Fix dessa vez ficou insanamente grande por isso ele vai por partes, não sei como ficou desse tamanho mas como eu não entendo vou passar tudo.

Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:24, on 27/05/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\ADM\AppData\Roaming\Folding@home-x86\FahCore_78.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech\NetMeter\HooNetMeter.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Folding@home.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F19F8EC-9AA4-4E96-B491-7E712296B266}: NameServer = 200.204.0.10 200.204.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 8118 bytes

Log do Combo Fix com CFScript pt.1:

ComboFix 10-05-27.01 - ADM 27/05/2010 17:04:26.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.55.1046.18.2046.1357 [GMT -3:00]
Executando de: c:\users\ADM\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\ADM\Desktop\CFScript.txt

FILE ::
"c:\windows\KlD.exe"
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\KlD.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-27 to 2010-05-27 ))))))))))))))))))))))))))))
.

2010-05-27 20:08 . 2010-05-27 20:12 -------- d-----w- c:\users\ADM\AppData\Local\temp
2010-05-27 20:08 . 2010-05-27 20:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-27 20:08 . 2010-05-27 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-27 00:27 . 2010-05-27 00:28 -------- d-----w- c:\program files\QuickTime
2010-05-27 00:27 . 2010-05-27 00:27 -------- d-----w- c:\programdata\Apple Computer
2010-05-27 00:25 . 2010-05-27 00:25 -------- d-----w- c:\program files\Common Files\Apple
2010-05-27 00:25 . 2010-05-27 00:25 -------- d-----w- c:\users\ADM\AppData\Local\Apple
2010-05-27 00:25 . 2010-05-27 00:25 -------- d-----w- c:\programdata\Apple
2010-05-27 00:25 . 2010-05-27 00:25 -------- d-----w- c:\program files\Apple Software Update
2010-05-17 02:41 . 2010-05-17 02:41 -------- d-----w- c:\program files\Trend Micro
2010-05-15 07:16 . 2010-05-15 07:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-13 20:41 . 2010-05-13 20:41 -------- d-----w- c:\users\ADM\AppData\Roaming\Malwarebytes
2010-05-13 20:41 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 20:41 . 2010-05-13 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 20:41 . 2010-05-13 20:41 -------- d-----w- c:\programdata\Malwarebytes
2010-05-13 20:41 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-12 20:18 . 2010-05-12 20:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-12 20:13 . 2010-05-26 05:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 20:13 . 2010-05-12 20:13 -------- d-----w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com
2010-05-08 01:27 . 2010-05-08 01:27 -------- d-----w- c:\users\ADM\AppData\Local\ESET
2010-05-07 19:16 . 2010-05-07 19:16 -------- d-----w- c:\program files\ESET
2010-04-28 04:33 . 2010-04-28 04:33 -------- d-----w- c:\programdata\SonicFocus
2010-04-28 04:33 . 2010-04-28 04:33 -------- d-----w- c:\program files\Analog Devices

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 20:12 . 2009-12-29 06:02 208367 ----a-w- c:\programdata\nvModes.dat
2010-05-27 20:10 . 2008-04-17 02:28 -------- d-----w- c:\programdata\NVIDIA
2010-05-27 19:59 . 2008-09-21 07:21 -------- d-----w- c:\program files\Steam
2010-05-27 19:37 . 2008-08-05 18:21 -------- d-----w- c:\users\ADM\AppData\Roaming\uTorrent
2010-05-27 19:12 . 2008-04-17 07:00 88740 ----a-w- c:\windows\system32\prfc0416.dat
2010-05-27 19:12 . 2008-04-17 07:00 517770 ----a-w- c:\windows\system32\prfh0416.dat
2010-05-27 15:13 . 2010-03-29 21:08 -------- d-----w- c:\users\ADM\AppData\Roaming\Folding@home-x86
2010-05-26 05:05 . 2008-05-23 06:47 -------- d-----w- c:\programdata\FLEXnet
2010-05-23 18:15 . 2008-08-05 18:21 -------- d-----w- c:\program files\uTorrent
2010-05-17 02:03 . 2008-04-17 02:17 102832 ----a-w- c:\users\ADM\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-15 07:16 . 2010-05-15 07:16 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-15 02:59 . 2008-11-06 20:16 -------- d-----w- c:\program files\JetAudio
2010-05-14 05:11 . 2008-09-21 07:21 -------- d-----w- c:\program files\Common Files\Steam
2010-05-13 05:49 . 2010-05-12 20:20 63488 ----a-w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-13 05:49 . 2010-05-12 20:20 117760 ----a-w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-12 20:20 . 2010-05-12 20:20 52224 ----a-w- c:\users\ADM\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-12 20:12 . 2008-07-10 04:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-12 14:21 . 2009-10-03 05:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-10 07:26 . 2010-01-03 18:17 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-10 07:24 . 2008-05-01 19:33 -------- d-----w- c:\users\ADM\AppData\Roaming\Winamp
2010-05-10 07:24 . 2008-04-19 18:03 -------- d-----w- c:\users\ADM\AppData\Roaming\DAEMON Tools
2010-05-10 07:24 . 2010-01-03 18:10 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-05-10 07:24 . 2009-10-25 20:58 -------- d-----w- c:\program files\SopCast
2010-05-10 07:24 . 2009-12-24 05:32 -------- d-----w- c:\program files\Megacubo
2010-05-10 07:24 . 2010-01-03 18:17 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-10 07:24 . 2008-12-27 05:53 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-10 07:24 . 2008-12-27 05:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-10 07:24 . 2008-04-30 19:36 -------- d-----w- c:\program files\Activision
2010-05-05 15:36 . 2008-04-23 03:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 23:36 . 2008-04-24 04:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 23:36 . 2008-04-26 07:25 -------- d-----w- c:\program files\Electronic Arts
2010-04-26 05:36 . 2010-04-26 05:36 -------- d-----w- c:\program files\Creative
2010-04-26 05:36 . 2008-04-24 04:45 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-26 05:36 . 2008-04-24 04:45 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-26 02:46 . 2010-04-26 02:46 -------- d-----w- c:\program files\THQ
2010-04-25 17:57 . 2008-10-12 17:36 -------- d-----w- c:\programdata\Electronic Arts
2010-04-24 01:46 . 2008-04-17 02:17 1356 ----a-w- c:\users\ADM\AppData\Local\d3d9caps.dat
2010-04-23 22:45 . 2010-04-23 21:31 -------- d-----w- c:\program files\Crysis Warhead
2010-04-12 21:04 . 2008-04-17 03:41 -------- d-----w- c:\programdata\DVD Shrink
2010-04-07 23:37 . 2010-04-07 23:37 98477 ----a-r- c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe
2010-04-07 23:37 . 2010-04-07 23:37 98477 ----a-r- c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe
2010-04-07 23:37 . 2010-04-07 23:37 10134 ----a-r- c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe
2010-04-07 23:37 . 2010-04-07 23:37 -------- d-----w- c:\program files\Folding@home
2010-04-04 15:55 . 2010-04-04 15:55 1656832 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\FahCore_a0.exe
2010-04-04 15:55 . 2010-04-04 15:55 1382280 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\libfftw3f-3.dll
2010-04-04 02:29 . 2010-04-04 02:29 1683456 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\FahCore_82.exe
2010-03-29 21:26 . 2010-03-29 21:26 2338816 ----a-w- c:\users\ADM\AppData\Roaming\Folding@home-x86\FahCore_78.exe
2010-02-26 19:16 . 2010-02-26 18:55 29853 ----a-w- c:\program files\trapcodeform.log
.

------- Sigcheck -------

[-] 2008-04-21 . 8828315F2976C705D5A668DE1AA58555 . 802816 . . [6.0.6000.16386] . . c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-05-27_19.52.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 07:22 . 2006-11-02 06:29 18271 c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_6.0.6000.16386_none_954e12fc5bf8b67a\StructuredQuerySchemaTrivial.bin
+ 2006-11-02 07:22 . 2006-11-02 06:29 99999 c:\windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_6.0.6000.16386_none_954e12fc5bf8b67a\StructuredQuerySchema.bin
+ 2006-11-02 08:37 . 2006-11-02 09:46 49152 c:\windows\winsxs\x86_umb_31bf3856ad364e35_6.0.6000.16386_none_8480866f1ae0d405\umb.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 32768 c:\windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.16386_none_ea5acd8d67a02ef5\RegSvcs.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 53248 c:\windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.0.6000.16386_none_173fa2e7152d3645\RegAsm.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 53248 c:\windows\winsxs\x86_pnpxassocprx_31bf3856ad364e35_6.0.6000.16386_none_654f23b464b6e29a\PNPXAssocPrx.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 69632 c:\windows\winsxs\x86_pnpxassoc_31bf3856ad364e35_6.0.6000.16386_none_304d2237728a25d6\PNPXAssoc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 28160 c:\windows\winsxs\x86_netfx-wminet_utils_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_735d77df7a16028b\WMINet_Utils.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 71680 c:\windows\winsxs\x86_netfx-tlbref_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_613d08e55393a756\TLBREF.DLL
+ 2006-11-02 06:34 . 2006-11-02 06:34 85504 c:\windows\winsxs\x86_netfx-shfusion_res_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_a63c20a9cbd96a81\ShFusRes.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 78336 c:\windows\winsxs\x86_netfx-perfcounter_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_2a02772aff510a96\PerfCounter.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 15360 c:\windows\winsxs\x86_netfx-normalization_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_dc5bf0ae2d4f6fc2\normalization.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 89600 c:\windows\winsxs\x86_netfx-ngen_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_77e860c04a4c2385\ngen.exe
+ 2006-11-02 06:33 . 2006-11-02 06:33 72704 c:\windows\winsxs\x86_netfx-netfxsbs10_exe_31bf3856ad364e35_6.0.6000.16386_none_39582d78b1095a04\NETFXSBS10.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 10240 c:\windows\winsxs\x86_netfx-mscortim_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_cec954a364832345\mscortim.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 59392 c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_2021a451e82131db\mscorsvw.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 22528 c:\windows\winsxs\x86_netfx-mscorsecr_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_a5c0f813ee2ed1f8\mscorsecr.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 67072 c:\windows\winsxs\x86_netfx-mscorsec_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_11dcd325f46ef956\mscorsec.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 86528 c:\windows\winsxs\x86_netfx-mscormmc_dll_rtm_31bf3856ad364e35_6.0.6000.16386_none_a54be316cc7a2f65\mscormmc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 81408 c:\windows\winsxs\x86_netfx-mscorld_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_c30a9235495732ed\mscorld.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 74240 c:\windows\winsxs\x86_netfx-mscories_dll_31bf3856ad364e35_6.0.6000.16386_none_bbec5b65f4df9959\mscories.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 36864 c:\windows\winsxs\x86_netfx-mscorie_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_eac2005b6fd42d71\mscorie.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 73216 c:\windows\winsxs\x86_netfx-mscordbc_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_6d1b5243c560db72\mscordbc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 55296 c:\windows\winsxs\x86_netfx-installutillib_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_b6e1e631d82aaeaf\InstallUtilLib.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 32768 c:\windows\winsxs\x86_netfx-fw_netfxperf_dll_31bf3856ad364e35_6.0.6000.16386_none_925ce6867e4dfdfc\netfxperf.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 26624 c:\windows\winsxs\x86_netfx-dw_b03f5f7f11d50a3a_6.0.6000.16386_none_cdc7ed1d1ae18477\dw20.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 83968 c:\windows\winsxs\x86_netfx-dfshim_dll_31bf3856ad364e35_6.0.6000.16386_none_76493474600eda19\dfshim.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 52736 c:\windows\winsxs\x86_netfx-dfdll_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_887bbb9454368959\dfdll.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 25600 c:\windows\winsxs\x86_netfx-cvtres_for_vc_and_vb_b03f5f7f11d50a3a_6.0.6000.16386_none_e5eb996633b707c2\cvtres.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 17920 c:\windows\winsxs\x86_netfx-culture_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_dad951e64fe4ffb9\Culture.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 70656 c:\windows\winsxs\x86_netfx-csharp_compiler_csc_b03f5f7f11d50a3a_6.0.6000.16386_none_fea421ba2cc2d199\csc.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 88576 c:\windows\winsxs\x86_netfx-corperfmonext_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_b31310afc29c6b21\CORPerfMonExt.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 95232 c:\windows\winsxs\x86_netfx-clrgc_b03f5f7f11d50a3a_6.0.6000.16386_none_20f69241f8b2f71d\clrgc.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 47616 c:\windows\winsxs\x86_netfx-clr_sys_entservcs_thunk_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_528b86b0b782b897\System.EnterpriseServices.Thunk.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 23552 c:\windows\winsxs\x86_netfx-aspnet_wp_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_c51455248bf19310\aspnet_wp.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 24064 c:\windows\winsxs\x86_netfx-aspnet_state_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_81486aa9c284a376\aspnet_state.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 23040 c:\windows\winsxs\x86_netfx-aspnet_regiis_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_12533aab21a2c6d8\aspnet_regiis.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 75264 c:\windows\winsxs\x86_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_6.0.6000.16386_none_30455c49fd6dcdbb\aspnet_rc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 23552 c:\windows\winsxs\x86_netfx-aspnet_perf_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_ddd5c5f6fc614a9e\Aspnet_perf.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 87040 c:\windows\winsxs\x86_netfx-aspnet_mmc_asp_ext_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_90ee1bebd2cc5bb9\MmcAspExt.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 10752 c:\windows\winsxs\x86_netfx-aspnet_filter_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_d57ba977578b0ec9\aspnet_filter.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 49152 c:\windows\winsxs\x86_netfx-applaunch_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_c5623d346a9c29f7\AppLaunch.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 19456 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_6.0.6000.16386_none_655c53dca4acdafc\alinkui.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 87552 c:\windows\winsxs\x86_netfx-_vc_assembly_linker_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_39276ed5eb38bec0\alink.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 69632 c:\windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.0.6000.16386_none_815e96e1b0e084be\MSBuild.exe
+ 2006-11-02 08:33 . 2006-11-02 09:38 34304 c:\windows\winsxs\x86_microsoft.windows.isolationautomation_6595b64144ccf1df_1.0.0.0_none_35d357a66c38ade4\sxsoa.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 32768 c:\windows\winsxs\x86_microsoft.windows.h...sdhost-driverclass_31bf3856ad364e35_6.0.6000.16386_none_c0bab67ccb44751b\sdhcinst.dll
+ 2006-11-02 07:18 . 2006-11-02 09:47 77824 c:\windows\winsxs\x86_microsoft.interop.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_155c2822e3529886\Microsoft.Interop.Security.AzRoles.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 36352 c:\windows\winsxs\x86_microsoft-windows-xcopy_31bf3856ad364e35_6.0.6000.16386_none_60bee8acf7612ea7\xcopy.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 15872 c:\windows\winsxs\x86_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_6.0.6000.16386_none_29080b40ee5b20f1\sfc.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 46592 c:\windows\winsxs\x86_microsoft-windows-wmiperf_31bf3856ad364e35_6.0.6000.16386_none_9d63522cb56cc4fc\WmiPerfInst.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 90624 c:\windows\winsxs\x86_microsoft-windows-wmiperf_31bf3856ad364e35_6.0.6000.16386_none_9d63522cb56cc4fc\WmiPerfClass.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 43520 c:\windows\winsxs\x86_microsoft-windows-whoami_31bf3856ad364e35_6.0.6000.16386_none_cc45bc5a84eb17ed\whoami.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 36352 c:\windows\winsxs\x86_microsoft-windows-where_31bf3856ad364e35_6.0.6000.16386_none_5b9c7723e13f8233\where.exe
+ 2006-11-02 08:37 . 2006-11-02 08:37 32256 c:\windows\winsxs\x86_microsoft-windows-watchdog_31bf3856ad364e35_6.0.6000.16386_none_5e322640ac9100dd\watchdog.sys
+ 2006-11-02 08:32 . 2006-11-02 09:45 34816 c:\windows\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_6.0.6000.16386_none_b42ef3e57e488814\waitfor.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 22528 c:\windows\winsxs\x86_microsoft-windows-w..ropertypageprovider_31bf3856ad364e35_6.0.6000.16386_none_80da38b48015c397\wmiprop.dll
+ 2006-11-02 07:15 . 2006-11-02 07:15 13312 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6000.16386_none_c82eb363b01cbb81\WsmRes.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 26112 c:\windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6000.16386_none_8ed67188503ba527\TrustedInstaller.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-transactionmanagerapi_31bf3856ad364e35_6.0.6000.16386_none_54a08e0fd70d0ac9\ktmw32.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 54784 c:\windows\winsxs\x86_microsoft-windows-tpm-tbs-core_31bf3856ad364e35_6.0.6000.16386_none_e1ec163b96356c27\tbssvc.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 11264 c:\windows\winsxs\x86_microsoft-windows-tpm-tbs-core_31bf3856ad364e35_6.0.6000.16386_none_e1ec163b96356c27\tbs.dll
+ 2006-11-02 08:30 . 2006-11-02 09:45 86528 c:\windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6000.16386_none_754654f2e2561352\TpmInit.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 40960 c:\windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.0.6000.16386_none_754654f2e2561352\tpmcompc.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 28160 c:\windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.0.6000.16386_none_8a2daac4c959a079\timeout.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 43008 c:\windows\winsxs\x86_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_6.0.6000.16386_none_f237a14d382b63e3\TimeDateMUICallback.dll
+ 2006-11-02 06:50 . 2006-09-18 21:49 19216 c:\windows\winsxs\x86_microsoft-windows-tapicore_31bf3856ad364e35_6.0.6000.16386_none_e203168e49ab8983\tapi.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 51712 c:\windows\winsxs\x86_microsoft-windows-takeown_31bf3856ad364e35_6.0.6000.16386_none_f7b4a3ce18b30927\takeown.exe
+ 2006-11-02 07:32 . 2006-11-02 07:32 84992 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pipanel.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 15872 c:\windows\winsxs\x86_microsoft-windows-sysprep-spopk_31bf3856ad364e35_6.0.6000.16386_none_157af2c3507d4faa\spopk.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 60928 c:\windows\winsxs\x86_microsoft-windows-sysprep-spbcd_31bf3856ad364e35_6.0.6000.16386_none_103ca26353cef831\spbcd.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 26624 c:\windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.0.6000.16386_none_ac15da205ab8aa66\sxstrace.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 72704 c:\windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.0.6000.16386_none_ac15da205ab8aa66\SxsMigPlugin.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 22016 c:\windows\winsxs\x86_microsoft-windows-sxs-store_31bf3856ad364e35_6.0.6000.16386_none_697f51c55647ebe2\sxsstore.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 19968 c:\windows\winsxs\x86_microsoft-windows-sort_31bf3856ad364e35_6.0.6000.16386_none_a98761571c97d992\sort.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 62976 c:\windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6000.16386_none_aa03e6011c468ee6\smss.exe
+ 2006-11-02 08:31 . 2006-11-02 08:31 85504 c:\windows\winsxs\x86_microsoft-windows-smbserver-common_31bf3856ad364e35_6.0.6000.16386_none_019f6c38133c05e3\srvnet.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 57856 c:\windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16386_none_88a4339f8cdad022\mrxsmb20.sys
+ 2006-11-02 08:30 . 2006-11-02 09:46 20480 c:\windows\winsxs\x86_microsoft-windows-sisbkup_31bf3856ad364e35_6.0.6000.16386_none_5ab082a960b1481b\sisbkup.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 67584 c:\windows\winsxs\x86_microsoft-windows-sigverif_31bf3856ad364e35_6.0.6000.16386_none_b962c260fe7391d7\sigverif.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 38400 c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc_os.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 46080 c:\windows\winsxs\x86_microsoft-windows-setx_31bf3856ad364e35_6.0.6000.16386_none_aa4013d31c25521a\setx.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 54272 c:\windows\winsxs\x86_microsoft-windows-setupcl_31bf3856ad364e35_6.0.6000.16386_none_567843d7ee5cdd00\setupcl.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 39936 c:\windows\winsxs\x86_microsoft-windows-setup-upgrade_31bf3856ad364e35_6.0.6000.16386_none_8125075ce5c51b44\lnkstub.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 41472 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\windeploy.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 47104 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\wdsutil.dll
+ 2006-11-02 08:34 . 2006-11-02 09:45 93696 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\sysprep.exe
+ 2006-11-02 08:34 . 2006-11-02 09:46 52736 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\spprgrss.dll
+ 2006-11-02 08:34 . 2006-11-02 09:45 42496 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\oobeldr.exe
+ 2006-11-02 08:34 . 2006-11-02 09:46 31232 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\diagER.dll
+ 2006-11-02 08:34 . 2006-11-02 09:44 51712 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\audit.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 50688 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16386_none_07289f4cca5f6990\wrpint.dll
+ 2006-11-02 08:36 . 2006-11-02 09:45 99840 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16386_none_07289f4cca5f6990\poqexec.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 95232 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16386_none_07289f4cca5f6990\DrUpdate.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 17408 c:\windows\winsxs\x86_microsoft-windows-servicingstack-msg_31bf3856ad364e35_6.0.6000.16386_none_3c68a7f72e1c56b2\CbsMsg.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 22016 c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 42496 c:\windows\winsxs\x86_microsoft-windows-servicereportingapi_31bf3856ad364e35_6.0.6000.16386_none_6a6960ac7c31f2b3\osblprov.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 19968 c:\windows\winsxs\x86_microsoft-windows-servicereportingapi_31bf3856ad364e35_6.0.6000.16386_none_6a6960ac7c31f2b3\osbaseln.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 14848 c:\windows\winsxs\x86_microsoft-windows-secinit_31bf3856ad364e35_6.0.6000.16386_none_85812e7bd013283b\secinit.exe
+ 2006-11-02 08:30 . 2006-11-02 09:45 13312 c:\windows\winsxs\x86_microsoft-windows-s..otservicing-utility_31bf3856ad364e35_6.0.6000.16386_none_730def2b8ecbb6c4\fveupdate.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 31744 c:\windows\winsxs\x86_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_6.0.6000.16386_none_7237791cd7c1a1bc\sc.exe
+ 2006-11-02 07:16 . 2006-11-02 09:49 18536 c:\windows\winsxs\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de\spldr.sys
+ 2006-11-02 07:20 . 2006-10-04 01:45 61618 c:\windows\winsxs\x86_microsoft-windows-s..ity-licensing-tools_31bf3856ad364e35_6.0.6000.16386_none_c31344726af92eb7\slmgr.vbs
+ 2006-11-02 08:32 . 2006-11-02 09:46 10240 c:\windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6000.16386_none_159d040b0d019f35\dfrgifps.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 58880 c:\windows\winsxs\x86_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_6.0.6000.16386_none_159d040b0d019f35\dfrgifc.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 41984 c:\windows\winsxs\x86_microsoft-windows-s..ddriverprovider-dll_31bf3856ad364e35_6.0.6000.16386_none_705a854bb7dec2c8\signdrv.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 16896 c:\windows\winsxs\x86_microsoft-windows-runas_31bf3856ad364e35_6.0.6000.16386_none_5db18748608251d3\runas.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 87040 c:\windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.0.6000.16386_none_c4d06d84ef792be5\Robocopy.exe
+ 2006-11-02 08:37 . 2006-11-02 09:45 14848 c:\windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6000.16386_none_7dfea5cf27338b4c\RmClient.exe
+ 2006-11-02 08:32 . 2006-11-02 09:46 13824 c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\clb.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 11776 c:\windows\winsxs\x86_microsoft-windows-recover_31bf3856ad364e35_6.0.6000.16386_none_83dc8bd2b7afee9e\recover.exe
+ 2006-11-02 08:37 . 2006-11-02 09:45 20480 c:\windows\winsxs\x86_microsoft-windows-r..bilityanalysisagent_31bf3856ad364e35_6.0.6000.16386_none_2489e0eea34ebaab\RacAgent.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 60928 c:\windows\winsxs\x86_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.0.6000.16386_none_2f5d72012dc46811\reg.exe
+ 2006-11-02 08:30 . 2006-11-02 09:49 24168 c:\windows\winsxs\x86_microsoft-windows-pshed_31bf3856ad364e35_6.0.6000.16386_none_59bc215430297e40\PSHED.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:45 32768 c:\windows\winsxs\x86_microsoft-windows-pnputil_31bf3856ad364e35_6.0.6000.16386_none_fb2d0095bf9c759a\PnPutil.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 44544 c:\windows\winsxs\x86_microsoft-windows-pnpsysprep_31bf3856ad364e35_6.0.6000.16386_none_3f86b980ba274e54\sppnp.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 64000 c:\windows\winsxs\x86_microsoft-windows-pnpibs_31bf3856ad364e35_6.0.6000.16386_none_3fc3ba676f061664\pnpibs.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 53248 c:\windows\winsxs\x86_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.0.6000.16386_none_e6aa6f8d4dd35dff\hotplug.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 25600 c:\windows\winsxs\x86_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.0.6000.16386_none_e6aa6f8d4dd35dff\DeviceEject.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 42496 c:\windows\winsxs\x86_microsoft-windows-pnpdevicemanager_31bf3856ad364e35_6.0.6000.16386_none_119fd8762295a7d9\dmocx.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 46080 c:\windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6000.16386_none_99d2fc2fa408df3c\pdhui.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 32256 c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16386_none_6f4f3b5c01fbb89d\unlodctr.exe
+ 2006-11-02 07:03 . 2006-11-02 09:42 17408 c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16386_none_6f4f3b5c01fbb89d\prflbmsg.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 38912 c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16386_none_6f4f3b5c01fbb89d\lodctr.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 57856 c:\windows\winsxs\x86_microsoft-windows-p..tomizationsnonwinpe_31bf3856ad364e35_6.0.6000.16386_none_c9982767924bb110\PnPUnattend.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 95744 c:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\PlaMig.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 10240 c:\windows\winsxs\x86_microsoft-windows-p..play-troubleshooter_31bf3856ad364e35_6.0.6000.16386_none_b82255883cccfc4a\pnpts.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 35840 c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6000.16386_none_2f3c7bc7602ec1c4\perfproc.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 28672 c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6000.16386_none_2f3c7bc7602ec1c4\perfos.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 18944 c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6000.16386_none_2f3c7bc7602ec1c4\perfnet.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 31744 c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6000.16386_none_2f3c7bc7602ec1c4\perfdisk.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 39424 c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6000.16386_none_2f3c7bc7602ec1c4\perfctrs.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 39936 c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6000.16386_none_5eecb8d501ea0d84\typeperf.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 37376 c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6000.16386_none_5eecb8d501ea0d84\relog.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 55808 c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6000.16386_none_5eecb8d501ea0d84\logman.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 17408 c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6000.16386_none_5eecb8d501ea0d84\diskperf.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 16384 c:\windows\winsxs\x86_microsoft-windows-p..ment-troubleshooter_31bf3856ad364e35_6.0.6000.16386_none_83edfa29bd24239e\pots.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 62976 c:\windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.0.6000.16386_none_e4efa504ed79192f\openfiles.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 16384 c:\windows\winsxs\x86_microsoft-windows-ocsetupapi_31bf3856ad364e35_6.0.6000.16386_none_af90734f6648a6f1\ocsetapi.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 35840 c:\windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.0.6000.16386_none_e1466ffa625cb69f\ocsetup.exe
+ 2006-11-02 08:31 . 2006-11-02 09:46 22016 c:\windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6000.16386_none_a93437d4fc3a291c\cscdll.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 27648 c:\windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6000.16386_none_a93437d4fc3a291c\cscapi.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 17408 c:\windows\winsxs\x86_microsoft-windows-ntvdm-vdmdbg_31bf3856ad364e35_6.0.6000.16386_none_4c965cc386c7d1ee\vdmdbg.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 13312 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\win87em.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 12704 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WFWNET.DRV
+ 2006-11-02 08:35 . 2006-11-02 09:46 41984 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vdmredir.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 47840 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\USER.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 13888 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\TOOLHELP.DLL
+ 2006-11-02 06:25 . 2006-09-18 21:43 18896 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sysedit.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 11753 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\setver.exe
+ 2006-11-02 06:25 . 2006-09-18 21:43 46592 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\pmspl.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 24064 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\OLESVR.DLL
+ 2006-11-02 06:25 . 2006-09-18 21:43 82944 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\olecli.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 14848 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\ntvdmd.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 34672 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTIO804.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 35536 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTIO412.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 35776 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTIO411.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 34672 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTIO404.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 33952 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTIO.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29146 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTDOS804.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29274 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTDOS412.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29370 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTDOS411.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29146 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTDOS404.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 27866 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\NTDOS.SYS
+ 2006-11-02 07:10 . 2006-11-02 07:10 68992 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\MMSYSTEM.DLL
+ 2006-11-02 07:09 . 2006-11-02 07:09 39274 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mem.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 92320 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\krnl386.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 42537 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\KEYBOARD.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 42809 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\KEY01.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 14710 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\KB16.COM
+ 2006-11-02 07:09 . 2006-11-02 07:09 19694 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\GRAPHICS.COM
+ 2006-11-02 08:35 . 2006-11-02 08:35 56320 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\graftabl.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 24576 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\GDI.EXE
+ 2006-11-02 07:09 . 2006-11-02 07:09 12642 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\edlin.exe
+ 2006-11-02 07:09 . 2006-09-18 21:43 69886 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\edit.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 28112 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\DRWATSON.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 53536 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\dosx.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 20634 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\debug.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 39424 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\DDEML.DLL
+ 2006-11-02 06:25 . 2006-09-18 21:43 27200 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\ctl3dv2.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 46080 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\csrstub.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 27097 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\country.sys
+ 2006-11-02 07:10 . 2006-11-02 07:10 32816 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\COMMDLG.DLL
+ 2006-11-02 07:09 . 2006-11-02 07:09 50648 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\COMMAND.COM
+ 2006-11-02 07:10 . 2006-11-02 07:10 10544 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\COMM.drv
+ 2006-11-02 07:09 . 2006-11-02 07:09 12498 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\append.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 12704 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\WFWNET.DRV
+ 2006-11-02 07:10 . 2006-11-02 07:10 24064 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\OLESVR.DLL
+ 2006-11-02 06:25 . 2006-09-18 21:43 82944 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\olecli.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 68992 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\MMSYSTEM.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 32816 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\COMMDLG.DLL
+ 2006-11-02 08:30 . 2006-11-02 08:30 34816 c:\windows\winsxs\x86_microsoft-windows-npfs_31bf3856ad364e35_6.0.6000.16386_none_a43ac2e12000223b\npfs.sys
+ 2006-11-02 08:33 . 2006-11-02 09:45 74752 c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6000.16386_none_0f3f895853be06df\newdev.exe
+ 2006-11-02 07:40 . 2006-11-02 09:41 15360 c:\windows\winsxs\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16386_none_580f96856da3bf5f\netevent.dll
+ 2006-11-02 08:34 . 2006-11-02 09:45 24064 c:\windows\winsxs\x86_microsoft-windows-netcfg_31bf3856ad364e35_6.0.6000.16386_none_0df819bc548e7641\netcfg.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 19968 c:\windows\winsxs\x86_microsoft-windows-ncdprop_31bf3856ad364e35_6.0.6000.16386_none_517efa3713182ac6\NcdProp.dll
+ 2006-11-02 08:31 . 2006-11-02 09:50 46696 c:\windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.0.6000.16386_none_aabb87325b98b7e4\mup.sys
+ 2006-11-02 08:29 . 2006-11-02 09:46 58368 c:\windows\winsxs\x86_microsoft-windows-msvcirt_31bf3856ad364e35_6.0.6000.16386_none_5e8661e6a11df602\msvcirt.dll
+ 2006-11-02 08:30 . 2006-11-02 08:30 22528 c:\windows\winsxs\x86_microsoft-windows-msfs_31bf3856ad364e35_6.0.6000.16386_none_a4397e3f200155c7\msfs.sys
+ 2006-11-02 06:52 . 2006-11-02 09:41 58368 c:\windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6000.16386_none_c50bb8527b8263e8\msobjs.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 12288 c:\windows\winsxs\x86_microsoft-windows-mountvol_31bf3856ad364e35_6.0.6000.16386_none_b022b77154883b2e\mountvol.exe
+ 2006-11-02 07:28 . 2006-11-02 07:28 39424 c:\windows\winsxs\x86_microsoft-windows-mail-core_31bf3856ad364e35_6.0.6000.16386_none_e6f1ab358d3b7f5f\ACCTRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6000.16386_none_777a686e5ba19395\INETRES.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 95232 c:\windows\winsxs\x86_microsoft-windows-m..tion-isolationlayer_31bf3856ad364e35_6.0.6000.16386_none_5bb940130b71de6c\migisol.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 30749 c:\windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.0.6000.16386_none_735b8f8d953639a8\vbajet32.dll
+ 2006-11-02 06:47 . 2006-11-02 06:47 49179 c:\windows\winsxs\x86_microsoft-windows-m..ponents-mdac-sqlwoa_31bf3856ad364e35_6.0.6000.16386_none_174a466c7089e370\sqlwoa.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 24603 c:\windows\winsxs\x86_microsoft-windows-m..ponents-mdac-sqlwid_31bf3856ad364e35_6.0.6000.16386_none_17440058708f9849\sqlwid.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 23040 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\ureg.dll
+ 2006-11-02 08:32 . 2006-11-02 08:32 16384 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\tree.com
+ 2006-11-02 08:32 . 2006-11-02 09:45 13824 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\subst.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 16896 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\replace.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 13824 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\print.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 20992 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\more.com
+ 2006-11-02 08:32 . 2006-11-02 08:32 25088 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\mode.com
+ 2006-11-02 08:32 . 2006-11-02 09:45 13312 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\find.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 15360 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\doskey.exe
+ 2006-11-02 08:31 . 2006-11-02 08:31 11776 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\chcp.com
+ 2006-11-02 08:31 . 2006-11-02 09:44 16384 c:\windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.0.6000.16386_none_7ae62bab6a6983a7\attrib.exe
+ 2006-11-02 08:30 . 2006-11-02 09:45 45568 c:\windows\winsxs\x86_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.0.6000.16386_none_a15142f3a9192ea5\ucsvc.exe
+ 2006-11-02 06:47 . 2006-11-02 09:46 20535 c:\windows\winsxs\x86_microsoft-windows-m..nents-mdac-odbc-jet_31bf3856ad364e35_6.0.6000.16386_none_c91f67973cf2633d\vfpodbc.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 77824 c:\windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\msjter40.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 61440 c:\windows\winsxs\x86_microsoft-windows-m..b-odbc-provider-rll_31bf3856ad364e35_6.0.6000.16386_none_21868590142b09e5\msdasqlr.dll
+ 2006-11-02 08:11 . 2006-09-18 21:28 26224 c:\windows\winsxs\x86_microsoft-windows-m..-driver-thunking-16_31bf3856ad364e35_6.0.6000.16386_none_23de647c5b7b5c95\odbc16gt.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 88064 c:\windows\winsxs\x86_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.0.6000.16386_none_26af70cfe9c03a50\MdRes.exe
+ 2006-11-02 08:33 . 2006-11-02 08:33 83456 c:\windows\winsxs\x86_microsoft-windows-lua-filevirtualization_31bf3856ad364e35_6.0.6000.16386_none_65aa62d7a7af9a58\luafv.sys
+ 2006-11-02 08:33 . 2006-11-02 09:45 80384 c:\windows\winsxs\x86_microsoft-windows-legacyhwui_31bf3856ad364e35_6.0.6000.16386_none_e03d60674b55d87a\hdwwiz.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 14336 c:\windows\winsxs\x86_microsoft-windows-label_31bf3856ad364e35_6.0.6000.16386_none_54f849cbcd5d6ed8\label.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 12800 c:\windows\winsxs\x86_microsoft-windows-ktmutil_31bf3856ad364e35_6.0.6000.16386_none_86533622043dc79c\ktmutil.exe
+ 2006-11-02 06:59 . 2006-11-02 09:43 57344 c:\windows\winsxs\x86_microsoft-windows-international-nlsbuild_31bf3856ad364e35_6.0.6000.16386_none_9195f2c6090d0e62\nlsbres.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 24576 c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\Nlsdl.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 89088 c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\nlscoremig.dll
+ 2006-11-02 08:30 . 2006-11-02 09:45 44544 c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\MuiUnattend.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 26112 c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\idndl.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 11776 c:\windows\winsxs\x86_microsoft-windows-infdefaultinstall_31bf3856ad364e35_6.0.6000.16386_none_6a5dc1c39f245925\InfDefaultInstall.exe
+ 2006-11-02 08:36 . 2006-11-02 09:46 16384 c:\windows\winsxs\x86_microsoft-windows-ie-runoncessetup_31bf3856ad364e35_6.0.6000.16386_none_86b80675ce2ea891\iessetup.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16386_none_f136c484bd3b8b6d\mshtmler.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 26624 c:\windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.0.6000.16386_none_307ddd14a90f2087\icacls.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 10240 c:\windows\winsxs\x86_microsoft-windows-i..odepage-iso2022core_31bf3856ad364e35_6.0.6000.16386_none_5df33f14735ba3ea\C_IS2022.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:46 10752 c:\windows\winsxs\x86_microsoft-windows-i..odepage-57002-57011_31bf3856ad364e35_6.0.6000.16386_none_3734d6eadb683c21\C_ISCII.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:46 49664 c:\windows\winsxs\x86_microsoft-windows-gacinstaller_1122334455667788_6.0.6000.16386_none_9f2789633f60ecce\gacinstall.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 54784 c:\windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.0.6000.16386_none_ca2d527cf3018b5d\fsutil.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 35328 c:\windows\winsxs\x86_microsoft-windows-format_31bf3856ad364e35_6.0.6000.16386_none_245220b68d0e8205\format.com
+ 2006-11-02 08:32 . 2006-11-02 09:45 43520 c:\windows\winsxs\x86_microsoft-windows-forfiles_31bf3856ad364e35_6.0.6000.16386_none_52ecada3e09db976\forfiles.exe
+ 2006-11-02 08:31 . 2006-11-02 09:46 23040 c:\windows\winsxs\x86_microsoft-windows-fmifs_31bf3856ad364e35_6.0.6000.16386_none_54d7af8934ac24f1\fmifs.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 60928 c:\windows\winsxs\x86_microsoft-windows-findstr_31bf3856ad364e35_6.0.6000.16386_none_24f8c9665cc996b0\findstr.exe
+ 2006-11-02 08:30 . 2006-11-02 09:45 18944 c:\windows\winsxs\x86_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.0.6000.16386_none_1756f106286c9d0d\fltMC.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 14848 c:\windows\winsxs\x86_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.0.6000.16386_none_1756f106286c9d0d\fltLib.dll
+ 2006-11-02 08:32 . 2006-11-02 08:32 27648 c:\windows\winsxs\x86_microsoft-windows-filetracefilter_31bf3856ad364e35_6.0.6000.16386_none_f88d91e67032c7bd\filetrace.sys
+ 2006-11-02 08:36 . 2006-11-02 09:49 56424 c:\windows\winsxs\x86_microsoft-windows-fileinfominifilter_31bf3856ad364e35_6.0.6000.16386_none_d47e39293462c23f\fileinfo.sys
+ 2006-11-02 08:36 . 2006-11-02 09:46 66048 c:\windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\resutils.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 99328 c:\windows\winsxs\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.0.6000.16386_none_e75f95dbf2c248c4\ulib.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 19968 c:\windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.0.6000.16386_none_fe8fe28738714146\fc.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 20480 c:\windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.0.6000.16386_none_fe8fe28738714146\comp.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 11264 c:\windows\winsxs\x86_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.0.6000.16386_none_d74a1f39784332a7\diskcopy.com
+ 2006-11-02 08:32 . 2006-11-02 08:32 13824 c:\windows\winsxs\x86_microsoft-windows-f..opycompareutilities_31bf3856ad364e35_6.0.6000.16386_none_d74a1f39784332a7\diskcomp.com
+ 2006-11-02 08:31 . 2006-11-02 09:46 92672 c:\windows\winsxs\x86_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_6.0.6000.16386_none_4c2b2b995cd99597\ufat.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 66048 c:\windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.0.6000.16386_none_93ec0979981e8f08\driverquery.exe
+ 2006-11-02 08:31 . 2006-11-02 08:31 74752 c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys
+ 2006-11-02 08:34 . 2006-11-02 09:45 83456 c:\windows\winsxs\x86_microsoft-windows-deployment_31bf3856ad364e35_6.0.6000.16386_none_f9b834cef062f14f\setupugc.exe
+ 2006-11-02 08:36 . 2006-11-02 09:46 35328 c:\windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee\mspatcha.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 95232 c:\windows\winsxs\x86_microsoft-windows-defrag-fat_31bf3856ad364e35_6.0.6000.16386_none_2186d6070f3eeac9\dfrgfat.exe
+ 2006-11-02 06:58 . 2006-11-02 09:39 31744 c:\windows\winsxs\x86_microsoft-windows-defrag-core_31bf3856ad364e35_6.0.6000.16386_none_1627a689bb218a55\DfrgRes.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 74240 c:\windows\winsxs\x86_microsoft-windows-d..frastructure-client_31bf3856ad364e35_6.0.6000.16386_none_49d3ca0ca5fe8034\wdi.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 27136 c:\windows\winsxs\x86_microsoft-windows-ctl3d32_31bf3856ad364e35_6.0.6000.16386_none_c7f2246c57358efd\ctl3d32.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 49664 c:\windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6000.16386_none_c7507509a87290f5\csrsrv.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 64000 c:\windows\winsxs\x86_microsoft-windows-cryptplugininstaller_1122334455667788_6.0.6000.16386_none_da1b7ad9de3f4c04\cmicryptinstall.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 26624 c:\windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6000.16386_none_8582f5e42bdc3d91\cofiredm.dll
+ 2006-11-02 08:35 . 2006-11-02 09:44 19968 c:\windows\winsxs\x86_microsoft-windows-corruptedfilerecovery_31bf3856ad364e35_6.0.6000.16386_none_8582f5e42bdc3d91\cofire.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 19456 c:\windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16386_none_74cae93a3000e831\cfgmgr32.dll
+ 2006-11-02 08:30 . 2006-11-02 08:30 12800 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16386_none_231b844b41663663\fs_rec.sys
+ 2006-11-02 08:29 . 2006-11-02 09:41 61440 c:\windows\winsxs\x86_microsoft-windows-core_tools_31bf3856ad364e35_6.0.6000.16386_none_09d35e27baa62b89\msvcrt40.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 17408 c:\windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6000.16386_none_9a9e88bfab67232b\convert.exe
+ 2006-11-02 08:31 . 2006-11-02 09:46 31232 c:\windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6000.16386_none_9a9e88bfab67232b\cnvfat.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 18432 c:\windows\winsxs\x86_microsoft-windows-compact_31bf3856ad364e35_6.0.6000.16386_none_f7be78ceb8a77881\compact.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 56320 c:\windows\winsxs\x86_microsoft-windows-commonlogservicesapi_31bf3856ad364e35_6.0.6000.16386_none_6c7e646582ec1e49\clfsw32.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 42592 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6000.16386_none_3ce4e30bd55b275f\ole2.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 27792 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6000.16386_none_3ce4e30bd55b275f\compobj.dll
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\winsxs\x86_microsoft-windows-com-dtc-tracing_31bf3856ad364e35_6.0.6000.16386_none_15a888c6f5e4436c\msdtcvtr.bat
+ 2006-11-02 07:30 . 2006-09-18 21:27 61440 c:\windows\winsxs\x86_microsoft-windows-com-complus-runtime_31bf3856ad364e35_6.0.6000.16386_none_5793fd15d7c67cb6\comempty.dat
+ 2006-11-02 07:28 . 2006-11-02 07:28 22528 c:\windows\winsxs\x86_microsoft-windows-com-base_31bf3856ad364e35_6.0.6000.16386_none_0bb7747b299a6d6f\oleres.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 26624 c:\windows\winsxs\x86_microsoft-windows-clip_31bf3856ad364e35_6.0.6000.16386_none_a5a520211f165ebc\clip.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 53248 c:\windows\winsxs\x86_microsoft-windows-cipher_31bf3856ad364e35_6.0.6000.16386_none_aadfbd5ea82d9267\cipher.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 30720 c:\windows\winsxs\x86_microsoft-windows-choice_31bf3856ad364e35_6.0.6000.16386_none_c13029108ed7db57\choice.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 15872 c:\windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe
+ 2006-11-02 08:30 . 2006-11-02 08:30 70144 c:\windows\winsxs\x86_microsoft-windows-cdfs_31bf3856ad364e35_6.0.6000.16386_none_a430d1132008d7f2\cdfs.sys
+ 2006-11-02 08:37 . 2006-11-02 09:46 14848 c:\windows\winsxs\x86_microsoft-windows-cbsapi_31bf3856ad364e35_6.0.6000.16386_none_4c2b1119f37be620\CbsApi.dll
+ 2006-11-02 08:31 . 2006-11-02 08:31 69632 c:\windows\winsxs\x86_microsoft-windows-bowser_31bf3856ad364e35_6.0.6000.16386_none_2428caf8275580c4\bowser.sys
+ 2006-11-02 08:30 . 2006-11-02 09:49 21608 c:\windows\winsxs\x86_microsoft-windows-bootvid_31bf3856ad364e35_6.0.6000.16386_none_3642b97d89494bc7\BOOTVID.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:45 52736 c:\windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\expand.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 68608 c:\windows\winsxs\x86_microsoft-windows-basesrv_31bf3856ad364e35_6.0.6000.16386_none_0a9428d9e6cfbcfc\basesrv.dll
+ 2006-11-02 08:30 . 2006-11-02 09:44 50176 c:\windows\winsxs\x86_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.0.6000.16386_none_23ddbf36a8a961bc\bfsvc.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 46592 c:\windows\winsxs\x86_microsoft-windows-b..ondata-wmi-provider_31bf3856ad364e35_6.0.6000.16386_none_ae311ac2802219c6\bcdprov.dll
+ 2006-11-02 08:30 . 2006-11-02 09:49 17000 c:\windows\winsxs\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.0.6000.16386_none_0f7ecb22afbfde41\kdcom.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 43008 c:\windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6000.16386_none_6701d52e8fdf8d45\setbcdlocale.dll
+ 2006-11-02 08:30 . 2006-11-02 09:49 19048 c:\windows\winsxs\x86_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_6.0.6000.16386_none_9b46e79f0d9c56ff\kdusb.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 16896 c:\windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.0.6000.16386_none_168bb99c8ad964f4\chkntfs.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 25600 c:\windows\winsxs\x86_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_6.0.6000.16386_none_561862ac0850bc77\cacls.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_78a17485e4424613\apilogen.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_78a17485e4424613\apihex86.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_78a17485e4424613\amxread.dll
+ 2006-11-02 08:29 . 2006-11-02 09:45 20992 c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\sdbinst.exe
+ 2006-11-02 08:29 . 2006-11-02 09:46 24576 c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\aelupsvc.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 28160 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16386_none_7fcb17ca63d84544\Apphlpdm.dll
+ 2006-11-02 06:37 . 2006-11-02 06:37 20480 c:\windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_5b761551c05a7af8\secdrv.sys
+ 2006-11-02 06:34 . 2006-10-20 01:14 72192 c:\windows\winsxs\x86_isymwrapper_b03f5f7f11d50a3a_6.0.6000.16386_none_08871a3912c8c2b9\ISymWrapper.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 10752 c:\windows\winsxs\x86_ipbusenumproxy_31bf3856ad364e35_6.0.6000.16386_none_332541590f3a0b51\IPBusEnumProxy.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 74240 c:\windows\winsxs\x86_ipbusenum_31bf3856ad364e35_6.0.6000.16386_none_67cdce62643024d5\IPBusEnum.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 28672 c:\windows\winsxs\x86_installutil_b03f5f7f11d50a3a_6.0.6000.16386_none_7ba3179f20c94ba1\InstallUtil.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_fdwsd_31bf3856ad364e35_6.0.6000.16386_none_7b71c177c53ac7c1\fdWSD.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 24576 c:\windows\winsxs\x86_fdwnet_31bf3856ad364e35_6.0.6000.16386_none_38f1eb297726aa0f\fdWNet.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 66560 c:\windows\winsxs\x86_fdssdp_31bf3856ad364e35_6.0.6000.16386_none_38a7309b7753508d\fdSSDP.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 27648 c:\windows\winsxs\x86_fdrespub_31bf3856ad364e35_6.0.6000.16386_none_7d3d7ec0c181fef0\FDResPub.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 20992 c:\windows\winsxs\x86_fdproxy_31bf3856ad364e35_6.0.6000.16386_none_792f8ff471a64e3b\fdProxy.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_fdphost_31bf3856ad364e35_6.0.6000.16386_none_796181ee71814389\fdPHost.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 69120 c:\windows\winsxs\x86_custommarshalers_b03f5f7f11d50a3a_6.0.6000.16386_none_726a99cd91646c97\CustomMarshalers.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 24576 c:\windows\winsxs\x86_aspnet_regbrowsers_b03f5f7f11d50a3a_6.0.6000.16386_none_099383f718bb04a1\aspnet_regbrowsers.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 36864 c:\windows\winsxs\x86_aspnet_compiler_b03f5f7f11d50a3a_6.0.6000.16386_none_18f29bee58392ddb\aspnet_compiler.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 86016 c:\windows\winsxs\msil_system.web.regularexpressions_b03f5f7f11d50a3a_6.0.6000.16386_none_4db64be81e2864f5\System.Web.RegularExpressions.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 81920 c:\windows\winsxs\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6000.16386_none_1c33a218b011fbce\System.Drawing.Design.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 81920 c:\windows\winsxs\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6000.16386_none_8becd563784ec64d\System.Configuration.Install.dll
+ 2006-11-02 07:39 . 2006-11-02 09:47 65536 c:\windows\winsxs\msil_napinit_31bf3856ad364e35_6.0.6000.16386_none_0a0f08e1ac30d47d\NAPINIT.DLL
+ 2006-11-02 06:34 . 2006-10-20 01:14 32768 c:\windows\winsxs\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6000.16386_none_687aa64a39c9ba6b\Microsoft.Vsa.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 12800 c:\windows\winsxs\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6000.16386_none_44a77b3af2413480\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 28672 c:\windows\winsxs\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6000.16386_none_f303e2f94c23102f\Microsoft.VisualBasic.Vsa.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 73728 c:\windows\winsxs\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6000.16386_none_e234f396a4ad3545\Microsoft.Build.Utilities.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 36864 c:\windows\winsxs\msil_microsoft.build.framework_b03f5f7f11d50a3a_6.0.6000.16386_none_c2f3a5df833df077\Microsoft.Build.Framework.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 40960 c:\windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.16386_none_a7ff7678d71ff88f\jsc.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 36864 c:\windows\winsxs\msil_iehost_b03f5f7f11d50a3a_6.0.6000.16386_none_7e850f5c07b82741\IEHost.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 13312 c:\windows\winsxs\msil_cscompmgd_b03f5f7f11d50a3a_6.0.6000.16386_none_18c2e8dca9b10734\cscompmgd.dll
+ 2006-11-02 06:33 . 2006-10-20 01:13 10752 c:\windows\winsxs\msil_accessibility_b03f5f7f11d50a3a_6.0.6000.16386_none_4dd6596d92a52217\Accessibility.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 36352 c:\windows\System32\xcopy.exe
+ 2006-11-02 07:15 . 2006-11-02 07:15 13312 c:\windows\System32\WsmRes.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 22528 c:\windows\System32\wmiprop.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 13312 c:\windows\System32\win87em.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 43520 c:\windows\System32\whoami.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 36352 c:\windows\System32\where.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 12704 c:\windows\System32\WFWNET.DRV
+ 2008-04-17 02:29 . 2010-05-27 20:13 48362 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-17 02:19 . 2010-05-27 20:14 12552 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4223902304-154095862-2949035598-1000_UserData.bin
+ 2006-11-02 08:35 . 2006-11-02 09:46 74240 c:\windows\System32\wdi.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 46592 c:\windows\System32\wbem\WmiPerfInst.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 90624 c:\windows\System32\wbem\WmiPerfClass.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 34816 c:\windows\System32\waitfor.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 41984 c:\windows\System32\vdmredir.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 17408 c:\windows\System32\vdmdbg.dll
+ 2000-04-30 00:08 . 2000-04-30 00:08 40960 c:\windows\System32\VBExt.dll
+ 2006-07-24 13:50 . 2006-07-24 13:50 47920 c:\windows\System32\VBAME.DLL
+ 2006-11-02 06:47 . 2006-11-02 09:46 30749 c:\windows\System32\vbajet32.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 47840 c:\windows\System32\USER.EXE
+ 2003-02-21 08:16 . 2003-02-21 08:16 49152 c:\windows\System32\URTTEMP\regtlib.exe
+ 2006-11-02 08:31 . 2006-11-02 09:46 23040 c:\windows\System32\ureg.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 32256 c:\windows\System32\unlodctr.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 49152 c:\windows\System32\umb.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 99328 c:\windows\System32\ulib.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 92672 c:\windows\System32\ufat.dll
+ 2006-11-02 08:30 . 2006-11-02 09:45 45568 c:\windows\System32\ucsvc.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 39936 c:\windows\System32\typeperf.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 16384 c:\windows\System32\tree.com
+ 2006-11-02 08:30 . 2006-11-02 09:45 86528 c:\windows\System32\TpmInit.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 40960 c:\windows\System32\tpmcompc.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 13888 c:\windows\System32\TOOLHELP.DLL
+ 2006-11-02 08:32 . 2006-11-02 09:45 28160 c:\windows\System32\timeout.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 43008 c:\windows\System32\TimeDateMUICallback.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 54784 c:\windows\System32\tbssvc.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 11264 c:\windows\System32\tbs.dll
+ 2006-11-02 06:50 . 2006-09-18 21:49 19216 c:\windows\System32\tapi.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 51712 c:\windows\System32\takeown.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 93696 c:\windows\System32\sysprep\sysprep.exe
+ 2006-11-02 06:25 . 2006-09-18 21:43 18896 c:\windows\System32\sysedit.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 26624 c:\windows\System32\sxstrace.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 22016 c:\windows\System32\sxsstore.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 22016 c:\windows\System32\svchost.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 13824 c:\windows\System32\subst.exe
+ 2006-11-02 07:22 . 2006-11-02 06:29 18271 c:\windows\System32\StructuredQuerySchemaTrivial.bin
+ 2006-11-02 07:22 . 2006-11-02 06:29 99999 c:\windows\System32\StructuredQuerySchema.bin
+ 2006-11-02 06:47 . 2006-11-02 06:47 49179 c:\windows\System32\sqlwoa.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 24603 c:\windows\System32\sqlwid.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 44544 c:\windows\System32\sppnp.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 15872 c:\windows\System32\spopk.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 60928 c:\windows\System32\spbcd.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 19968 c:\windows\System32\sort.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 62976 c:\windows\System32\smss.exe
+ 2006-11-02 07:20 . 2006-10-04 01:45 61618 c:\windows\System32\slmgr.vbs
+ 2006-11-02 08:30 . 2006-11-02 09:46 20480 c:\windows\System32\sisbkup.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 67584 c:\windows\System32\sigverif.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 41984 c:\windows\System32\signdrv.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 38400 c:\windows\System32\sfc_os.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 15872 c:\windows\System32\sfc.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 46080 c:\windows\System32\setx.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 11753 c:\windows\System32\setver.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 83456 c:\windows\System32\setupugc.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 54272 c:\windows\System32\setupcl.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 43008 c:\windows\System32\setbcdlocale.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 14848 c:\windows\System32\secinit.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 32768 c:\windows\System32\sdhcinst.dll
+ 2006-11-02 08:29 . 2006-11-02 09:45 20992 c:\windows\System32\sdbinst.exe
+ 2006-07-24 13:50 . 2006-07-24 13:50 39728 c:\windows\System32\SCP32.DLL
+ 2006-11-02 08:35 . 2006-11-02 09:45 31744 c:\windows\System32\sc.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 16896 c:\windows\System32\runas.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 87040 c:\windows\System32\Robocopy.exe
+ 2006-11-02 08:37 . 2006-11-02 09:45 14848 c:\windows\System32\RmClient.exe
+ 2006-11-02 08:36 . 2006-11-02 09:46 66048 c:\windows\System32\resutils.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 16896 c:\windows\System32\replace.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 37376 c:\windows\System32\relog.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 60928 c:\windows\System32\reg.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 11776 c:\windows\System32\recover.exe
+ 2006-11-02 08:37 . 2006-11-02 09:45 20480 c:\windows\System32\RacAgent.exe
+ 2006-11-02 08:30 . 2006-11-02 09:49 24168 c:\windows\System32\PSHED.DLL
+ 2006-11-02 08:32 . 2006-11-02 09:45 13824 c:\windows\System32\print.exe
+ 2006-11-02 07:03 . 2006-11-02 09:42 17408 c:\windows\System32\prflbmsg.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 16384 c:\windows\System32\pots.dll
+ 2006-11-02 08:36 . 2006-11-02 09:45 99840 c:\windows\System32\poqexec.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 53248 c:\windows\System32\PNPXAssocPrx.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 69632 c:\windows\System32\PNPXAssoc.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 32768 c:\windows\System32\PnPutil.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 57856 c:\windows\System32\PnPUnattend.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 10240 c:\windows\System32\pnpts.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 46592 c:\windows\System32\pmspl.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 35840 c:\windows\System32\perfproc.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 28672 c:\windows\System32\perfos.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 18944 c:\windows\System32\perfnet.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 31744 c:\windows\System32\perfdisk.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 39424 c:\windows\System32\perfctrs.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 46080 c:\windows\System32\pdhui.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 42496 c:\windows\System32\osblprov.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 19968 c:\windows\System32\osbaseln.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 62976 c:\windows\System32\openfiles.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 41472 c:\windows\System32\oobe\windeploy.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 47104 c:\windows\System32\oobe\wdsutil.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 52736 c:\windows\System32\oobe\spprgrss.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 64000 c:\windows\System32\oobe\pnpibs.dll
+ 2006-11-02 08:34 . 2006-11-02 09:45 42496 c:\windows\System32\oobe\oobeldr.exe
+ 2006-11-02 08:34 . 2006-11-02 09:46 31232 c:\windows\System32\oobe\diagER.dll
+ 2006-11-02 08:34 . 2006-11-02 09:44 51712 c:\windows\System32\oobe\audit.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 24064 c:\windows\System32\OLESVR.DLL
+ 2006-11-02 07:28 . 2006-11-02 07:28 22528 c:\windows\System32\oleres.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 82944 c:\windows\System32\olecli.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 42592 c:\windows\System32\ole2.dll
+ 2006-11-02 08:11 . 2006-09-18 21:28 26224 c:\windows\System32\odbc16gt.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 35840 c:\windows\System32\ocsetup.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 16384 c:\windows\System32\ocsetapi.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 14848 c:\windows\System32\ntvdmd.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 34672 c:\windows\System32\NTIO804.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 35536 c:\windows\System32\NTIO412.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 35776 c:\windows\System32\NTIO411.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 34672 c:\windows\System32\NTIO404.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 33952 c:\windows\System32\NTIO.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29146 c:\windows\System32\NTDOS804.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29274 c:\windows\System32\NTDOS412.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29370 c:\windows\System32\NTDOS411.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 29146 c:\windows\System32\NTDOS404.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 27866 c:\windows\System32\NTDOS.SYS
+ 2006-11-02 08:33 . 2006-11-02 09:46 24576 c:\windows\System32\Nlsdl.dll
+ 2006-11-02 06:59 . 2006-11-02 09:43 57344 c:\windows\System32\nlsbres.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 74752 c:\windows\System32\newdev.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 32768 c:\windows\System32\netfxperf.dll
+ 2006-11-02 07:40 . 2006-11-02 09:41 15360 c:\windows\System32\netevent.dll
+ 2006-11-02 08:34 . 2006-11-02 09:45 24064 c:\windows\System32\netcfg.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 19968 c:\windows\System32\NcdProp.dll
+ 2006-11-02 08:30 . 2006-11-02 09:45 44544 c:\windows\System32\MuiUnattend.exe
+ 2003-04-18 19:29 . 2003-04-18 19:29 82432 c:\windows\System32\msxml4r.dll
+ 2006-11-02 08:29 . 2006-11-02 09:41 61440 c:\windows\System32\msvcrt40.dll
+ 2006-11-02 08:29 . 2006-11-02 09:46 58368 c:\windows\System32\msvcirt.dll
+ 2006-11-02 08:36 . 2006-11-02 09:46 35328 c:\windows\System32\mspatcha.dll
+ 2006-11-02 06:52 . 2006-11-02 09:41 58368 c:\windows\System32\msobjs.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 77824 c:\windows\System32\msjter40.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\System32\mshtmler.dll
+ 2006-11-02 07:29 . 2006-09-18 21:27 19429 c:\windows\System32\Msdtc\Trace\msdtcvtr.bat
+ 2006-11-02 06:34 . 2006-11-02 06:34 74240 c:\windows\System32\mscories.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 12288 c:\windows\System32\mountvol.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 20992 c:\windows\System32\more.com
+ 2006-11-02 08:32 . 2006-11-02 08:32 25088 c:\windows\System32\mode.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 68992 c:\windows\System32\MMSYSTEM.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:46 72704 c:\windows\System32\migration\SxsMigPlugin.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 95744 c:\windows\System32\migration\PlaMig.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 89088 c:\windows\System32\migration\nlscoremig.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 95232 c:\windows\System32\migisol.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 39274 c:\windows\System32\mem.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 88064 c:\windows\System32\MdRes.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 55808 c:\windows\System32\logman.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 38912 c:\windows\System32\lodctr.exe
+ 2006-11-02 08:34 . 2006-11-02 09:45 39936 c:\windows\System32\lnkstub.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 14336 c:\windows\System32\label.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 12800 c:\windows\System32\ktmw32.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 12800 c:\windows\System32\ktmutil.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 92320 c:\windows\System32\krnl386.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 42537 c:\windows\System32\KEYBOARD.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 42809 c:\windows\System32\KEY01.SYS
+ 2006-11-02 08:30 . 2006-11-02 09:49 19048 c:\windows\System32\kdusb.dll
+ 2006-11-02 08:30 . 2006-11-02 09:49 17000 c:\windows\System32\kdcom.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 14710 c:\windows\System32\KB16.COM
+ 2006-11-02 07:31 . 2006-11-02 07:31 14848 c:\windows\System32\iscsilog.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 10752 c:\windows\System32\IPBusEnumProxy.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 74240 c:\windows\System32\IPBusEnum.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 11776 c:\windows\System32\InfDefaultInstall.exe
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\System32\INETRES.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 26112 c:\windows\System32\idndl.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 26624 c:\windows\System32\icacls.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 53248 c:\windows\System32\hotplug.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 80384 c:\windows\System32\hdwwiz.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 19694 c:\windows\System32\GRAPHICS.COM
+ 2006-11-02 08:35 . 2006-11-02 08:35 56320 c:\windows\System32\graftabl.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 24576 c:\windows\System32\GDI.EXE
+ 2006-11-02 08:33 . 2006-11-02 09:46 49664 c:\windows\System32\gacinstall.dll
+ 2005-08-03 19:16 . 2005-08-03 19:16 40960 c:\windows\System32\Futuremark\MSC\atimgpud.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 54784 c:\windows\System32\fsutil.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 35328 c:\windows\System32\format.com
+ 2006-11-02 08:32 . 2006-11-02 09:45 43520 c:\windows\System32\forfiles.exe
+ 2006-11-02 08:31 . 2006-11-02 09:46 23040 c:\windows\System32\fmifs.dll
+ 2001-01-22 19:05 . 2001-01-22 19:05 28944 c:\windows\System32\FM20PTG.DLL
+ 2006-10-26 16:10 . 2006-10-26 16:10 33088 c:\windows\System32\FM20ENU.DLL
+ 2006-11-02 08:30 . 2006-11-02 09:45 18944 c:\windows\System32\fltMC.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 14848 c:\windows\System32\fltLib.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 60928 c:\windows\System32\findstr.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 13312 c:\windows\System32\find.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 65024 c:\windows\System32\fdWSD.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 24576 c:\windows\System32\fdWNet.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 66560 c:\windows\System32\fdSSDP.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 27648 c:\windows\System32\FDResPub.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 20992 c:\windows\System32\fdProxy.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 12800 c:\windows\System32\fdPHost.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 19968 c:\windows\System32\fc.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 52736 c:\windows\System32\expand.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 12642 c:\windows\System32\edlin.exe
+ 2006-11-02 07:09 . 2006-09-18 21:43 69886 c:\windows\System32\edit.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 28112 c:\windows\System32\DRWATSON.EXE

juniorain · 27/05/2010

Log do Combo Fix com CFScript pt.2:

+ 2006-11-02 08:35 . 2006-11-02 08:35 11264 c:\windows\System32\drivers\wmiacpi.sys
+ 2006-11-02 08:37 . 2006-11-02 08:37 32256 c:\windows\System32\drivers\watchdog.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 39424 c:\windows\System32\drivers\viac7.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 54376 c:\windows\System32\drivers\VIAAGP.SYS
+ 2006-11-02 07:36 . 2006-11-02 09:50 98408 c:\windows\System32\drivers\ulsata.sys
+ 2006-11-02 08:35 . 2006-11-02 09:50 58472 c:\windows\System32\drivers\ULIAGPKX.SYS
+ 2006-11-02 08:35 . 2006-11-02 09:49 56936 c:\windows\System32\drivers\UAGP35.SYS
+ 2006-11-02 07:36 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\symc8xx.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 34920 c:\windows\System32\drivers\sym_u3.sys
+ 2006-11-02 07:36 . 2006-11-02 09:49 31848 c:\windows\System32\drivers\sym_hi.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 85504 c:\windows\System32\drivers\srvnet.sys
+ 2006-11-02 07:16 . 2006-11-02 09:49 18536 c:\windows\System32\drivers\spldr.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 71784 c:\windows\System32\drivers\sisraid4.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 38504 c:\windows\System32\drivers\sisraid2.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 53352 c:\windows\System32\drivers\SISAGP.SYS
+ 2006-11-02 06:37 . 2006-11-02 06:37 20480 c:\windows\System32\drivers\secdrv.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 38400 c:\windows\System32\drivers\processr.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 88680 c:\windows\System32\drivers\nvraid.sys
+ 2006-11-02 07:36 . 2006-11-02 07:36 20608 c:\windows\System32\drivers\ntrigdigi.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 34816 c:\windows\System32\drivers\npfs.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 45160 c:\windows\System32\drivers\nfrd960.sys
+ 2006-11-02 08:31 . 2006-11-02 09:50 46696 c:\windows\System32\drivers\mup.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 28776 c:\windows\System32\drivers\mssmbios.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 13928 c:\windows\System32\drivers\msisadrv.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 22528 c:\windows\System32\drivers\msfs.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 57856 c:\windows\System32\drivers\mrxsmb20.sys
+ 2006-11-02 07:36 . 2006-11-02 09:49 33384 c:\windows\System32\drivers\Mraid35x.sys
+ 2006-11-02 07:36 . 2006-11-02 09:49 28776 c:\windows\System32\drivers\megasas.sys
+ 2006-11-02 08:33 . 2006-11-02 08:33 83456 c:\windows\System32\drivers\luafv.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 65640 c:\windows\System32\drivers\lsi_scsi.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 65640 c:\windows\System32\drivers\lsi_sas.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 65640 c:\windows\System32\drivers\lsi_fc.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\iteraid.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\iteatapi.sys
+ 2006-11-02 08:35 . 2006-11-02 09:50 47208 c:\windows\System32\drivers\isapnp.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 39424 c:\windows\System32\drivers\intelppm.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 41576 c:\windows\System32\drivers\iirsp.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 37480 c:\windows\System32\drivers\HpCISSs.sys
+ 2006-11-02 07:36 . 2006-11-02 07:36 53248 c:\windows\System32\drivers\hdaudbus.sys
+ 2006-11-02 08:35 . 2006-11-02 09:50 58984 c:\windows\System32\drivers\GAGP30KX.SYS
+ 2006-11-02 08:30 . 2006-11-02 08:30 12800 c:\windows\System32\drivers\fs_rec.sys
+ 2006-11-02 08:32 . 2006-11-02 08:32 27648 c:\windows\System32\drivers\filetrace.sys
+ 2006-11-02 08:36 . 2006-11-02 09:49 56424 c:\windows\System32\drivers\fileinfo.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 71272 c:\windows\System32\drivers\djsvs.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 74752 c:\windows\System32\drivers\dfsc.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 38912 c:\windows\System32\drivers\crusoe.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 18280 c:\windows\System32\drivers\compbatt.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 70144 c:\windows\System32\drivers\cdfs.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 69632 c:\windows\System32\drivers\bowser.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 25192 c:\windows\System32\drivers\battc.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 67688 c:\windows\System32\drivers\arcsas.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 67688 c:\windows\System32\drivers\arc.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 40960 c:\windows\System32\drivers\amdk8.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 38912 c:\windows\System32\drivers\amdk7.sys
+ 2006-11-02 08:35 . 2006-11-02 09:49 54888 c:\windows\System32\drivers\AMDAGP.SYS
+ 2006-11-02 08:35 . 2006-11-02 09:49 53864 c:\windows\System32\drivers\AGP440.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 98408 c:\windows\System32\drivers\adpu160m.sys
+ 2006-11-02 08:32 . 2006-11-02 09:45 66048 c:\windows\System32\driverquery.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 53536 c:\windows\System32\dosx.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 15360 c:\windows\System32\doskey.exe
+ 2006-02-28 15:41 . 2006-02-28 15:41 53248 c:\windows\System32\dnssd.dll
+ 2006-02-28 15:41 . 2006-02-28 15:41 61440 c:\windows\System32\dns-sd.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 42496 c:\windows\System32\dmocx.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 17408 c:\windows\System32\diskperf.exe
+ 2006-11-02 08:32 . 2006-11-02 08:32 11264 c:\windows\System32\diskcopy.com
+ 2006-11-02 08:32 . 2006-11-02 08:32 13824 c:\windows\System32\diskcomp.com
+ 2006-11-02 06:34 . 2006-11-02 06:34 83968 c:\windows\System32\dfshim.dll
+ 2006-11-02 06:58 . 2006-11-02 09:39 31744 c:\windows\System32\DfrgRes.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 10240 c:\windows\System32\dfrgifps.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 58880 c:\windows\System32\dfrgifc.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 95232 c:\windows\System32\dfrgfat.exe
+ 2006-11-02 08:33 . 2006-11-02 09:45 25600 c:\windows\System32\DeviceEject.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 20634 c:\windows\System32\debug.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 39424 c:\windows\System32\DDEML.DLL
+ 2006-11-02 06:25 . 2006-09-18 21:43 27200 c:\windows\System32\ctl3dv2.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 27136 c:\windows\System32\ctl3d32.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 46080 c:\windows\System32\csrstub.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 49664 c:\windows\System32\csrsrv.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 22016 c:\windows\System32\cscdll.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 27648 c:\windows\System32\cscapi.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 27097 c:\windows\System32\country.sys
+ 2006-11-02 08:32 . 2006-11-02 09:44 17408 c:\windows\System32\convert.exe
+ 2006-11-02 13:00 . 2010-05-27 20:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2010-05-27 19:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:00 . 2010-05-27 19:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2010-05-27 20:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:00 . 2010-05-27 20:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:00 . 2010-05-27 19:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 07:29 . 2006-09-18 21:35 27792 c:\windows\System32\compobj.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 18432 c:\windows\System32\compact.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 20480 c:\windows\System32\comp.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 32816 c:\windows\System32\COMMDLG.DLL
+ 2006-11-02 07:09 . 2006-11-02 07:09 50648 c:\windows\System32\COMMAND.COM
+ 2006-11-02 07:10 . 2006-11-02 07:10 10544 c:\windows\System32\COMM.drv
+ 2006-11-02 07:30 . 2006-09-18 21:27 61440 c:\windows\System32\com\comempty.dat
+ 2006-11-02 08:35 . 2006-11-02 09:46 26624 c:\windows\System32\cofiredm.dll
+ 2006-11-02 08:35 . 2006-11-02 09:44 19968 c:\windows\System32\cofire.exe
+ 2006-11-02 08:31 . 2006-11-02 09:46 31232 c:\windows\System32\cnvfat.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 64000 c:\windows\System32\cmicryptinstall.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 26624 c:\windows\System32\clip.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 56320 c:\windows\System32\clfsw32.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 13824 c:\windows\System32\clb.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 53248 c:\windows\System32\cipher.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 30720 c:\windows\System32\choice.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 16896 c:\windows\System32\chkntfs.exe
+ 2006-11-02 08:32 . 2006-11-02 09:44 15872 c:\windows\System32\chkdsk.exe
+ 2006-11-02 08:31 . 2006-11-02 08:31 11776 c:\windows\System32\chcp.com
+ 2006-11-02 08:33 . 2006-11-02 09:46 19456 c:\windows\System32\cfgmgr32.dll
+ 2006-11-02 08:32 . 2006-11-02 09:44 25600 c:\windows\System32\cacls.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 10752 c:\windows\System32\C_ISCII.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:46 10240 c:\windows\System32\C_IS2022.DLL
+ 2006-11-02 08:30 . 2006-11-02 09:49 21608 c:\windows\System32\BOOTVID.DLL
+ 2006-11-02 08:30 . 2006-11-02 09:46 46592 c:\windows\System32\bcdprov.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 68608 c:\windows\System32\basesrv.dll
+ 2006-11-02 08:31 . 2006-11-02 09:44 16384 c:\windows\System32\attrib.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 28160 c:\windows\System32\Apphlpdm.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 12498 c:\windows\System32\append.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 14848 c:\windows\System32\apilogen.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 25600 c:\windows\System32\amxread.dll
+ 2006-11-02 08:29 . 2006-11-02 09:46 24576 c:\windows\System32\aelupsvc.dll
+ 2006-11-02 07:28 . 2006-11-02 07:28 39424 c:\windows\System32\ACCTRES.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 12704 c:\windows\system\WFWNET.DRV
+ 2006-11-02 07:10 . 2006-11-02 07:10 24064 c:\windows\system\OLESVR.DLL
+ 2006-11-02 06:25 . 2006-09-18 21:43 82944 c:\windows\system\olecli.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 68992 c:\windows\system\MMSYSTEM.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 32816 c:\windows\system\COMMDLG.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:45 26112 c:\windows\servicing\TrustedInstaller.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 17408 c:\windows\servicing\CbsMsg.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 14848 c:\windows\servicing\CbsApi.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2006-11-02 06:34 . 2006-10-20 01:14 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 15360 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 89600 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 59392 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 87040 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 26624 c:\windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 25600 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 69120 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 24064 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 23040 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 24576 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 75264 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 49152 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2006-11-02 06:33 . 2006-10-20 01:13 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 19456 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2003-02-20 23:10 . 2003-02-20 23:10 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 10:26 . 2003-02-21 10:26 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 22:09 . 2003-02-20 22:09 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 21:43 . 2003-02-20 21:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 22:18 . 2003-02-20 22:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 22:06 . 2003-02-20 22:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 10:25 . 2003-02-21 10:25 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 10:25 . 2003-02-21 10:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 10:24 . 2003-02-21 10:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 22:22 . 2003-02-20 22:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 10:24 . 2003-02-21 10:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 07:12 . 2003-02-21 07:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 10:24 . 2003-02-21 10:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 13:20 . 2003-02-21 13:20 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 22:09 . 2003-02-20 22:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 10:24 . 2003-02-21 10:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 22:19 . 2003-02-20 22:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 22:19 . 2003-02-20 22:19 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 22:19 . 2003-02-20 22:19 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 22:19 . 2003-02-20 22:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 22:19 . 2003-02-20 22:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 08:00 . 2003-02-21 08:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 06:55 . 2003-02-21 06:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 05:59 . 2003-02-21 05:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2006-11-02 08:30 . 2006-11-02 09:45 13312 c:\windows\fveupdate.exe
+ 2006-11-02 08:30 . 2006-11-02 09:44 50176 c:\windows\bfsvc.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2006-11-02 07:39 . 2006-11-02 09:47 65536 c:\windows\assembly\GAC_MSIL\napinit\6.0.0.0__31bf3856ad364e35\NAPINIT.DLL
+ 2006-11-02 06:34 . 2006-10-20 01:14 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2006-11-02 06:33 . 2006-10-20 01:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2006-11-02 07:18 . 2006-11-02 09:47 77824 c:\windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 40960 c:\windows\AppPatch\apihex86.dll
+ 2006-11-02 06:28 . 2006-11-02 09:47 5632 c:\windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
+ 2006-11-02 06:28 . 2006-11-02 09:47 5632 c:\windows\winsxs\x86_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_9b4ded6469d9c4a5\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.0.6000.16386_none_6440a7df6a2a97b9\SharedReg12.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.0.6000.16386_none_4b1a2f21ea2ce9c7\sbscmp20_perfcounter.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.0.6000.16386_none_7d77b5794966c993\sbscmp20_mscorwks.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 7680 c:\windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.0.6000.16386_none_54fd0482608b11ac\sbscmp20_mscorlib.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\winsxs\x86_netfx-sbscmp10_dll_31bf3856ad364e35_6.0.6000.16386_none_72cf3ea60810dc61\sbscmp10.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_wminet_utils_dll_31bf3856ad364e35_6.0.6000.16386_none_fe642fbd88d269cd\sbs_wminet_utils.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_vsavb7rt_dll_31bf3856ad364e35_6.0.6000.16386_none_9178a41770a55dbc\sbs_VsaVb7rt.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_sys_enterprisesvc_dll_31bf3856ad364e35_6.0.6000.16386_none_5ef2978f28e693be\sbs_system.enterpriseservices.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_sys_data_dll_31bf3856ad364e35_6.0.6000.16386_none_fc52ff10efdba1d1\sbs_system.data.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_sys_config_install_dll_31bf3856ad364e35_6.0.6000.16386_none_bd13919a387c95c9\sbs_system.configuration.install.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_mscorsec_dll_31bf3856ad364e35_6.0.6000.16386_none_e3c6ee04df465dd4\sbs_mscorsec.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_mscorrc_dll_31bf3856ad364e35_6.0.6000.16386_none_9f231a637063fa04\sbs_mscorrc.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_mscordbi_dll_31bf3856ad364e35_6.0.6000.16386_none_60f937e93a64acb2\sbs_mscordbi.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5632 c:\windows\winsxs\x86_netfx-sbs_ms_vsa_vb_codedomproc_31bf3856ad364e35_6.0.6000.16386_none_f5727b5699105db2\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_microsoft_jscript_dll_31bf3856ad364e35_6.0.6000.16386_none_faa03a14948da139\sbs_microsoft.jscript.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_iehost_dll_31bf3856ad364e35_6.0.6000.16386_none_158168a6457f1679\sbs_iehost.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\winsxs\x86_netfx-sbs_diasymreader_dll_31bf3856ad364e35_6.0.6000.16386_none_a4786bd9e234ccdf\sbs_diasymreader.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 9216 c:\windows\winsxs\x86_netfx-mscorsn_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_968428f460c20e32\mscorsn.dll
+ 2006-11-02 06:34 . 2006-10-20 01:15 6144 c:\windows\winsxs\x86_netfx-mscorees_dll_31bf3856ad364e35_6.0.6000.16386_none_1722c8458e425edd\mscorees.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 9728 c:\windows\winsxs\x86_netfx-fusion_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_02fce2270a42aaf3\fusion.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 4608 c:\windows\winsxs\x86_netfx-cvtresui_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_d1c3353c181b805a\CvtResUI.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 8192 c:\windows\winsxs\x86_netfx-aspnet_isapi_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_dda8eda168ac7fc7\aspnet_isapi.dll
+ 2006-11-02 08:33 . 2006-11-02 09:38 9728 c:\windows\winsxs\x86_microsoft.windows.i..utomation.proxystub_6595b64144ccf1df_1.0.6000.16386_none_b80a29519535473c\sxsoaps.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 7680 c:\windows\winsxs\x86_microsoft.windows.h..ocessor-driverclass_31bf3856ad364e35_6.0.6000.16386_none_f76d52fffe38dd0c\procinst.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 9728 c:\windows\winsxs\x86_microsoft-windows-wrp-integrity-api_31bf3856ad364e35_6.0.6000.16386_none_0681f8eadcfb303c\wrpintapi.dll
+ 2006-11-02 07:15 . 2006-11-02 07:15 2048 c:\windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WmiApRes.dll
+ 2006-11-02 07:14 . 2006-11-02 07:14 6144 c:\windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6000.16386_none_b71d411922ad8f1f\WinMgmtR.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchui.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\skchobj.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pipres.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penusa.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penkor.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penjpn.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\pencht.dll
+ 2006-11-02 07:39 . 2006-11-02 07:39 1536 c:\windows\winsxs\x86_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_6.0.6000.16386_none_3fbb09cf8caa385d\penchs.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 8192 c:\windows\winsxs\x86_microsoft-windows-sysprep-spnet_31bf3856ad364e35_6.0.6000.16386_none_15895d535064fbd7\spnet.dll
+ 2006-11-02 08:29 . 2006-11-02 09:46 6656 c:\windows\winsxs\x86_microsoft-windows-sysprep-aecache_31bf3856ad364e35_6.0.6000.16386_none_f28352f59c20a81d\aecache.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 4608 c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 7680 c:\windows\winsxs\x86_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.0.6000.16386_none_b41c233a548e28ab\spwizres.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 9216 c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedt32.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 7680 c:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\plasrv.exe
+ 2006-11-02 07:08 . 2006-11-02 07:08 2048 c:\windows\winsxs\x86_microsoft-windows-oleaccrc_31bf3856ad364e35_6.0.6000.16386_none_76f32d528a780cf2\oleaccrc.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 8960 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWEXEC.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 2864 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WOWDEB.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 2112 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSPOOL.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 2864 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 5120 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINNLS.DLL
+ 2006-11-02 08:35 . 2006-11-02 08:35 6656 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\win.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 9216 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WIFEMAN.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 2176 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\vga.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9008 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\ver.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 4048 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\TIMER.DRV
+ 2006-11-02 07:10 . 2006-11-02 07:10 3360 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\system.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 1744 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\sound.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 5120 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\SHELL.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 2842 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\redir.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 7052 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\nlsfunc.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 2032 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\mouse.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9936 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\lzexpand.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 2000 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\keyboard.drv
+ 2006-11-02 07:09 . 2006-11-02 07:09 4768 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\HIMEM.SYS
+ 2006-11-02 07:09 . 2006-11-02 07:09 8424 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\exe2bin.exe
+ 2006-11-02 07:09 . 2006-11-02 07:09 9029 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\ANSI.SYS
+ 2006-11-02 07:10 . 2006-11-02 07:10 2176 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\vga.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9008 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\ver.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 4048 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\TIMER.DRV
+ 2006-11-02 07:10 . 2006-11-02 07:10 3360 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\system.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 1744 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\sound.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 5120 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\SHELL.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 2032 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\mouse.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9936 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\lzexpand.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 2000 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system_31bf3856ad364e35_6.0.6000.16386_none_1e1753ed2313c813\keyboard.drv
+ 2006-11-02 08:30 . 2006-11-02 09:46 9216 c:\windows\winsxs\x86_microsoft-windows-ntfstransactionapi_31bf3856ad364e35_6.0.6000.16386_none_d6a22613c44f94f1\txfw32.dll
+ 2006-11-02 07:38 . 2006-11-02 07:38 2048 c:\windows\winsxs\x86_microsoft-windows-networktopology_31bf3856ad364e35_6.0.6000.16386_none_cf1f3538fd925a7b\lltdres.dll
+ 2006-11-02 07:38 . 2006-11-02 07:38 2048 c:\windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.0.6000.16386_none_05b32edf092a8853\bridgeres.dll
+ 2006-11-02 07:43 . 2006-09-19 11:41 9560 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_48.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 4280 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_32.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 2456 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\office_24.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 9560 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_48.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 4280 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_32.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 2456 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\house_24.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 9560 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_48.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 4280 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_32.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 2456 c:\windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\bench_24.bin
+ 2006-11-02 07:21 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.0.6000.16386_none_4ffb8f84758bff07\neth.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4096 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons002a.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16386_none_86373a4699eb5e4b\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16386_none_86377e9e99eb1168\msxml3r.dll
+ 2006-11-02 07:25 . 2006-11-02 07:25 4608 c:\windows\winsxs\x86_microsoft-windows-msidntld_31bf3856ad364e35_6.0.6000.16386_none_e850de4731989b7f\msidntld.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..remote-provider-rll_31bf3856ad364e35_6.0.6000.16386_none_a5fb47c9a27d239e\msdaremr.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..rds-datafactory-rll_31bf3856ad364e35_6.0.6000.16386_none_ed38f59238fc7412\msadcfr.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_6.0.6000.16386_none_c1e1b94438db2321\msadcor.dll
+ 2006-11-02 08:11 . 2006-09-18 21:28 4656 c:\windows\winsxs\x86_microsoft-windows-m..r-setup-thunking-16_31bf3856ad364e35_6.0.6000.16386_none_150aa236d0231637\ds16gt.dLL
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..oracle-provider-rll_31bf3856ad364e35_6.0.6000.16386_none_97219dd4925486ed\msdaorar.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-rll_31bf3856ad364e35_6.0.6000.16386_none_5f22d3af4545a610\msadcer.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..ents-mdac-ado15-rll_31bf3856ad364e35_6.0.6000.16386_none_102f850e6fbddf64\msader15.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..dac-rds-persist-rll_31bf3856ad364e35_6.0.6000.16386_none_92846dc82a5df08e\msdaprsr.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..c-oracle-driver-rll_31bf3856ad364e35_6.0.6000.16386_none_664118af46799900\msorc32r.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_6.0.6000.16386_none_d40e1186bc35c191\msaddsr.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\winsxs\x86_microsoft-windows-m..-mdac-odbc-cpxl-rll_31bf3856ad364e35_6.0.6000.16386_none_c72c0debc656bffe\mscpx32r.dLL
+ 2006-11-02 08:33 . 2006-11-02 08:33 3072 c:\windows\winsxs\x86_microsoft-windows-lz32_31bf3856ad364e35_6.0.6000.16386_none_9058bb3f2c7df0c1\lz32.dll
+ 2006-11-02 07:18 . 2006-11-02 07:18 2048 c:\windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.0.6000.16386_none_09e22f167e7ac9b3\msprivs.dll
+ 2006-11-02 07:30 . 2006-11-02 09:39 2048 c:\windows\winsxs\x86_microsoft-windows-iologgingdll_31bf3856ad364e35_6.0.6000.16386_none_b4a74430ff7bd85d\iologmsg.dll
+ 2006-11-02 08:33 . 2006-11-02 08:33 2560 c:\windows\winsxs\x86_microsoft-windows-international-core_31bf3856ad364e35_6.0.6000.16386_none_e773a28cdcd5ef62\normaliz.dll
+ 2006-11-02 07:15 . 2006-11-02 07:15 2560 c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6000.16386_none_0143bc2fb699ae2d\msimsg.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 8704 c:\windows\winsxs\x86_microsoft-windows-ifsutilx_31bf3856ad364e35_6.0.6000.16386_none_711301bcf6d56234\ifsutilx.dll
+ 2006-11-02 06:58 . 2006-11-02 06:58 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16386_none_1310947a0ca7000f\tzres.dll
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..onal-keyboard-kbdus_31bf3856ad364e35_6.0.6000.16386_none_7c7b5a3417a7862c\KBDUS.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\winsxs\x86_microsoft-windows-i..onal-keyboard-kbdcr_31bf3856ad364e35_6.0.6000.16386_none_748aa8e41cc118bd\KBDCR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_6.0.6000.16386_none_741921b61d0a1436\KBDBR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..onal-keyboard-kbdbe_31bf3856ad364e35_6.0.6000.16386_none_74a5b0b21ca0a8f9\KBDBE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\winsxs\x86_microsoft-windows-i..nal-keyboard-kbdfi1_31bf3856ad364e35_6.0.6000.16386_none_5aa138edce130cc2\KBDFI1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 8704 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00060408_31bf3856ad364e35_6.0.6000.16386_none_badbacc714b477bd\KBDHEPT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00050408_31bf3856ad364e35_6.0.6000.16386_none_17bd68be22235a84\KBDGKL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00040408_31bf3856ad364e35_6.0.6000.16386_none_749f24b52f923d4b\KBDHELA3.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00030408_31bf3856ad364e35_6.0.6000.16386_none_d180e0ac3d012012\KBDHELA2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00030402_31bf3856ad364e35_6.0.6000.16386_none_ced7b5983eb704e8\KBDBULG.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00020445_31bf3856ad364e35_6.0.6000.16386_none_2d0dabf94b4b5bc8\KBDINBE2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00020437_31bf3856ad364e35_6.0.6000.16386_none_2df0d11d4ab94b35\kbdgeoer.dll
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00020408_31bf3856ad364e35_6.0.6000.16386_none_2e629ca34a7002d9\KBDHE319.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00020405_31bf3856ad364e35_6.0.6000.16386_none_2d0e07194b4af544\KBDCZ2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00020402_31bf3856ad364e35_6.0.6000.16386_none_2bb9718f4c25e7af\KBDBGPH.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00020401_31bf3856ad364e35_6.0.6000.16386_none_2b47ea614c6ee328\KBDA3.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00011809_31bf3856ad364e35_6.0.6000.16386_none_8baf1104579a6b74\KBDGAE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7680 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00011009_31bf3856ad364e35_6.0.6000.16386_none_8ba70eb457a1a0bc\KBDCAN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0001080c_31bf3856ad364e35_6.0.6000.16386_none_9e5a0e7c4b990da9\KBDBENE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010465_31bf3856ad364e35_6.0.6000.16386_none_89ef3a6058ba71d1\KBDDIV2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0001045d_31bf3856ad364e35_6.0.6000.16386_none_9ec7229a4b542cf9\KBDINUK2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_6.0.6000.16386_none_89ef67f058ba3e8f\KBDINBE1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010439_31bf3856ad364e35_6.0.6000.16386_none_8bb59b705796370a\KBDINHIN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010437_31bf3856ad364e35_6.0.6000.16386_none_8ad28d1458282dfc\kbdgeoqw.dll
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0001042b_31bf3856ad364e35_6.0.6000.16386_none_9de458964be5d708\KBDARMW.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010410_31bf3856ad364e35_6.0.6000.16386_none_87b808625a26db09\KBDIT142.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0001040e_31bf3856ad364e35_6.0.6000.16386_none_9f391bb04b0ab15b\KBDHU1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0001040a_31bf3856ad364e35_6.0.6000.16386_none_9d72fef84c2e9f3f\KBDES.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010409_31bf3856ad364e35_6.0.6000.16386_none_8bb5dfc85795ea27\KBDDV.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010408_31bf3856ad364e35_6.0.6000.16386_none_8b44589a57dee5a0\KBDHE220.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010407_31bf3856ad364e35_6.0.6000.16386_none_8ad2d16c5827e119\KBDGR1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010405_31bf3856ad364e35_6.0.6000.16386_none_89efc31058b9d80b\KBDCZ1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00010401_31bf3856ad364e35_6.0.6000.16386_none_8829a65859ddc5ef\KBDA2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000201a_31bf3856ad364e35_6.0.6000.16386_none_fa3b032759b16e2d\KBDBHC.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00001809_31bf3856ad364e35_6.0.6000.16386_none_e890ccfb65094e3b\KBDIR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00001009_31bf3856ad364e35_6.0.6000.16386_none_e888caab65108383\KBDCA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000c0c_31bf3856ad364e35_6.0.6000.16386_none_fb66d6e158e1320d\KBDFC.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000085d_31bf3856ad364e35_6.0.6000.16386_none_fbacdfb958bf751c\KBDIULAT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000082c_31bf3856ad364e35_6.0.6000.16386_none_fb3b9ce3590823b2\KBDAZE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000080a_31bf3856ad364e35_6.0.6000.16386_none_fa58bc175999e762\KBDLA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000046f_31bf3856ad364e35_6.0.6000.16386_none_fc8bd6255831326f\KBDGRLND.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000046d_31bf3856ad364e35_6.0.6000.16386_none_fba8c7c958c32961\KBDBASH.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000465_31bf3856ad364e35_6.0.6000.16386_none_e6d0f65766295498\KBDDIV1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000454_31bf3856ad364e35_6.0.6000.16386_none_e65f85f166723670\KBDLAO.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_6.0.6000.16386_none_e5edfec366bb31e9\KBDKHMR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000044e_31bf3856ad364e35_6.0.6000.16386_none_fc1a7c875879faa6\KBDINMAR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000044d_31bf3856ad364e35_6.0.6000.16386_none_fba8f55958c2f61f\KBDINASA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000044c_31bf3856ad364e35_6.0.6000.16386_none_fb376e2b590bf198\KBDINMAL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000044b_31bf3856ad364e35_6.0.6000.16386_none_fac5e6fd5954ed11\KBDINKAN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000044a_31bf3856ad364e35_6.0.6000.16386_none_fa545fcf599de88a\KBDINTEL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_6.0.6000.16386_none_e897409f65053372\KBDINTAM.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000448_31bf3856ad364e35_6.0.6000.16386_none_e825b971654e2eeb\KBDINORI.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000447_31bf3856ad364e35_6.0.6000.16386_none_e7b4324365972a64\KBDINGUJ.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000446_31bf3856ad364e35_6.0.6000.16386_none_e742ab1565e025dd\KBDINPUN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000445_31bf3856ad364e35_6.0.6000.16386_none_e6d123e766292156\KBDINBEN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000440_31bf3856ad364e35_6.0.6000.16386_none_e499800167960ab3\KBDKYR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000043f_31bf3856ad364e35_6.0.6000.16386_none_fc8c1a7d5830e58c\KBDKAZ.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000439_31bf3856ad364e35_6.0.6000.16386_none_e8975767650519d1\KBDINDEV.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000438_31bf3856ad364e35_6.0.6000.16386_none_e825d039654e154a\KBDFO.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5120 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000437_31bf3856ad364e35_6.0.6000.16386_none_e7b4490b659710c3\KBDGEO.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000042c_31bf3856ad364e35_6.0.6000.16386_none_fb379bbb590bbe56\KBDAZEL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000042b_31bf3856ad364e35_6.0.6000.16386_none_fac6148d5954b9cf\KBDARME.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000429_31bf3856ad364e35_6.0.6000.16386_none_e8976e2f65050030\KBDFA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000427_31bf3856ad364e35_6.0.6000.16386_none_e7b45fd36596f722\KBDLT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000425_31bf3856ad364e35_6.0.6000.16386_none_e6d151776628ee14\KBDEST.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000423_31bf3856ad364e35_6.0.6000.16386_none_e5ee431b66bae506\KBDBLR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000041c_31bf3856ad364e35_6.0.6000.16386_none_fb37b283590ba4b5\KBDAL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000410_31bf3856ad364e35_6.0.6000.16386_none_e499c4596795bdd0\KBDIT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000040f_31bf3856ad364e35_6.0.6000.16386_none_fc8c5ed5583098a9\KBDIC.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000040e_31bf3856ad364e35_6.0.6000.16386_none_fc1ad7a758799422\KBDHU.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000040d_31bf3856ad364e35_6.0.6000.16386_none_fba9507958c28f9b\KBDHEB.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000040c_31bf3856ad364e35_6.0.6000.16386_none_fb37c94b590b8b14\KBDFR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-0000040b_31bf3856ad364e35_6.0.6000.16386_none_fac6421d5954868d\KBDFI.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000408_31bf3856ad364e35_6.0.6000.16386_none_e8261491654dc867\KBDHE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000407_31bf3856ad364e35_6.0.6000.16386_none_e7b48d636596c3e0\KBDGR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000406_31bf3856ad364e35_6.0.6000.16386_none_e743063565dfbf59\KBDDA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000405_31bf3856ad364e35_6.0.6000.16386_none_e6d17f076628bad2\KBDCZ.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000402_31bf3856ad364e35_6.0.6000.16386_none_e57ce97d6703ad3d\KBDBU.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\winsxs\x86_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_6.0.6000.16386_none_e50b624f674ca8b6\KBDA1.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:45 7680 c:\windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
+ 2006-11-02 08:34 . 2006-11-02 09:46 6656 c:\windows\winsxs\x86_microsoft-windows-core_tools_31bf3856ad364e35_6.0.6000.16386_none_09d35e27baa62b89\osuninst.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 8704 c:\windows\winsxs\x86_microsoft-windows-commandlinehelp_31bf3856ad364e35_6.0.6000.16386_none_d1f473a80c4c9194\help.exe
+ 2006-11-02 07:29 . 2006-09-18 21:35 4208 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6000.16386_none_3ce4e30bd55b275f\storage.dll
+ 2006-11-02 07:21 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.0.6000.16386_none_1525f574c2807ea3\netmsg.dll
+ 2006-11-02 08:30 . 2006-11-02 08:30 8704 c:\windows\winsxs\x86_microsoft-windows-b..uggertransport-1394_31bf3856ad364e35_6.0.6000.16386_none_61949536f6f76e24\kd1394.dll
+ 2006-11-02 06:56 . 2006-11-02 06:56 2560 c:\windows\winsxs\x86_microsoft-windows-b..environment-strings_31bf3856ad364e35_6.0.6000.16386_none_f64b4db1100349a8\bootstr.dll
+ 2006-11-02 08:12 . 2006-11-02 08:12 2048 c:\windows\winsxs\x86_microsoft-windows-agent0409_31bf3856ad364e35_6.0.6000.16386_none_cba6dc9d9ccc4898\AgtUI.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2048 c:\windows\winsxs\x86_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.0.6000.16386_none_92936507ab8702dd\acprgwiz.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16386_none_09eb762df5615af9\AcRes.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 7168 c:\windows\winsxs\msil_microsoft_vsavb_b03f5f7f11d50a3a_6.0.6000.16386_none_6728c2d6cd97e7f4\Microsoft_VsaVb.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5632 c:\windows\winsxs\msil_microsoft.visualc_b03f5f7f11d50a3a_6.0.6000.16386_none_851d57eab180e8ee\Microsoft.VisualC.Dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5632 c:\windows\winsxs\msil_iiehost_b03f5f7f11d50a3a_6.0.6000.16386_none_81b43bde8b14dc00\IIEHost.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 8192 c:\windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16386_none_ef9a51cfc4df6184\IEExecRemote.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 9728 c:\windows\winsxs\msil_ieexec_b03f5f7f11d50a3a_6.0.6000.16386_none_7f0bbec807558ac8\IEExec.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 5120 c:\windows\winsxs\msil_dfsvc_b03f5f7f11d50a3a_6.0.6000.16386_none_65f8c50a88a6d473\dfsvc.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 8960 c:\windows\System32\WOWEXEC.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 2864 c:\windows\System32\WOWDEB.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 2112 c:\windows\System32\WINSPOOL.EXE
+ 2006-11-02 07:10 . 2006-11-02 07:10 2864 c:\windows\System32\WINSOCK.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 5120 c:\windows\System32\WINNLS.DLL
+ 2006-11-02 08:35 . 2006-11-02 08:35 6656 c:\windows\System32\win.com
+ 2006-11-02 07:10 . 2006-11-02 07:10 9216 c:\windows\System32\WIFEMAN.DLL
+ 2006-11-02 07:15 . 2006-11-02 07:15 2048 c:\windows\System32\wbem\WmiApRes.dll
+ 2006-11-02 07:14 . 2006-11-02 07:14 6144 c:\windows\System32\wbem\WinMgmtR.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 2176 c:\windows\System32\vga.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9008 c:\windows\System32\ver.dll
+ 2006-11-02 06:58 . 2006-11-02 06:58 2048 c:\windows\System32\tzres.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 9216 c:\windows\System32\txfw32.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 4048 c:\windows\System32\TIMER.DRV
+ 2006-11-02 07:10 . 2006-11-02 07:10 3360 c:\windows\System32\system.drv
+ 2006-11-02 07:29 . 2006-09-18 21:35 4208 c:\windows\System32\storage.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 7680 c:\windows\System32\spwizres.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 8192 c:\windows\System32\spnet.dll
+ 2006-09-24 13:28 . 2006-09-24 13:28 5248 c:\windows\System32\speedfan.sys
+ 2006-11-02 07:10 . 2006-11-02 07:10 1744 c:\windows\System32\sound.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 5120 c:\windows\System32\SHELL.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:46 4608 c:\windows\System32\sfc.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 9216 c:\windows\System32\regedt32.exe
+ 2006-11-02 07:10 . 2006-11-02 07:10 2842 c:\windows\System32\redir.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 7680 c:\windows\System32\procinst.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 7680 c:\windows\System32\plasrv.exe
+ 2006-11-02 08:34 . 2006-11-02 09:46 6656 c:\windows\System32\osuninst.dll
+ 2006-11-02 07:08 . 2006-11-02 07:08 2048 c:\windows\System32\oleaccrc.dll
+ 2006-11-02 08:33 . 2006-11-02 08:33 2560 c:\windows\System32\normaliz.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4096 c:\windows\System32\NlsLexicons002a.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 7052 c:\windows\System32\nlsfunc.exe
+ 2006-11-02 07:43 . 2006-09-19 11:41 9560 c:\windows\System32\networklist\icons\StockIcons\office_48.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 4280 c:\windows\System32\networklist\icons\StockIcons\office_32.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 2456 c:\windows\System32\networklist\icons\StockIcons\office_24.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 9560 c:\windows\System32\networklist\icons\StockIcons\house_48.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 4280 c:\windows\System32\networklist\icons\StockIcons\house_32.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 2456 c:\windows\System32\networklist\icons\StockIcons\house_24.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 9560 c:\windows\System32\networklist\icons\StockIcons\bench_48.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 4280 c:\windows\System32\networklist\icons\StockIcons\bench_32.bin
+ 2006-11-02 07:43 . 2006-09-19 11:41 2456 c:\windows\System32\networklist\icons\StockIcons\bench_24.bin
+ 2006-11-02 07:21 . 2006-11-02 09:41 2048 c:\windows\System32\netmsg.dll
+ 2006-11-02 07:21 . 2006-11-02 09:41 2048 c:\windows\System32\neth.dll
+ 2006-11-02 06:34 . 2006-10-20 01:15 6144 c:\windows\System32\MUI\0409\mscorees.dll
+ 2003-02-20 21:43 . 2003-02-20 21:43 4096 c:\windows\System32\MUI\0409\mscoreer.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\System32\msxml6r.dll
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\System32\msxml3r.dll
+ 2006-11-02 07:18 . 2006-11-02 07:18 2048 c:\windows\System32\msprivs.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\System32\msorc32r.dll
+ 2006-11-02 07:15 . 2006-11-02 07:15 2560 c:\windows\System32\msimsg.dll
+ 2006-11-02 07:25 . 2006-11-02 07:25 4608 c:\windows\System32\msidntld.dll
+ 2006-11-02 08:11 . 2006-11-02 08:11 8192 c:\windows\System32\mscpx32r.dLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 2032 c:\windows\System32\mouse.drv
+ 2006-07-28 11:10 . 2006-07-28 11:10 6144 c:\windows\System32\mot_ci.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 9936 c:\windows\System32\lzexpand.dll
+ 2006-11-02 08:33 . 2006-11-02 08:33 3072 c:\windows\System32\lz32.dll
+ 2006-11-02 07:38 . 2006-11-02 07:38 2048 c:\windows\System32\lltdres.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 2000 c:\windows\System32\keyboard.drv
+ 2006-11-02 08:30 . 2006-11-02 08:30 8704 c:\windows\System32\kd1394.dll
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDUS.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDLAO.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDLA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDKYR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDKHMR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDKAZ.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDIULAT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDIT142.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDIT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDIR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\System32\KBDINUK2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINTEL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDINTAM.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINPUN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDINORI.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINMAR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDINMAL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINKAN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDINHIN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINGUJ.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINDEV.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDINBEN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINBE2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINBE1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDINASA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDIC.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDHU1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDHU.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 8704 c:\windows\System32\KBDHEPT.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDHELA3.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDHELA2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDHEB.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDHE319.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDHE220.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDHE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\System32\KBDGRLND.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDGR1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDGR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDGKL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\kbdgeoqw.dll
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\kbdgeoer.dll
+ 2006-11-02 08:37 . 2006-11-02 09:39 5120 c:\windows\System32\KBDGEO.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDGAE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDFR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDFO.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\System32\KBDFI1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDFI.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDFC.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDFA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDEST.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDES.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDDV.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDDIV2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDDIV1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDDA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\System32\KBDCZ2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDCZ1.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\System32\KBDCZ.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7168 c:\windows\System32\KBDCR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 7680 c:\windows\System32\KBDCAN.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDCA.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBULG.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBU.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBLR.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBHC.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBGPH.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDBENE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDBE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDBASH.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDAZEL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDAZE.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDARMW.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDARME.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6656 c:\windows\System32\KBDAL.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDA3.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 5632 c:\windows\System32\KBDA2.DLL
+ 2006-11-02 08:37 . 2006-11-02 09:39 6144 c:\windows\System32\KBDA1.DLL
+ 2006-11-02 07:30 . 2006-11-02 09:39 2048 c:\windows\System32\iologmsg.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 8704 c:\windows\System32\ifsutilx.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 4768 c:\windows\System32\HIMEM.SYS
+ 2006-11-02 08:32 . 2006-11-02 09:45 8704 c:\windows\System32\help.exe
+ 1996-04-03 19:33 . 1996-04-03 19:33 5248 c:\windows\System32\giveio.sys
+ 2006-11-02 07:09 . 2006-11-02 07:09 8424 c:\windows\System32\exe2bin.exe
+ 2006-11-02 08:11 . 2006-09-18 21:28 4656 c:\windows\System32\ds16gt.dLL
+ 2006-07-28 11:10 . 2006-07-28 11:10 6144 c:\windows\System32\DriverStore\FileRepository\motodrv.inf_3fcd95cd\mot_ci.dll
+ 2001-11-19 23:05 . 2001-11-19 23:05 3972 c:\windows\System32\drivers\PciBus.sys
+ 2006-11-02 08:33 . 2006-11-02 09:45 7680 c:\windows\System32\csrss.exe
+ 2006-11-02 07:38 . 2006-11-02 07:38 2048 c:\windows\System32\bridgeres.dll
+ 2006-11-02 06:56 . 2006-11-02 06:56 2560 c:\windows\System32\bootstr.dll
+ 2006-11-02 07:09 . 2006-11-02 07:09 9029 c:\windows\System32\ANSI.SYS
+ 2006-11-02 08:29 . 2006-11-02 09:46 6656 c:\windows\System32\aecache.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2048 c:\windows\System32\acprgwiz.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 2176 c:\windows\system\vga.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9008 c:\windows\system\ver.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 4048 c:\windows\system\TIMER.DRV
+ 2006-11-02 07:10 . 2006-11-02 07:10 3360 c:\windows\system\system.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 1744 c:\windows\system\sound.drv
+ 2006-11-02 07:10 . 2006-11-02 07:10 5120 c:\windows\system\SHELL.DLL
+ 2006-11-02 07:10 . 2006-11-02 07:10 2032 c:\windows\system\mouse.drv
+ 2006-11-02 06:25 . 2006-09-18 21:43 9936 c:\windows\system\lzexpand.dll
+ 2006-11-02 07:10 . 2006-11-02 07:10 2000 c:\windows\system\keyboard.drv
+ 2006-11-02 08:33 . 2006-11-02 09:46 9728 c:\windows\servicing\wrpintapi.dll
+ 2010-05-27 20:10 . 2010-05-27 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-27 19:41 . 2010-05-27 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-27 19:41 . 2010-05-27 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-27 20:10 . 2010-05-27 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 08:12 . 2006-11-02 08:12 2048 c:\windows\MSAgent\AgtUI.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 5120 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 10:24 . 2003-02-21 10:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 10:24 . 2003-02-21 10:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 5120 c:\windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe
+ 2006-11-02 06:28 . 2006-11-02 09:47 5632 c:\windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRoles.dll
+ 2006-11-02 06:28 . 2006-11-02 09:47 5632 c:\windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRoles.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\AppPatch\AcRes.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 321536 c:\windows\winsxs\x86_wsdapi_31bf3856ad364e35_6.0.6000.16386_none_bc7ccad7506b8f49\WSDApi.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 260096 c:\windows\winsxs\x86_system.transactions_b77a5c561934e089_6.0.6000.16386_none_13b6321068365ea2\System.Transactions.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 114176 c:\windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_d5d21d67adbfe774\System.EnterpriseServices.Wrapper.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\winsxs\x86_system.enterpriseservices_b03f5f7f11d50a3a_6.0.6000.16386_none_d5d21d67adbfe774\System.EnterpriseServices.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 482304 c:\windows\winsxs\x86_system.data.oracleclient_b77a5c561934e089_6.0.6000.16386_none_f3615a27dcd08d0c\System.Data.OracleClient.dll
+ 2006-11-02 07:38 . 2006-11-02 09:46 274432 c:\windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6000.16386_none_a31b6bf784e3e536\AuthFWWizFwk.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 408576 c:\windows\winsxs\x86_netfx-web_engine_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_36cabf9f37941996\webengine.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 183808 c:\windows\winsxs\x86_netfx-vb_compiler_ui_b03f5f7f11d50a3a_6.0.6000.16386_none_9b6c0f37aa2ec1c5\vbc7ui.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 382464 c:\windows\winsxs\x86_netfx-sos_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_141b3d3ffa811c0c\SOS.dll

juniorain · 27/05/2010

Log do Combo Fix com CFScript pt.3:

+ 2006-11-02 06:34 . 2006-11-02 06:34 107520 c:\windows\winsxs\x86_netfx-shfusion_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_5b03d0cdcbe72f8a\shfusion.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 136192 c:\windows\winsxs\x86_netfx-peverify_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_9cc1f6da497f57ef\peverify.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 227328 c:\windows\winsxs\x86_netfx-mscorsvc__dll_b03f5f7f11d50a3a_6.0.6000.16386_none_5b1ba17003b1e16a\mscorsvc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 330752 c:\windows\winsxs\x86_netfx-mscorrc_res_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_f052a9219bf1e7e1\mscorrc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 102912 c:\windows\winsxs\x86_netfx-mscorpe_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_f80f45915be045a0\mscorpe.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 326656 c:\windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_bf88281330d7cc2a\mscorjit.dll
+ 2006-11-02 06:34 . 2006-10-20 01:15 150016 c:\windows\winsxs\x86_netfx-mscorier_dll_non_mui_31bf3856ad364e35_6.0.6000.16386_none_7a5b4995de2430de\mscorier.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 271360 c:\windows\winsxs\x86_netfx-mscoree_dll_31bf3856ad364e35_6.0.6000.16386_none_b3293a29593e9730\mscoree.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 288768 c:\windows\winsxs\x86_netfx-mscordbi_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_7051bf825c1645e8\mscordbi.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 802816 c:\windows\winsxs\x86_netfx-mscordacwks_b03f5f7f11d50a3a_6.0.6000.16386_none_2b4cf57f068c3ff7\mscordacwks.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 788992 c:\windows\winsxs\x86_netfx-eventlogmessages_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_cf8fdb06f2a1bc83\EventLogMessages.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 547840 c:\windows\winsxs\x86_netfx-debugging_msdia70_b03f5f7f11d50a3a_6.0.6000.16386_none_d109bc67145dfd10\diasymreader.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 136192 c:\windows\winsxs\x86_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.0.6000.16386_none_70ffa8c7ea7fadf1\cscompui.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 218624 c:\windows\winsxs\x86_netfx-clr_ilasm_exe_b03f5f7f11d50a3a_6.0.6000.16386_none_033ba4398d76c7df\ilasm.exe
+ 2006-11-02 06:33 . 2006-11-02 06:33 138240 c:\windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.16386_none_6d869912e7931eda\AdoNetDiag.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 208896 c:\windows\winsxs\x86_netfx-_vsavb7rtui_b03f5f7f11d50a3a_6.0.6000.16386_none_508ad96a2ae1a616\Vsavb7rtUI.dll
+ 2006-11-02 07:12 . 2006-11-02 09:47 991232 c:\windows\winsxs\x86_narrator-nonmsil_31bf3856ad364e35_6.0.6000.16386_none_2b06fe75c7fd62d3\Narrator.exe
+ 2006-11-02 06:33 . 2006-11-02 06:33 626688 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\msvcr80.dll
+ 2006-11-02 06:33 . 2006-11-02 06:33 548864 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\msvcp80.dll
+ 2006-11-02 06:33 . 2006-10-20 01:14 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\msvcm80.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 135680 c:\windows\winsxs\x86_microsoft-windows-wusa_31bf3856ad364e35_6.0.6000.16386_none_aac9cf811bb1ca58\wusa.exe
+ 2006-11-02 07:16 . 2006-09-18 21:40 149389 c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.0.6000.16386_none_c82eb363b01cbb81\winrm.vbs
+ 2006-11-02 08:37 . 2006-11-02 09:46 157696 c:\windows\winsxs\x86_microsoft-windows-verifier_31bf3856ad364e35_6.0.6000.16386_none_c7ce7366cbc259e4\verifier.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 735232 c:\windows\winsxs\x86_microsoft-windows-unbcl_31bf3856ad364e35_6.0.6000.16386_none_59de6559af5ea3d4\unbcl.dll
+ 2006-11-02 08:30 . 2006-11-02 08:30 225280 c:\windows\winsxs\x86_microsoft-windows-udfs_31bf3856ad364e35_6.0.6000.16386_none_a442d6471ff8a010\udfs.sys
+ 2006-11-02 08:35 . 2006-11-02 09:46 411648 c:\windows\winsxs\x86_microsoft-windows-tracedatahelper_31bf3856ad364e35_6.0.6000.16386_none_fa2c0e66d54336ef\tdh.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 142848 c:\windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6000.16386_none_6d564c64c358b59e\Win32_Tpm.dll
+ 2006-11-02 08:26 . 2006-11-02 08:26 108544 c:\windows\winsxs\x86_microsoft-windows-tapicore_31bf3856ad364e35_6.0.6000.16386_none_e203168e49ab8983\tapiui.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 105472 c:\windows\winsxs\x86_microsoft-windows-syssetup_31bf3856ad364e35_6.0.6000.16386_none_6e99c9d19acbba86\syssetup.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 103424 c:\windows\winsxs\x86_microsoft-windows-sysclass_31bf3856ad364e35_6.0.6000.16386_none_96f1af4dbc6fcac9\sysclass.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 377344 c:\windows\winsxs\x86_microsoft-windows-sxs_31bf3856ad364e35_6.0.6000.16386_none_ac15da205ab8aa66\sxs.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 137728 c:\windows\winsxs\x86_microsoft-windows-smi-installer_1122334455667788_6.0.6000.16386_none_3ca54b9fb3dfa6cb\SmiInstaller.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 700416 c:\windows\winsxs\x86_microsoft-windows-smi-engine_31bf3856ad364e35_6.0.6000.16386_none_95de6d9815f7d12c\SmiEngine.dll
+ 2006-11-02 08:31 . 2006-11-02 08:31 129536 c:\windows\winsxs\x86_microsoft-windows-smbserver-v2_31bf3856ad364e35_6.0.6000.16386_none_d7b5d772f990a2f2\srv2.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 290304 c:\windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.0.6000.16386_none_d7c0a75ef9888701\srv.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 101888 c:\windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16386_none_7d5aab3954325e4f\mrxsmb.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 211456 c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16386_none_866dc98d4e839cb1\mrxsmb10.sys
+ 2006-11-02 08:33 . 2006-11-02 09:46 200704 c:\windows\winsxs\x86_microsoft-windows-setup-unattend_31bf3856ad364e35_6.0.6000.16386_none_937e281278cbf207\unattend.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 394240 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\win32ui.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 260096 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\W32UIRes.dll
+ 2006-11-02 08:34 . 2006-11-02 09:51 191592 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\Setup.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 121856 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\diagnostic.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 167424 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\ActionQueue.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 116224 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16386_none_07289f4cca5f6990\smipi.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 432128 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16386_none_07289f4cca5f6990\CbsCore.dll
+ 2006-11-02 07:16 . 2006-11-02 09:46 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.16386_none_9ebead67348d0d16\secproc.dll
+ 2006-11-02 07:16 . 2006-11-02 09:45 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.16386_none_9ebead67348d0d16\RMActivate.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 279552 c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
+ 2006-11-02 07:16 . 2006-11-02 09:45 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.16386_none_6d87fd926726beb6\RMActivate_ssp.exe
+ 2006-11-02 08:34 . 2006-11-02 09:46 342528 c:\windows\winsxs\x86_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.0.6000.16386_none_b41c233a548e28ab\spwizeng.dll
+ 2006-11-02 07:16 . 2006-11-02 09:46 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.16386_none_e71b1c02f2bea557\secproc_isv.dll
+ 2006-11-02 07:16 . 2006-11-02 09:45 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.16386_none_e71b1c02f2bea557\RMActivate_isv.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 540672 c:\windows\winsxs\x86_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.0.6000.16386_none_3b17304ee34c4203\sysmain.dll
+ 2006-11-02 07:16 . 2006-11-02 07:16 551936 c:\windows\winsxs\x86_microsoft-windows-s..ive-blackbox-driver_31bf3856ad364e35_6.0.6000.16386_none_073bc037aaeba527\spsys.sys
+ 2006-11-02 07:16 . 2006-11-02 09:45 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.16386_none_f2e00d8d0183cf71\RMActivate_ssp_isv.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 146944 c:\windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.0.6000.16386_none_7dfea5cf27338b4c\RstrtMgr.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 177152 c:\windows\winsxs\x86_microsoft-windows-rescacheinstaller_1122334455667788_6.0.6000.16386_none_b7699c846b2cd0d7\rescinst.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 105984 c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6000.16386_none_872f43bd868c402d\regsvc.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 140288 c:\windows\winsxs\x86_microsoft-windows-reliability-postboot_31bf3856ad364e35_6.0.6000.16386_none_4b8a0e360867c939\RelPost.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 134656 c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe
+ 2006-11-02 08:31 . 2006-11-02 08:31 222208 c:\windows\winsxs\x86_microsoft-windows-rdbss_31bf3856ad364e35_6.0.6000.16386_none_579e15d0647e5ec0\rdbss.sys
+ 2006-11-02 08:37 . 2006-11-02 09:46 340480 c:\windows\winsxs\x86_microsoft-windows-r..lityanalysismonitor_31bf3856ad364e35_6.0.6000.16386_none_7ed5046d4382734e\RelMon.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 542208 c:\windows\winsxs\x86_microsoft-windows-pnpui_31bf3856ad364e35_6.0.6000.16386_none_5ca0cf5e2e5e6016\pnpui.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 281088 c:\windows\winsxs\x86_microsoft-windows-pnpplugininstaller_1122334455667788_6.0.6000.16386_none_72f7137046aed712\cmipnpinstall.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 180736 c:\windows\winsxs\x86_microsoft-windows-pnpinstaller_31bf3856ad364e35_6.0.6000.16386_none_9084159adf3c2706\pnpsetup.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 377344 c:\windows\winsxs\x86_microsoft-windows-pnpdevicemanager_31bf3856ad364e35_6.0.6000.16386_none_119fd8762295a7d9\devmgr.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 456704 c:\windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6000.16386_none_99d2fc2fa408df3c\wvc.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 120320 c:\windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6000.16386_none_99d2fc2fa408df3c\perfmon.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 218112 c:\windows\winsxs\x86_microsoft-windows-pantherengine_31bf3856ad364e35_6.0.6000.16386_none_abdaad94a8eba700\wdscore.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 140288 c:\windows\winsxs\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.0.6000.16386_none_eaa1021ff65934d3\PkgMgr.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 113664 c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16386_none_6f4f3b5c01fbb89d\loadperf.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 120320 c:\windows\winsxs\x86_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.0.6000.16386_none_6f4f3b5c01fbb89d\CntrtextMig.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 242688 c:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\pdh.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 335360 c:\windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.0.6000.16386_none_5eecb8d501ea0d84\tracerpt.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 221696 c:\windows\winsxs\x86_microsoft-windows-p..ncecounterinstaller_1122334455667788_6.0.6000.16386_none_34995ef99cefa0ad\CntrtextInstaller.DLL
+ 2006-11-02 08:35 . 2006-11-02 09:46 273920 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\wow32.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 256192 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\winhelp.exe
+ 2006-11-02 08:36 . 2006-11-02 09:45 520192 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\ntvdm.exe
+ 2006-11-02 06:25 . 2006-09-18 21:43 108464 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\netapi.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 221600 c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\lanman.drv
+ 2006-11-02 08:33 . 2006-11-02 09:46 180736 c:\windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.0.6000.16386_none_0f3f895853be06df\newdev.dll
+ 2006-11-02 08:30 . 2006-11-02 09:45 267776 c:\windows\winsxs\x86_microsoft-windows-muicachebuilder_31bf3856ad364e35_6.0.6000.16386_none_17d5da3fb7ed4414\mcbuilder.exe
+ 2006-11-02 06:49 . 2006-11-02 09:46 253952 c:\windows\winsxs\x86_microsoft-windows-msvcrt20_31bf3856ad364e35_6.0.6000.16386_none_ebed1a7373e6e8e7\msvcrt20.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 681472 c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6000.16386_none_cf1e7424a1fb0cd9\msvcrt.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 408576 c:\windows\winsxs\x86_microsoft-windows-msvcp60_31bf3856ad364e35_6.0.6000.16386_none_406ad294b47471cb\msvcp60.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 407552 c:\windows\winsxs\x86_microsoft-windows-msinfo32-exe_31bf3856ad364e35_6.0.6000.16386_none_a9a5a4dafcc33864\msinfo32.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 407552 c:\windows\winsxs\x86_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.0.6000.16386_none_840e3d1eedf5cd7c\msinfo32.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 161792 c:\windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.0.6000.16386_none_a34b9ff7209b68aa\msdt.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 211968 c:\windows\winsxs\x86_microsoft-windows-msdt_31bf3856ad364e35_6.0.6000.16386_none_a34b9ff7209b68aa\msdt.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 222208 c:\windows\winsxs\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.0.6000.16386_none_d8437c87a0d4ffbd\msconfig.exe
+ 2006-11-02 06:52 . 2006-11-02 09:40 145920 c:\windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6000.16386_none_c50bb8527b8263e8\msaudite.dll
+ 2006-11-02 06:52 . 2006-11-02 08:29 557568 c:\windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6000.16386_none_c50bb8527b8263e8\adtschema.dll
+ 2006-11-02 07:25 . 2006-09-18 21:33 673088 c:\windows\winsxs\x86_microsoft-windows-mlang_31bf3856ad364e35_6.0.6000.16386_none_54a8897ce7133d6b\mlang.dat
+ 2006-11-02 06:49 . 2006-11-02 09:46 924944 c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 924944 c:\windows\winsxs\x86_microsoft-windows-mfc40_31bf3856ad364e35_6.0.6000.16386_none_57c82c1ae4dbe668\mfc40.dll
+ 2006-11-02 08:30 . 2006-11-02 09:51 301672 c:\windows\winsxs\x86_microsoft-windows-m..update-genuineintel_31bf3856ad364e35_6.0.6000.16386_none_ba894a65b5623d70\mcupdate_GenuineIntel.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 294912 c:\windows\winsxs\x86_microsoft-windows-m..ss-components-jetes_31bf3856ad364e35_6.0.6000.16386_none_347b54bdcffd519f\msjtes40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 380957 c:\windows\winsxs\x86_microsoft-windows-m..s-components-jetvba_31bf3856ad364e35_6.0.6000.16386_none_735b8f8d953639a8\expsrv.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 364544 c:\windows\winsxs\x86_microsoft-windows-m..s-components-jetole_31bf3856ad364e35_6.0.6000.16386_none_7519c66f94199aad\msjetoledb40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 610304 c:\windows\winsxs\x86_microsoft-windows-m..s-components-jetdao_31bf3856ad364e35_6.0.6000.16386_none_797f05a59148974b\dao360.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 450560 c:\windows\winsxs\x86_microsoft-windows-m..ponents-jetxbasepdx_31bf3856ad364e35_6.0.6000.16386_none_8fda8a7723da44b2\msxbde40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 376832 c:\windows\winsxs\x86_microsoft-windows-m..ponents-jetxbasepdx_31bf3856ad364e35_6.0.6000.16386_none_8fda8a7723da44b2\mspbde40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 245760 c:\windows\winsxs\x86_microsoft-windows-m..onents-jetexchlotus_31bf3856ad364e35_6.0.6000.16386_none_c104f344508803bc\msltus40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 413696 c:\windows\winsxs\x86_microsoft-windows-m..onents-jetexchlotus_31bf3856ad364e35_6.0.6000.16386_none_c104f344508803bc\msexch40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 180800 c:\windows\winsxs\x86_microsoft-windows-m..nents-mdac-sqlunirl_31bf3856ad364e35_6.0.6000.16386_none_39dff6607f42ed85\sqlunirl.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 622592 c:\windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\mswstr10.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 856064 c:\windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\mswdat10.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 167936 c:\windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\msjint40.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 124928 c:\windows\winsxs\x86_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.0.6000.16386_none_919fda407ccc7375\MdSched.exe
+ 2006-11-02 06:47 . 2006-11-02 09:46 344064 c:\windows\winsxs\x86_microsoft-windows-m..components-jetexcel_31bf3856ad364e35_6.0.6000.16386_none_1bd7e89245520474\msexcl40.dll
+ 2006-11-02 08:11 . 2006-11-02 09:42 229376 c:\windows\winsxs\x86_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_6.0.6000.16386_none_0d649155ed7f9a28\odbcint.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 282624 c:\windows\winsxs\x86_microsoft-windows-m..-components-jettext_31bf3856ad364e35_6.0.6000.16386_none_0470de99a97b582c\mstext40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 651264 c:\windows\winsxs\x86_microsoft-windows-m..-components-jetrepl_31bf3856ad364e35_6.0.6000.16386_none_013923f5ab8421be\msrepl40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 360448 c:\windows\winsxs\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_6.0.6000.16386_none_e5686b97bd84ee12\msrd3x40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 323584 c:\windows\winsxs\x86_microsoft-windows-m..-components-jet2x3x_31bf3856ad364e35_6.0.6000.16386_none_e5686b97bd84ee12\msrd2x40.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 101376 c:\windows\winsxs\x86_microsoft-windows-luainstaller_31bf3856ad364e35_6.0.6000.16386_none_167faf7a6b604028\luainstall.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 221696 c:\windows\winsxs\x86_microsoft-windows-l..zeddriversinstaller_31bf3856ad364e35_6.0.6000.16386_none_100c51cd69c2bf6a\locdrv.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 874496 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 200192 c:\windows\winsxs\x86_microsoft-windows-indeo5-codecs_31bf3856ad364e35_6.0.6000.16386_none_22c9c1557410d750\ir50_qcx.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 200192 c:\windows\winsxs\x86_microsoft-windows-indeo5-codecs_31bf3856ad364e35_6.0.6000.16386_none_22c9c1557410d750\ir50_qc.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 746496 c:\windows\winsxs\x86_microsoft-windows-indeo5-codecs_31bf3856ad364e35_6.0.6000.16386_none_22c9c1557410d750\ir50_32.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 120320 c:\windows\winsxs\x86_microsoft-windows-indeo4-codecs_31bf3856ad364e35_6.0.6000.16386_none_39975c8d5a6988b1\ir41_qcx.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 120320 c:\windows\winsxs\x86_microsoft-windows-indeo4-codecs_31bf3856ad364e35_6.0.6000.16386_none_39975c8d5a6988b1\ir41_qc.dll
+ 2006-11-02 07:28 . 2006-11-02 09:46 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16386_none_abfb5fd109dad8b8\ieakui.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 221696 c:\windows\winsxs\x86_microsoft-windows-i..onal-codepage-54936_31bf3856ad364e35_6.0.6000.16386_none_d8c4845a42c458cb\C_G18030.DLL
+ 2006-11-02 08:30 . 2006-11-02 09:51 183912 c:\windows\winsxs\x86_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.0.6000.16386_none_0ed2b0f62de100b1\fltMgr.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 142336 c:\windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6000.16386_none_ac7c69845a79180b\fastfat.sys
+ 2006-11-02 08:36 . 2006-11-02 09:46 119296 c:\windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\clusapi.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 121856 c:\windows\winsxs\x86_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.0.6000.16386_none_e75f95dbf2c248c4\ifsutil.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 130048 c:\windows\winsxs\x86_microsoft-windows-f..mutilityudfslibrary_31bf3856ad364e35_6.0.6000.16386_none_e989ced45f9e7984\uudf.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 321536 c:\windows\winsxs\x86_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.0.6000.16386_none_fc8cf5d0f7021a0d\untfs.dll
+ 2006-11-02 07:26 . 2006-09-18 21:39 215943 c:\windows\winsxs\x86_microsoft-windows-dssec_31bf3856ad364e35_6.0.6000.16386_none_582f1586ff9cc1ca\dssec.dat
+ 2006-11-02 08:33 . 2006-11-02 09:46 245248 c:\windows\winsxs\x86_microsoft-windows-drvstore_31bf3856ad364e35_6.0.6000.16386_none_eebd932f469a1cb5\drvstore.dll
+ 2006-11-02 07:31 . 2006-11-02 09:39 536576 c:\windows\winsxs\x86_microsoft-windows-diskmanagement_31bf3856ad364e35_6.0.6000.16386_none_ff60f3bb72d22e8c\dmdskres.dll
+ 2006-11-02 08:36 . 2006-11-02 09:46 256512 c:\windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16386_none_67a7d433381cca77\dpx.dll
+ 2006-11-02 08:36 . 2006-11-02 09:46 305152 c:\windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee\msdelta.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 101888 c:\windows\winsxs\x86_microsoft-windows-defrag-shrink_31bf3856ad364e35_6.0.6000.16386_none_3db41643311b354f\shrink.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 159232 c:\windows\winsxs\x86_microsoft-windows-defrag-ntfs_31bf3856ad364e35_6.0.6000.16386_none_1bec2ebbb7774839\DfrgNtfs.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 223744 c:\windows\winsxs\x86_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.0.6000.16386_none_c5450dbfc96a6948\Defrag.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 645120 c:\windows\winsxs\x86_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.0.6000.16386_none_96df4cc29359e295\dfrgui.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 134656 c:\windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.16386_none_65f3ae999f46581e\dps.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 149019 c:\windows\winsxs\x86_microsoft-windows-crtdll_31bf3856ad364e35_6.0.6000.16386_none_df9e2f858dc40ff1\crtdll.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 221184 c:\windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16386_none_74cae93a3000e831\umpnpmgr.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 100864 c:\windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16386_none_74cae93a3000e831\drvinst.exe
+ 2006-11-02 08:31 . 2006-11-02 09:44 653312 c:\windows\winsxs\x86_microsoft-windows-convert_31bf3856ad364e35_6.0.6000.16386_none_9a9e88bfab67232b\autoconv.exe
+ 2006-11-02 08:30 . 2006-11-02 09:51 221800 c:\windows\winsxs\x86_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16386_none_7c4bd8b12aa0f521\clfs.sys
+ 2006-11-02 08:36 . 2006-11-02 09:44 320000 c:\windows\winsxs\x86_microsoft-windows-commandprompt_31bf3856ad364e35_6.0.6000.16386_none_88d604c11d71789b\cmd.exe
+ 2006-11-02 07:29 . 2006-09-18 21:35 177856 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6000.16386_none_3ce4e30bd55b275f\typelib.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 153008 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6000.16386_none_3ce4e30bd55b275f\ole2nls.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 169520 c:\windows\winsxs\x86_microsoft-windows-com-legacyole_31bf3856ad364e35_6.0.6000.16386_none_3ce4e30bd55b275f\ole2disp.dll
+ 2006-11-02 08:30 . 2006-11-02 09:51 615528 c:\windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6000.16386_none_9e412f4207d4d372\ci.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 265216 c:\windows\winsxs\x86_microsoft-windows-cmitrustinfoinstallers_1122334455667788_6.0.6000.16386_none_8fce3655ba1c6179\cmitrust.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 116224 c:\windows\winsxs\x86_microsoft-windows-cmiadapter_31bf3856ad364e35_6.0.6000.16386_none_bbde780114480e84\cmiadapter.dll
+ 2006-11-02 07:23 . 2006-11-02 07:23 582656 c:\windows\winsxs\x86_microsoft-windows-class_ss_31bf3856ad364e35_6.0.6000.16386_none_15652409add07b33\shellstyle.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 869376 c:\windows\winsxs\x86_microsoft-windows-branding-engine_31bf3856ad364e35_6.0.6000.16386_none_e73316a16878fc16\winbrand.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 108032 c:\windows\winsxs\x86_microsoft-windows-b..tiondata-com-server_31bf3856ad364e35_6.0.6000.16386_none_dd6c99e667d13970\bcdsrv.dll
+ 2006-11-02 08:30 . 2006-11-02 09:51 386664 c:\windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.0.6000.16386_none_d5fe8c6e07b249ea\memtest.exe
+ 2006-11-02 08:30 . 2006-11-02 09:44 259584 c:\windows\winsxs\x86_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.0.6000.16386_none_85f43ac9a8408f77\bcdedit.exe
+ 2006-11-02 08:30 . 2006-11-02 09:52 902248 c:\windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6000.16386_none_6701d52e8fdf8d45\winresume.exe
+ 2006-11-02 08:30 . 2006-11-02 09:52 940648 c:\windows\winsxs\x86_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.0.6000.16386_none_6701d52e8fdf8d45\winload.exe
+ 2006-11-02 08:31 . 2006-11-02 09:44 632320 c:\windows\winsxs\x86_microsoft-windows-autofmt_31bf3856ad364e35_6.0.6000.16386_none_e3bd7ae1c2430704\autofmt.exe
+ 2006-11-02 08:31 . 2006-11-02 09:44 640000 c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe
+ 2006-11-02 08:29 . 2006-11-02 09:46 111104 c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\shimeng.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 171008 c:\windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\apphelp.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 146432 c:\windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6000.16386_none_79adacdc3df77f81\fundisc.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 106496 c:\windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16386_none_6c022a44ef879fba\CasPol.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 106496 c:\windows\winsxs\x86_aspnet_regsql_b03f5f7f11d50a3a_6.0.6000.16386_none_5005957dbbdcbdb2\aspnet_regsql.exe
+ 2006-11-02 07:15 . 2006-11-02 09:47 163840 c:\windows\winsxs\msil_taskscheduler_31bf3856ad364e35_6.0.6000.16386_none_12c65bdc426bc2aa\TaskScheduler.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 823296 c:\windows\winsxs\msil_system.web.services_b03f5f7f11d50a3a_6.0.6000.16386_none_f2f11bcbb1c17624\System.Web.Services.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 835584 c:\windows\winsxs\msil_system.web.mobile_b03f5f7f11d50a3a_6.0.6000.16386_none_d81bea95cfc1bc76\System.Web.Mobile.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 114688 c:\windows\winsxs\msil_system.serviceprocess_b03f5f7f11d50a3a_6.0.6000.16386_none_552959497c3d3442\System.ServiceProcess.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\winsxs\msil_system.security_b03f5f7f11d50a3a_6.0.6000.16386_none_9c328ce1cde9891a\System.Security.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 131072 c:\windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6000.16386_none_483e6ea12378b3a8\System.Runtime.Serialization.Formatters.Soap.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 299008 c:\windows\winsxs\msil_system.runtime.remoting_b77a5c561934e089_6.0.6000.16386_none_c5bfebd044daffc9\System.Runtime.Remoting.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\winsxs\msil_system.messaging_b03f5f7f11d50a3a_6.0.6000.16386_none_2dddc57b234a5e36\System.Messaging.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 368640 c:\windows\winsxs\msil_system.management_b03f5f7f11d50a3a_6.0.6000.16386_none_1f60efda0c14abbf\System.Management.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 704512 c:\windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.0.6000.16386_none_8fbeaf05f07cecdc\System.Drawing.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 397312 c:\windows\winsxs\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6000.16386_none_56c9c34f311afdf9\System.DirectoryServices.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 188416 c:\windows\winsxs\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6000.16386_none_af45ceab5406d544\System.DirectoryServices.Protocols.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 888832 c:\windows\winsxs\msil_system.deployment_b03f5f7f11d50a3a_6.0.6000.16386_none_60268aff3099973f\System.Deployment.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 716800 c:\windows\winsxs\msil_system.data.sqlxml_b77a5c561934e089_6.0.6000.16386_none_31a3b8b5a4a82ba1\System.Data.SqlXml.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 413696 c:\windows\winsxs\msil_system.configuration_b03f5f7f11d50a3a_6.0.6000.16386_none_2b4fe93e366412f2\System.configuration.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 110592 c:\windows\winsxs\msil_sysglobl_b03f5f7f11d50a3a_6.0.6000.16386_none_d50b62e389cff202\sysglobl.dll
+ 2006-11-02 07:12 . 2006-11-02 09:47 991232 c:\windows\winsxs\msil_narrator_31bf3856ad364e35_6.0.6000.16386_none_dd5173734f01b093\Narrator.exe
+ 2006-11-02 07:39 . 2006-11-02 09:47 458752 c:\windows\winsxs\msil_napsnap_31bf3856ad364e35_6.0.6000.16386_none_0a60a349abf48fe3\NAPSNAP.DLL
+ 2006-11-02 07:12 . 2006-11-02 09:47 110592 c:\windows\winsxs\msil_mmcfxcommon_31bf3856ad364e35_6.0.6000.16386_none_5030aedd7affd31c\MMCFxCommon.dll
+ 2006-11-02 07:12 . 2006-11-02 09:47 413696 c:\windows\winsxs\msil_mmcex_31bf3856ad364e35_6.0.6000.16386_none_f9b17b7061d6d324\MMCEx.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 667648 c:\windows\winsxs\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.0.6000.16386_none_adb9024600dd8e59\Microsoft.VisualBasic.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 372736 c:\windows\winsxs\msil_microsoft.visualbasic.compatibility_b03f5f7f11d50a3a_6.0.6000.16386_none_ed9029d494e1a641\Microsoft.VisualBasic.Compatibility.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 110592 c:\windows\winsxs\msil_microsoft.visualbasic.compatibility.data_b03f5f7f11d50a3a_6.0.6000.16386_none_5f67f5e71c787253\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2006-11-02 06:55 . 2006-11-02 09:47 200704 c:\windows\winsxs\msil_microsoft.tpm_31bf3856ad364e35_6.0.6000.16386_none_85b0abc4a2cf93a5\Microsoft.Tpm.dll
+ 2006-11-02 07:13 . 2006-11-02 09:47 245760 c:\windows\winsxs\msil_microsoft.managementconsole_31bf3856ad364e35_6.0.6000.16386_none_3c2c982317640f30\Microsoft.ManagementConsole.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 749568 c:\windows\winsxs\msil_microsoft.jscript_b03f5f7f11d50a3a_6.0.6000.16386_none_d2587d1982b78324\Microsoft.JScript.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 647168 c:\windows\winsxs\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6000.16386_none_9d8c9b288cd78739\Microsoft.Build.Tasks.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 413696 c:\windows\winsxs\msil_microsoft.build.engine_b03f5f7f11d50a3a_6.0.6000.16386_none_38cc8a540e293cf3\Microsoft.Build.Engine.dll
+ 2006-11-02 07:15 . 2006-11-02 09:46 364544 c:\windows\winsxs\msil_eventviewer_31bf3856ad364e35_6.0.6000.16386_none_a38992acac29bf36\EventViewer.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 503808 c:\windows\winsxs\msil_aspnetmmcext_b03f5f7f11d50a3a_6.0.6000.16386_none_80a40e34963a4146\AspNetMMCExt.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 256192 c:\windows\winhelp.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 456704 c:\windows\System32\wvc.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 135680 c:\windows\System32\wusa.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 321536 c:\windows\System32\WSDApi.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 273920 c:\windows\System32\wow32.dll
+ 2006-11-02 07:16 . 2006-09-18 21:40 149389 c:\windows\System32\winrm.vbs
+ 2006-11-02 08:34 . 2006-11-02 09:46 869376 c:\windows\System32\winbrand.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 218112 c:\windows\System32\wdscore.dll
+ 2006-11-02 13:03 . 2010-05-27 20:14 116988 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 08:30 . 2006-11-02 09:46 142848 c:\windows\System32\wbem\Win32_Tpm.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 157696 c:\windows\System32\verifier.dll
+ 2001-02-01 17:24 . 2001-02-01 17:24 101888 c:\windows\System32\VB6STKIT.DLL
+ 2006-11-02 08:31 . 2006-11-02 09:46 130048 c:\windows\System32\uudf.dll
+ 2006-11-02 08:31 . 2006-11-02 09:46 321536 c:\windows\System32\untfs.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 735232 c:\windows\System32\unbcl.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 200704 c:\windows\System32\unattend.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 221184 c:\windows\System32\umpnpmgr.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 177856 c:\windows\System32\typelib.dll
+ 2006-03-17 18:49 . 2006-03-17 18:49 368640 c:\windows\System32\twnlib4.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 335360 c:\windows\System32\tracerpt.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 411648 c:\windows\System32\tdh.dll
+ 2006-11-02 08:26 . 2006-11-02 08:26 108544 c:\windows\System32\tapiui.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 105472 c:\windows\System32\syssetup.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 540672 c:\windows\System32\sysmain.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 103424 c:\windows\System32\sysclass.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 377344 c:\windows\System32\sxs.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 180800 c:\windows\System32\sqlunirl.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 342528 c:\windows\System32\spwizeng.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 137728 c:\windows\System32\SmiInstaller.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 700416 c:\windows\System32\SmiEngine.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 101888 c:\windows\System32\shrink.dll
+ 2006-11-02 08:29 . 2006-11-02 09:46 111104 c:\windows\System32\shimeng.dll
+ 2006-11-02 07:23 . 2006-11-02 07:23 582656 c:\windows\System32\shellstyle.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 279552 c:\windows\System32\services.exe
+ 2006-11-02 07:16 . 2006-11-02 09:46 473088 c:\windows\System32\secproc_isv.dll
+ 2006-11-02 07:16 . 2006-11-02 09:46 472576 c:\windows\System32\secproc.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 146944 c:\windows\System32\RstrtMgr.dll
+ 2006-11-02 07:16 . 2006-11-02 09:45 431104 c:\windows\System32\RMActivate_ssp_isv.exe
+ 2006-11-02 07:16 . 2006-11-02 09:45 435712 c:\windows\System32\RMActivate_ssp.exe
+ 2006-11-02 07:16 . 2006-11-02 09:45 523776 c:\windows\System32\RMActivate_isv.exe
+ 2006-11-02 07:16 . 2006-11-02 09:45 515584 c:\windows\System32\RMActivate.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 140288 c:\windows\System32\RelPost.exe
+ 2006-11-02 08:37 . 2006-11-02 09:46 340480 c:\windows\System32\RelMon.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 105984 c:\windows\System32\regsvc.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 542208 c:\windows\System32\pnpui.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 180736 c:\windows\System32\pnpsetup.dll
+ 2006-11-02 08:37 . 2006-11-02 09:45 140288 c:\windows\System32\PkgMgr.exe
+ 2006-11-02 08:35 . 2006-11-02 09:45 120320 c:\windows\System32\perfmon.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 242688 c:\windows\System32\pdh.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 394240 c:\windows\System32\oobe\win32ui.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 260096 c:\windows\System32\oobe\W32UIRes.dll
+ 2006-11-02 08:34 . 2006-11-02 09:51 191592 c:\windows\System32\oobe\Setup.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 121856 c:\windows\System32\oobe\diagnostic.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 153008 c:\windows\System32\ole2nls.dll
+ 2006-11-02 07:29 . 2006-09-18 21:35 169520 c:\windows\System32\ole2disp.dll
+ 2006-11-02 08:11 . 2006-11-02 09:42 229376 c:\windows\System32\odbcint.dll
+ 2006-11-02 08:36 . 2006-11-02 09:45 520192 c:\windows\System32\ntvdm.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 180736 c:\windows\System32\newdev.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 108464 c:\windows\System32\netapi.dll
+ 2006-11-02 07:12 . 2006-11-02 09:47 991232 c:\windows\System32\Narrator.exe
+ 2006-11-02 06:47 . 2006-11-02 09:46 450560 c:\windows\System32\msxbde40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 622592 c:\windows\System32\mswstr10.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 856064 c:\windows\System32\mswdat10.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 253952 c:\windows\System32\msvcrt20.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 681472 c:\windows\System32\msvcrt.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 408576 c:\windows\System32\msvcp60.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 282624 c:\windows\System32\mstext40.dll
+ 2006-07-24 13:50 . 2006-07-24 13:50 125744 c:\windows\System32\MSSTDFMT.DLL
+ 2006-11-02 06:47 . 2006-11-02 09:46 651264 c:\windows\System32\msrepl40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 360448 c:\windows\System32\msrd3x40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 323584 c:\windows\System32\msrd2x40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 376832 c:\windows\System32\mspbde40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 245760 c:\windows\System32\msltus40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 294912 c:\windows\System32\msjtes40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 167936 c:\windows\System32\msjint40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 364544 c:\windows\System32\msjetoledb40.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 407552 c:\windows\System32\msinfo32.exe
+ 2006-11-02 06:47 . 2006-11-02 09:46 344064 c:\windows\System32\msexcl40.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 413696 c:\windows\System32\msexch40.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 161792 c:\windows\System32\msdt.exe
+ 2006-11-02 08:35 . 2006-11-02 09:46 211968 c:\windows\System32\msdt.dll
+ 2006-11-02 08:36 . 2006-11-02 09:46 305152 c:\windows\System32\msdelta.dll
+ 2006-11-02 06:34 . 2006-10-20 01:15 150016 c:\windows\System32\mscorier.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 271360 c:\windows\System32\mscoree.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 222208 c:\windows\System32\msconfig.exe
+ 2006-11-02 06:52 . 2006-11-02 09:40 145920 c:\windows\System32\msaudite.dll
+ 2006-11-02 07:25 . 2006-09-18 21:33 673088 c:\windows\System32\mlang.dat
+ 2006-11-02 08:35 . 2006-11-02 09:46 120320 c:\windows\System32\migration\CntrtextMig.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 924944 c:\windows\System32\mfc40u.dll
+ 2006-11-02 06:49 . 2006-11-02 09:46 924944 c:\windows\System32\mfc40.dll
+ 2006-11-02 08:35 . 2006-11-02 09:45 124928 c:\windows\System32\MdSched.exe
+ 2006-11-02 08:30 . 2006-11-02 09:51 301672 c:\windows\System32\mcupdate_GenuineIntel.dll
+ 2006-11-02 08:30 . 2006-11-02 09:45 267776 c:\windows\System32\mcbuilder.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 101376 c:\windows\System32\luainstall.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 113664 c:\windows\System32\loadperf.dll
+ 2006-11-02 06:25 . 2006-09-18 21:43 221600 c:\windows\System32\lanman.drv
+ 2006-11-02 08:33 . 2006-11-02 09:46 874496 c:\windows\System32\kernel32.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 200192 c:\windows\System32\ir50_qcx.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 200192 c:\windows\System32\ir50_qc.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 746496 c:\windows\System32\ir50_32.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 120320 c:\windows\System32\ir41_qcx.dll
+ 2006-11-02 07:51 . 2006-11-02 09:46 120320 c:\windows\System32\ir41_qc.dll
+ 2006-11-02 08:32 . 2006-11-02 09:46 121856 c:\windows\System32\ifsutil.dll
+ 2006-11-02 07:28 . 2006-11-02 09:46 380928 c:\windows\System32\ieapfltr.dll
+ 2006-11-02 07:27 . 2006-11-02 09:39 161792 c:\windows\System32\ieakui.dll
+ 2006-11-02 08:30 . 2006-11-02 09:51 160872 c:\windows\System32\halmacpi.dll
+ 2006-11-02 08:30 . 2006-11-02 09:50 134760 c:\windows\System32\halacpi.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 146432 c:\windows\System32\fundisc.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 380957 c:\windows\System32\expsrv.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 245248 c:\windows\System32\drvstore.dll
+ 2006-11-02 08:33 . 2006-11-02 09:45 100864 c:\windows\System32\drvinst.exe
+ 2006-11-02 07:36 . 2006-11-02 09:50 112232 c:\windows\System32\drivers\vsmraid.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 115816 c:\windows\System32\drivers\ulsata2.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 235112 c:\windows\System32\drivers\uliahci.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 225280 c:\windows\System32\drivers\udfs.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 129536 c:\windows\System32\drivers\srv2.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 290304 c:\windows\System32\drivers\srv.sys
+ 2006-11-02 07:16 . 2006-11-02 07:16 551936 c:\windows\System32\drivers\spsys.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 222208 c:\windows\System32\drivers\rdbss.sys
+ 2006-11-02 07:36 . 2006-11-02 09:50 106088 c:\windows\System32\drivers\ql40xx.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 900712 c:\windows\System32\drivers\ql2300.sys
+ 2006-11-02 08:35 . 2006-11-02 09:51 167528 c:\windows\System32\drivers\pcmcia.sys
+ 2006-11-02 08:35 . 2006-11-02 09:50 140392 c:\windows\System32\drivers\pci.sys
+ 2006-11-02 08:35 . 2006-11-02 09:50 106600 c:\windows\System32\drivers\NV_AGP.SYS
+ 2006-11-02 08:31 . 2006-11-02 08:31 211456 c:\windows\System32\drivers\mrxsmb10.sys
+ 2006-11-02 08:31 . 2006-11-02 08:31 101888 c:\windows\System32\drivers\mrxsmb.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 232040 c:\windows\System32\drivers\iaStorV.sys
+ 2006-11-02 08:30 . 2006-11-02 09:51 183912 c:\windows\System32\drivers\fltMgr.sys
+ 2006-11-02 08:30 . 2006-11-02 08:30 142336 c:\windows\System32\drivers\fastfat.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 316520 c:\windows\System32\drivers\elxstor.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 147048 c:\windows\System32\drivers\adpu320.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 297576 c:\windows\System32\drivers\adpahci.sys
+ 2006-11-02 07:36 . 2006-11-02 09:51 420968 c:\windows\System32\drivers\adp94xx.sys
+ 2006-11-02 08:35 . 2006-11-02 09:51 255592 c:\windows\System32\drivers\acpi.sys
+ 2006-11-02 08:36 . 2006-11-02 09:46 256512 c:\windows\System32\dpx.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 134656 c:\windows\System32\dps.dll
+ 2006-11-02 07:31 . 2006-11-02 09:39 536576 c:\windows\System32\dmdskres.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 645120 c:\windows\System32\dfrgui.exe
+ 2006-11-02 08:32 . 2006-11-02 09:45 159232 c:\windows\System32\DfrgNtfs.exe
+ 2006-11-02 08:33 . 2006-11-02 09:46 377344 c:\windows\System32\devmgr.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 223744 c:\windows\System32\Defrag.exe
+ 2006-11-02 06:49 . 2006-11-02 09:46 149019 c:\windows\System32\crtdll.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 281088 c:\windows\System32\cmipnpinstall.dll
+ 2006-11-02 08:36 . 2006-11-02 09:44 320000 c:\windows\System32\cmd.exe
+ 2006-11-02 08:36 . 2006-11-02 09:46 119296 c:\windows\System32\clusapi.dll
+ 2006-11-02 08:30 . 2006-11-02 09:51 221800 c:\windows\System32\clfs.sys
+ 2006-11-02 08:30 . 2006-11-02 09:51 615528 c:\windows\System32\ci.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 221696 c:\windows\System32\C_G18030.DLL
+ 2006-11-02 08:30 . 2006-11-02 09:52 902248 c:\windows\System32\Boot\winresume.exe
+ 2006-11-02 08:30 . 2006-11-02 09:52 940648 c:\windows\System32\Boot\winload.exe
+ 2006-11-02 08:30 . 2006-11-02 09:46 108032 c:\windows\System32\bcdsrv.dll
+ 2006-11-02 08:30 . 2006-11-02 09:44 259584 c:\windows\System32\bcdedit.exe
+ 2006-11-02 08:31 . 2006-11-02 09:44 632320 c:\windows\System32\autofmt.exe
+ 2006-11-02 08:31 . 2006-11-02 09:44 653312 c:\windows\System32\autoconv.exe
+ 2006-11-02 08:31 . 2006-11-02 09:44 640000 c:\windows\System32\autochk.exe
+ 2006-11-02 07:38 . 2006-11-02 09:46 274432 c:\windows\System32\AuthFWWizFwk.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 171008 c:\windows\System32\apphelp.dll
+ 2006-11-02 08:30 . 2006-11-02 09:46 177152 c:\windows\System32\AdvancedInstallers\rescinst.dll
+ 2006-11-02 08:33 . 2006-11-02 09:46 221696 c:\windows\System32\AdvancedInstallers\locdrv.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 221696 c:\windows\System32\AdvancedInstallers\CntrtextInstaller.DLL
+ 2006-11-02 08:33 . 2006-11-02 09:46 265216 c:\windows\System32\AdvancedInstallers\cmitrust.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 116224 c:\windows\System32\AdvancedInstallers\cmiadapter.dll
+ 2006-11-02 06:52 . 2006-11-02 08:29 557568 c:\windows\System32\adtschema.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 167424 c:\windows\System32\ActionQueue.dll
+ 2006-11-02 08:32 . 2006-11-02 09:45 134656 c:\windows\regedit.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 408576 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 704512 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 888832 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 382464 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 227328 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 102912 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 326656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 802816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 749568 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 218624 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2006-11-02 06:34 . 2006-10-20 01:13 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2006-11-02 06:33 . 2006-11-02 06:33 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2003-02-21 13:20 . 2003-02-21 13:20 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 10:27 . 2003-02-21 10:27 569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 10:27 . 2003-02-21 10:27 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 10:27 . 2003-02-21 10:27 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 07:42 . 2003-02-21 07:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 21:43 . 2003-02-20 21:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 22:06 . 2003-02-20 22:06 311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 22:09 . 2003-02-20 22:09 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 22:06 . 2003-02-20 22:06 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 22:16 . 2003-02-20 22:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 13:21 . 2003-02-21 13:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 13:21 . 2003-02-21 13:21 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 14:11 . 2002-07-29 14:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 22:19 . 2003-02-20 22:19 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 08:04 . 2003-02-21 08:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 06:02 . 2003-02-21 06:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2006-11-02 08:30 . 2006-11-02 09:51 386664 c:\windows\Boot\PCAT\memtest.exe
+ 2006-11-02 07:15 . 2006-11-02 09:47 163840 c:\windows\assembly\GAC_MSIL\TaskScheduler\6.0.0.0__31bf3856ad364e35\TaskScheduler.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 704512 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 888832 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 413696 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2006-11-02 07:12 . 2006-11-02 09:47 991232 c:\windows\assembly\GAC_MSIL\Narrator\6.0.0.0__31bf3856ad364e35\Narrator.exe
+ 2006-11-02 07:39 . 2006-11-02 09:47 458752 c:\windows\assembly\GAC_MSIL\napsnap\6.0.0.0__31bf3856ad364e35\NAPSNAP.DLL
+ 2006-11-02 07:12 . 2006-11-02 09:47 110592 c:\windows\assembly\GAC_MSIL\MMCFxCommon\3.0.0.0__31bf3856ad364e35\MMCFxCommon.dll
+ 2006-11-02 07:12 . 2006-11-02 09:47 413696 c:\windows\assembly\GAC_MSIL\MMCEx\3.0.0.0__31bf3856ad364e35\MMCEx.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2006-11-02 06:55 . 2006-11-02 09:47 200704 c:\windows\assembly\GAC_MSIL\Microsoft.Tpm\6.0.0.0__31bf3856ad364e35\Microsoft.Tpm.dll
+ 2006-11-02 07:13 . 2006-11-02 09:47 245760 c:\windows\assembly\GAC_MSIL\Microsoft.ManagementConsole\3.0.0.0__31bf3856ad364e35\Microsoft.ManagementConsole.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2006-11-02 07:15 . 2006-11-02 09:46 364544 c:\windows\assembly\GAC_MSIL\EventViewer\6.0.0.0__31bf3856ad364e35\EventViewer.dll
+ 2006-11-02 06:34 . 2006-10-20 01:13 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5136384 c:\windows\winsxs\x86_system.web_b03f5f7f11d50a3a_6.0.6000.16386_none_f7532a57162c2143\System.Web.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 2894336 c:\windows\winsxs\x86_system.data_b77a5c561934e089_6.0.6000.16386_none_94c1deb7b3d8b7f5\System.Data.dll
+ 2006-11-02 07:38 . 2006-11-02 09:46 4591616 c:\windows\winsxs\x86_networking-mpssvc-admin_31bf3856ad364e35_6.0.6000.16386_none_a31b6bf784e3e536\AuthFWSnapin.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 1157120 c:\windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.0.6000.16386_none_401a8e2fa5e9a8c2\vbc.exe
+ 2006-11-02 06:34 . 2006-11-02 06:34 5632512 c:\windows\winsxs\x86_netfx-mscorwks_dll_b03f5f7f11d50a3a_6.0.6000.16386_none_3288d2982e8b3424\mscorwks.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 1155584 c:\windows\winsxs\x86_netfx-csharp_compiler_cscomp_b03f5f7f11d50a3a_6.0.6000.16386_none_2998a095d18afc59\cscomp.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 1330688 c:\windows\winsxs\x86_netfx-_vsavb7rt_b03f5f7f11d50a3a_6.0.6000.16386_none_7f3bb25db87ba6c2\VsaVb7rt.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 4366336 c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.0.6000.16386_none_c7e203aac103cf9f\mscorlib.dll
+ 2006-11-02 07:28 . 2006-11-02 07:28 1098752 c:\windows\winsxs\x86_microsoft-windows-wab-core_31bf3856ad364e35_6.0.6000.16386_none_52ecab794cde131c\wab32res.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 1584128 c:\windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6000.16386_none_32be97b4c952c981\setupapi.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 1374208 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\winsetup.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 2928640 c:\windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6000.16386_none_2ff5bc52b05737c3\W32UIImg.dll
+ 2006-11-02 08:37 . 2006-11-02 09:46 1641472 c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6000.16386_none_07289f4cca5f6990\wcp.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 5963264 c:\windows\winsxs\x86_microsoft-windows-s..on-wizard-framework_31bf3856ad364e35_6.0.6000.16386_none_b41c233a548e28ab\spwizimg.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 1020416 c:\windows\winsxs\x86_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.0.6000.16386_none_99d2fc2fa408df3c\wdc.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 1499136 c:\windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\pla.dll
+ 2006-11-02 08:34 . 2006-11-02 09:51 3467880 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe
+ 2006-11-02 08:36 . 2006-11-02 09:51 3502184 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntkrnlpa.exe
+ 2006-11-02 07:26 . 2006-11-02 07:26 2105856 c:\windows\winsxs\x86_microsoft-windows-oobe-machine-brand_31bf3856ad364e35_6.0.6000.16386_none_5a6a71230895d10f\OOBEResources.dll
+ 2006-11-02 08:31 . 2006-11-02 09:51 1056360 c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
+ 2006-11-02 08:31 . 2006-11-02 09:47 1162656 c:\windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6000.16386_none_56a01c45ff429b42\ntdll.dll
+ 2006-11-02 08:21 . 2006-11-02 08:21 5071872 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsModels0011.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6917120 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0c1a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 7042560 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons081a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5031936 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0816.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5090816 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0416.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4616192 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0414.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1972736 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons004e.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4093440 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons004c.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1702912 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons004b.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 3419136 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons004a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1558016 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0049.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1411072 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0047.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1808896 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0046.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1793536 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0045.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4045824 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons003e.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1782272 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0039.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6224896 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0027.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5791232 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0026.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 7964672 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0024.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5499904 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0022.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 2136064 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0021.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1236992 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0020.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6346240 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons001d.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6585856 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons001b.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6014976 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons001a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6781440 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0019.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 3331072 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0018.dll
+ 2006-11-02 08:21 . 2006-11-02 08:21 4981248 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0013.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 2466816 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0011.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4175872 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0010.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5654528 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons000f.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1722368 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons000d.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6237696 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons000c.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 9892864 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons000a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 2628608 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0009.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1452544 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0003.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4164096 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0002.dll
+ 2006-11-02 08:20 . 2006-11-02 09:46 1376528 c:\windows\winsxs\x86_microsoft-windows-msvbvm60_31bf3856ad364e35_6.0.6000.16386_none_c04d02d754cecca9\msvbvm60.dll
+ 2006-11-02 07:20 . 2006-09-18 21:42 6757792 c:\windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6000.16386_none_d159daa5e080a3a1\mrt.exe
+ 2006-11-02 06:47 . 2006-11-02 09:46 1572864 c:\windows\winsxs\x86_microsoft-windows-m..-components-jetcore_31bf3856ad364e35_6.0.6000.16386_none_0257f99faac7eb66\msjet40.dll
+ 2006-11-02 07:28 . 2006-10-26 03:24 2451312 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16386_none_f95b545b6ed37b65\ieapfltr.dat
+ 2006-11-02 07:29 . 2006-11-02 08:50 1236992 c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_2a7a18dbe946c84f\comres.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 1979904 c:\windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6000.16386_none_a797884c5d9fcdc5\cmiv2.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 3035136 c:\windows\winsxs\msil_system_b77a5c561934e089_6.0.6000.16386_none_dabb4a555ba089dc\System.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 2039808 c:\windows\winsxs\msil_system.xml_b77a5c561934e089_6.0.6000.16386_none_81cba47b48fb4029\System.XML.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5414912 c:\windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.0.6000.16386_none_3117572e4332dbd4\System.Windows.Forms.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5050368 c:\windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.0.6000.16386_none_b5757f4b02c7c5b0\System.Design.dll
+ 2006-11-02 07:16 . 2006-11-02 09:47 3100672 c:\windows\winsxs\msil_miguicontrols_31bf3856ad364e35_6.0.6000.16386_none_ac1216923fb00239\MIGUIControls.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 1020416 c:\windows\System32\wdc.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 5963264 c:\windows\System32\spwizimg.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 1584128 c:\windows\System32\setupapi.dll
+ 2006-11-02 08:35 . 2006-11-02 09:46 1499136 c:\windows\System32\pla.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 1374208 c:\windows\System32\oobe\winsetup.dll
+ 2006-11-02 07:01 . 2006-11-02 09:43 2928640 c:\windows\System32\oobe\W32UIImg.dll
+ 2006-11-02 07:26 . 2006-11-02 07:26 2105856 c:\windows\System32\oobe\OOBEResources.dll
+ 2006-11-02 08:34 . 2006-11-02 09:51 3467880 c:\windows\System32\ntoskrnl.exe
+ 2006-11-02 08:36 . 2006-11-02 09:51 3502184 c:\windows\System32\ntkrnlpa.exe
+ 2006-11-02 08:31 . 2006-11-02 09:47 1162656 c:\windows\System32\ntdll.dll
+ 2006-11-02 08:21 . 2006-11-02 08:21 5071872 c:\windows\System32\NlsModels0011.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6917120 c:\windows\System32\NlsLexicons0c1a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 7042560 c:\windows\System32\NlsLexicons081a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5031936 c:\windows\System32\NlsLexicons0816.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5090816 c:\windows\System32\NlsLexicons0416.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4616192 c:\windows\System32\NlsLexicons0414.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1972736 c:\windows\System32\NlsLexicons004e.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4093440 c:\windows\System32\NlsLexicons004c.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1702912 c:\windows\System32\NlsLexicons004b.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 3419136 c:\windows\System32\NlsLexicons004a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1558016 c:\windows\System32\NlsLexicons0049.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1411072 c:\windows\System32\NlsLexicons0047.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1808896 c:\windows\System32\NlsLexicons0046.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1793536 c:\windows\System32\NlsLexicons0045.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4045824 c:\windows\System32\NlsLexicons003e.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1782272 c:\windows\System32\NlsLexicons0039.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6224896 c:\windows\System32\NlsLexicons0027.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5791232 c:\windows\System32\NlsLexicons0026.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 7964672 c:\windows\System32\NlsLexicons0024.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5499904 c:\windows\System32\NlsLexicons0022.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 2136064 c:\windows\System32\NlsLexicons0021.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1236992 c:\windows\System32\NlsLexicons0020.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6346240 c:\windows\System32\NlsLexicons001d.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6585856 c:\windows\System32\NlsLexicons001b.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6014976 c:\windows\System32\NlsLexicons001a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6781440 c:\windows\System32\NlsLexicons0019.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 3331072 c:\windows\System32\NlsLexicons0018.dll
+ 2006-11-02 08:21 . 2006-11-02 08:21 4981248 c:\windows\System32\NlsLexicons0013.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 2466816 c:\windows\System32\NlsLexicons0011.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4175872 c:\windows\System32\NlsLexicons0010.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 5654528 c:\windows\System32\NlsLexicons000f.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1722368 c:\windows\System32\NlsLexicons000d.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 6237696 c:\windows\System32\NlsLexicons000c.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 9892864 c:\windows\System32\NlsLexicons000a.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 2628608 c:\windows\System32\NlsLexicons0009.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 1452544 c:\windows\System32\NlsLexicons0003.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 4164096 c:\windows\System32\NlsLexicons0002.dll
+ 2003-04-18 19:46 . 2003-04-18 19:46 1233920 c:\windows\System32\msxml4.dll
+ 2006-11-02 08:20 . 2006-11-02 09:46 1376528 c:\windows\System32\msvbvm60.dll
+ 2006-11-02 06:47 . 2006-11-02 09:46 1572864 c:\windows\System32\msjet40.dll
+ 2004-05-11 14:58 . 2004-05-11 14:58 2158592 c:\windows\System32\MAL-PC.scr
+ 2006-11-02 07:28 . 2006-10-26 03:24 2451312 c:\windows\System32\ieapfltr.dat
+ 2006-10-26 17:10 . 2006-10-26 17:10 1190688 c:\windows\System32\FM20.DLL
+ 2006-11-02 08:31 . 2006-11-02 09:51 1056360 c:\windows\System32\drivers\ntfs.sys
+ 2006-11-02 07:29 . 2006-11-02 08:50 1236992 c:\windows\System32\comres.dll
+ 2006-11-02 07:38 . 2006-11-02 09:46 4591616 c:\windows\System32\AuthFWSnapin.dll
+ 2006-11-02 08:34 . 2006-11-02 09:46 1979904 c:\windows\System32\AdvancedInstallers\cmiv2.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 1330688 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 1157120 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2006-11-02 06:34 . 2006-10-20 01:14 2039808 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5414912 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5136384 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 3035136 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 2894336 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 5632512 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 4366336 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2006-11-02 06:34 . 2006-11-02 06:34 1155584 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2003-02-21 08:04 . 2003-02-21 08:04 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 10:27 . 2003-02-21 10:27 1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 10:27 . 2003-02-21 10:27 2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 10:27 . 2003-02-21 10:27 1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 22:08 . 2003-02-20 22:08 2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 22:07 . 2003-02-20 22:07 2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 10:26 . 2003-02-21 10:26 2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 10:25 . 2003-02-21 10:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 3035136 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 2039808 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5414912 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2006-11-02 07:16 . 2006-11-02 09:47 3100672 c:\windows\assembly\GAC_MSIL\MiguiControls\1.0.0.0__31bf3856ad364e35\MIGUIControls.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 5136384 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 2894336 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2006-11-02 06:34 . 2006-10-20 01:14 4366336 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 12038656 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0007.dll
+ 2006-11-02 08:21 . 2006-11-02 08:21 11722752 c:\windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\NlsLexicons0001.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 21827584 c:\windows\winsxs\x86_microsoft-windows-ime-korean-hwresource_31bf3856ad364e35_6.0.6000.16386_none_4e1eb5b4af3fbd40\mshwkorr.dll
+ 2006-11-02 07:26 . 2006-11-02 09:39 15821312 c:\windows\winsxs\x86_microsoft-windows-imageres_31bf3856ad364e35_6.0.6000.16386_none_da86e136fafaf563\imageres.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 19991040 c:\windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.0.6000.16386_none_f8f252abfe93f500\MSHWCHTR.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 21462016 c:\windows\winsxs\x86_microsoft-windows-d..ndwritingrecognizer_31bf3856ad364e35_6.0.6000.16386_none_29bd61de3dbf60e5\mshwjpnr.dll
+ 2006-11-02 08:22 . 2006-11-02 08:22 12038656 c:\windows\System32\NlsLexicons0007.dll
+ 2006-11-02 08:21 . 2006-11-02 08:21 11722752 c:\windows\System32\NlsLexicons0001.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 19991040 c:\windows\System32\IME\IMETC10\applets\MSHWCHTR.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 21827584 c:\windows\System32\IME\imekr8\applets\mshwkorr.dll
+ 2006-11-02 07:33 . 2006-11-02 07:33 21462016 c:\windows\System32\IME\IMEJP10\APPLETS\mshwjpnr.dll
+ 2006-11-02 07:26 . 2006-11-02 09:39 15821312 c:\windows\System32\imageres.dll
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Steam"="c:\program files\Steam\Steam.exe" [2010-05-10 1238352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-12-12 106496]
"NetMeter"="c:\program files\HooTech\NetMeter\HooNetMeter.exe" [2008-12-06 577536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-26 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Folding@home.lnk - c:\users\ADM\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe [2010-4-7 98477]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, snapapi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\System32\drivers\royal.sys [2008-04-17 240128]
R3 ALSysIO;ALSysIO;c:\users\ADM\AppData\Local\Temp\ALSysIO.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-04-19 717296]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-15 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-26 67656]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

.
Conteúdo da pasta 'Tarefas Agendadas'

2010-05-27 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-08-15 16:48]

2010-05-26 c:\windows\Tasks\User_Feed_Synchronization-{A9956654-5F82-47CB-ABB9-B1E9919A7F50}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1F19F8EC-9AA4-4E96-B491-7E712296B266} = 200.204.0.10 200.204.0.138
FF - ProfilePath - c:\users\ADM\AppData\Roaming\Mozilla\Firefox\Profiles\w6j4vqq4.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 17:12
Windows 6.0.6000 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-4223902304-154095862-2949035598-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:81,0e,d1,67,bc,8a,d7,5f,b9,b9,86,b8,68,d4,cb,7c,d0,36,7c,d5,01,88,84,
42,ed,04,fd,a2,53,4b,1f,e4,9b,98,e3,fe,05,a4,55,a7,01,80,ad,a9,5d,57,82,bb,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-4223902304-154095862-2949035598-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:39,a6,eb,8d,33,25,d6,c9,a4,53,9b,6a,55,70,4c,6e,22,d0,47,e1,bc,
f7,2d,45,bf,c3,9a,24,ea,fa,86,c0,49,4f,74,d2,c8,49,56,ff,44,a3,70,eb,dd,b9,\
"rkeysecu"=hex:b7,da,7d,a2,7d,bd,77,08,8d,06,72,d8,18,b3,bf,2e
.
------------------------ Outros Processos em Execução ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-05-27 17:16:49 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-05-27 20:16
ComboFix2.txt 2010-05-27 19:54
ComboFix3.txt 2010-05-17 03:04
ComboFix4.txt 2010-05-17 02:30

Pré-execução: 20.556.009.472 bytes disponíveis
Pós execução: 20.306.378.752 bytes disponíveis

- - End Of File - - 369C85A9749C6AED8EDA74D7A8CD991E

Tello · 30/05/2010

Salve Mr. Wolf! Tudo certo por ae?

Cara, estou com uma dúvida com relação ao InstallShield Update Manager. O que seria isso? Começou de uns tempos pra cá a aparecer na inicialização. Creio que possa ser atualizador de algum programa, mas vi por aí que isso é vírus (o que acho que não seja).

Segue um log do HiJack caso seja uma ameaça.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:50, on 30/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razertra.exe
C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
D:\TellO\Aplicativos\Segurança\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest_start.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77D43A1-46F3-412C-9531-11BB967196E6}: NameServer = 200.204.0.10 200.204.0.138
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxcc_device - - C:\Windows\system32\lxcccoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 8153 bytes

Agradecido!!!

Sleepy · 30/05/2010

Peguei um malware ontem, aliás 9, originários de um único arquivo infectado! Consegui tirar, mas o sistema ficou um pouco danificado... não voltou 100%. De qualquer forma estou formatando agora, inclusive vou voltar pro XP - 1gb de ram está me prejudicando nos jogos com o 7.

Recomendo o Malwarebyte's Anti Malware. Detectou os malwares que nem mesmo o Kaspersky pegou.

A título de curiosidade, vou postar meu log do hijackthis caso alguém se interesse em analisar:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:30:29, on 30/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Users\Sleepy\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 4368 bytes

Será que realmente estava limpo?

Edit: Rodei o ComboFix e ainda tinha umas merdas/traços no sistema:

ComboFix 10-05-30.04 - Sleepy 30/05/2010 23:38:19.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1033.18.1023.573 [GMT -3:00]
Executando de: c:\users\Sleepy\Desktop\ComboFix.exe
* Criado um novo ponto de restauração
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Sleepy\AppData\Roaming\inst.exe
c:\windows\system32\out.txt

----- BITS: Sites possivelmente infectados -----

hxxp://download.xbox.com:80
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-28 to 2010-05-31 ))))))))))))))))))))))))))))
.

2010-05-31 02:43 . 2010-05-31 02:43 -------- d-----w- c:\users\Sleepy\AppData\Local\temp
2010-05-31 02:43 . 2010-05-31 02:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-30 17:00 . 2010-05-30 21:35 -------- d-----w- C:\Downloads
2010-05-30 07:09 . 2010-05-30 07:09 -------- d-----w- c:\users\Sleepy\AppData\Roaming\InstallShield Installation Information
2010-05-30 07:09 . 2010-05-30 07:08 331776 ----a-w- c:\users\Sleepy\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe
2010-05-30 07:09 . 2010-05-30 07:08 2010726 ----a-w- c:\users\Sleepy\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\ISSetup.dll
2010-05-30 07:08 . 2010-05-30 07:08 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-05-29 04:55 . 2010-05-29 05:01 -------- d-----w- c:\program files\MSI Afterburner
2010-05-28 21:08 . 2010-05-01 02:27 167016 ----a-w- c:\windows\system32\nvUSBInst.exe
2010-05-28 21:05 . 2010-05-28 21:05 -------- d-----w- c:\windows\system32\RTCOM
2010-05-27 20:16 . 2010-05-27 20:16 -------- d-----w- c:\users\Sleepy\AppData\Roaming\bizarre creations
2010-05-27 13:20 . 2010-05-27 13:20 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Malwarebytes
2010-05-27 13:20 . 2010-05-27 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 13:20 . 2010-05-27 13:20 -------- d-----w- c:\programdata\Malwarebytes
2010-05-27 13:20 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 13:20 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 12:24 . 2002-08-22 04:00 413760 ----a-w- c:\windows\system32\DivXc32f.dll
2010-05-27 12:24 . 2002-08-01 09:03 413760 ----a-w- c:\windows\system32\DivXc32.dll
2010-05-27 11:53 . 2010-05-30 17:23 -------- d-----w- c:\users\Sleepy\AppData\Local\WinAVI
2010-05-27 11:53 . 2010-05-27 12:28 -------- d-----w- c:\program files\WinAVI Video Converter
2010-05-23 17:30 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2010-05-23 17:30 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2010-05-23 17:30 . 2010-01-27 04:07 219752 ----a-w- c:\windows\system32\nvcohda.dll
2010-05-22 21:46 . 2010-05-22 21:46 -------- d-----w- c:\programdata\vsosdk
2010-05-21 22:09 . 2010-05-21 22:09 48388 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-05-18 17:49 . 2010-05-18 17:49 -------- d-----w- c:\program files\Microsoft Chart Controls
2010-05-17 21:58 . 2010-05-17 21:58 -------- d-----w- c:\programdata\Blizzard
2010-05-17 21:37 . 2010-05-17 21:37 -------- d-----w- c:\program files\Common Files\Steam
2010-05-10 17:48 . 2010-05-10 17:48 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Xilisoft Corporation
2010-05-10 17:48 . 2010-05-10 17:48 -------- d-----w- c:\users\Sleepy\AppData\Local\Xilisoft
2010-05-10 17:48 . 2010-05-10 17:48 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Xilisoft
2010-05-10 17:22 . 2010-05-10 17:22 -------- d-----w- c:\users\Sleepy\AppData\Roaming\AVS4YOU
2010-05-10 17:21 . 2010-05-10 17:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-10 17:21 . 2010-05-10 17:22 -------- d-----w- c:\programdata\AVS4YOU
2010-05-10 17:21 . 2008-08-13 14:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-10 17:21 . 2008-08-13 14:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-05-10 17:21 . 2008-08-13 14:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-05-10 17:21 . 2008-08-13 14:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-05-10 17:21 . 2008-08-13 14:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-07 07:19 . 2010-05-28 20:30 -------- d-----w- c:\programdata\SpeedBit
2010-05-07 01:25 . 2010-05-07 01:25 -------- d-----w- c:\users\Sleepy\AppData\Local\Blizzard Entertainment
2010-05-07 01:25 . 2010-05-21 22:09 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-05-05 22:34 . 2010-05-05 22:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-05 22:34 . 2010-05-05 22:34 47360 ----a-w- c:\users\Sleepy\AppData\Roaming\pcouffin.sys
2010-05-05 22:34 . 2010-05-10 17:53 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Vso
2010-05-05 22:34 . 2010-05-22 21:56 -------- d-----w- c:\program files\DVDFab 7
2010-05-02 00:29 . 2010-05-31 02:11 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Download Manager
2010-05-02 00:29 . 2010-05-02 00:29 -------- d-----w- c:\windows\Sun
2010-05-02 00:00 . 2010-05-02 00:17 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Skype
2010-05-02 00:00 . 2010-05-28 20:33 -------- d-----w- c:\programdata\Skype
2010-05-01 22:46 . 2009-11-01 16:11 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll
2010-05-01 22:46 . 2010-05-01 22:46 -------- d-----w- c:\program files\BRS
2010-05-01 22:46 . 2009-11-18 21:11 1347584 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-05-01 07:03 . 2010-05-10 17:53 -------- d-----w- c:\programdata\SlySoft
2010-05-01 06:54 . 2010-05-01 06:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-05-01 06:54 . 2010-05-01 06:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-05-01 06:54 . 2010-05-01 06:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-01 06:53 . 2010-05-01 06:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-01 06:53 . 2010-05-01 06:53 -------- d-----r- C:\MSOCache
2010-05-01 04:11 . 2010-05-01 04:11 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-05-01 04:11 . 2010-05-01 04:11 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-05-01 04:11 . 2010-05-01 04:11 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-05-01 04:11 . 2010-05-01 04:11 13685352 ----a-w- c:\windows\system32\nvcpl.dll
2010-05-01 04:11 . 2010-05-01 04:11 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-05-01 04:11 . 2010-05-01 04:11 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-05-01 03:49 . 2010-05-01 03:49 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 02:35 . 2010-04-11 21:38 -------- d-----w- c:\programdata\NVIDIA
2010-05-31 02:03 . 2010-04-17 21:09 -------- d-----w- c:\users\Sleepy\AppData\Roaming\uTorrent
2010-05-31 01:37 . 2010-04-16 20:55 -------- d-----w- c:\program files\Folder Lock 6
2010-05-30 16:34 . 2010-04-11 22:35 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-30 07:08 . 2010-04-13 03:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-28 21:08 . 2010-04-11 21:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 21:08 . 2010-04-11 21:37 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-28 21:05 . 2010-04-11 21:52 -------- d--h--w- c:\program files\Temp
2010-05-28 21:04 . 2010-05-28 21:04 -------- d-----w- c:\program files\Realtek
2010-05-27 12:24 . 2010-05-23 02:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-27 11:48 . 2010-04-11 22:29 -------- d-----w- c:\users\Sleepy\AppData\Roaming\WinAVI
2010-05-22 01:02 . 2010-04-13 05:15 -------- d-----w- c:\programdata\Ubisoft
2010-05-17 15:59 . 2010-04-11 22:12 654272 ----a-w- c:\windows\system32\prfh0416.dat
2010-05-17 15:59 . 2010-04-11 22:12 124724 ----a-w- c:\windows\system32\prfc0416.dat
2010-05-09 19:03 . 2010-04-11 22:36 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-09 19:03 . 2010-04-11 22:36 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-01 22:53 . 2010-04-12 00:22 98656 ----a-w- c:\users\Sleepy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-01 21:23 . 2010-04-12 16:05 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-01 21:23 . 2010-04-12 16:05 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-01 06:57 . 2010-04-22 22:05 -------- d-----w- c:\programdata\Microsoft Help
2010-05-01 06:55 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-05-01 03:49 . 2010-04-11 22:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-30 15:25 . 2010-05-28 21:04 58400 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-30 15:25 . 2010-05-28 21:04 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-30 15:24 . 2010-05-28 21:04 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-30 15:24 . 2010-05-28 21:04 3583008 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-30 14:59 . 2010-05-28 21:04 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-30 05:10 . 2010-04-30 05:10 -------- d-----w- c:\users\Sleepy\AppData\Roaming\VBA-M
2010-04-29 01:02 . 2010-04-29 01:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-04-29 01:02 . 2010-04-29 01:02 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-28 21:19 . 2010-04-28 21:19 73728 ----a-w- c:\windows\system32\VistaInfo32.dll
2010-04-28 16:45 . 2010-05-28 21:04 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-04-28 05:40 . 2010-04-28 05:40 -------- d-----w- c:\users\Sleepy\AppData\Roaming\AVCWare Studio
2010-04-27 18:51 . 2010-05-28 21:04 1738072 ----a-w- c:\windows\system32\WavesGUILib.dll
2010-04-27 18:51 . 2010-05-28 21:04 253272 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2010-04-27 18:51 . 2010-05-28 21:04 253784 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2010-04-27 18:51 . 2010-05-28 21:04 1312088 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2010-04-27 17:45 . 2010-04-27 17:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 17:45 . 2010-04-27 17:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-27 11:50 . 2010-05-28 21:04 299424 ----a-w- c:\windows\system32\FMAPO.dll
2010-04-25 03:35 . 2010-04-25 03:35 -------- d-----w- c:\program files\WinPcap
2010-04-25 00:27 . 2010-04-19 22:11 -------- d-----w- c:\program files\Rapidshare Auto Downloader 4.1
2010-04-24 18:25 . 2010-04-12 03:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-04-23 09:41 . 2010-04-23 09:26 51884 ----a-w- c:\windows\War3Unin.dat
2010-04-23 09:37 . 2010-04-23 09:26 2829 ----a-w- c:\windows\War3Unin.pif
2010-04-23 09:37 . 2010-04-23 09:26 139264 ----a-w- c:\windows\War3Unin.exe
2010-04-22 22:09 . 2010-04-22 22:08 2516 --sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-04-22 22:08 . 2010-04-22 22:08 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Corel
2010-04-22 22:08 . 2010-04-22 22:08 -------- d-----w- c:\programdata\Protexis
2010-04-22 22:06 . 2010-04-22 22:05 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-04-22 22:05 . 2010-04-22 22:05 -------- d-----w- c:\program files\Microsoft SDKs
2010-04-22 22:05 . 2010-04-22 22:05 -------- d-----w- c:\program files\Common Files\Corel
2010-04-22 22:04 . 2010-04-22 22:04 -------- d-----w- c:\programdata\Corel
2010-04-22 22:04 . 2010-04-22 22:01 -------- d-----w- c:\program files\CorelDRAW X5
2010-04-19 23:37 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-19 23:37 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-19 23:37 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-04-19 22:06 . 2010-04-19 22:06 -------- d-----w- c:\programdata\PassMark
2010-04-18 18:18 . 2010-04-18 18:18 -------- d-sh--w- c:\programdata\SecuROM
2010-04-18 18:17 . 2010-04-18 18:17 -------- d--h--r- c:\users\Sleepy\AppData\Roaming\SecuROM
2010-04-18 18:17 . 2010-04-18 18:17 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-17 23:25 . 2010-04-17 23:25 0 ----a-w- c:\windows\nsreg.dat
2010-04-17 20:45 . 2010-04-17 20:45 -------- d-----w- c:\program files\Microsoft
2010-04-17 20:45 . 2010-04-17 20:45 -------- d-----w- c:\program files\Windows Live
2010-04-17 20:45 . 2010-04-17 20:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-17 20:32 . 2010-04-17 20:32 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-16 20:57 . 2010-04-16 20:57 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-04-16 20:57 . 2010-04-16 20:57 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-04-16 20:55 . 2010-04-16 20:55 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-16 20:53 . 2010-04-16 20:53 -------- d-----w- c:\program files\Microsoft.NET
2010-04-16 19:54 . 2010-04-11 22:33 1 ----a-w- c:\users\Sleepy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-16 18:00 . 2010-05-23 02:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-04-14 15:55 . 2010-05-28 21:04 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-04-14 15:26 . 2010-04-14 15:26 1792488 ----a-w- c:\windows\system32\cpuz153.exe
2010-04-13 21:18 . 2010-04-13 21:18 -------- d-----w- c:\program files\OCCT
2010-04-13 05:28 . 2010-04-13 05:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01009.Wdf
2010-04-13 05:26 . 2010-04-13 05:26 -------- d-----w- c:\program files\CCleaner
2010-04-13 05:15 . 2010-04-13 05:15 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Ubisoft
2010-04-13 04:44 . 2010-04-13 04:44 -------- d-----w- c:\programdata\Futuremark
2010-04-13 03:14 . 2010-04-13 03:14 -------- d-----w- c:\users\Sleepy\AppData\Roaming\NVIDIA
2010-04-13 02:43 . 2010-04-13 02:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-12 16:06 . 2010-04-12 16:06 -------- d-----w- c:\programdata\Codemasters
2010-04-12 16:05 . 2010-04-12 16:05 -------- d-----w- c:\program files\OpenAL
2010-04-12 00:02 . 2010-04-12 00:02 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-04-11 23:45 . 2010-04-11 22:21 -------- d-----w- c:\users\Sleepy\AppData\Roaming\DAEMON Tools Lite
2010-04-11 22:35 . 2010-04-11 22:35 -------- d-----w- c:\program files\Kaspersky Lab
2010-04-11 22:34 . 2010-04-11 22:34 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-04-11 22:33 . 2010-04-11 22:33 -------- d-----w- c:\users\Sleepy\AppData\Roaming\OpenOffice.org
2010-04-11 22:29 . 2010-04-11 22:29 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2010-04-11 22:28 . 2010-04-11 22:28 -------- d-----w- c:\program files\RADVideo
2010-04-11 22:26 . 2010-04-11 22:26 -------- d-----w- c:\users\Sleepy\AppData\Roaming\Media Player Classic
2010-04-11 22:22 . 2010-04-11 22:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-11 22:22 . 2010-04-11 22:22 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-11 22:21 . 2010-04-11 22:21 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-04-11 22:18 . 2010-04-11 22:18 -------- d-----w- c:\program files\NFOPad
2010-04-11 22:17 . 2010-04-11 22:17 -------- d-----w- c:\program files\Common Files\Java
2010-04-11 22:16 . 2010-04-11 22:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-11 22:16 . 2010-04-11 22:16 -------- d-----w- c:\program files\Java
2010-04-11 22:12 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-04-11 22:12 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-04-19 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 05:20 561552 ----a-w- c:\progra~1\MICROS~4\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 15:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 07:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 17:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 18:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 16:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-11 691696]
R3 cpuz130;cpuz130;c:\users\Sleepy\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2010-02-01 12088]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1343400]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-05-11 154664]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-05-01 240232]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-10-13 49152]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]

.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Sleepy\AppData\Roaming\Mozilla\Firefox\Profiles\43af69a9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/firefox
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORFÃOS REMOVIDOS - - - -

MSConfigStartUp-AdobeAAMUpdater-1 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll
MSConfigStartUp-EVGAPrecision - c:\program files\EVGA Precision\EVGAPrecisionWrapper.exe
MSConfigStartUp-M5T8QL3YW3 - c:\users\Sleepy\AppData\Local\Temp\Mwh.exe
AddRemove-mv61xxDriver - c:\program files\Marvell\61xx\uninst-61xx.exe

.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-2273735795-83796838-887888379-1000\Software\SecuROM\License information*]
"datasecu"=hex:28,e5,e2,6c,69,b6,c5,d7,9d,8d,92,02,61,85,ce,a0,40,39,0b,9e,48,
6d,a9,59,6e,c7,6d,fb,27,f8,3f,30,e3,c0,31,4f,ba,95,fa,07,1d,69,88,8b,39,42,\
"rkeysecu"=hex:17,73,f3,2a,12,a0,57,82,c1,b0,0d,ea,25,f3,36,d6

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2010-05-30 23:45:05
ComboFix-quarantined-files.txt 2010-05-31 02:45

Pré-execução: 33.626.746.880 bytes disponíveis
Pós execução: 33.550.635.008 bytes disponíveis

- - End Of File - - 48D1683C8795C42EDF62B8EB0EBCEF73

snakecode · 03/06/2010

Olá Mr. Wolf,
Eu estou tendo problemas com meu computador, a internet está desconectando direto, o pc está lento e eu acredito que possa ser vírus.
Se o Sr. não se importar gostaria que desse uma olhada no log do HijackThis:

Log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:14, on 3/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\bryan\Dados de aplicativos\SystemProc\lsass.exe
C:\WINDOWS\system32\sstray.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Kerkia\Minimem\minimem.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0000EBAA-29CD-4197-8307-0A0934E46B2a} - C:\WINDOWS\system32\cdral32.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Arquivos de programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Arquivos de programas\Arquivos comuns\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Arquivos de programas\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [eurobattlegui] "C:\Arquivos de programas\Warcraft III\eb.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SandboxieControl] "C:\Arquivos de programas\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Minimem] C:\Arquivos de programas\Kerkia\Minimem\minimem.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\bryan\Dados de aplicativos\SystemProc\lsass.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\dpnlobby32.dll
O20 - Winlogon Notify: 58ac6035937 - C:\WINDOWS\system32\dpnlobby32.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Arquivos de programas\Stardock\Fences\FencesMenu.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Arquivos de programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Arquivos de programas\Sandboxie\SbieSvc.exe

--
End of file - 12544 bytes

Obrigado pela atenção,
Abraços.

Hybaro · 04/06/2010

Mr. Wolf,
tem como dar uma olhada nesse log, por favor..
já faz um tempinho que o pc ta lento, acho que possa ser vírus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:16, on 4/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\DAP\DAP.EXE
C:\Arquivos de programas\DNA\btdna.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.terra.com.br/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Arquivos de programas\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Arquivos de programas\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Arquivos de programas\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"
O4 - HKCU\..\Run: [ProxyCap] C:\ARQUIV~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [Microsoft Security Essential] "C:\DOCUME~1\TONY\CONFIG~1\Temp\msseces.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\TONY\Desktop\utorrent.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.sxgames.com.br/jogosonline/jogos/trucomontilla/jogoSioux.htm"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://www.netgame.com/mplugin/mglaunch_USAv1005.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 14486 bytes

Agradeço desde já!
Abraço

Emerson José Sigarini · 05/06/2010

Prezado Wolf,
Em meu PC ao acessar a net o avira acusa esse virus: DR/Delphi.Gen 2 e não consigo deleta-lo, segue abaixo o log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:13, on 5/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\iPScan.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de programas\Crux P2P\RazaWebHook.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de programas\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\ARQUIV~1\GbPlugin\gbiehisg.dll
O2 - BHO: (no name) - {DAB53E79-71D8-4349-AE9E-7B5A5E4511F1} - c:\windows\system32\mlinrqd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Arquivos de programas\Crux P2P\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399015} (GbPluginObj Class) - https://www5.infoseg.gov.br/Install/GbPluginIsg.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginIsg - C:\ARQUIV~1\GbPlugin\gbiehisg.dll
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9a37d6f15f31e) (gupdate1c9a37d6f15f31e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Arquivos de programas\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Emerson/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 10163 bytes

Obrigado

didifpg · 06/06/2010

Olá Mr. Wolf.... acho que novamente irei precisar de sua ajuda...
Meu computador ultimamente esta muuuuuuuuuuuuito lentoo.. ele não é assim...
ja apaguei várias coisas mais não está adiantando...
gostaria que voce desse uma olhada no log, pois acredito que essa lentidão possa ser de vírus...
Um abraço,
Diogo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:35:26, on 11/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
D:\Adobe Photoshop CS3 (Pt-Br)\Tradução\rkfree.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\internet explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [rkfree] "D:\Adobe Photoshop CS3 (Pt-Br)\Tradução\rkfree.exe" /b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Arquivos de programas\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {31CB2F01-72C2-4CF4-B265-450E8817B039} (Toontown IE Helper Portuguese) - http://idownload.br.toontown.com/sv1.4.14.8/ttinst-portuguese.cab
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com.br/s/v/58.10/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF32D210-948A-4A63-BD02-8938A15D4750}: NameServer = 200.225.197.37 200.225.197.34
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Arquivos de programas\Arquivos comuns\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 10931 bytes

qeuzinha · 07/06/2010

Oi Mr. Wolf, quanto tempo. Estou precisando de novo da sua ajuda. O Computador da minha casa e usado por todos e como fiquei bom tempo sem usa-lo, quando voltei estava as proteções todas desligadas. Tive problema com o avast e instalei outra versão. Meu malwarebytes está em proteção real e acusa (tipo torjan banker). O que devo fazer? caso tenha que enviar algum relatorio me informe como é para mostrar oculta. Fico no aguardo.

GVSPFC · 08/06/2010

Olá grande amigo Mr. Wolf, ainda está por aqui?

Por favor Mr. Wolf, agradeceria se pudesse dar uma olhada no Log do Hijack pra mim. O MSN nos últimos dias vem travando quando qualquer janela de diálogo é iniciada. Esta é a única anomalia que percebi até o momento.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:10, on 8/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe
C:\Arquivos de programas\BOINC\boinctray.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Arquivos de programas\ThreatFire\TFTray.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\ARQUIV~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
c:\arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Arquivos de programas\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dados de aplicativos\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [boincmgr] "C:\Arquivos de programas\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Arquivos de programas\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &B&aixar &com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &B&aixar todos os vídeos com o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &B&aixar tudo usando o BitComet - res://C:\Arquivos de programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F6107E-C9EB-4DF2-9313-8577A920056F}: NameServer = 8.8.8.8,8.8.4.4
O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Arquivos de programas\Arquivos comuns\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Arquivos de programas\Arquivos comuns\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Arquivos de programas\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe

--
End of file - 11836 bytes

Muito obrigado amigo Mr. Wolf.

Johnn Y · 11/06/2010

Mr. Wolf, a licença do meu Kaspersky acabou há uns dias e eu tenho tido alguns problemas aqui com o pc, então queria que você desse uma olhada no meu log pra ver se há algo suspeito.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:09, on 11/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2552374
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.positivoinformatica.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll
R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Program Files\Softonic_Brasil\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Aládia\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Estatísticas do Antivírus da Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8633 bytes

Muito obrigado

GVSPFC · 11/06/2010

Será que nosso amigo Mr. Wolf se aposentou do tópico?

DSoldier · 16/06/2010

Estou com umas pastas com nomes desconhecidos no C:

35dc3601157d14fd39c5ec747fd8
É uma delas, se eu tento acessar o conteúdo eu sou barrado, aparece "acesso negado".

Já utilizei antivirus e anti spywares, nao consigo acessar o conteudo.

Outra coisa, o meu HD, está me informando que eu estou utilizando por volta de 55gb..
Mas eu não tenho tudo isso de programas/arquivos no meu pc.

Segue log do hijackthis.

Muito obrigado desde já!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:31, on 16/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de Programas\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de Programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Meus documentos\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_P.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_P.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Arquivos de Programas\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D97418-E9D0-4798-AF06-EE6BB6296E8D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{603FEEF9-FD55-4FA8-B6A5-7BDAAC9160BF}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca774ba2586ebc) (gupdate1ca774ba2586ebc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de Programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8851 bytes

valeuu

DSoldier · 16/06/2010

Estou com umas pastas com nomes desconhecidos no C:

35dc3601157d14fd39c5ec747fd8
É uma delas, se eu tento acessar o conteúdo eu sou barrado, aparece "acesso negado".

Já utilizei antivirus e anti spywares, nao consigo acessar o conteudo.

Outra coisa, o meu HD, está me informando que eu estou utilizando por volta de 55gb..
Mas eu não tenho tudo isso de programas/arquivos no meu pc.

Segue log do hijackthis.

Muito obrigado desde já!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:31, on 16/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de Programas\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Arquivos de Programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe
C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Arquivos de Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Arquivos de programas\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Proprietário\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Proprietário\Meus documentos\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ig.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_P.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Arquivos de programas\BS_Player\tbBS_P.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Arquivos de programas\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Arquivos de Programas\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{51D97418-E9D0-4798-AF06-EE6BB6296E8D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{603FEEF9-FD55-4FA8-B6A5-7BDAAC9160BF}: NameServer = 200.204.0.10 200.204.0.138
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate1ca774ba2586ebc) (gupdate1ca774ba2586ebc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de Programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - Unknown owner - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8851 bytes

valeuu

Mr.Wolf · 18/06/2010

Boa tarde pessoal!

Gostaria de pedir desculpas a todos pela demora. O tempo aqui está bastante corrido.

Será difícil entrar com frequência aqui no fórum como antes.

De qualquer forma, agradeço a atenção e a confiança dos amigos.

Abraços

вяυиασ 1988 · 18/06/2010

Mr.Wolf

Se possivel uma ajudinha rapida aki.

Meu xp ao ligar ta dando uma mensagem dizendo que um arquivo não pode ser iniciado. Cada hora é um arquivo diferente.

Já passei o combofix, malwarebytes, avira, panda cloud e outras tantos programas e a mensagem continua aparecendo.

Hoje vi uma coisa na net e fui no services.msc e parei um serviço lá, reiniciei o pc e a mensagem parou. Mas logo depois voltou a aparecer.

Tem alguma ideia do que pode ser isso pra vc me dar alguma dica pra resolver?

Remoção de vírus

Member

New Member

Malware Removal

PSN: AJFLevenhagen

New Member

Banido

Banido

New Member

New Member

New Member

New Member

HSG

Bon Vivant

Member

New Member

New Member

Member

Member

Peace!

Member

Peace!

New Member

New Member

Malware Removal

Active Member

Users who are viewing this thread