Celsogd

Novato
  • Content count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Celsogd

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. Pessoal: Fui executar o combofix e ele detectou uma atualização para a versão 2012. ocorre que após baixar esta versão (www.softonic.com.br), durante o processo de instalação, recebo msg de que não é possivel efetuar a instalação sema prévia exclusão da versão anterior. Já pesquisei todo o micro e eliminei tudo o que fosse *combofix*.* mas mesmo assim continuo a receber a tal mensgem. alguém tem alguma ideia de como resolver ? Abraços
  2. [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2004-08-04 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys [-] 2004-08-04 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2005-01-28 15:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-01-28 15:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-04 12:00 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe [-] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe [-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe [-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . 1683AF18422F7DE34575EE95BE882AD1 . 2061824 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2006-12-19 . CD84579BD1EA4653A0DC4DE5B8AA943F . 2063616 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 . 520C4341E3BA4F5099D23F758CAD8FAC . 2061824 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . D5ED391B213FA2A6EE25DE5AB8512360 . 2061056 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2004-08-04 . C9BAE5544B8AA39454C50D8FF83AE5A8 . 2061056 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 12:00 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 1ED76ED2500D4DB39D8CFF1CCF434AFA . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 017F4ABB521A5E700216AACFD4C3563C . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2004-08-04 12:00 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll [-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll [-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2004-08-04 . EDF655E907022DF8006221DFF1C2439A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe [-] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe [-] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe [-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe [-] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 986C40660057A2BAC752ED4F97CF4A10 . 2184576 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2006-12-19 . DF77102101D135739BF39A13473FCFA6 . 2186240 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2006-12-19 . 081A0DD300F8623D74B2AF9EE0CF7B1A . 2184576 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 0DA99D0CBD578AD96EFFD3A571CE8437 . 2183552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2004-08-04 . 3B72A63F230DFB276FC96A99173A81BE . 2185216 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll [-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2004-08-04 . F0F4530EEE8D703C4471B37CA7C2C827 . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll [-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll [-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2006-12-19 . 3D6D61D9D39246C6C2EAEA7772B37E72 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll [-] 2006-12-19 . 2BD60A1430535A75DD9443DA798A04EB . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll [-] 2004-08-04 . E1E55789A51A088830E67F8B71312309 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll . ((((((((((((((((((((((((((((( SnapShot@2011-01-03_15.05.15 ))))))))))))))))))))))))))))))))))))))))) . + 2011-01-05 11:07 . 2011-01-05 11:07 16384 c:\windows\Temp\Perflib_Perfdata_894.dat + 2011-01-04 12:57 . 2011-01-04 12:57 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe - 2010-11-15 10:57 . 2010-11-15 10:57 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-06-02 57344] "OM2_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800] "Google Update"="c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-07-15 133104] "NokiaOviSuite2"="c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-05 385856] "SpeedBitVideoAccelerator"="c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-10-15 1607272] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-10-16 2836656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" [2005-03-11 147456] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "PaperPort PTD"="c:\arquivos de programas\Scansoft\PaperPort\pptd40nt.exe" [2003-05-21 45108] "IndexSearch"="c:\arquivos de programas\Scansoft\PaperPort\IndexSearch.exe" [2003-05-21 36864] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-11-23 77824] "OM_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-06-02 40960] "HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Caio Lucas\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.2.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\CRIAN€AS\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Diretoria^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk] backup=c:\windows\pss\BrOffice.org 2.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Diretoria^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk] backup=c:\windows\pss\BrOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2009-10-26 19:26 753664 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 12:57 1451520 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Documents and Settings\\Diretoria\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Diretoria\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\yct.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Arquivos de programas\\aTube Catcher\\yct.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/6/2010 10:20 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/6/2010 10:20 17744] S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático; [x] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2010 18:00 135664] S2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 bqusbser;WCDMA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\Mousbser.sys [2/3/2009 02:00 103552] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/8/2004 10:00 14336] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [16/11/2009 14:33 50704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Conteúdo da pasta 'Tarefas Agendadas' 2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-03 20:00] 2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-03 20:00] 2011-01-05 c:\windows\Tasks\User_Feed_Synchronization-{800B0E48-F616-4F2B-9564-E05E06F1A0AE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] 2011-01-04 c:\windows\Tasks\User_Feed_Synchronization-{955F34A8-8563-420D-9ED6-6671CB660AB0}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.globo.com/ uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\arquiv~1\SPEEDB~1\sblsp.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: PluginNossaCaixaSetup - hxxps://wwws.nossacaixa.com.br/PluginNossaCaixaSetup.CAB DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://bradesconetempresa.com.br/pj/CA.cab DPF: {CC646B39-EDB0-4308-A592-7C6F759C173A} - hxxps://wwws.nossacaixa.com.br/ocx_PluginNossaCaixa.CAB FF - ProfilePath - c:\documents and settings\Diretoria\Dados de aplicativos\Mozilla\Firefox\Profiles\vngisuyz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2552374&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - www.globo.com FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - %profile%\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\arquivos de programas\DAP\DAPFireFox . . ------- Associação de arquivos/ficheiros ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-05 09:26 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(692) c:\arquiv~1\SPEEDB~1\sblsp.dll c:\arquivos de programas\SpeedBit Video Accelerator\ConfigDB.dll c:\arquivos de programas\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\arquivos de programas\SpeedBit Video Accelerator\Collector.dll . Tempo para conclusão: 2011-01-05 09:44:58 ComboFix-quarantined-files.txt 2011-01-05 11:44 ComboFix2.txt 2011-01-03 15:10 Pré-execução: 17 pasta(s) 56.765.755.392 bytes disponíveis Pós execução: 18 pasta(s) 56.772.341.760 bytes disponíveis - - End Of File - - 9646877081FBA5A75030DCF732C03477
  3. JM: Segui os procedimentos recomendados. Voltei a renomear o Combofix de: Uninstall para Combofix e executei o programa. Novamente detectou a "infecção" veja o LOG abaixo e no POST seguinte. Pergunto: Não seria o caso de fazer todo este procedimento mas, antes de reativar a restauração, excluir e copiar o Regedit.exe ? Abraços ComboFix 11-01-04.04 - Diretoria 05/01/2011 9:16.29.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1215.637 [GMT -2:00] Executando de: c:\documents and settings\Diretoria\Desktop\Combofix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\windows\regedit.exe . . . está infectado!! . (((((((((((((((( Arquivos/Ficheiros criados de 2010-12-05 to 2011-01-05 )))))))))))))))))))))))))))) . 2011-01-03 23:28 . 2011-01-03 23:28 1409 ----a-w- c:\windows\QTFont.for 2011-01-03 14:46 . 2004-08-04 12:00 150528 ------w- c:\windows\REGEDIT.EXE 2010-12-25 21:27 . 2010-12-25 21:27 -------- d-----w- c:\documents and settings\CRIANÇAS\Configurações locais\Dados de aplicativos\Nokia 2010-12-18 20:08 . 2010-12-18 20:08 -------- d-----w- c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\QuickStores 2010-12-18 20:08 . 2010-12-18 20:13 -------- d-----w- c:\arquivos de programas\aTube Catcher 2010-12-18 19:39 . 2011-01-03 17:07 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\WMTools Downloaded Files 2010-12-17 20:34 . 2010-12-17 20:34 -------- d-----w- c:\documents and settings\Caio Lucas\Dados de aplicativos\Yahoo! 2010-12-17 20:28 . 2010-12-17 20:28 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\Nokia 2010-12-16 08:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2010-05-24 19:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2010-05-24 19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:15 . 2006-07-25 15:11 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:21 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:58 . 2004-08-04 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-15 21:55 . 2010-10-15 21:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 8F69BA68EFA010E92190167477037FFD . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 6438135C183474E0DAF0E66D6EAC8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . 3EBF666347F1BB6AA9F091C36020A78A . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . A38FDDA0A6FEC3ACAA8511366AACC6A3 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . 6873FADC8A7E8A2BF7D84EDA5602B2B0 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:40 . 6EEA45E8A1417C5EB99143D1564B0403 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:29 . C330D099CD4D1AAC0E0293C7AEE10566 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-04 12:00 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 631A6F8B57F800E4B55F8539F76E7274 . 1025024 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . ECE3A528F975CEEC8B4FAF404548A449 . 1023488 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 05D638D8E7B98DBC6D0AAE74E3CFD096 . 1024000 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . 32683F86786236D872B56AB413649810 . 1022976 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . D2E560F85ED0388CA995640ACA55F030 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . F4E45A739872709C81F9561CE42186CF . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-14 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll [-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2004-08-04 . B7BDD03E2D7422CE226DA4029CE8C13C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . F94EBF229DC4A2A74A4CEA0318103FD2 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . B28913968868BB0A982A9AF8BDC70677 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . F86D3E5C8FE13297E1C2D662F9E2D59D . 578560 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . B5782EE6EAFE3C218236F79F1A27B747 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 7FFBCF1B94E6929DEECE06670C2407D6 . 577536 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . DCCBF18E94D651393A3FFA060F88E0A0 . 1035264 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2004-08-04 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . A6A09C7E20A53990F941174C414A7E1B . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . EEEF999C1F9CA4EA4E256E25301EF177 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
  4. JM: FEITO ! Mas, ao que parece não decobrimos nada, veja o relatório gerado: 4/1/2011 08:36:22 Tarefa iniciada Ação padrão selecionada 4/1/2011 12:24:22 Tarefa concluída Ação padrão selecionada
  5. [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 12:00 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 1ED76ED2500D4DB39D8CFF1CCF434AFA . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 017F4ABB521A5E700216AACFD4C3563C . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2004-08-04 12:00 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll [-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll [-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2004-08-04 . EDF655E907022DF8006221DFF1C2439A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe [-] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe [-] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe [-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe [-] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 986C40660057A2BAC752ED4F97CF4A10 . 2184576 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2006-12-19 . DF77102101D135739BF39A13473FCFA6 . 2186240 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2006-12-19 . 081A0DD300F8623D74B2AF9EE0CF7B1A . 2184576 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 0DA99D0CBD578AD96EFFD3A571CE8437 . 2183552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2004-08-04 . 3B72A63F230DFB276FC96A99173A81BE . 2185216 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll [-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2004-08-04 . F0F4530EEE8D703C4471B37CA7C2C827 . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll [-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll [-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2006-12-19 . 3D6D61D9D39246C6C2EAEA7772B37E72 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll [-] 2006-12-19 . 2BD60A1430535A75DD9443DA798A04EB . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll [-] 2004-08-04 . E1E55789A51A088830E67F8B71312309 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-06-02 57344] "OM2_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800] "Google Update"="c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-07-15 133104] "NokiaOviSuite2"="c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-05 385856] "SpeedBitVideoAccelerator"="c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-10-15 1607272] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-10-16 2836656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" [2005-03-11 147456] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "PaperPort PTD"="c:\arquivos de programas\Scansoft\PaperPort\pptd40nt.exe" [2003-05-21 45108] "IndexSearch"="c:\arquivos de programas\Scansoft\PaperPort\IndexSearch.exe" [2003-05-21 36864] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-11-23 77824] "OM_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-06-02 40960] "HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Caio Lucas\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.2.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\CRIAN€AS\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Diretoria^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk] backup=c:\windows\pss\BrOffice.org 2.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Diretoria^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk] backup=c:\windows\pss\BrOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2009-10-26 19:26 753664 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 12:57 1451520 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Documents and Settings\\Diretoria\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Diretoria\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\yct.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\aTube Catcher\\yct.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/6/2010 10:20 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/6/2010 10:20 17744] S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático; [x] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2010 18:00 135664] S2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 bqusbser;WCDMA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\Mousbser.sys [2/3/2009 02:00 103552] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/8/2004 10:00 14336] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [16/11/2009 14:33 50704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Conteúdo da pasta 'Tarefas Agendadas' 2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-03 20:00] 2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-03 20:00] 2011-01-03 c:\windows\Tasks\User_Feed_Synchronization-{800B0E48-F616-4F2B-9564-E05E06F1A0AE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] 2011-01-03 c:\windows\Tasks\User_Feed_Synchronization-{955F34A8-8563-420D-9ED6-6671CB660AB0}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.globo.com/ uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\arquiv~1\SPEEDB~1\sblsp.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: PluginNossaCaixaSetup - hxxps://wwws.nossacaixa.com.br/PluginNossaCaixaSetup.CAB DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://bradesconetempresa.com.br/pj/CA.cab DPF: {CC646B39-EDB0-4308-A592-7C6F759C173A} - hxxps://wwws.nossacaixa.com.br/ocx_PluginNossaCaixa.CAB FF - ProfilePath - c:\documents and settings\Diretoria\Dados de aplicativos\Mozilla\Firefox\Profiles\vngisuyz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2552374&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - www.globo.com FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - %profile%\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\arquivos de programas\DAP\DAPFireFox . . ------- Associação de arquivos/ficheiros ------- . inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-01-03 13:05 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(692) c:\arquiv~1\SPEEDB~1\sblsp.dll c:\arquivos de programas\SpeedBit Video Accelerator\ConfigDB.dll c:\arquivos de programas\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\arquivos de programas\SpeedBit Video Accelerator\Collector.dll - - - - - - - > 'explorer.exe'(5080) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2011-01-03 13:10:50 ComboFix-quarantined-files.txt 2011-01-03 15:10 Pré-execução: 17 pasta(s) 49.499.938.816 bytes disponíveis Pós execução: 18 pasta(s) 49.497.993.216 bytes disponíveis - - End Of File - - 89066F578BC843D284C6B3C13AFC6E55
  6. JM: Segui os procedimentos recomendados. Inclusive, para garantir a limpeza, antes de reiniciar a máquina, eliminei registros perdidos com o MVREGCLEAN e rodei CCLEANER. Infelizmente ao rodar o "novo" COMBOFIX ele ainda acusa o C:\windows\regedit.exe como infectado ! Não sei se ajuda mas, lembro que por causa do COMBOFIX a console de restauração do sistema esta ativa. Abaixo o relatorio COMBOFIX (em 2 partes) ComboFix 11-01-02.04 - Diretoria 03/01/2011 12:57:32.28.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1215.599 [GMT -2:00] Executando de: c:\documents and settings\Diretoria\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\regedit.exe . . . está infectado!! . (((((((((((((((( Arquivos/Ficheiros criados de 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))) . 2011-01-03 14:46 . 2004-08-04 12:00 150528 ------w- c:\windows\REGEDIT.EXE 2010-12-25 21:27 . 2010-12-25 21:27 -------- d-----w- c:\documents and settings\CRIANÇAS\Configurações locais\Dados de aplicativos\Nokia 2010-12-18 20:08 . 2010-12-18 20:08 -------- d-----w- c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\QuickStores 2010-12-18 20:08 . 2010-12-18 20:13 -------- d-----w- c:\arquivos de programas\aTube Catcher 2010-12-18 19:39 . 2010-12-18 19:50 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\WMTools Downloaded Files 2010-12-17 20:34 . 2010-12-17 20:34 -------- d-----w- c:\documents and settings\Caio Lucas\Dados de aplicativos\Yahoo! 2010-12-17 20:28 . 2010-12-17 20:28 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\Nokia 2010-12-16 08:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2010-05-24 19:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2010-05-24 19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:15 . 2006-07-25 15:11 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:21 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:58 . 2004-08-04 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-15 21:55 . 2010-10-15 21:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 8F69BA68EFA010E92190167477037FFD . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 6438135C183474E0DAF0E66D6EAC8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . 3EBF666347F1BB6AA9F091C36020A78A . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . A38FDDA0A6FEC3ACAA8511366AACC6A3 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . 6873FADC8A7E8A2BF7D84EDA5602B2B0 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:40 . 6EEA45E8A1417C5EB99143D1564B0403 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:29 . C330D099CD4D1AAC0E0293C7AEE10566 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-04 12:00 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 631A6F8B57F800E4B55F8539F76E7274 . 1025024 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . ECE3A528F975CEEC8B4FAF404548A449 . 1023488 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 05D638D8E7B98DBC6D0AAE74E3CFD096 . 1024000 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . 32683F86786236D872B56AB413649810 . 1022976 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . D2E560F85ED0388CA995640ACA55F030 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . F4E45A739872709C81F9561CE42186CF . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-14 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll [-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2004-08-04 . B7BDD03E2D7422CE226DA4029CE8C13C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . F94EBF229DC4A2A74A4CEA0318103FD2 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . B28913968868BB0A982A9AF8BDC70677 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . F86D3E5C8FE13297E1C2D662F9E2D59D . 578560 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . B5782EE6EAFE3C218236F79F1A27B747 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 7FFBCF1B94E6929DEECE06670C2407D6 . 577536 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . DCCBF18E94D651393A3FFA060F88E0A0 . 1035264 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2004-08-04 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . A6A09C7E20A53990F941174C414A7E1B . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . EEEF999C1F9CA4EA4E256E25301EF177 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2004-08-04 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys [-] 2004-08-04 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2005-01-28 15:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-01-28 15:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-04 12:00 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe [-] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe [-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe [-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . 1683AF18422F7DE34575EE95BE882AD1 . 2061824 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2006-12-19 . CD84579BD1EA4653A0DC4DE5B8AA943F . 2063616 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 . 520C4341E3BA4F5099D23F758CAD8FAC . 2061824 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . D5ED391B213FA2A6EE25DE5AB8512360 . 2061056 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2004-08-04 . C9BAE5544B8AA39454C50D8FF83AE5A8 . 2061056 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
  7. Caro JM: Acabo de fazer o seguinte: Deletei o arquivo Regedit.exe contido em C:\windows. Copiei o Regedit do CD para C:Windows Executei o CCLEANER para esvaziar a lixeira e fazer limpeza Reiniciei a máquina. Executei o COMBOFIX que, novamente, indica estar o registro infectado, razão pela qual deixo de juntar o relatório. Efetuei uma pesquisa com o windows explorer e notei que na data de hoje foram criandos,m e não por mim, arquivos que talvez possam estar "recuperando" o arquivo defeituoso, veja abaixo. Abraços REGSVR32.EXE-25EEFE2F.PF REGEDIT.EXE-1B606482PF SWREG.EXE-3560BE42.PF SWREG.CFXXE-1731962.PF SWREG.CFXXE-16776A8B.PF SWREG.EXE-0937BD77.PF Todos criados em C:\windows\Prefetch
  8. J. Melo: Meu Windows é original e tenho sim os CDs de instalação. Porém, não sei como proceder ! Há no CD a opção de corrigir ? Se não há, como copio apenas este arquivo ?
  9. PARTE 02 [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-04 01:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2005-01-28 15:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-01-28 15:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-04 12:00 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2010-04-29 . 7FDAC9D0C4F6EBC61160EC9F00F03C20 . 2071168 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe [-] 2010-04-28 . 1E4A43698D5FCEE3776A1487C43D99AB . 2071040 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe [-] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . 7D45AF0A376A7EEE59B2A4BCDC304C9C . 2070400 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe [-] 2009-12-09 . FA72BE44F0715BD88A37C77559ACB3B7 . 2070272 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe [-] 2009-08-05 . 6FEC1B436323CC29B3008D7C5BF2A10F . 2070400 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . B7A8A8A3B9C2E259689140F5F8E46842 . 2070272 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe [-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe [-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 586A93E0C23F6A1893F6706F36B22598 . 2070272 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . A62251C7C1F0DBC3241ABF1985EDE75E . 2070272 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . D027F0097B8F099C09369B8CC97D7C32 . 2063616 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . 1683AF18422F7DE34575EE95BE882AD1 . 2061824 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2006-12-19 . CD84579BD1EA4653A0DC4DE5B8AA943F . 2063616 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 . 520C4341E3BA4F5099D23F758CAD8FAC . 2061824 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2005-03-02 . AED7B3AA86AD031CF39C6E4BBA37E818 . 2061184 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . D5ED391B213FA2A6EE25DE5AB8512360 . 2061056 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2004-08-04 . C9BAE5544B8AA39454C50D8FF83AE5A8 . 2061056 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 12:00 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 1ED76ED2500D4DB39D8CFF1CCF434AFA . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 017F4ABB521A5E700216AACFD4C3563C . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ERDNT\cache\dsound.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll [-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll [-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\d3d9.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll [-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll [-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ERDNT\cache\ddraw.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll [-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll [-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\olepro32.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll [-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll [-] 2004-08-04 12:00 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\perfctrs.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll [-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll [-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll [-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll [-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll [-] 2004-08-04 . EDF655E907022DF8006221DFF1C2439A . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\ERDNT\cache\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe [-] 2010-04-28 . DE753D0C2FB81D7E6107B12CF036DCD1 . 2194176 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2010-04-28 . 2B14801C5D196E8BEC3EA573B3B2DA44 . 2194304 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe [-] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe [-] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . C25035B93BDF12E2CB89C6F5BF8B99F1 . 2193536 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe [-] 2009-12-09 . EB331E36934D9016B66CDF694954A8AF . 2193408 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe [-] 2009-08-05 . 5478469B21B53EFCA944412D2DE6ABCA . 2193408 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe [-] 2009-08-04 . 3B75E61D1546C05A959EDFE11F1510D1 . 2193536 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe [-] 2008-08-14 . A42CC3CFC02A7B2BAEC7B0D45808B257 . 2193408 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . 04BA43B0D2A13BD6B06D707299243CFC . 2193408 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2007-02-28 . BFB4C8761976CCE0B544D557B4C70825 . 2186368 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 986C40660057A2BAC752ED4F97CF4A10 . 2184576 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2006-12-19 . DF77102101D135739BF39A13473FCFA6 . 2186240 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2006-12-19 . 081A0DD300F8623D74B2AF9EE0CF7B1A . 2184576 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2005-03-02 . 6E3AB4241E058B248CB7CDC5157449C3 . 2183808 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 0DA99D0CBD578AD96EFFD3A571CE8437 . 2183552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2004-08-04 . 3B72A63F230DFB276FC96A99173A81BE . 2185216 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll [-] 2008-04-14 . E41419F44AC35DD414D436479A0ED211 . 176128 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll [-] 2004-08-04 . F0F4530EEE8D703C4471B37CA7C2C827 . 175616 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll [-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll [-] 2008-04-14 . 8BCDAECAB7BC90E116ED6BB104EEDBEC . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll [-] 2006-12-19 . 3D6D61D9D39246C6C2EAEA7772B37E72 . 334336 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll [-] 2006-12-19 . 2BD60A1430535A75DD9443DA798A04EB . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll [-] 2004-08-04 . E1E55789A51A088830E67F8B71312309 . 333824 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll . ((((((((((((((((((((((((((((( SnapShot@2010-12-19_09.48.12 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-31 12:55 . 2010-12-31 12:55 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OM_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-06-02 57344] "OM2_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800] "Google Update"="c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-07-15 133104] "NokiaOviSuite2"="c:\arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-05 385856] "SpeedBitVideoAccelerator"="c:\arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-10-15 1607272] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-10-16 2836656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" [2005-03-11 147456] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "PaperPort PTD"="c:\arquivos de programas\Scansoft\PaperPort\pptd40nt.exe" [2003-05-21 45108] "IndexSearch"="c:\arquivos de programas\Scansoft\PaperPort\IndexSearch.exe" [2003-05-21 36864] "MsmqIntCert"="mqrt.dll" [2008-04-14 177152] "HP Component Manager"="c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-12 172032] "QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2007-11-23 77824] "OM_Monitor"="c:\arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-06-02 40960] "HP Software Update"="c:\arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "NokiaMusic FastStart"="c:\arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Caio Lucas\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.2.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\CRIAN€AS\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ Windows Search.lnk - c:\arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Diretoria^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.0.lnk] backup=c:\windows\pss\BrOffice.org 2.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Diretoria^Menu Iniciar^Programas^Inicializar^BrOffice.org 2.4.lnk] backup=c:\windows\pss\BrOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] 2009-10-26 19:26 753664 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-11-11 12:57 1451520 -c--a-w- c:\arquivos de programas\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Documents and Settings\\Diretoria\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Diretoria\\Configurações locais\\Dados de aplicativos\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\yct.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Arquivos de programas\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= "c:\\Arquivos de programas\\aTube Catcher\\yct.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/6/2010 10:20 165584] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/6/2010 10:20 17744] S2 Agendador do LiveUpdate automático;Agendador do LiveUpdate automático; [x] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [3/2/2010 18:00 135664] S2 VideoAcceleratorService;VideoAcceleratorService;c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\arquiv~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 bqusbser;WCDMA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\Mousbser.sys [2/3/2009 02:00 103552] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/8/2004 10:00 14336] S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [16/11/2009 14:33 50704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Conteúdo da pasta 'Tarefas Agendadas' 2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-03 20:00] 2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-02-03 20:00] 2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{800B0E48-F616-4F2B-9564-E05E06F1A0AE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] 2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{955F34A8-8563-420D-9ED6-6671CB660AB0}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 07:31] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.globo.com/ uSearchURL,(Default) = hxxp://www.speedapps.com/search.htm IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\arquiv~1\SPEEDB~1\sblsp.dll Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\arquiv~1\DAP\dapie.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: PluginNossaCaixaSetup - hxxps://wwws.nossacaixa.com.br/PluginNossaCaixaSetup.CAB DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} - hxxps://bradesconetempresa.com.br/pj/CA.cab DPF: {CC646B39-EDB0-4308-A592-7C6F759C173A} - hxxps://wwws.nossacaixa.com.br/ocx_PluginNossaCaixa.CAB FF - ProfilePath - c:\documents and settings\Diretoria\Dados de aplicativos\Mozilla\Firefox\Profiles\vngisuyz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2552374&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - www.globo.com FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\arquivos de programas\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\arquivos de programas\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - %profile%\extensions\{12fc3d37-2a42-4fe3-8489-81296878cba5} FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\arquivos de programas\DAP\DAPFireFox . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-31 11:26 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'lsass.exe'(696) c:\arquiv~1\SPEEDB~1\sblsp.dll c:\arquivos de programas\SpeedBit Video Accelerator\ConfigDB.dll c:\arquivos de programas\SpeedBit Video Accelerator\Accelerator.dll c:\windows\system32\WININET.dll c:\arquivos de programas\SpeedBit Video Accelerator\Collector.dll - - - - - - - > 'explorer.exe'(4200) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tempo para conclusão: 2010-12-31 11:32:09 ComboFix-quarantined-files.txt 2010-12-31 13:32 ComboFix2.txt 2010-12-29 20:36 ComboFix3.txt 2010-12-19 09:53 ComboFix4.txt 2010-12-16 09:17 ComboFix5.txt 2010-12-31 13:16 Pré-execução: 17 pasta(s) 49.857.007.616 bytes disponíveis Pós execução: 18 pasta(s) 49.863.606.272 bytes disponíveis - - End Of File - - E0E46B5F211C980F81BC68BAA1567DE5
  10. LOG COMBOFIX - PARTE 01 ComboFix 10-12-30.03 - Diretoria 31/12/2010 11:19:55.26.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1215.628 [GMT -2:00] Executando de: c:\documents and settings\Diretoria\Desktop\ComboFix.exe Comandos utilizados :: c:\documents and settings\Diretoria\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Criado um novo ponto de restauração . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\regedit.exe . . . está infectado!! . (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))) . 2010-12-25 21:27 . 2010-12-25 21:27 -------- d-----w- c:\documents and settings\CRIANÇAS\Configurações locais\Dados de aplicativos\Nokia 2010-12-18 20:08 . 2010-12-18 20:08 -------- d-----w- c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\QuickStores 2010-12-18 20:08 . 2010-12-18 20:13 -------- d-----w- c:\arquivos de programas\aTube Catcher 2010-12-18 19:39 . 2010-12-18 19:50 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\WMTools Downloaded Files 2010-12-17 20:34 . 2010-12-17 20:34 -------- d-----w- c:\documents and settings\Caio Lucas\Dados de aplicativos\Yahoo! 2010-12-17 20:28 . 2010-12-17 20:28 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\Nokia 2010-12-16 08:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2010-05-24 19:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2010-05-24 19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:15 . 2006-07-25 15:11 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:21 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:58 . 2004-08-04 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-15 21:55 . 2010-10-15 21:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 8F69BA68EFA010E92190167477037FFD . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 6438135C183474E0DAF0E66D6EAC8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . 0CBE4D5ABFDB7AD47ABBA899F0EA7D3B . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . 3EBF666347F1BB6AA9F091C36020A78A . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . A38FDDA0A6FEC3ACAA8511366AACC6A3 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . 6873FADC8A7E8A2BF7D84EDA5602B2B0 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe [-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe [-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:40 . 6EEA45E8A1417C5EB99143D1564B0403 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:29 . C330D099CD4D1AAC0E0293C7AEE10566 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-04 12:00 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 631A6F8B57F800E4B55F8539F76E7274 . 1025024 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . ECE3A528F975CEEC8B4FAF404548A449 . 1023488 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 05D638D8E7B98DBC6D0AAE74E3CFD096 . 1024000 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . 32683F86786236D872B56AB413649810 . 1022976 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . D2E560F85ED0388CA995640ACA55F030 . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . F4E45A739872709C81F9561CE42186CF . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2008-04-14 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll [-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll [-] 2004-08-04 . B7BDD03E2D7422CE226DA4029CE8C13C . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . F94EBF229DC4A2A74A4CEA0318103FD2 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . B28913968868BB0A982A9AF8BDC70677 . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . F86D3E5C8FE13297E1C2D662F9E2D59D . 578560 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . B5782EE6EAFE3C218236F79F1A27B747 . 578048 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 3ED0A4D74EFD5AAF8408095F452E2613 . 577536 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 7FFBCF1B94E6929DEECE06670C2407D6 . 577536 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2help.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll [-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll [-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . DCCBF18E94D651393A3FFA060F88E0A0 . 1035264 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . 45D521506825A10B80833B4E9621CCF6 . 1035264 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll [-] 2010-04-16 . B441EF945AD4B44661A8D257D9032D44 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll [-] 2010-04-16 . 68C76F0EC31E693F7A6E262FF7AA4F9E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll [-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll [-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll [-] 2004-08-04 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\xmlprov.dll [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\eventlog.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfcfiles.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . A6A09C7E20A53990F941174C414A7E1B . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . EEEF999C1F9CA4EA4E256E25301EF177 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2004-08-04 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys [-] 2004-08-04 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438
  11. Como não localizei meu ultimo POST, envio novamente J. Melo: FEITO ! Quando iniciei o COMBOFIX ele pediu para atualizar a versão e eu permite. Abaixo o LOG do HIJACK. Como o LOG do COMBOFIX é muito grande, estarei enviando em seguinda em 2 POSTs. Grato =================================================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:45:40, on 31/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Scansoft\PaperPort\pptd40nt.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\svchost.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe C:\Documents and Settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\WINDOWS\system32\fxssvc.exe C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\mqtgsvc.exe C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Diretoria\Desktop\HiJackThis.exe C:\Arquivos de programas\Arquivos comuns\Nokia\NoA\nokiaaserver.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Arquivos de programas\PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: PluginNossaCaixaSetup - https://wwws.nossacaixa.com.br/PluginNossaCaixaSetup.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://wwws.nossacaixa.com.br/VSApps/vspta3.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC646B39-EDB0-4308-A592-7C6F759C173A} (PluginNossaCaixa.Identifica_Maq) - https://wwws.nossacaixa.com.br/ocx_PluginNossaCaixa.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 12674 bytes ===================================================
  12. Caro J. Melo: Conforme orientação, atualizei e executei MALWAREBYTES ANTI-MALWARE, o qual NÃO detectou absolutamente nada ! Em seguida, executei novamente o COMBOFIX, que informa a "INFECÇÃO" e o HIJACKTHIS. Anexo os 3 LOGS, Obrigado. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Versão da Base de Dados: 5417 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/12/2010 18:12:06 mbam-log-2010-12-29 (18-12-06).txt Tipo de Verificação: Verificação Completa (C:\|) Objetos escaneados: 246597 Tempo decorrido: 2 hora(s), 51 minuto(s), 24 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) ------------------------------------------------------------------------------------- ComboFix 10-12-28.03 - Diretoria 29/12/2010 18:22:59.25.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1215.584 [GMT -2:00] Executando de: c:\documents and settings\Diretoria\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\regedit.exe . . . está infectado!! . (((((((((((((((( Arquivos/Ficheiros criados de 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))) . 2010-12-25 21:27 . 2010-12-25 21:27 -------- d-----w- c:\documents and settings\CRIANÇAS\Configurações locais\Dados de aplicativos\Nokia 2010-12-18 20:08 . 2010-12-18 20:08 -------- d-----w- c:\documents and settings\Diretoria\Configurações locais\Dados de aplicativos\QuickStores 2010-12-18 20:08 . 2010-12-18 20:13 -------- d-----w- c:\arquivos de programas\aTube Catcher 2010-12-18 19:39 . 2010-12-18 19:50 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\WMTools Downloaded Files 2010-12-17 20:34 . 2010-12-17 20:34 -------- d-----w- c:\documents and settings\Caio Lucas\Dados de aplicativos\Yahoo! 2010-12-17 20:28 . 2010-12-17 20:28 -------- d-----w- c:\documents and settings\Caio Lucas\Configurações locais\Dados de aplicativos\Nokia 2010-12-16 08:29 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 20:09 . 2010-05-24 19:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 20:08 . 2010-05-24 19:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-18 18:15 . 2006-07-25 15:11 86016 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:21 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:21 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-06 00:21 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-10-28 13:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:58 . 2004-08-04 12:00 1853440 ----a-w- c:\windows\system32\win32k.sys 2010-10-15 21:55 . 2010-10-15 21:55 172032 ----a-w- c:\windows\system32\AniGIF.ocx . ------- Sigcheck ------- --------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:39:08, on 29/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Scansoft\PaperPort\pptd40nt.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Documents and Settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Arquivos de programas\DAP\DAP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe C:\Arquivos de programas\Arquivos comuns\Nokia\NoA\nokiaaserver.exe C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\system32\PING.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Diretoria\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Arquivos de programas\PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: PluginNossaCaixaSetup - https://wwws.nossacaixa.com.br/PluginNossaCaixaSetup.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://wwws.nossacaixa.com.br/VSApps/vspta3.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC646B39-EDB0-4308-A592-7C6F759C173A} (PluginNossaCaixa.Identifica_Maq) - https://wwws.nossacaixa.com.br/ocx_PluginNossaCaixa.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 12798 bytes corrige.txt
  13. Caro Jose Melo: Abaixo o LOG solicitado. Obrigado. Celso Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:06:33, on 19/12/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Arquivos de programas\Scansoft\PaperPort\pptd40nt.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\Documents and Settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Arquivos de programas\DAP\DAP.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe C:\Arquivos de programas\Arquivos comuns\Nokia\NoA\nokiaaserver.exe C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Arquivos de programas\PC Connectivity Solution\Transports\NclRSSrv.exe C:\ARQUIV~1\ARQUIV~1\Nokia\MPLATF~1\NOKIAM~1.EXE C:\WINDOWS\system32\PING.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Diretoria\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.speedapps.com/search.htm R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\Scansoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\Scansoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart O4 - HKCU\..\Run: [OM_Monitor] C:\Arquivos de programas\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [OM2_Monitor] "C:\Arquivos de programas\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Diretoria\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Arquivos de programas\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray O4 - HKCU\..\Run: [speedBitVideoAccelerator] C:\Arquivos de programas\SpeedBit Video Accelerator\VideoAccelerator.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Arquivos de programas\PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O10 - Unknown file in Winsock LSP: c:\arquiv~1\speedb~1\sblsp.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: PluginNossaCaixaSetup - https://wwws.nossacaixa.com.br/PluginNossaCaixaSetup.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.6.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://wwws.nossacaixa.com.br/VSApps/vspta3.cab O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/pj/CA.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC646B39-EDB0-4308-A592-7C6F759C173A} (PluginNossaCaixa.Identifica_Maq) - https://wwws.nossacaixa.com.br/ocx_PluginNossaCaixa.CAB O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - (no file) O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\ARQUIV~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 13080 bytes
  14. Pessoal: Executo o COMBOFIX e ele alerta: ((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))) . c:\windows\regedit.exe . . . está infectado!! Mas não consegue corrigir o problema ! Notei que a geração do relatório do COMBOFIX ficou mais demorada. Alguma sugestão ? Grato.
  15. Feito ! Segue LOG COMBOFIX ComboFix.txt