Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper.generic.tht? Mrofinu312.exe


  • This topic is locked This topic is locked
17 replies to this topic

#1 Bernardo amorim

Bernardo amorim

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 15 May 2008 - 08:55 PM

Hello! I Hope you can help me! ^^

Deckard's System Scanner v20071014.68
Run by Administrador on 2008-05-15 22:47:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
228: 2008-05-16 01:47:57 UTC - RP228 - Deckard's System Scanner Restore Point
227: 2008-05-15 23:52:52 UTC - RP227 - Installed Altia PhotoProto 1.04.20
226: 2008-05-15 23:19:32 UTC - RP226 - Last known good configuration
225: 2008-05-15 23:19:25 UTC - RP225 - Installed Noiseware Professional Plug-in
224: 2008-05-15 23:19:25 UTC - RP224 - Installed MySQL Tools for 5.0


-- First Restore Point --
1: 2008-05-15 23:18:38 UTC - RP1 - Ponto de verificação do sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrador.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:06, on 15/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe
C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\mrofinu312.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\System32\drivers\setup\irc\irc.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Documents and Settings\Administrador\Desktop\dss.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ARQUIV~1\HIJACK~1\Administrador.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 75.125.177.50 L2authd.lineage2.com
O1 - Hosts: 75.125.177.50 L2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nProtect.lineage2.com
O1 - Hosts: 216.107.250.194 update.nProtect.com
O1 - Hosts: 216.107.250.194 update.nProtect.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {6A11553E-7737-4DA8-8FFD-B6842B415702} - C:\WINDOWS\system32\cbxxusp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {826CE285-901E-4328-B751-C72E13C68699} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] "C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu312.exe 61A847B5BBF728113399284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [749b671b] rundll32.exe "C:\WINDOWS\system32\cyaqjegt.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cbxxusp - C:\WINDOWS\SYSTEM32\cbxxusp.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12821 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Arquivos de programas\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 catchme - c:\docume~1\admini~1\config~1\temp\catchme.sys (file missing)
S3 npkcrypt - d:\jogos\lineage ii\system\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
S3 npkycryp - d:\jogos\lineage ii\system\npkycryp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\arquivos de programas\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R3 FLEXnet Licensing Service - "c:\arquivos de programas\arquivos comuns\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 SessionLauncher - c:\docume~1\admini~1\config~1\temp\dx9\sessionlauncher.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Controlador de vídeo (Compatível com VGA)
Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_63301039&REV_03\4&143DABAF&0&0008
Manufacturer:
Name: Controlador de vídeo (Compatível com VGA)
PNP Device ID: PCI\VEN_1039&DEV_6330&SUBSYS_63301039&REV_03\4&143DABAF&0&0008
Service:


-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 20:52:55 0 d-------- C:\Arquivos de programas\Altia
2008-05-15 20:49:01 0 d-------- C:\Arquivos de programas\Albatross
2008-05-15 20:38:43 1030144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2008-05-15 20:38:38 0 d-------- C:\Arquivos de programas\Filter Forge
2008-05-15 20:20:02 90176 --a------ C:\WINDOWS\system32\cyaqjegt.dll
2008-05-15 20:18:28 40762 --ahs---- C:\WINDOWS\system32\ggjlm.ini2
2008-05-15 20:18:04 276992 --a------ C:\WINDOWS\system32\mljgg.dll
2008-05-15 20:13:31 37376 --a------ C:\WINDOWS\mrofinu312.exe
2008-05-15 20:12:55 0 d-------- C:\WINDOWS\system32\iDlo16
2008-05-15 20:12:54 111840 --a------ C:\WINDOWS\system32\ope77.exe
2008-05-15 20:12:54 0 d-------- C:\Temp
2008-05-15 20:12:52 34816 --a------ C:\WINDOWS\system32\cbxxusp.dll
2008-05-15 20:12:51 352410 --a------ C:\WINDOWS\ope70.exe
2008-05-15 20:08:33 227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2008-05-15 20:08:32 0 d-------- C:\Arquivos de programas\Arquivos comuns\onOne Software Shared
2008-05-15 20:08:31 0 d-------- C:\Arquivos de programas\onOne Software
2008-05-15 19:18:19 0 d-------- C:\Alien Skin
2008-05-15 19:02:24 0 d-------- C:\Arquivos de programas\Alien Skin
2008-05-15 17:53:24 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-15 17:53:24 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-05-14 23:28:09 0 d-------- C:\Arquivos de programas\MySQL
2008-05-14 20:56:02 0 d-------- C:\Arquivos de programas\HP
2008-05-14 20:55:53 0 d-------- C:\Arquivos de programas\Hewlett-Packard
2008-05-06 01:18:36 0 d-------- C:\Arquivos de programas\PartyGaming
2008-05-04 21:35:10 0 d-a------ C:\Arquivos de programas\3D Converter
2008-05-04 21:19:15 0 d-------- C:\Arquivos de programas\GCFScape
2008-04-27 22:30:04 188416 --a------ C:\WINDOWS\amuninst.exe <Not Verified; American Systems; SETUP Application>
2008-04-26 15:57:43 0 d-------- C:\Fraps
2008-04-24 05:58:19 0 d-------- C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-04-21 08:41:15 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-21 08:41:15 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-04-20 19:19:00 0 d-------- C:\Kick It Up
2008-04-20 18:40:53 0 d-------- C:\Arquivos de programas\StepMania
2008-04-20 18:11:39 0 d-------- C:\Arquivos de programas\Frets on Fire
2008-04-16 17:17:58 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-04-16 15:17:07 0 d-------- C:\Automap
2008-04-16 00:44:48 716800 --a------ C:\WINDOWS\system32\SysInternals Bluescreen.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-04-15 20:38:29 0 d-------- C:\divx


-- Find3M Report ---------------------------------------------------------------

2008-05-15 22:09:13 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2
2008-05-15 21:58:41 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\mIRC
2008-05-15 21:57:20 0 d-------- C:\Arquivos de programas\mIRC
2008-05-15 21:09:30 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
2008-05-15 20:48:15 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Filter Forge
2008-05-15 20:32:53 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\onOne Software
2008-05-15 20:12:13 0 d--h----- C:\Arquivos de programas\InstallShield Installation Information
2008-05-15 20:08:32 0 d-------- C:\Arquivos de programas\Arquivos comuns
2008-05-15 19:41:50 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Digital Film Tools
2008-05-15 19:36:27 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Imagenomic
2008-05-15 19:34:04 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Alien Skin
2008-05-15 19:20:22 0 d-------- C:\Arquivos de programas\Arquivos comuns\InstallShield
2008-05-15 00:24:28 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MySQL
2008-05-14 09:14:51 0 d-------- C:\Arquivos de programas\uTorrent
2008-05-13 10:50:06 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype
2008-05-13 09:36:22 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM
2008-05-12 14:01:29 3072 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\DMX.bmk
2008-05-12 06:13:59 0 d-------- C:\Arquivos de programas\Minilyrics
2008-05-10 15:32:34 0 d-------- C:\Arquivos de programas\AVI ReComp
2008-05-05 16:25:47 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe
2008-05-05 15:16:00 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso
2008-04-26 07:31:52 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic
2008-04-25 00:10:20 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield
2008-04-24 05:58:28 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes
2008-04-23 02:25:57 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\fretsonfire
2008-04-22 20:55:18 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk
2008-04-16 15:17:09 0 d-------- C:\Arquivos de programas\Tibia
2008-04-14 11:42:38 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia
2008-04-13 03:53:45 0 d-------- C:\Arquivos de programas\Absolute Video to Audio Converter
2008-04-12 21:02:11 16 --a------ C:\WINDOWS\popcinfo.dat
2008-04-10 17:07:49 0 d-------- C:\Arquivos de programas\Dziobas Rar Player
2008-04-08 18:25:52 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 18:35:55 0 d-------- C:\Arquivos de programas\Java
2008-04-06 18:35:32 0 d-------- C:\Arquivos de programas\Arquivos comuns\Java
2008-04-06 13:00:06 0 d-------- C:\Arquivos de programas\No-IP
2008-04-05 16:14:19 0 d-------- C:\Arquivos de programas\microsoft frontpage
2008-04-05 00:11:47 208717 --a------ C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe
2008-04-04 19:14:23 0 d-------- C:\Arquivos de programas\Teamspeak2_RC2
2008-04-04 11:38:33 0 d-------- C:\Arquivos de programas\URUSoft
2008-04-03 19:59:29 3532 --a------ C:\drmHeader.bin
2008-04-02 20:59:50 0 d-------- C:\Arquivos de programas\Gabest
2008-04-02 20:59:43 0 d-------- C:\Arquivos de programas\Xvid
2008-04-02 20:59:06 0 d-------- C:\Arquivos de programas\AviSynth 2.5
2008-04-02 20:58:34 0 d-------- C:\Arquivos de programas\mobile PhoneTools
2008-04-02 20:55:48 0 d-------- C:\Arquivos de programas\PowerHEX
2008-03-29 12:15:06 0 d-------- C:\Arquivos de programas\Arquivos comuns\Blizzard Entertainment
2008-03-27 12:36:14 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia
2008-03-27 12:24:49 165284 --a------ C:\WINDOWS\PowerHEX Uninstaller.exe
2008-03-26 17:45:28 0 d-------- C:\Arquivos de programas\Skype
2008-03-26 17:45:25 0 d-------- C:\Arquivos de programas\Arquivos comuns\Skype
2008-03-24 21:37:43 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun
2008-03-24 19:33:50 0 d-------- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared
2008-03-24 19:33:44 0 d-------- C:\Arquivos de programas\AutoCAD Architecture 2008
2008-03-24 19:24:35 0 d-------- C:\Arquivos de programas\Autodesk
2008-03-24 12:18:00 0 d-------- C:\Arquivos de programas\MSN Messenger
2008-03-23 10:59:35 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Winamp
2008-03-23 01:24:20 0 d-------- C:\Arquivos de programas\Arquivos comuns\Thraex Software
2008-03-22 23:33:58 0 d-------- C:\Arquivos de programas\Nova pasta
2008-03-22 23:31:55 0 d-------- C:\Arquivos de programas\KGB Archiver
2008-03-22 11:48:35 0 d-------- C:\Arquivos de programas\Winamp
2008-03-22 11:13:54 0 d-------- C:\Arquivos de programas\IrfanView
2008-03-22 04:38:23 0 d-------- C:\Arquivos de programas\Arquivos comuns\Adobe
2008-03-21 12:41:36 0 d-------- C:\Arquivos de programas\Brazukas
2008-03-21 10:28:17 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers
2008-03-21 10:28:09 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony
2008-03-21 10:27:47 0 d-------- C:\Arquivos de programas\Sony
2008-03-21 10:13:55 0 d-------- C:\Arquivos de programas\Vstplugins
2008-03-21 10:05:34 0 d-------- C:\Arquivos de programas\Sony Setup
2008-03-21 02:01:07 0 d-------- C:\Arquivos de programas\u-he
2008-03-21 02:00:19 0 d-------- C:\Arquivos de programas\Celemony
2008-03-21 02:00:19 0 d-------- C:\Arquivos de programas\Arquivos comuns\Digidesign
2008-03-19 18:51:50 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Google
2008-03-16 14:35:55 551 --ah----- C:\os790985.bin
2008-03-16 14:05:34 0 d-------- C:\Arquivos de programas\Ulead GIF-X.Plugin 2.0
2008-03-16 14:01:01 0 d-------- C:\Arquivos de programas\WIBU-SYSTEMS
2008-03-16 14:01:01 0 d-------- C:\Arquivos de programas\WIBUKEY
2008-03-16 12:08:14 471494 --a------ C:\WINDOWS\system32\perfh016.dat
2008-03-16 12:08:14 78590 --a------ C:\WINDOWS\system32\perfc016.dat
2008-03-15 19:25:36 0 d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\vlc
2008-03-15 19:19:56 0 d-------- C:\Arquivos de programas\VideoLAN
2008-03-14 13:31:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-14 13:31:09 34 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.log
2008-03-14 13:30:52 47360 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-14 13:30:52 1144 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.inf
2008-03-14 13:30:52 7887 --a------ C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.cat
2008-03-14 13:18:30 0 -rahs---- C:\MSDOS.SYS
2008-03-14 13:18:30 0 -rahs---- C:\IO.SYS
2008-03-14 13:18:30 0 --a------ C:\CONFIG.SYS
2008-03-14 13:18:30 0 --a------ C:\AUTOEXEC.BAT
2008-03-14 13:15:41 21844 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-14 09:42:45 62 --ahs---- C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A11553E-7737-4DA8-8FFD-B6842B415702}]
15/05/2008 20:12 34816 --a------ C:\WINDOWS\system32\cbxxusp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{826CE285-901E-4328-B751-C72E13C68699}]
15/05/2008 20:18 276992 --a------ C:\WINDOWS\system32\mljgg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22]
"nwiz"="nwiz.exe" [22/10/2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22]
"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [20/01/2008 04:05]
"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 09:11]
"SoundMAX"="C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" [23/09/2004 12:41]
"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/05/2007 22:46]
"Adobe_ID0EYTHM"="C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20/03/2007 16:40]
"RoxWatchTray"="C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [24/08/2007 15:52]
"DMXLauncher"="C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe" [14/08/2007 03:44]
"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [01/09/2007 03:23]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [15/01/2008 19:54]
"WatchDog"="C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [14/08/2004 04:42]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"FirefoxUltimateOptimizer"="C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe" []
"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [25/06/2003 11:24]
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [23/10/2003 19:51]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [01/09/2003 08:42]
"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [21/05/2003 18:37]
"runner1"="C:\WINDOWS\mrofinu312.exe" [15/05/2008 20:13]
"749b671b"="C:\WINDOWS\system32\cyaqjegt.dll" [15/05/2008 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 21:45]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [01/09/2007 03:23]
"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [11/09/2006 04:40]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6A11553E-7737-4DA8-8FFD-B6842B415702}"= C:\WINDOWS\system32\cbxxusp.dll [15/05/2008 20:12 34816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxusp]
cbxxusp.dll 15/05/2008 20:12 34816 C:\WINDOWS\system32\cbxxusp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgg




-- Hosts -----------------------------------------------------------------------

75.125.177.50 L2authd.lineage2.com
75.125.177.50 L2testauthd.lineage2.com
216.107.250.194 nProtect.lineage2.com
216.107.250.194 update.nProtect.com
216.107.250.194 update.nProtect.net


-- End of Deckard's System Scanner: finished at 2008-05-15 22:52:03 ------------

Attached Files


Edited by Bernardo amorim, 15 May 2008 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 28 May 2008 - 06:33 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
_______________________________

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -
  • Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so we may continue cleansing the system -

- the Combofix log (C:\ComboFix.txt)
- the CCleaner Uninstall List (install.txt)
- a HijackThis log
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 31 May 2008 - 05:12 AM

Do you still need help?
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#4 Bernardo amorim

Bernardo amorim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 31 May 2008 - 11:58 PM

Yes, i need, i'll doing that know.
Thanks you! ^^

#5 Bernardo amorim

Bernardo amorim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 01 June 2008 - 12:30 PM

Here it's.
There are any problems to post it as an attachment?
^^

ComboFix: Attached File  ComboFix.txt   21.74KB   36 downloads
HijackThis: Attached File  hijackthis.log   12.56KB   8 downloads
Instal.txt: Attached File  install.txt   7.25KB   42 downloads

Thanks You! :D

Bye! o/

#6 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 01 June 2008 - 12:34 PM

There are any problems to post it as an attachment?

I prefer that you copy and paste them in your replies, it makes it easier to read.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#7 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 01 June 2008 - 12:55 PM

Hi :thumbsup:

Here are your next instructions, please copy/paste the requested logs instead of attaching them.

I understand that downloading music and other files may be important to you; however, the Peer-to-Peer programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection all over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Here is some information that looks at the rates of infection:

http://www.benedelman.org/spyware/p2p/

With that being said, I recommend that you remove the following Peer-to-Peer program(s):

(Click on Start, then Control Panel. Double click on Add or Remove Programs)

µTorrent

Also remove the following program -

Java™ 6 Update 5

Then download and install Java Runtime Environment (JRE) 6 Update 6.

Step 1

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/147101/droppergenerictht-mrofinu312exe/

Suspect::

C:\WINDOWS\ope70.exe
C:\WINDOWS\system32\ope77.exe

File::

C:\WINDOWS\mrofinu312.exe
C:\WINDOWS\system32\ope79.tmp
C:\WINDOWS\system32\ope77.tmp
C:\WINDOWS\system32\ope76.tmp
C:\WINDOWS\system32\ope75.tmp
C:\WINDOWS\ope70.tmp
C:\WINDOWS\b156.exe

Folder::

C:\WINDOWS\system32\iDlo16

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxxusp]

DirLook::

C:\systemsl2

Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
    A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
Step 2

I see that you have Malwarebytes' Anti-Malware installed, please follow these instructions to run it -
  • Open Malwarebyes' Anti-Malware. Once the program has loaded, click the Update tab, then click Check for Updates. If an update is found, the program will automaitcally download and install it.
  • Click the Scanner tab. Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.
Step 3

In your next reply, please post:
  • the Combofix log (C:\Combofix.txt)
  • the Malwarebytes' Anti-Malware log
  • a new HijackThis log

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#8 Bernardo amorim

Bernardo amorim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 01 June 2008 - 06:31 PM

Hi there! I've done all the steps, except one, the step of uTorrent. I haven't done this step becouse my brother uses uTorrent, and i share my computer with him.
Whatever. There are the logs:

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:44, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Windows\System32\drivers\setup\hosts\hosts.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\System32\drivers\setup\irc\irc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\TeamViewer3\TeamViewer_Host.exe
C:\Arquivos de programas\TeamViewer3\TeamViewer.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] "C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer3\TeamViewer_Host.exe

--
End of file - 12745 bytes



ComboFix:
ComboFix 08-05-29.1 - Administrador 2008-06-01 20:09:20.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.1018 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt
* Criado um novo ponto de restauro

FILE ::
C:\WINDOWS\b156.exe
C:\WINDOWS\mrofinu312.exe
C:\WINDOWS\ope70.tmp
C:\WINDOWS\system32\ope75.tmp
C:\WINDOWS\system32\ope76.tmp
C:\WINDOWS\system32\ope77.tmp
C:\WINDOWS\system32\ope79.tmp
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\b156.exe
C:\WINDOWS\mrofinu312.exe
C:\WINDOWS\ope70.tmp
C:\WINDOWS\system32\iDlo16
C:\WINDOWS\system32\iDlo16\iDlo162291.exe
C:\WINDOWS\system32\ope75.tmp
C:\WINDOWS\system32\ope76.tmp
C:\WINDOWS\system32\ope77.tmp
C:\WINDOWS\system32\ope79.tmp

.
((((((((((((((((((((((( Ficheiros criados de 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))
.

2008-06-01 19:52 . 2008-06-01 19:52 <DIR> d-------- C:\Arquivos de programas\Sun
2008-06-01 19:52 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-01 19:04 . 2008-06-01 19:52 <DIR> d-------- C:\Arquivos de programas\Java
2008-06-01 19:04 . 2008-06-01 19:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java
2008-06-01 14:08 . 2008-06-01 14:08 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\TeamViewer
2008-06-01 02:02 . 2008-06-01 02:02 <DIR> d-------- C:\Arquivos de programas\Yahoo!
2008-06-01 02:02 . 2008-06-01 02:02 <DIR> d-------- C:\Arquivos de programas\CCleaner
2008-05-30 14:31 . 2008-05-30 14:31 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\TeamViewer
2008-05-30 14:31 . 2008-05-30 17:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\TeamViewer
2008-05-30 14:30 . 2008-05-30 14:31 <DIR> d-------- C:\Arquivos de programas\TeamViewer3
2008-05-30 14:29 . 2008-05-30 14:29 <DIR> d-------- C:\Documents and Settings\Administrador\temp
2008-05-30 00:57 . 2008-05-30 00:57 <DIR> d-------- C:\Arquivos de programas\EVE Interactive
2008-05-30 00:56 . 2008-05-30 00:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-05-29 19:57 . 2008-05-29 19:57 <DIR> d-------- C:\Arquivos de programas\Pando Networks
2008-05-26 02:38 . 2008-05-26 02:38 244 --ah----- C:\sqmnoopt04.sqm
2008-05-26 02:38 . 2008-05-26 02:38 232 --ah----- C:\sqmdata04.sqm
2008-05-23 13:09 . 2008-05-23 13:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MozillaControl
2008-05-23 13:09 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-23 13:05 . 2008-05-23 13:20 <DIR> d-------- C:\systemsl2
2008-05-22 01:24 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-22 01:24 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-22 01:17 . 2008-05-22 01:17 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais
2008-05-15 22:47 . 2008-05-15 22:47 <DIR> d-------- C:\Deckard
2008-05-15 20:52 . 2008-05-15 20:52 <DIR> d-------- C:\Arquivos de programas\Altia
2008-05-15 20:49 . 2008-05-15 20:49 <DIR> d-------- C:\Arquivos de programas\Albatross
2008-05-15 20:39 . 2008-05-15 20:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Filter Forge
2008-05-15 20:38 . 2008-05-15 20:38 <DIR> d-------- C:\Arquivos de programas\Filter Forge
2008-05-15 20:38 . 2006-11-10 19:41 1,030,144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\onOne Software
2008-05-15 20:12 . 2008-06-01 15:42 <DIR> d-------- C:\Temp
2008-05-15 20:12 . 2008-05-15 20:12 352,410 --a------ C:\WINDOWS\ope70.exe
2008-05-15 20:12 . 2008-05-15 20:12 111,840 --a------ C:\WINDOWS\system32\ope77.exe
2008-05-15 20:08 . 2008-05-15 20:12 <DIR> d-------- C:\Arquivos de programas\onOne Software
2008-05-15 20:08 . 2008-05-15 20:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\onOne Software Shared
2008-05-15 20:08 . 2005-08-21 15:57 227,840 --a------ C:\WINDOWS\system32\Deco_32.dll
2008-05-15 19:41 . 2008-05-15 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Digital Film Tools
2008-05-15 19:39 . 2008-05-15 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Digital Film Tools
2008-05-15 19:36 . 2008-05-15 19:36 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Imagenomic
2008-05-15 19:18 . 2008-05-15 19:18 <DIR> d-------- C:\Alien Skin
2008-05-15 19:03 . 2008-05-15 19:34 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Alien Skin
2008-05-15 19:02 . 2008-05-15 19:02 <DIR> d-------- C:\Arquivos de programas\Alien Skin
2008-05-15 17:53 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-05-15 17:53 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-05-15 17:53 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-05-15 17:53 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-05-15 02:16 . 2008-05-15 02:07 33,513 --a------ C:\Harold.and.Kumar.Escape.From.Guantanamo.Bay.TS.XviD-THS [mininova].torrent
2008-05-15 02:13 . 2008-05-15 05:52 90,564 --a------ C:\Harold.and.Kumar.Escape.From.Guantanamo.Bay.TS.XviD-THS.srt
2008-05-14 23:29 . 2008-05-15 00:24 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MySQL
2008-05-14 23:28 . 2008-05-14 23:28 <DIR> d-------- C:\Arquivos de programas\MySQL
2008-05-14 23:08 . 2008-05-14 23:08 679 --a------ C:\conf_global.php
2008-05-14 20:56 . 2008-05-14 20:56 <DIR> d-------- C:\Arquivos de programas\HP
2008-05-14 20:55 . 2008-05-14 20:55 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard
2008-05-14 20:53 . 2008-05-14 20:59 232,576 --a------ C:\WINDOWS\hpdj3500.his
2008-05-14 20:53 . 2008-05-14 20:59 10,771 --a------ C:\WINDOWS\hpdj3500.ini
2008-05-14 20:51 . 2005-09-19 16:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-06 01:18 . 2008-05-06 01:18 <DIR> d-------- C:\Arquivos de programas\PartyGaming
2008-05-06 01:13 . 2008-05-06 01:13 <DIR> d-------- C:\Documents and Settings\Administrador\PARTYPokerDir
2008-05-05 00:18 . 2008-05-05 00:18 0 --a------ C:\WINDOWS\iPlayer.INI
2008-05-04 21:35 . 2008-05-04 21:38 <DIR> d-a------ C:\Arquivos de programas\3D Converter
2008-05-04 21:19 . 2008-05-04 21:38 <DIR> d-------- C:\Arquivos de programas\GCFScape

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 20:11 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
2008-06-01 18:42 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight
2008-06-01 13:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype
2008-06-01 13:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM
2008-06-01 03:01 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\mIRC
2008-06-01 02:35 --------- d-----w C:\Arquivos de programas\mIRC
2008-05-31 21:03 3,532 ----a-w C:\drmHeader.bin
2008-05-31 14:31 --------- d-----w C:\Arquivos de programas\Minilyrics
2008-05-31 04:43 --------- d-----w C:\Arquivos de programas\uTorrent
2008-05-23 16:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-05-16 01:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2
2008-05-15 22:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield
2008-05-15 20:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet
2008-05-14 06:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-05-13 02:37 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-05-10 18:32 --------- d-----w C:\Arquivos de programas\AVI ReComp
2008-05-10 05:27 --------- d-----w C:\Arquivos de programas\StepMania
2008-05-05 18:16 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Vso
2008-04-26 10:31 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic
2008-04-24 09:13 1,460 ----a-w C:\WINDOWS\Fonts\tempcod.txt
2008-04-24 08:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2008-04-24 08:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes
2008-04-24 08:58 --------- d-----w C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-04-23 05:25 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\fretsonfire
2008-04-23 05:17 --------- d-----w C:\Arquivos de programas\Frets on Fire
2008-04-22 23:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
2008-04-22 23:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk
2008-04-16 18:17 --------- d-----w C:\Arquivos de programas\Tibia
2008-04-13 06:53 --------- d-----w C:\Arquivos de programas\Absolute Video to Audio Converter
2008-04-10 20:07 --------- d-----w C:\Arquivos de programas\Dziobas Rar Player
2008-04-06 16:00 --------- d-----w C:\Arquivos de programas\No-IP
2008-04-05 19:14 --------- d-----w C:\Arquivos de programas\microsoft frontpage
2008-04-05 03:11 208,717 ----a-w C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe
2008-04-04 22:14 --------- d-----w C:\Arquivos de programas\Teamspeak2_RC2
2008-04-04 14:38 --------- d-----w C:\Arquivos de programas\URUSoft
2008-04-02 23:59 --------- d-----w C:\Arquivos de programas\Xvid
2008-04-02 23:59 --------- d-----w C:\Arquivos de programas\Gabest
2008-04-02 23:59 --------- d-----w C:\Arquivos de programas\AviSynth 2.5
2008-04-02 23:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software
2008-04-02 23:58 --------- d-----w C:\Arquivos de programas\mobile PhoneTools
2008-04-02 23:55 --------- d-----w C:\Arquivos de programas\PowerHEX
2008-03-27 15:24 165,284 ----a-w C:\WINDOWS\PowerHEX Uninstaller.exe
2008-03-27 13:56 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 621,344 ------w C:\WINDOWS\system32\DllCache\mswstr10.dll
2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:49 183,072 ------w C:\WINDOWS\system32\DllCache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 17:35 551 ---ha-w C:\os790985.bin
2008-03-14 16:30 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys
2008-03-01 21:32 3,591,680 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\systemsl2 ----

2008-05-23 13:20 82157 --a------ C:\systemsl2\lords\Desistalar L2Lords Servers.exe
2008-05-23 13:11 11362 --a------ C:\systemsl2\awbr\update.log
2008-05-23 13:11 0 --a------ C:\systemsl2\awbr\systemawbr\RUNNING.INI
2008-05-23 13:10 88 --a------ C:\systemsl2\awbr\launcher.ini
2008-05-23 13:10 458 --a------ C:\systemsl2\awbr\tools\wgetlog.log
2008-05-23 13:10 3647 --a------ C:\systemsl2\awbr\systemawbr\LOCALIZATION.INI
2008-05-23 13:10 2159 --a------ C:\systemsl2\awbr\systemawbr\WINDOWSINFO.INI
2008-05-23 13:09 54733 --a------ C:\systemsl2\awbr\mozila\components\xpti.dat
2008-05-23 13:09 2 --a------ C:\systemsl2\awbr\bat\script_0.bat
2008-04-23 23:55 145200 --a------ C:\systemsl2\linerage\systemlinerage\l2.log
2008-04-23 17:33 70177 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgm.erl
2008-04-23 17:33 4 --a------ C:\systemsl2\linerage\systemlinerage\L2CompiledShader.bin
2008-04-23 17:33 26739 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npsc.erl
2008-04-23 17:33 18134 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgl.erl
2008-04-23 17:32 25 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\GameGuard.ver
2008-04-23 17:32 15241 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgg.erl
2008-04-23 17:32 11065 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgmup.erl
2008-04-23 17:28 229264 --a------ C:\systemsl2\linerage\systemlinerage\l2_bak.log
2008-04-23 16:16 2183 --a------ C:\systemsl2\linerage\systemlinerage\WindowsInfo.ini
2008-04-23 16:16 18290 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgl1.erl
2008-04-23 15:51 4 --a------ C:\systemsl2\linerage\systemlinerage\package.dat
2008-04-23 12:44 1262 --a------ C:\systemsl2\linerage\systemlinerage\Option.ini
2008-04-18 23:33 1372180 --a------ C:\systemsl2\linerage\systemlinerage\Core.dll
2008-04-08 23:02 512000 --a------ C:\systemsl2\awbr\SubAWBRLAUNCHER.EXE
2008-04-08 21:35 512000 --a------ C:\systemsl2\awbr\AWBRLauncher.exe
2008-04-08 17:12 1240 --a------ C:\systemsl2\awbr\systemBKPAWBR\OPTION.INI
2008-04-08 17:12 1240 --a------ C:\systemsl2\awbr\systemawbr\option.save
2008-04-08 17:12 1240 --a------ C:\systemsl2\awbr\systemawbr\OPTION.INI
2008-04-08 16:37 95678 --a------ C:\systemsl2\awbr\mozila\components\compreg.dat
2008-04-08 16:37 526 --a------ C:\systemsl2\awbr\mozila\chrome\overlayinfo\communicator\content\overlays.rdf
2008-04-08 16:37 431 --a------ C:\systemsl2\awbr\mozila\chrome\overlayinfo\navigator\content\overlays.rdf
2008-04-08 16:37 39936 --a------ C:\systemsl2\awbr\mozila\mozctlx.oca
2008-04-08 16:37 362 --a------ C:\systemsl2\awbr\mozila\chrome\overlayinfo\messenger\content\overlays.rdf
2008-04-08 16:37 11682 --a------ C:\systemsl2\awbr\mozila\chrome\chrome.rdf
2008-04-08 16:35 33531 --a------ C:\systemsl2\awbr\mozila\Uninst.exe
2008-04-04 22:45 238000 --a------ C:\systemsl2\linerage\systemlinerage\itemname-e.dat
2008-04-04 22:44 78512 --a------ C:\systemsl2\linerage\systemlinerage\weapongrp.dat
2008-04-01 00:08 7250 --a------ C:\systemsl2\linerage\systemlinerage\Env.int
2008-03-31 15:35 55 --a------ C:\systemsl2\linerage\systemlinerage\s_info.ini
2008-03-30 10:52 3376 --a------ C:\systemsl2\linerage\systemlinerage\l2.ini
2008-03-27 14:38 1072 --a------ C:\systemsl2\linerage\systemlinerage\servername-e.dat
2008-03-23 11:37 101552 --a------ C:\systemsl2\linerage\systemlinerage\armorgrp.dat
2008-03-22 19:11 205 --a------ C:\systemsl2\linerage\systemlinerage\chatfilter.ini
2008-03-22 15:09 4 --a------ C:\systemsl2\awbr\systemBKPAWBR\L2CompiledShader.bin
2008-03-22 15:09 4 --a------ C:\systemsl2\awbr\systemawbr\L2CompiledShader.bin
2008-03-22 15:09 2134 --a------ C:\systemsl2\awbr\systemBKPAWBR\WINDOWSINFO.INI
2008-03-22 14:57 3850260 --a------ C:\systemsl2\awbr\systemBKPAWBR\NWINDOW.DLL
2008-03-22 14:57 3850260 --a------ C:\systemsl2\awbr\systemawbr\NWINDOW.DLL
2008-03-22 14:57 3376 --a------ C:\systemsl2\awbr\systemBKPAWBR\TESTESL2.INI
2008-03-22 14:57 3376 --a------ C:\systemsl2\awbr\systemawbr\TESTESL2.INI
2008-03-22 14:56 78093 --a------ C:\systemsl2\awbr\images\BANNER.JPG
2008-03-22 14:56 3376 --a------ C:\systemsl2\awbr\systemBKPAWBR\l2.ini
2008-03-22 14:56 3376 --a------ C:\systemsl2\awbr\systemBKPAWBR\AWBRL2.INI
2008-03-22 14:56 3376 --a------ C:\systemsl2\awbr\systemBKPAWBR\AWBR-EASYL2.INI
2008-03-22 14:56 3376 --a------ C:\systemsl2\awbr\systemawbr\l2.ini
2008-03-22 14:56 3376 --a------ C:\systemsl2\awbr\systemawbr\AWBRL2.INI
2008-03-22 14:56 3376 --a------ C:\systemsl2\awbr\systemawbr\AWBR-EASYL2.INI
2008-03-22 14:56 1240 --a------ C:\systemsl2\awbr\systemBKPAWBR\option.save
2008-03-14 17:06 4 --a------ C:\systemsl2\frintezza\systemfrintezza\L2CompiledShader.bin
2008-03-14 17:06 1307 --a------ C:\systemsl2\frintezza\systemfrintezza\Option.ini
2008-03-14 17:05 4185 --a------ C:\systemsl2\frintezza\systemfrintezza\WindowsInfo.ini
2008-03-14 17:03 64 --a------ C:\systemsl2\linerage\systemlinerage\data\filter.dat
2008-03-14 13:35 13768 --a------ C:\systemsl2\frintezza\systemfrintezza\User.ini
2008-03-14 10:42 238080 ---h----- C:\systemsl2\frintezza\systemfrintezza\Core.bpl
2008-03-13 21:28 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Angel Slayer haste.txt
2008-03-09 21:09 1372180 --a------ C:\systemsl2\frintezza\systemfrintezza\Core.dll
2008-02-23 03:11 295800 --a------ C:\systemsl2\frintezza\systemfrintezza\frame_patch.exe
2008-02-19 05:25 315 --a------ C:\systemsl2\lords\InfBack\4e95683d.Inf
2008-02-19 05:25 153 --a------ C:\systemsl2\lords\mc.zip
2008-02-19 02:36 1560047 --a------ C:\systemsl2\lords\LineageII.exe
2008-02-18 09:28 61460 --a------ C:\systemsl2\frintezza\systemfrintezza\ogg.dll
2008-02-18 01:58 1610887 --a------ C:\systemsl2\frintezza\Frintezza.exe
2008-02-17 00:04 91 --a------ C:\systemsl2\frintezza\systemfrintezza\s_info.ini
2008-02-07 14:57 763 --a------ C:\systemsl2\frintezza\systemfrintezza\chatfilter.ini
2008-02-02 05:26 631216 --a------ C:\systemsl2\frintezza\systemfrintezza\skillname-e.dat
2008-02-02 03:12 495636 --ah----- C:\systemsl2\frintezza\systemfrintezza\GameGuard.des
2008-02-02 03:12 3850260 --a------ C:\systemsl2\frintezza\systemfrintezza\nwindow.dll
2008-02-01 15:28 49328 --a------ C:\systemsl2\frintezza\systemfrintezza\systemmsg-e.dat
2008-02-01 15:24 1072 --a------ C:\systemsl2\frintezza\systemfrintezza\servername-e.dat
2008-01-29 17:33 78128 --a------ C:\systemsl2\frintezza\systemfrintezza\weapongrp.dat
2008-01-29 17:33 6064 --a------ C:\systemsl2\frintezza\systemfrintezza\zonename-e.dat
2008-01-29 17:33 495636 --a------ C:\systemsl2\frintezza\systemfrintezza\L2.exe
2008-01-29 17:33 495636 ---h----- C:\systemsl2\frintezza\systemfrintezza\Game_Guard.des
2008-01-29 17:33 4400 --a------ C:\systemsl2\frintezza\systemfrintezza\user-original.ini
2008-01-29 17:33 304 --a------ C:\systemsl2\frintezza\systemfrintezza\symbolname-e.dat
2008-01-29 17:33 28080 --a------ C:\systemsl2\frintezza\systemfrintezza\skillsoundgrp.dat
2008-01-29 17:33 2480 --a------ C:\systemsl2\frintezza\systemfrintezza\staticobject-e.dat
2008-01-29 17:33 15024 --a------ C:\systemsl2\frintezza\systemfrintezza\sysstring-e.dat
2008-01-29 17:33 1456 --a------ C:\systemsl2\frintezza\systemfrintezza\variationeffectgrp-e.dat
2008-01-29 17:32 29744 --a------ C:\systemsl2\frintezza\systemfrintezza\raiddata-e.dat
2008-01-29 17:32 23856 --a------ C:\systemsl2\frintezza\systemfrintezza\recipe-c.dat
2008-01-29 17:32 188464 --a------ C:\systemsl2\frintezza\systemfrintezza\questname-e.dat
2008-01-29 17:31 96176 --a------ C:\systemsl2\frintezza\systemfrintezza\optiondata_client-e.dat
2008-01-29 17:31 304 --a------ C:\systemsl2\frintezza\systemfrintezza\obscene-e.disabled
2008-01-29 17:30 67632 --a------ C:\systemsl2\frintezza\systemfrintezza\mobskillanimgrp.dat
2008-01-29 17:30 5680 --a------ C:\systemsl2\frintezza\systemfrintezza\huntingzone-e.dat
2008-01-29 17:30 432 --a------ C:\systemsl2\frintezza\systemfrintezza\logongrp.dat
2008-01-29 17:30 432 --a------ C:\systemsl2\frintezza\systemfrintezza\helmetgrp.dat
2008-01-29 17:30 432 --a------ C:\systemsl2\frintezza\systemfrintezza\hairaccessarygrp.dat
2008-01-29 17:30 4144 --a------ C:\systemsl2\frintezza\systemfrintezza\hairaccessorylocgrp.dat
2008-01-29 17:30 3376 --a------ C:\systemsl2\frintezza\systemfrintezza\musicinfo.dat
2008-01-29 17:30 304 --a------ C:\systemsl2\frintezza\systemfrintezza\hairgrp.dat
2008-01-29 17:30 238640 --a------ C:\systemsl2\frintezza\systemfrintezza\itemname-e.dat
2008-01-29 17:30 1968 --a------ C:\systemsl2\frintezza\systemfrintezza\hennagrp-e.dat
2008-01-29 17:30 12976 --a------ C:\systemsl2\frintezza\systemfrintezza\gametip-e.dat
2008-01-29 17:29 816 --a------ C:\systemsl2\frintezza\systemfrintezza\creditgrp-e.dat
2008-01-29 17:29 80432 --a------ C:\systemsl2\frintezza\systemfrintezza\etcitemgrp.dat
2008-01-29 17:29 6832 --a------ C:\systemsl2\frintezza\systemfrintezza\actionname-e.dat
2008-01-29 17:29 4016 --a------ C:\systemsl2\frintezza\systemfrintezza\entereventgrp.dat
2008-01-29 17:29 2480 --a------ C:\systemsl2\frintezza\systemfrintezza\chargrp.dat
2008-01-29 17:29 2224 --a------ C:\systemsl2\frintezza\systemfrintezza\classinfo-e.dat
2008-01-29 17:29 1328 --a------ C:\systemsl2\frintezza\systemfrintezza\commandname-e.dat
2008-01-29 17:29 12464 --a------ C:\systemsl2\frintezza\systemfrintezza\eula-e.dat
2008-01-29 17:29 1072 --a------ C:\systemsl2\frintezza\systemfrintezza\castlename-e.dat
2008-01-29 17:29 101552 --a------ C:\systemsl2\frintezza\systemfrintezza\armorgrp.dat
2008-01-26 19:22 59184 --a------ C:\systemsl2\frintezza\systemfrintezza\npcname-e.dat
2008-01-25 00:24 1925 --a------ C:\systemsl2\linerage\systemlinerage\Changelog
2008-01-16 20:44 80560 --a------ C:\systemsl2\lords\system\etcitemgrp.dat
2008-01-16 19:17 2139 --a------ C:\systemsl2\lords\system\WindowsInfo.ini
2008-01-16 19:15 239152 --a------ C:\systemsl2\lords\system\itemname-e.dat
2008-01-16 16:50 1307 --a------ C:\systemsl2\lords\system\Option.ini
2008-01-07 11:11 0 --a------ C:\systemsl2\lords\system\Running.ini
2008-01-07 11:10 495636 --a------ C:\systemsl2\lords\system\GameGuard.des
2008-01-07 11:10 3850260 --a------ C:\systemsl2\lords\system\NWindow.dll
2008-01-07 11:10 13820 --a------ C:\systemsl2\lords\system\user.ini
2008-01-07 10:46 432 --a------ C:\systemsl2\lords\system\obscene-e.dat
2008-01-06 11:08 114267 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\ggscan.des
2007-12-31 02:56 51504 --a------ C:\systemsl2\lords\system\npcname-e.dat
2007-12-31 02:42 49456 --a------ C:\systemsl2\lords\system\systemmsg-e.dat
2007-12-31 02:21 204 --a------ C:\systemsl2\lords\system\chatfilter.ini
2007-12-30 20:50 74 --a------ C:\systemsl2\lords\system\s_info.ini
2007-12-30 06:45 101680 --a------ C:\systemsl2\lords\system\armorgrp.dat
2007-12-30 04:37 233904 --a------ C:\systemsl2\lords\system\Npcgrp.dat
2007-12-30 01:45 7216 --a------ C:\systemsl2\lords\system\env.int
2007-12-28 19:39 3834 --a------ C:\systemsl2\linerage\systemlinerage\USAGE
2007-12-22 21:10 1072 --a------ C:\systemsl2\lords\system\servername-e.dat
2007-11-08 22:56 7432 --a------ C:\systemsl2\awbr\Leia-me.txt
2007-11-08 20:51 129214 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgm.erl
2007-11-08 20:51 129214 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgm.erl
2007-11-08 20:49 33628 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npsc.erl
2007-11-08 20:49 33628 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npsc.erl
2007-11-08 20:49 24019 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgl.erl
2007-11-08 20:49 24019 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgl.erl
2007-11-08 20:31 25 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\GameGuard.ver
2007-11-08 20:31 25 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\GameGuard.ver
2007-11-08 20:31 20132 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgg.erl
2007-11-08 20:31 20132 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgg.erl
2007-11-08 20:31 13748 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgmup.erl
2007-11-08 20:31 13748 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgmup.erl
2007-11-07 15:35 205 --a------ C:\systemsl2\awbr\systemBKPAWBR\chatfilter.ini
2007-11-07 15:35 205 --a------ C:\systemsl2\awbr\systemawbr\chatfilter.ini
2007-10-31 18:26 12382 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgl1.erl
2007-10-31 18:26 12382 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgl1.erl
2007-10-31 13:43 55 --a------ C:\systemsl2\awbr\systemBKPAWBR\s_info.ini
2007-10-31 13:43 55 --a------ C:\systemsl2\awbr\systemawbr\s_info.ini
2007-10-25 20:39 4400 --a------ C:\systemsl2\awbr\systemBKPAWBR\userZY.ini
2007-10-25 20:39 4400 --a------ C:\systemsl2\awbr\systemBKPAWBR\userZN.ini
2007-10-25 20:39 4400 --a------ C:\systemsl2\awbr\systemBKPAWBR\user.ini
2007-10-25 20:39 4400 --a------ C:\systemsl2\awbr\systemawbr\userZY.ini
2007-10-25 20:39 4400 --a------ C:\systemsl2\awbr\systemawbr\userZN.ini
2007-10-25 20:39 4400 --a------ C:\systemsl2\awbr\systemawbr\user.ini
2007-10-25 20:22 78128 --a------ C:\systemsl2\awbr\systemBKPAWBR\weapongrp.dat
2007-10-25 20:22 78128 --a------ C:\systemsl2\awbr\systemawbr\weapongrp.dat
2007-10-25 20:22 6064 --a------ C:\systemsl2\awbr\systemBKPAWBR\ZoneName-e.dat
2007-10-25 20:22 6064 --a------ C:\systemsl2\awbr\systemawbr\ZoneName-e.dat
2007-10-25 20:22 49840 --a------ C:\systemsl2\awbr\systemBKPAWBR\systemmsg-e.dat
2007-10-25 20:22 49840 --a------ C:\systemsl2\awbr\systemawbr\systemmsg-e.dat
2007-10-25 20:22 491540 --a------ C:\systemsl2\awbr\systemBKPAWBR\l2.exe
2007-10-25 20:22 491540 --a------ C:\systemsl2\awbr\systemawbr\l2.exe
2007-10-25 20:22 304 --a------ C:\systemsl2\awbr\systemBKPAWBR\symbolname-e.dat
2007-10-25 20:22 304 --a------ C:\systemsl2\awbr\systemawbr\symbolname-e.dat
2007-10-25 20:22 297008 --a------ C:\systemsl2\awbr\systemBKPAWBR\skillname-e.dat
2007-10-25 20:22 297008 --a------ C:\systemsl2\awbr\systemawbr\skillname-e.dat
2007-10-25 20:22 28080 --a------ C:\systemsl2\awbr\systemBKPAWBR\skillsoundgrp.dat
2007-10-25 20:22 28080 --a------ C:\systemsl2\awbr\systemawbr\skillsoundgrp.dat
2007-10-25 20:22 2480 --a------ C:\systemsl2\awbr\systemBKPAWBR\staticobject-e.dat
2007-10-25 20:22 2480 --a------ C:\systemsl2\awbr\systemawbr\staticobject-e.dat
2007-10-25 20:22 15024 --a------ C:\systemsl2\awbr\systemBKPAWBR\sysstring-e.dat
2007-10-25 20:22 15024 --a------ C:\systemsl2\awbr\systemawbr\sysstring-e.dat
2007-10-25 20:22 1456 --a------ C:\systemsl2\awbr\systemBKPAWBR\variationeffectgrp-e.dat
2007-10-25 20:22 1456 --a------ C:\systemsl2\awbr\systemawbr\variationeffectgrp-e.dat
2007-10-25 20:21 159152 --a------ C:\systemsl2\awbr\systemBKPAWBR\skillgrp.dat
2007-10-25 20:21 159152 --a------ C:\systemsl2\awbr\systemawbr\skillgrp.dat
2007-10-25 20:20 96176 --a------ C:\systemsl2\awbr\systemBKPAWBR\optiondata_client-e.dat
2007-10-25 20:20 96176 --a------ C:\systemsl2\awbr\systemawbr\optiondata_client-e.dat
2007-10-25 20:20 29744 --a------ C:\systemsl2\awbr\systemBKPAWBR\raiddata-e.dat
2007-10-25 20:20 29744 --a------ C:\systemsl2\awbr\systemawbr\raiddata-e.dat
2007-10-25 20:20 23856 --a------ C:\systemsl2\awbr\systemBKPAWBR\recipe-c.dat
2007-10-25 20:20 23856 --a------ C:\systemsl2\awbr\systemawbr\recipe-c.dat
2007-10-25 20:20 188464 --a------ C:\systemsl2\awbr\systemBKPAWBR\questname-e.dat
2007-10-25 20:20 188464 --a------ C:\systemsl2\awbr\systemawbr\questname-e.dat
2007-10-25 20:20 1328 --a------ C:\systemsl2\awbr\systemBKPAWBR\servername-e.dat
2007-10-25 20:20 1328 --a------ C:\systemsl2\awbr\systemawbr\servername-e.dat
2007-10-25 20:19 67632 --a------ C:\systemsl2\awbr\systemBKPAWBR\MobSkillAnimgrp.dat
2007-10-25 20:19 67632 --a------ C:\systemsl2\awbr\systemawbr\MobSkillAnimgrp.dat
2007-10-25 20:19 51248 --a------ C:\systemsl2\awbr\systemBKPAWBR\npcname-e.dat
2007-10-25 20:19 51248 --a------ C:\systemsl2\awbr\systemawbr\npcname-e.dat
2007-10-25 20:19 3376 --a------ C:\systemsl2\awbr\systemBKPAWBR\musicinfo.dat
2007-10-25 20:19 3376 --a------ C:\systemsl2\awbr\systemawbr\musicinfo.dat
2007-10-25 20:19 304 --a------ C:\systemsl2\awbr\systemBKPAWBR\obscene-e.dat
2007-10-25 20:19 304 --a------ C:\systemsl2\awbr\systemawbr\obscene-e.dat
2007-10-25 20:19 233392 --a------ C:\systemsl2\awbr\systemBKPAWBR\npcgrp.dat
2007-10-25 20:19 233392 --a------ C:\systemsl2\awbr\systemawbr\npcgrp.dat
2007-10-25 20:18 80560 --a------ C:\systemsl2\awbr\systemBKPAWBR\etcitemgrp.dat
2007-10-25 20:18 80560 --a------ C:\systemsl2\awbr\systemawbr\etcitemgrp.dat
2007-10-25 20:18 5680 --a------ C:\systemsl2\awbr\systemBKPAWBR\huntingzone-e.dat
2007-10-25 20:18 5680 --a------ C:\systemsl2\awbr\systemawbr\huntingzone-e.dat
2007-10-25 20:18 432 --a------ C:\systemsl2\awbr\systemBKPAWBR\logongrp.dat
2007-10-25 20:18 432 --a------ C:\systemsl2\awbr\systemBKPAWBR\helmetgrp.dat
2007-10-25 20:18 432 --a------ C:\systemsl2\awbr\systemBKPAWBR\hairaccessarygrp.dat
2007-10-25 20:18 432 --a------ C:\systemsl2\awbr\systemawbr\logongrp.dat
2007-10-25 20:18 432 --a------ C:\systemsl2\awbr\systemawbr\helmetgrp.dat
2007-10-25 20:18 432 --a------ C:\systemsl2\awbr\systemawbr\hairaccessarygrp.dat
2007-10-25 20:18 4144 --a------ C:\systemsl2\awbr\systemBKPAWBR\hairaccessorylocgrp.dat
2007-10-25 20:18 4144 --a------ C:\systemsl2\awbr\systemawbr\hairaccessorylocgrp.dat
2007-10-25 20:18 304 --a------ C:\systemsl2\awbr\systemBKPAWBR\hairgrp.dat
2007-10-25 20:18 304 --a------ C:\systemsl2\awbr\systemawbr\hairgrp.dat
2007-10-25 20:18 238640 --a------ C:\systemsl2\awbr\systemBKPAWBR\itemname-e.dat
2007-10-25 20:18 238640 --a------ C:\systemsl2\awbr\systemawbr\itemname-e.dat
2007-10-25 20:18 1968 --a------ C:\systemsl2\awbr\systemBKPAWBR\hennagrp-e.dat
2007-10-25 20:18 1968 --a------ C:\systemsl2\awbr\systemawbr\hennagrp-e.dat
2007-10-25 20:18 12976 --a------ C:\systemsl2\awbr\systemBKPAWBR\gametip-e.dat
2007-10-25 20:18 12976 --a------ C:\systemsl2\awbr\systemawbr\gametip-e.dat
2007-10-25 20:18 12464 --a------ C:\systemsl2\awbr\systemBKPAWBR\eula-e.dat
2007-10-25 20:18 12464 --a------ C:\systemsl2\awbr\systemawbr\eula-e.dat
2007-10-25 20:17 816 --a------ C:\systemsl2\awbr\systemBKPAWBR\creditgrp-e.dat
2007-10-25 20:17 816 --a------ C:\systemsl2\awbr\systemawbr\creditgrp-e.dat
2007-10-25 20:17 6832 --a------ C:\systemsl2\awbr\systemBKPAWBR\actionname-e.dat
2007-10-25 20:17 6832 --a------ C:\systemsl2\awbr\systemawbr\actionname-e.dat
2007-10-25 20:17 4016 --a------ C:\systemsl2\awbr\systemBKPAWBR\entereventgrp.dat
2007-10-25 20:17 4016 --a------ C:\systemsl2\awbr\systemawbr\entereventgrp.dat
2007-10-25 20:17 2480 --a------ C:\systemsl2\awbr\systemBKPAWBR\chargrp.dat
2007-10-25 20:17 2480 --a------ C:\systemsl2\awbr\systemawbr\chargrp.dat
2007-10-25 20:17 2224 --a------ C:\systemsl2\awbr\systemBKPAWBR\classinfo-e.dat
2007-10-25 20:17 2224 --a------ C:\systemsl2\awbr\systemawbr\classinfo-e.dat
2007-10-25 20:17 1328 --a------ C:\systemsl2\awbr\systemBKPAWBR\commandname-e.dat
2007-10-25 20:17 1328 --a------ C:\systemsl2\awbr\systemawbr\commandname-e.dat
2007-10-25 20:17 1072 --a------ C:\systemsl2\awbr\systemBKPAWBR\castlename-e.dat
2007-10-25 20:17 1072 --a------ C:\systemsl2\awbr\systemawbr\castlename-e.dat
2007-10-25 20:17 101552 --a------ C:\systemsl2\awbr\systemBKPAWBR\armorgrp.dat
2007-10-25 20:17 101552 --a------ C:\systemsl2\awbr\systemawbr\armorgrp.dat
2007-10-25 20:03 409620 --a------ C:\systemsl2\awbr\systemBKPAWBR\wrap_oal.dll
2007-10-25 20:03 409620 --a------ C:\systemsl2\awbr\systemawbr\wrap_oal.dll
2007-10-25 20:01 251512 --a------ C:\systemsl2\awbr\systemBKPAWBR\nwindow.u
2007-10-25 20:01 251512 --a------ C:\systemsl2\awbr\systemawbr\nwindow.u
2007-10-25 20:01 114708 --a------ C:\systemsl2\awbr\systemBKPAWBR\openal32.dll
2007-10-25 20:01 114708 --a------ C:\systemsl2\awbr\systemawbr\openal32.dll
2007-10-25 20:00 409700 --a------ C:\systemsl2\awbr\systemBKPAWBR\npkcrypt.dll
2007-10-25 20:00 409700 --a------ C:\systemsl2\awbr\systemawbr\npkcrypt.dll
2007-10-25 19:59 2006536 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineageeffect.u
2007-10-25 19:59 2006536 --a------ C:\systemsl2\awbr\systemawbr\lineageeffect.u
2007-10-25 19:59 176945 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineagemonster.u
2007-10-25 19:59 176945 --a------ C:\systemsl2\awbr\systemawbr\lineagemonster.u
2007-10-25 19:59 131092 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineagecreature.dll
2007-10-25 19:59 131092 --a------ C:\systemsl2\awbr\systemawbr\lineagecreature.dll
2007-10-25 19:59 12054 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineagecreature.u
2007-10-25 19:59 12054 --a------ C:\systemsl2\awbr\systemawbr\lineagecreature.u
2007-10-25 19:58 534267 --a------ C:\systemsl2\awbr\systemBKPAWBR\interface.xdat
2007-10-25 19:58 534267 --a------ C:\systemsl2\awbr\systemawbr\interface.xdat
2007-10-25 19:58 1964561 --a------ C:\systemsl2\awbr\systemBKPAWBR\interface.u
2007-10-25 19:58 1964561 --a------ C:\systemsl2\awbr\systemawbr\interface.u
2007-10-25 19:57 30421012 --a------ C:\systemsl2\awbr\systemBKPAWBR\engine.dll
2007-10-25 19:57 30421012 --a------ C:\systemsl2\awbr\systemawbr\engine.dll
2007-10-25 19:37 376 --a------ C:\systemsl2\awbr\systemBKPAWBR\Lineage2us.ini
2007-10-25 19:37 376 --a------ C:\systemsl2\awbr\systemawbr\Lineage2us.ini
2007-09-14 11:35 749588 --a------ C:\systemsl2\awbr\systemBKPAWBR\Window.dll
2007-09-14 11:35 749588 --a------ C:\systemsl2\awbr\systemawbr\Window.dll
2007-09-14 11:35 630804 --a------ C:\systemsl2\awbr\systemBKPAWBR\WinDrv.dll
2007-09-14 11:35 630804 --a------ C:\systemsl2\awbr\systemawbr\WinDrv.dll
2007-09-14 11:35 491540 --a------ C:\systemsl2\awbr\systemBKPAWBR\IpDrv.dll
2007-09-14 11:35 491540 --a------ C:\systemsl2\awbr\systemawbr\IpDrv.dll
2007-09-14 11:35 352276 --a------ C:\systemsl2\awbr\systemBKPAWBR\ALAudio.dll
2007-09-14 11:35 352276 --a------ C:\systemsl2\awbr\systemawbr\ALAudio.dll
2007-09-14 11:35 315412 --a------ C:\systemsl2\awbr\systemBKPAWBR\Fire.dll
2007-09-14 11:35 315412 --a------ C:\systemsl2\awbr\systemawbr\Fire.dll
2007-09-14 11:35 1372180 --a------ C:\systemsl2\awbr\systemBKPAWBR\Core.dll
2007-09-14 11:35 1372180 --a------ C:\systemsl2\awbr\systemawbr\Core.dll
2007-09-14 11:35 1277972 --a------ C:\systemsl2\awbr\systemBKPAWBR\D3DDrv.dll
2007-09-14 11:35 1277972 --a------ C:\systemsl2\awbr\systemawbr\D3DDrv.dll
2007-08-23 00:11 5632 --ah----- C:\systemsl2\linerage\systemlinerage\GameGuard\Thumbs.db
2007-08-22 20:45 54272 --ahs---- C:\systemsl2\linerage\systemlinerage\Thumbs.db
2007-08-21 00:31 4 --a------ C:\systemsl2\lords\system\L2CompiledShader.bin
2007-08-21 00:18 2864 --a------ C:\systemsl2\lords\system\eula-e.dat
2007-08-20 23:47 28080 --a------ C:\systemsl2\lords\system\skillsoundgrp.dat
2007-08-20 23:38 159152 --a------ C:\systemsl2\lords\system\skillgrp.dat
2007-08-19 19:09 96176 --a------ C:\systemsl2\lords\system\optiondata_client-e.dat
2007-08-19 19:09 78128 --a------ C:\systemsl2\lords\system\Weapongrp.dat
2007-08-19 19:09 6064 --a------ C:\systemsl2\lords\system\zonename-e.dat
2007-08-19 19:09 495636 --a------ C:\systemsl2\lords\system\L2.exe
2007-08-19 19:09 304 --a------ C:\systemsl2\lords\system\symbolname-e.dat
2007-08-19 19:09 29744 --a------ C:\systemsl2\lords\system\raiddata-e.dat
2007-08-19 19:09 297008 --a------ C:\systemsl2\lords\system\skillname-e.dat
2007-08-19 19:09 2480 --a------ C:\systemsl2\lords\system\staticobject-e.dat
2007-08-19 19:09 23856 --a------ C:\systemsl2\lords\system\recipe-c.dat
2007-08-19 19:09 188464 --a------ C:\systemsl2\lords\system\questname-e.dat
2007-08-19 19:09 15024 --a------ C:\systemsl2\lords\system\sysstring-e.dat
2007-08-19 19:09 1456 --a------ C:\systemsl2\lords\system\variationeffectgrp-e.dat
2007-08-19 19:08 816 --a------ C:\systemsl2\lords\system\creditgrp-e.dat
2007-08-19 19:08 6832 --a------ C:\systemsl2\lords\system\actionname-e.dat
2007-08-19 19:08 67632 --a------ C:\systemsl2\lords\system\mobskillanimgrp.dat
2007-08-19 19:08 5680 --a------ C:\systemsl2\lords\system\huntingzone-e.dat
2007-08-19 19:08 432 --a------ C:\systemsl2\lords\system\logongrp.dat
2007-08-19 19:08 432 --a------ C:\systemsl2\lords\system\helmetgrp.dat
2007-08-19 19:08 432 --a------ C:\systemsl2\lords\system\hairaccessarygrp.dat
2007-08-19 19:08 4144 --a------ C:\systemsl2\lords\system\hairaccessorylocgrp.dat
2007-08-19 19:08 4016 --a------ C:\systemsl2\lords\system\entereventgrp.dat
2007-08-19 19:08 3376 --a------ C:\systemsl2\lords\system\musicinfo.dat
2007-08-19 19:08 3376 --a------ C:\systemsl2\lords\system\l2.ini
2007-08-19 19:08 304 --a------ C:\systemsl2\lords\system\hairgrp.dat
2007-08-19 19:08 2480 --a------ C:\systemsl2\lords\system\chargrp.dat
2007-08-19 19:08 2224 --a------ C:\systemsl2\lords\system\classinfo-e.dat
2007-08-19 19:08 1968 --a------ C:\systemsl2\lords\system\hennagrp-e.dat
2007-08-19 19:08 1328 --a------ C:\systemsl2\lords\system\commandname-e.dat
2007-08-19 19:08 12976 --a------ C:\systemsl2\lords\system\gametip-e.dat
2007-08-19 19:08 1072 --a------ C:\systemsl2\lords\system\castlename-e.dat
2007-08-19 04:30 749588 --a------ C:\systemsl2\lords\system\Window.dll
2007-08-19 04:30 729 --a------ C:\systemsl2\lords\system\windrv.int
2007-08-19 04:30 634900 --a------ C:\systemsl2\lords\system\WinDrv.dll
2007-08-19 04:30 527005 --a------ C:\systemsl2\lords\system\wform.bm
2007-08-19 04:30 409620 --a------ C:\systemsl2\lords\system\wrap_oal.dll
2007-08-19 04:30 2337 --a------ C:\systemsl2\lords\system\Window.int
2007-08-19 04:29 795 --a------ C:\systemsl2\lords\system\ttfontinfo.ini
2007-08-19 04:29 693798 --a------ C:\systemsl2\lords\system\UWindow.u
2007-08-19 04:29 61460 --a------ C:\systemsl2\lords\system\ogg.dll
2007-08-19 04:29 263641 --a------ C:\systemsl2\lords\system\UDebugMenu.u
2007-08-19 04:29 251512 --a------ C:\systemsl2\lords\system\nwindow.u
2007-08-19 04:29 249876 --a------ C:\systemsl2\lords\system\vorbis.dll
2007-08-19 04:29 181800 --a------ C:\systemsl2\lords\system\smallfont.gly
2007-08-19 04:29 1702 --a------ C:\systemsl2\lords\system\soulshot.int
2007-08-19 04:29 1560 --a------ C:\systemsl2\lords\system\smallfont-e.gly
2007-08-19 04:29 14452 --a------ C:\systemsl2\lords\system\timeenv1.int
2007-08-19 04:29 14099 --a------ C:\systemsl2\lords\system\timeenv3.int
2007-08-19 04:29 13322 --a------ C:\systemsl2\lords\system\timeenv2.int
2007-08-19 04:29 13233 --a------ C:\systemsl2\lords\system\timeenv0.int
2007-08-19 04:29 114708 --a------ C:\systemsl2\lords\system\openal32.dll
2007-08-19 04:29 106516 --a------ C:\systemsl2\lords\system\vorbisfile.dll
2007-08-19 04:28 9084 --a------ C:\systemsl2\lords\system\LineageVehicle.u
2007-08-19 04:28 82452 --a------ C:\systemsl2\lords\system\msxml4r.dll
2007-08-19 04:28 53268 --a------ C:\systemsl2\lords\system\npkpdb.dll
2007-08-19 04:28 44564 --a------ C:\systemsl2\lords\system\msxml4a.dll
2007-08-19 04:28 409700 --a------ C:\systemsl2\lords\system\npkcrypt.dll
2007-08-19 04:28 3647 --a------ C:\systemsl2\lords\system\localization.ini
2007-08-19 04:28 31540 --a------ C:\systemsl2\lords\system\LineageWarrior.u
2007-08-19 04:28 193542 --a------ C:\systemsl2\lords\system\lineagewarrior.int
2007-08-19 04:28 1233940 --a------ C:\systemsl2\lords\system\msxml4.dll
2007-08-19 04:28 12192 --a------ C:\systemsl2\lords\system\lineagenpcev.u
2007-08-19 04:27 91687 --a------ C:\systemsl2\lords\system\LineageNpc.u
2007-08-19 04:27 79016 --a------ C:\systemsl2\lords\system\lineagemonster3.u
2007-08-19 04:27 73703 --a------ C:\systemsl2\lords\system\IpDrv.u
2007-08-19 04:27 68190 --a------ C:\systemsl2\lords\system\LineageMonster2.u
2007-08-19 04:27 6752 --a------ C:\systemsl2\lords\system\LineageDeco.u
2007-08-19 04:27 55710 --a------ C:\systemsl2\lords\system\lineagemonster3.int
2007-08-19 04:27 534267 --a------ C:\systemsl2\lords\system\interface.xdat
2007-08-19 04:27 527907 --a------ C:\systemsl2\lords\system\lineagemonster.int
2007-08-19 04:27 491540 --a------ C:\systemsl2\lords\system\IpDrv.dll
2007-08-19 04:27 4344 --a------ C:\systemsl2\lords\system\lineagenpc2.int
2007-08-19 04:27 3516 --a------ C:\systemsl2\lords\system\l2forecf.ffe
2007-08-19 04:27 233492 --a------ C:\systemsl2\lords\system\ifc23.dll
2007-08-19 04:27 2006536 --a------ C:\systemsl2\lords\system\LineageEffect.u
2007-08-19 04:27 1964561 --a------ C:\systemsl2\lords\system\interface.u
2007-08-19 04:27 185632 --a------ C:\systemsl2\lords\system\largefont.gly
2007-08-19 04:27 1840 --a------ C:\systemsl2\lords\system\ipdrv.int
2007-08-19 04:27 176945 --a------ C:\systemsl2\lords\system\LineageMonster.u
2007-08-19 04:27 163 --a------ C:\systemsl2\lords\system\l2.int
2007-08-19 04:27 1560 --a------ C:\systemsl2\lords\system\largefont-e.gly
2007-08-19 04:27 151403 --a------ C:\systemsl2\lords\system\lineagemonster2.int
2007-08-19 04:27 14464 --a------ C:\systemsl2\lords\system\lineagenpc2.u
2007-08-19 04:27 131092 --a------ C:\systemsl2\lords\system\lineagecreature.dll
2007-08-19 04:27 12054 --a------ C:\systemsl2\lords\system\lineagecreature.u
2007-08-19 04:27 103714 --a------ C:\systemsl2\lords\system\LineageNpc.int
2007-08-19 04:26 6700 --a------ C:\systemsl2\lords\system\engine.int
2007-08-19 04:26 315412 --a------ C:\systemsl2\lords\system\Fire.dll
2007-08-19 04:26 30380052 --a------ C:\systemsl2\lords\system\Engine.dll
2007-08-19 04:26 2805259 --a------ C:\systemsl2\lords\system\Engine.u
2007-08-19 04:26 212008 --a------ C:\systemsl2\lords\system\GamePlay.u
2007-08-19 04:26 15491 --a------ C:\systemsl2\lords\system\Fire.u
2007-08-19 04:26 110933 --a------ C:\systemsl2\lords\system\Hair.int
2007-08-19 04:25 62996 --a------ C:\systemsl2\lords\system\dsetup.dll
2007-08-19 04:25 593932 --a------ C:\systemsl2\lords\system\Editor.u
2007-08-19 04:25 150548 --a------ C:\systemsl2\lords\system\encvag.dll
2007-08-19 04:25 1277972 --a------ C:\systemsl2\lords\system\D3DDrv.dll
2007-08-19 04:25 102420 --a------ C:\systemsl2\lords\system\defopenal32.dll
2007-08-19 04:24 65662 --a------ C:\systemsl2\lords\system\Core.u
2007-08-19 04:24 601048 --a------ C:\systemsl2\lords\system\asiahm-medium.ttf
2007-08-19 04:24 454 --a------ C:\systemsl2\lords\system\cloak.int
2007-08-19 04:24 352276 --a------ C:\systemsl2\lords\system\ALAudio.dll
2007-08-19 04:24 350 --a------ C:\systemsl2\lords\system\bighead.int
2007-08-19 04:24 3423 --a------ C:\systemsl2\lords\system\core.int
2007-08-19 04:24 2658 --a------ C:\systemsl2\lords\system\alaudio.int
2007-08-19 04:24 181800 --a------ C:\systemsl2\lords\system\creditfont.gly
2007-08-19 04:24 1372180 --a------ C:\systemsl2\lords\system\Core.dll
2007-08-19 04:18 371 --a------ C:\systemsl2\lords\system\Lineage2us.ini
2007-08-19 04:18 26344 --a------ C:\systemsl2\lords\system\npkcrypt.vxd
2007-08-19 04:18 23217 --a------ C:\systemsl2\lords\system\npkcrypt.sys
2007-08-19 04:18 15472 --a------ C:\systemsl2\lords\system\npkcusb.sys
2007-08-06 22:39 2923659 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\GameMon.des
2007-08-06 16:39 2923659 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\GameMon.des
2007-08-06 16:39 2923659 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\GameMon.des
2007-08-05 00:59 266928 --a------ C:\systemsl2\frintezza\systemfrintezza\npcgrp.dat
2007-08-04 21:11 188720 --a------ C:\systemsl2\frintezza\systemfrintezza\skillgrp.dat
2007-08-04 09:22 7680 --a------ C:\systemsl2\linerage\systemlinerage\gg-bps.dll
2007-08-04 09:22 494260 --a------ C:\systemsl2\linerage\systemlinerage\weapongrp.dat.dat
2007-08-04 09:22 3528 --a------ C:\systemsl2\linerage\systemlinerage\l2wildv7.log
2007-07-27 03:26 89691 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npggNT.des
2007-07-26 21:26 89691 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npggNT.des
2007-07-26 21:26 89691 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npggNT.des
2007-07-25 23:03 67673 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npsc.des
2007-07-25 17:03 67673 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npsc.des
2007-07-25 17:03 67673 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npsc.des
2007-07-25 00:07 409620 --a------ C:\systemsl2\frintezza\systemfrintezza\wrap_oal.dll
2007-07-25 00:06 263641 --a------ C:\systemsl2\frintezza\systemfrintezza\udebugmenu.u
2007-07-25 00:06 251512 --a------ C:\systemsl2\frintezza\systemfrintezza\nwindow.u
2007-07-25 00:06 114708 --a------ C:\systemsl2\frintezza\systemfrintezza\openal32.dll
2007-07-25 00:05 91687 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagenpc.u
2007-07-25 00:05 79016 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageMonster3.u
2007-07-25 00:05 4344 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagenpc2.int
2007-07-25 00:05 409700 --a------ C:\systemsl2\frintezza\systemfrintezza\npkcrypt.dll
2007-07-25 00:05 176945 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageMonster.u
2007-07-25 00:05 14464 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagenpc2.u
2007-07-25 00:05 12192 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagenpcev.u
2007-07-25 00:04 6752 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageDeco.u
2007-07-25 00:04 2006536 --a------ C:\systemsl2\frintezza\systemfrintezza\lineageeffect.u
2007-07-25 00:04 131092 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagecreature.dll
2007-07-25 00:04 12054 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagecreature.u
2007-07-25 00:03 534267 --a------ C:\systemsl2\frintezza\systemfrintezza\interface.xdat
2007-07-25 00:03 1964561 --a------ C:\systemsl2\frintezza\systemfrintezza\interface.u
2007-07-25 00:02 30380052 --a------ C:\systemsl2\frintezza\systemfrintezza\engine.dll
2007-07-24 22:09 371 --a------ C:\systemsl2\frintezza\systemfrintezza\Lineage2us.ini
2007-07-24 22:09 26344 --a------ C:\systemsl2\frintezza\systemfrintezza\npkcrypt.vxd
2007-07-24 22:09 23217 --a------ C:\systemsl2\frintezza\systemfrintezza\npkcrypt.sys
2007-07-24 22:09 15472 --a------ C:\systemsl2\frintezza\systemfrintezza\npkcusb.sys
2007-07-23 01:15 369 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\Lineage2us.ini
2007-07-04 02:02 75355 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgmup.des.new
2007-07-04 02:02 75355 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgmup.des
2007-07-03 20:02 75355 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgmup.des.new
2007-07-03 20:02 75355 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgmup.des
2007-07-03 20:02 75355 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgmup.des.new
2007-07-03 20:02 75355 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgmup.des
2007-06-29 10:19 91687 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageNpc.u
2007-06-29 10:19 91687 --a------ C:\systemsl2\awbr\systemawbr\LineageNpc.u
2007-06-29 10:19 9084 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageVehicle.u
2007-06-29 10:19 9084 --a------ C:\systemsl2\awbr\systemawbr\LineageVehicle.u
2007-06-29 10:19 79016 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageMonster3.u
2007-06-29 10:19 79016 --a------ C:\systemsl2\awbr\systemawbr\LineageMonster3.u
2007-06-29 10:19 73703 --a------ C:\systemsl2\awbr\systemBKPAWBR\IpDrv.u
2007-06-29 10:19 73703 --a------ C:\systemsl2\awbr\systemawbr\IpDrv.u
2007-06-29 10:19 693798 --a------ C:\systemsl2\awbr\systemBKPAWBR\UWindow.u
2007-06-29 10:19 693798 --a------ C:\systemsl2\awbr\systemawbr\UWindow.u
2007-06-29 10:19 68190 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageMonster2.u
2007-06-29 10:19 68190 --a------ C:\systemsl2\awbr\systemawbr\LineageMonster2.u
2007-06-29 10:19 6752 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageDeco.u
2007-06-29 10:19 6752 --a------ C:\systemsl2\awbr\systemawbr\LineageDeco.u
2007-06-29 10:19 65662 --a------ C:\systemsl2\awbr\systemBKPAWBR\Core.u
2007-06-29 10:19 65662 --a------ C:\systemsl2\awbr\systemawbr\Core.u
2007-06-29 10:19 593932 --a------ C:\systemsl2\awbr\systemBKPAWBR\Editor.u
2007-06-29 10:19 593932 --a------ C:\systemsl2\awbr\systemawbr\Editor.u
2007-06-29 10:19 31540 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageWarrior.u
2007-06-29 10:19 31540 --a------ C:\systemsl2\awbr\systemawbr\LineageWarrior.u
2007-06-29 10:19 2805259 --a------ C:\systemsl2\awbr\systemBKPAWBR\Engine.u
2007-06-29 10:19 2805259 --a------ C:\systemsl2\awbr\systemawbr\Engine.u
2007-06-29 10:19 263641 --a------ C:\systemsl2\awbr\systemBKPAWBR\UDebugMenu.u
2007-06-29 10:19 263641 --a------ C:\systemsl2\awbr\systemawbr\UDebugMenu.u
2007-06-29 10:19 212008 --a------ C:\systemsl2\awbr\systemBKPAWBR\GamePlay.u
2007-06-29 10:19 212008 --a------ C:\systemsl2\awbr\systemawbr\GamePlay.u
2007-06-29 10:19 15491 --a------ C:\systemsl2\awbr\systemBKPAWBR\Fire.u
2007-06-29 10:19 15491 --a------ C:\systemsl2\awbr\systemawbr\Fire.u
2007-06-29 10:19 14464 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageNpc2.u
2007-06-29 10:19 14464 --a------ C:\systemsl2\awbr\systemawbr\LineageNpc2.u
2007-06-29 10:19 12192 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageNpcEv.u
2007-06-29 10:19 12192 --a------ C:\systemsl2\awbr\systemawbr\LineageNpcEv.u
2007-06-26 15:56 9084 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageVehicle.u
2007-06-26 15:56 749588 --a------ C:\systemsl2\frintezza\systemfrintezza\Window.dll
2007-06-26 15:56 73703 --a------ C:\systemsl2\frintezza\systemfrintezza\IpDrv.u
2007-06-26 15:56 693798 --a------ C:\systemsl2\frintezza\systemfrintezza\UWindow.u
2007-06-26 15:56 68190 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageMonster2.u
2007-06-26 15:56 65662 --a------ C:\systemsl2\frintezza\systemfrintezza\Core.u
2007-06-26 15:56 634900 --a------ C:\systemsl2\frintezza\systemfrintezza\WinDrv.dll
2007-06-26 15:56 593932 --a------ C:\systemsl2\frintezza\systemfrintezza\Editor.u
2007-06-26 15:56 491540 --a------ C:\systemsl2\frintezza\systemfrintezza\IpDrv.dll
2007-06-26 15:56 352276 --a------ C:\systemsl2\frintezza\systemfrintezza\ALAudio.dll
2007-06-26 15:56 315412 --a------ C:\systemsl2\frintezza\systemfrintezza\Fire.dll
2007-06-26 15:56 31540 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageWarrior.u
2007-06-26 15:56 2805259 --a------ C:\systemsl2\frintezza\systemfrintezza\Engine.u
2007-06-26 15:56 212008 --a------ C:\systemsl2\frintezza\systemfrintezza\GamePlay.u
2007-06-26 15:56 15491 --a------ C:\systemsl2\frintezza\systemfrintezza\Fire.u
2007-06-26 15:56 1277972 --a------ C:\systemsl2\frintezza\systemfrintezza\D3DDrv.dll
2007-06-16 23:20 409620 --a------ C:\systemsl2\linerage\systemlinerage\wrap_oal.dll
2007-06-16 23:20 114708 --a------ C:\systemsl2\linerage\systemlinerage\openal32.dll
2007-06-16 23:19 409700 --a------ C:\systemsl2\linerage\systemlinerage\npkcrypt.dll
2007-06-16 23:18 2006565 --a------ C:\systemsl2\linerage\systemlinerage\lineageeffect.u
2007-06-16 23:18 1959770 --a------ C:\systemsl2\linerage\systemlinerage\interface.u
2007-06-16 23:18 131092 --a------ C:\systemsl2\linerage\systemlinerage\lineagecreature.dll
2007-06-16 23:18 12054 --a------ C:\systemsl2\linerage\systemlinerage\lineagecreature.u
2007-06-16 23:17 30408724 --a------ C:\systemsl2\linerage\systemlinerage\engine.dll
2007-06-16 16:27 96304 --a------ C:\systemsl2\linerage\systemlinerage\optiondata_client-e.dat
2007-06-16 16:27 67632 --a------ C:\systemsl2\linerage\systemlinerage\mobskillanimgrp.dat
2007-06-16 16:27 6064 --a------ C:\systemsl2\linerage\systemlinerage\zonename-e.dat
2007-06-16 16:27 51376 --a------ C:\systemsl2\linerage\systemlinerage\npcname-e.dat
2007-06-16 16:27 487444 --a------ C:\systemsl2\linerage\systemlinerage\L2.exe
2007-06-16 16:27 48432 --a------ C:\systemsl2\linerage\systemlinerage\systemmsg-e.dat
2007-06-16 16:27 4400 --a------ C:\systemsl2\linerage\systemlinerage\user.ini
2007-06-16 16:27 432 --a------ C:\systemsl2\linerage\systemlinerage\logongrp.dat
2007-06-16 16:27 3376 --a------ C:\systemsl2\linerage\systemlinerage\musicinfo.dat
2007-06-16 16:27 304 --a------ C:\systemsl2\linerage\systemlinerage\symbolname-e.dat
2007-06-16 16:27 304 --a------ C:\systemsl2\linerage\systemlinerage\obscene-e.dat
2007-06-16 16:27 29744 --a------ C:\systemsl2\linerage\systemlinerage\raiddata-e.dat
2007-06-16 16:27 296752 --a------ C:\systemsl2\linerage\systemlinerage\skillname-e.dat
2007-06-16 16:27 28080 --a------ C:\systemsl2\linerage\systemlinerage\skillsoundgrp.dat
2007-06-16 16:27 2480 --a------ C:\systemsl2\linerage\systemlinerage\staticobject-e.dat
2007-06-16 16:27 23728 --a------ C:\systemsl2\linerage\systemlinerage\recipe-c.dat
2007-06-16 16:27 233392 --a------ C:\systemsl2\linerage\systemlinerage\npcgrp.dat
2007-06-16 16:27 188464 --a------ C:\systemsl2\linerage\systemlinerage\questname-e.dat
2007-06-16 16:27 159024 --a------ C:\systemsl2\linerage\systemlinerage\skillgrp.dat
2007-06-16 16:27 15024 --a------ C:\systemsl2\linerage\systemlinerage\sysstring-e.dat
2007-06-16 16:27 1456 --a------ C:\systemsl2\linerage\systemlinerage\variationeffectgrp-e.dat
2007-06-16 16:26 816 --a------ C:\systemsl2\linerage\systemlinerage\creditgrp-e.dat
2007-06-16 16:26 80048 --a------ C:\systemsl2\linerage\systemlinerage\etcitemgrp.dat
2007-06-16 16:26 6832 --a------ C:\systemsl2\linerage\systemlinerage\actionname-e.dat
2007-06-16 16:26 5680 --a------ C:\systemsl2\linerage\systemlinerage\huntingzone-e.dat
2007-06-16 16:26 560 --a------ C:\systemsl2\linerage\systemlinerage\hairaccessarygrp.dat
2007-06-16 16:26 432 --a------ C:\systemsl2\linerage\systemlinerage\helmetgrp.dat
2007-06-16 16:26 4272 --a------ C:\systemsl2\linerage\systemlinerage\hairaccessorylocgrp.dat
2007-06-16 16:26 4016 --a------ C:\systemsl2\linerage\systemlinerage\entereventgrp.dat
2007-06-16 16:26 304 --a------ C:\systemsl2\linerage\systemlinerage\hairgrp.dat
2007-06-16 16:26 2480 --a------ C:\systemsl2\linerage\systemlinerage\chargrp.dat
2007-06-16 16:26 2224 --a------ C:\systemsl2\linerage\systemlinerage\classinfo-e.dat
2007-06-16 16:26 1968 --a------ C:\systemsl2\linerage\systemlinerage\hennagrp-e.dat
2007-06-16 16:26 1328 --a------ C:\systemsl2\linerage\systemlinerage\commandname-e.dat
2007-06-16 16:26 12976 --a------ C:\systemsl2\linerage\systemlinerage\gametip-e.dat
2007-06-16 16:26 12464 --a------ C:\systemsl2\linerage\systemlinerage\eula-e.dat
2007-06-16 16:26 1072 --a------ C:\systemsl2\linerage\systemlinerage\castlename-e.dat
2007-05-31 14:32 527907 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageMonster.int
2007-05-31 14:32 527907 --a------ C:\systemsl2\awbr\systemawbr\LineageMonster.int
2007-05-30 17:07 749588 --a------ C:\systemsl2\linerage\systemlinerage\Window.dll
2007-05-30 17:07 630804 --a------ C:\systemsl2\linerage\systemlinerage\WinDrv.dll
2007-05-30 17:07 532914 --a------ C:\systemsl2\linerage\systemlinerage\Interface.xdat
2007-05-30 17:07 527907 --a------ C:\systemsl2\linerage\systemlinerage\LineageMonster.int
2007-05-30 17:07 491540 --a------ C:\systemsl2\linerage\systemlinerage\IpDrv.dll
2007-05-30 17:07 3850260 --a------ C:\systemsl2\linerage\systemlinerage\NWindow.dll
2007-05-30 17:07 352276 --a------ C:\systemsl2\linerage\systemlinerage\ALAudio.dll
2007-05-30 17:07 315412 --a------ C:\systemsl2\linerage\systemlinerage\Fire.dll
2007-05-30 17:07 251224 --a------ C:\systemsl2\linerage\systemlinerage\NWindow.u
2007-05-30 17:07 176949 --a------ C:\systemsl2\linerage\systemlinerage\LineageMonster.u
2007-05-30 17:07 1277972 --a------ C:\systemsl2\linerage\systemlinerage\D3DDrv.dll
2007-05-30 16:07 527907 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageMonster.int
2007-05-29 15:42 304 --a------ C:\systemsl2\frintezza\systemfrintezza\obscene-e.dat
2007-05-29 01:02 3376 --a------ C:\systemsl2\frintezza\systemfrintezza\l2.ini
2007-05-22 18:58 91687 --a------ C:\systemsl2\linerage\systemlinerage\LineageNpc.u
2007-05-22 18:58 9084 --a------ C:\systemsl2\linerage\systemlinerage\LineageVehicle.u
2007-05-22 18:58 79016 --a------ C:\systemsl2\linerage\systemlinerage\LineageMonster3.u
2007-05-22 18:58 73703 --a------ C:\systemsl2\linerage\systemlinerage\IpDrv.u
2007-05-22 18:58 693798 --a------ C:\systemsl2\linerage\systemlinerage\UWindow.u
2007-05-22 18:58 68190 --a------ C:\systemsl2\linerage\systemlinerage\LineageMonster2.u
2007-05-22 18:58 6752 --a------ C:\systemsl2\linerage\systemlinerage\LineageDeco.u
2007-05-22 18:58 65662 --a------ C:\systemsl2\linerage\systemlinerage\Core.u
2007-05-22 18:58 593932 --a------ C:\systemsl2\linerage\systemlinerage\Editor.u
2007-05-22 18:58 31540 --a------ C:\systemsl2\linerage\systemlinerage\LineageWarrior.u
2007-05-22 18:58 2805259 --a------ C:\systemsl2\linerage\systemlinerage\Engine.u
2007-05-22 18:58 263641 --a------ C:\systemsl2\linerage\systemlinerage\UDebugMenu.u
2007-05-22 18:58 212008 --a------ C:\systemsl2\linerage\systemlinerage\GamePlay.u
2007-05-22 18:58 15491 --a------ C:\systemsl2\linerage\systemlinerage\Fire.u
2007-05-22 18:58 14464 --a------ C:\systemsl2\linerage\systemlinerage\LineageNpc2.u
2007-05-22 18:58 12192 --a------ C:\systemsl2\linerage\systemlinerage\LineageNpcEv.u
2007-05-15 02:18 42587 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgg9x.des
2007-05-14 20:18 42587 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\npgg9x.des
2007-05-14 20:18 42587 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\npgg9x.des
2007-05-06 16:09 9230 --a------ C:\systemsl2\linerage\systemlinerage\Lineage2.ini
2007-05-06 16:09 8002 --a------ C:\systemsl2\linerage\systemlinerage\lineage2.log
2007-05-06 16:09 3072 --a------ C:\systemsl2\linerage\systemlinerage\fldrv.dll
2007-05-06 16:09 163 --a------ C:\systemsl2\linerage\systemlinerage\lineage2.int
2007-04-23 17:39 3647 --a------ C:\systemsl2\linerage\systemlinerage\Localization.ini
2007-04-23 16:39 3647 --a------ C:\systemsl2\frintezza\systemfrintezza\Localization.ini
2007-04-17 15:08 218 --a------ C:\systemsl2\linerage\systemlinerage\data\scripts\load.pas
2007-04-12 01:19 3829780 --a------ C:\systemsl2\linerage\systemlinerage\Copy of nwindow.dll
2007-04-03 18:22 0 --a------ C:\systemsl2\awbr\log\err.log
2007-04-03 12:36 727 --a------ C:\systemsl2\awbr\posts\8.POST
2007-04-03 11:29 636 --a------ C:\systemsl2\awbr\posts\2.POST
2007-04-03 11:22 902 --a------ C:\systemsl2\awbr\posts\5.POST
2007-03-22 19:57 55710 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageMonster3.int
2007-03-22 19:57 55710 --a------ C:\systemsl2\awbr\systemawbr\LineageMonster3.int
2007-03-20 05:28 1709 --a------ C:\systemsl2\linerage\systemlinerage\FontInfo.ini
2007-03-19 16:57 55710 --a------ C:\systemsl2\linerage\systemlinerage\LineageMonster3.int
2007-03-19 15:57 55710 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageMonster3.int
2007-03-18 23:16 7680 --a------ C:\systemsl2\awbr\systemBKPAWBR\gg-bps.dll
2007-03-18 23:16 7680 --a------ C:\systemsl2\awbr\systemawbr\gg-bps.dll
2007-03-07 19:55 795 --a------ C:\systemsl2\awbr\systemBKPAWBR\TTFontInfo.ini
2007-03-07 19:55 795 --a------ C:\systemsl2\awbr\systemawbr\TTFontInfo.ini
2007-03-01 15:15 795 --a------ C:\systemsl2\linerage\systemlinerage\TTFontInfo.ini
2007-03-01 14:15 795 --a------ C:\systemsl2\frintezza\systemfrintezza\ttfontinfo.ini
2007-02-28 14:23 4344 --a------ C:\systemsl2\linerage\systemlinerage\lineagenpc2.int
2007-02-28 14:00 371 --a------ C:\systemsl2\linerage\systemlinerage\Lineage2us.ini
2007-02-28 14:00 26344 --a------ C:\systemsl2\linerage\systemlinerage\npkcrypt.vxd
2007-02-28 14:00 23217 --a------ C:\systemsl2\linerage\systemlinerage\npkcrypt.sys
2007-02-28 14:00 15472 --a------ C:\systemsl2\linerage\systemlinerage\npkcusb.sys
2007-02-28 14:00 153375 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard.des
2007-02-28 13:23 97072 --a------ C:\systemsl2\awbr\System.bkp0\optiondata_client-e.dat
2007-02-28 13:23 91660 --a------ C:\systemsl2\awbr\System.bkp0\lineagenpc.u
2007-02-28 13:23 78128 --a------ C:\systemsl2\awbr\System.bkp0\weapongrp.dat
2007-02-28 13:23 67504 --a------ C:\systemsl2\awbr\System.bkp0\mobskillanimgrp.dat
2007-02-28 13:23 6064 --a------ C:\systemsl2\awbr\System.bkp0\zonename-e.dat
2007-02-28 13:23 51248 --a------ C:\systemsl2\awbr\System.bkp0\npcname-e.dat
2007-02-28 13:23 47792 --a------ C:\systemsl2\awbr\System.bkp0\systemmsg-e.dat
2007-02-28 13:23 4344 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineagenpc2.int
2007-02-28 13:23 4344 --a------ C:\systemsl2\awbr\systemawbr\lineagenpc2.int
2007-02-28 13:23 4344 --a------ C:\systemsl2\awbr\System.bkp0\lineagenpc2.int
2007-02-28 13:23 409700 --a------ C:\systemsl2\awbr\System.bkp0\npkcrypt.dll
2007-02-28 13:23 3825684 --a------ C:\systemsl2\awbr\System.bkp0\nwindow.dll
2007-02-28 13:23 3376 --a------ C:\systemsl2\awbr\System.bkp0\musicinfo.dat
2007-02-28 13:23 3376 --a------ C:\systemsl2\awbr\System.bkp0\l2.ini
2007-02-28 13:23 29872 --a------ C:\systemsl2\awbr\System.bkp0\raiddata-e.dat
2007-02-28 13:23 297648 --a------ C:\systemsl2\awbr\System.bkp0\skillname-e.dat
2007-02-28 13:23 26800 --a------ C:\systemsl2\awbr\System.bkp0\skillsoundgrp.dat
2007-02-28 13:23 263641 --a------ C:\systemsl2\awbr\System.bkp0\udebugmenu.u
2007-02-28 13:23 249338 --a------ C:\systemsl2\awbr\System.bkp0\nwindow.u
2007-02-28 13:23 23728 --a------ C:\systemsl2\awbr\System.bkp0\recipe-c.dat
2007-02-28 13:23 232880 --a------ C:\systemsl2\awbr\System.bkp0\npcgrp.dat
2007-02-28 13:23 2004412 --a------ C:\systemsl2\awbr\System.bkp0\lineageeffect.u
2007-02-28 13:23 1968 --a------ C:\systemsl2\awbr\System.bkp0\staticobject-e.dat
2007-02-28 13:23 189616 --a------ C:\systemsl2\awbr\System.bkp0\questname-e.dat
2007-02-28 13:23 158128 --a------ C:\systemsl2\awbr\System.bkp0\skillgrp.dat
2007-02-28 13:23 14896 --a------ C:\systemsl2\awbr\System.bkp0\sysstring-e.dat
2007-02-28 13:23 1456 --a------ C:\systemsl2\awbr\System.bkp0\variationeffectgrp-e.dat
2007-02-28 13:23 14464 --a------ C:\systemsl2\awbr\System.bkp0\lineagenpc2.u
2007-02-28 13:23 1396756 --a------ C:\systemsl2\lords\system\orc.dll
2007-02-28 13:23 1396756 --a------ C:\systemsl2\linerage\systemlinerage\orc.dll
2007-02-28 13:23 1396756 --a------ C:\systemsl2\frintezza\systemfrintezza\orc.dll
2007-02-28 13:23 1396756 --a------ C:\systemsl2\awbr\systemBKPAWBR\orc.dll
2007-02-28 13:23 1396756 --a------ C:\systemsl2\awbr\systemawbr\orc.dll
2007-02-28 13:23 1396756 --a------ C:\systemsl2\awbr\System.bkp0\orc.dll
2007-02-28 13:23 1328 --a------ C:\systemsl2\awbr\System.bkp0\servername-e.dat
2007-02-28 13:23 131092 --a------ C:\systemsl2\lords\system\lineageenv.dll
2007-02-28 13:23 131092 --a------ C:\systemsl2\linerage\systemlinerage\lineageenv.dll
2007-02-28 13:23 131092 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineageenv.dll
2007-02-28 13:23 131092 --a------ C:\systemsl2\awbr\systemawbr\lineageenv.dll
2007-02-28 13:23 131092 --a------ C:\systemsl2\awbr\System.bkp0\lineageenv.dll
2007-02-28 13:23 12192 --a------ C:\systemsl2\awbr\System.bkp0\lineagenpcev.u
2007-02-28 13:23 12049 --a------ C:\systemsl2\lords\system\lineageenv.u
2007-02-28 13:23 12049 --a------ C:\systemsl2\linerage\systemlinerage\LineageEnv.u
2007-02-28 13:23 12049 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineageenv.u
2007-02-28 13:23 12049 --a------ C:\systemsl2\awbr\systemawbr\lineageenv.u
2007-02-28 13:23 12049 --a------ C:\systemsl2\awbr\System.bkp0\lineageenv.u
2007-02-28 13:22 98736 --a------ C:\systemsl2\awbr\System.bkp0\armorgrp.dat
2007-02-28 13:22 816 --a------ C:\systemsl2\awbr\System.bkp0\creditgrp-e.dat
2007-02-28 13:22 79920 --a------ C:\systemsl2\awbr\System.bkp0\etcitemgrp.dat
2007-02-28 13:22 6704 --a------ C:\systemsl2\awbr\System.bkp0\actionname-e.dat
2007-02-28 13:22 5680 --a------ C:\systemsl2\awbr\System.bkp0\huntingzone-e.dat
2007-02-28 13:22 560 --a------ C:\systemsl2\awbr\System.bkp0\hairaccessarygrp.dat
2007-02-28 13:22 513285 --a------ C:\systemsl2\awbr\System.bkp0\interface.xdat
2007-02-28 13:22 432 --a------ C:\systemsl2\lords\system\clientdata.dat
2007-02-28 13:22 432 --a------ C:\systemsl2\linerage\systemlinerage\clientdata.dat
2007-02-28 13:22 432 --a------ C:\systemsl2\frintezza\systemfrintezza\clientdata.dat
2007-02-28 13:22 432 --a------ C:\systemsl2\awbr\systemBKPAWBR\clientdata.dat
2007-02-28 13:22 432 --a------ C:\systemsl2\awbr\systemawbr\clientdata.dat
2007-02-28 13:22 432 --a------ C:\systemsl2\awbr\System.bkp0\helmetgrp.dat
2007-02-28 13:22 432 --a------ C:\systemsl2\awbr\System.bkp0\clientdata.dat
2007-02-28 13:22 4144 --a------ C:\systemsl2\awbr\System.bkp0\hairaccessorylocgrp.dat
2007-02-28 13:22 4016 --a------ C:\systemsl2\awbr\System.bkp0\entereventgrp.dat
2007-02-28 13:22 30359572 --a------ C:\systemsl2\awbr\System.bkp0\engine.dll
2007-02-28 13:22 237232 --a------ C:\systemsl2\awbr\System.bkp0\itemname-e.dat
2007-02-28 13:22 2224 --a------ C:\systemsl2\awbr\System.bkp0\classinfo-e.dat
2007-02-28 13:22 1897415 --a------ C:\systemsl2\awbr\System.bkp0\interface.u
2007-02-28 13:22 12464 --a------ C:\systemsl2\awbr\System.bkp0\gametip-e.dat
2007-02-28 13:22 1200 --a------ C:\systemsl2\awbr\System.bkp0\commandname-e.dat
2007-02-28 13:22 1072 --a------ C:\systemsl2\awbr\System.bkp0\castlename-e.dat
2007-02-28 13:00 371 --a------ C:\systemsl2\awbr\System.bkp0\Lineage2us.ini
2007-02-28 13:00 26344 --a------ C:\systemsl2\awbr\systemBKPAWBR\npkcrypt.vxd
2007-02-28 13:00 26344 --a------ C:\systemsl2\awbr\systemawbr\npkcrypt.vxd
2007-02-28 13:00 26344 --a------ C:\systemsl2\awbr\System.bkp0\npkcrypt.vxd
2007-02-28 13:00 23217 --a------ C:\systemsl2\awbr\systemBKPAWBR\npkcrypt.sys
2007-02-28 13:00 23217 --a------ C:\systemsl2\awbr\systemawbr\npkcrypt.sys
2007-02-28 13:00 23217 --a------ C:\systemsl2\awbr\System.bkp0\npkcrypt.sys
2007-02-28 13:00 15472 --a------ C:\systemsl2\awbr\systemBKPAWBR\npkcusb.sys
2007-02-28 13:00 15472 --a------ C:\systemsl2\awbr\systemawbr\npkcusb.sys
2007-02-28 13:00 15472 --a------ C:\systemsl2\awbr\System.bkp0\npkcusb.sys
2007-02-28 13:00 153375 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard.des
2007-02-28 13:00 153375 --a------ C:\systemsl2\awbr\systemawbr\GameGuard.des
2007-02-28 13:00 153375 --a------ C:\systemsl2\awbr\System.bkp0\GameGuard.des
2007-02-27 18:22 6700 --a------ C:\systemsl2\linerage\systemlinerage\Engine.int
2007-02-27 18:22 2658 --a------ C:\systemsl2\linerage\systemlinerage\ALAudio.int
2007-02-27 18:22 103714 --a------ C:\systemsl2\linerage\systemlinerage\LineageNpc.int
2007-02-27 17:22 9084 --a------ C:\systemsl2\awbr\System.bkp0\LineageVehicle.u
2007-02-27 17:22 79016 --a------ C:\systemsl2\awbr\System.bkp0\LineageMonster3.u
2007-02-27 17:22 749588 --a------ C:\systemsl2\awbr\System.bkp0\Window.dll
2007-02-27 17:22 73703 --a------ C:\systemsl2\awbr\System.bkp0\IpDrv.u
2007-02-27 17:22 693798 --a------ C:\systemsl2\awbr\System.bkp0\UWindow.u
2007-02-27 17:22 68190 --a------ C:\systemsl2\awbr\System.bkp0\LineageMonster2.u
2007-02-27 17:22 6752 --a------ C:\systemsl2\awbr\System.bkp0\LineageDeco.u
2007-02-27 17:22 6700 --a------ C:\systemsl2\frintezza\systemfrintezza\Engine.int
2007-02-27 17:22 6700 --a------ C:\systemsl2\awbr\systemBKPAWBR\Engine.int
2007-02-27 17:22 6700 --a------ C:\systemsl2\awbr\systemawbr\Engine.int
2007-02-27 17:22 6700 --a------ C:\systemsl2\awbr\System.bkp0\Engine.int
2007-02-27 17:22 65662 --a------ C:\systemsl2\awbr\System.bkp0\Core.u
2007-02-27 17:22 630804 --a------ C:\systemsl2\awbr\System.bkp0\WinDrv.dll
2007-02-27 17:22 5943 --a------ C:\systemsl2\frintezza\systemfrintezza\Env.int
2007-02-27 17:22 5943 --a------ C:\systemsl2\awbr\systemBKPAWBR\Env.int
2007-02-27 17:22 5943 --a------ C:\systemsl2\awbr\systemawbr\Env.int
2007-02-27 17:22 5943 --a------ C:\systemsl2\awbr\System.bkp0\Env.int
2007-02-27 17:22 593932 --a------ C:\systemsl2\awbr\System.bkp0\Editor.u
2007-02-27 17:22 55458 --a------ C:\systemsl2\awbr\System.bkp0\LineageMonster3.int
2007-02-27 17:22 527382 --a------ C:\systemsl2\awbr\System.bkp0\LineageMonster.int
2007-02-27 17:22 491540 --a------ C:\systemsl2\awbr\System.bkp0\L2.exe
2007-02-27 17:22 491540 --a------ C:\systemsl2\awbr\System.bkp0\IpDrv.dll
2007-02-27 17:22 3690 --a------ C:\systemsl2\awbr\systemBKPAWBR\Localization.ini
2007-02-27 17:22 3690 --a------ C:\systemsl2\awbr\System.bkp0\Localization.ini
2007-02-27 17:22 352276 --a------ C:\systemsl2\awbr\System.bkp0\ALAudio.dll
2007-02-27 17:22 315412 --a------ C:\systemsl2\awbr\System.bkp0\Fire.dll
2007-02-27 17:22 31540 --a------ C:\systemsl2\awbr\System.bkp0\LineageWarrior.u
2007-02-27 17:22 2805255 --a------ C:\systemsl2\awbr\System.bkp0\Engine.u
2007-02-27 17:22 2658 --a------ C:\systemsl2\frintezza\systemfrintezza\ALAudio.int
2007-02-27 17:22 2658 --a------ C:\systemsl2\awbr\systemBKPAWBR\ALAudio.int
2007-02-27 17:22 2658 --a------ C:\systemsl2\awbr\systemawbr\ALAudio.int
2007-02-27 17:22 2658 --a------ C:\systemsl2\awbr\System.bkp0\ALAudio.int
2007-02-27 17:22 212008 --a------ C:\systemsl2\awbr\System.bkp0\GamePlay.u
2007-02-27 17:22 175685 --a------ C:\systemsl2\awbr\System.bkp0\LineageMonster.u
2007-02-27 17:22 15491 --a------ C:\systemsl2\awbr\System.bkp0\Fire.u
2007-02-27 17:22 1368084 --a------ C:\systemsl2\awbr\System.bkp0\Core.dll
2007-02-27 17:22 1277972 --a------ C:\systemsl2\awbr\System.bkp0\D3DDrv.dll
2007-02-27 17:22 103714 --a------ C:\systemsl2\frintezza\systemfrintezza\LineageNpc.int
2007-02-27 17:22 103714 --a------ C:\systemsl2\awbr\systemBKPAWBR\LineageNpc.int
2007-02-27 17:22 103714 --a------ C:\systemsl2\awbr\systemawbr\LineageNpc.int
2007-02-27 17:22 103714 --a------ C:\systemsl2\awbr\System.bkp0\LineageNpc.int
2007-02-27 00:41 369 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\Lineage2US.ini
2007-02-27 00:41 369 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\Lineage2US.ini
2007-02-16 19:47 54272 --a------ C:\systemsl2\linerage\systemlinerage\hGuard.dll
2007-01-25 02:32 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\bow of peril quik recovery.txt
2007-01-25 02:29 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\eminence bow guidance.txt
2007-01-25 02:28 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\greater haste potion.txt
2007-01-22 00:25 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\bless the soul buff.txt
2007-01-22 00:24 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\haste buff-passive.txt
2007-01-22 00:23 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\focus buff-passive.txt
2007-01-22 00:17 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\harmony of noblesse-skill.txt
2007-01-22 00:17 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\fortune of noblesse-buff.txt
2007-01-22 00:17 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\baium's gift - skill.txt
2007-01-21 22:12 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dragon slayer.txt
2007-01-21 20:34 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Zariche sword - Buy.txt
2007-01-21 20:32 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\SP Scrolls.txt
2007-01-21 20:32 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Crown of lord.txt
2007-01-21 20:31 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\wyvern - pet.txt
2007-01-21 20:31 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\strider - pet.txt
2007-01-21 20:31 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dagger 30k.txt
2007-01-21 20:30 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Lance 30k.txt
2007-01-21 20:30 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Blessed enchant Weapon A.txt
2007-01-21 20:30 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Blessed enchant armor A.txt
2007-01-21 20:29 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Blessed enchant Weapon S.txt
2007-01-21 20:29 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Blessed enchant armor S.txt
2007-01-21 20:28 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\Arcana Mace Acumen.txt
2007-01-21 20:27 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dragonic gloves.txt
2007-01-21 20:27 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dragonic Bow Focus.txt
2007-01-21 20:27 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dragonic boots.txt
2007-01-21 20:26 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dragonic helmet.txt
2007-01-21 20:26 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\dragonic full body Armor.txt
2007-01-21 20:25 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\ring of baium.txt
2007-01-21 20:25 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\neclage of valkas.txt
2007-01-21 20:25 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\earring of zaken.txt
2007-01-21 20:25 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\earring of antharas.txt
2007-01-21 20:24 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\earring orfen.txt
2007-01-21 20:24 36 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\ant queen.txt
2007-01-21 20:15 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\zariche buff.txt
2007-01-21 20:15 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\heroic valor-buff.txt
2007-01-21 20:15 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\heroic miracle-buff.txt
2007-01-21 20:15 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\heroic berseker-buff.txt
2007-01-21 20:14 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\no name buff - gm stats.txt
2007-01-21 20:14 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\gm super haste-buff.txt
2007-01-21 20:13 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\blessing of noblesse-buff.txt
2007-01-21 20:13 28 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\100% stun resistence-passive skill.txt
2006-12-19 18:53 90112 --a------ C:\systemsl2\linerage\systemlinerage\unbot.dll
2006-11-02 22:03 50 --a------ C:\systemsl2\awbr\urls\6.url
2006-11-02 22:03 50 --a------ C:\systemsl2\awbr\urls\5.url
2006-11-02 22:02 50 --a------ C:\systemsl2\awbr\urls\4.url
2006-11-02 22:02 50 --a------ C:\systemsl2\awbr\urls\3.url
2006-11-02 22:02 50 --a------ C:\systemsl2\awbr\urls\2.url
2006-11-02 22:02 50 --a------ C:\systemsl2\awbr\urls\1.url
2006-10-31 09:47 703 --a------ C:\systemsl2\awbr\posts\4.POST
2006-10-31 09:47 661 --a------ C:\systemsl2\awbr\posts\7.POST
2006-10-31 09:47 638 --a------ C:\systemsl2\awbr\posts\6.POST
2006-10-31 09:47 598 --a------ C:\systemsl2\awbr\posts\3.POST
2006-10-31 09:47 588 --a------ C:\systemsl2\awbr\posts\1.POST
2006-10-28 13:54 69 --a------ C:\systemsl2\linerage\systemlinerage\linmod
2006-10-13 12:36 17249 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgl3.erl
2006-10-13 12:36 17209 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\npgl2.erl
2006-10-05 19:38 499 --a------ C:\systemsl2\linerage\systemlinerage\data\scripts\log_chat.pas
2006-10-05 18:50 1751 --a------ C:\systemsl2\linerage\systemlinerage\data\scripts\anti_limit.pas
2006-10-04 12:14 87 --a------ C:\systemsl2\linerage\systemlinerage\data\scripts\block_gm.pas
2006-10-02 20:08 116 --a------ C:\systemsl2\linerage\systemlinerage\data\scripts\default.pas
2006-09-27 11:54 14392 --a------ C:\systemsl2\linerage\systemlinerage\data\packets.txt
2006-09-22 17:48 13824 --a------ C:\systemsl2\linerage\systemlinerage\inside.dll
2006-09-21 19:39 12 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\lvl-up.txt
2006-09-06 11:59 20 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\wyvern.txt
2006-09-06 11:59 20 --a------ C:\systemsl2\linerage\systemlinerage\data\packets\strider.txt
2006-07-24 19:15 729 --a------ C:\systemsl2\linerage\systemlinerage\windrv.int
2006-07-24 19:15 729 --a------ C:\systemsl2\frintezza\systemfrintezza\windrv.int
2006-07-24 19:15 527005 --a------ C:\systemsl2\linerage\systemlinerage\wform.bm
2006-07-24 19:15 527005 --a------ C:\systemsl2\frintezza\systemfrintezza\wform.bm
2006-07-24 19:15 2337 --a------ C:\systemsl2\linerage\systemlinerage\window.int
2006-07-24 19:15 2337 --a------ C:\systemsl2\frintezza\systemfrintezza\window.int
2006-07-24 19:14 82452 --a------ C:\systemsl2\linerage\systemlinerage\msxml4r.dll
2006-07-24 19:14 82452 --a------ C:\systemsl2\frintezza\systemfrintezza\msxml4r.dll
2006-07-24 19:14 62996 --a------ C:\systemsl2\linerage\systemlinerage\dsetup.dll
2006-07-24 19:14 62996 --a------ C:\systemsl2\frintezza\systemfrintezza\dsetup.dll
2006-07-24 19:14 61460 --a------ C:\systemsl2\linerage\systemlinerage\ogg.dll
2006-07-24 19:14 53268 --a------ C:\systemsl2\linerage\systemlinerage\npkpdb.dll
2006-07-24 19:14 53268 --a------ C:\systemsl2\frintezza\systemfrintezza\npkpdb.dll
2006-07-24 19:14 454 --a------ C:\systemsl2\linerage\systemlinerage\cloak.int
2006-07-24 19:14 454 --a------ C:\systemsl2\frintezza\systemfrintezza\cloak.int
2006-07-24 19:14 44564 --a------ C:\systemsl2\linerage\systemlinerage\msxml4a.dll
2006-07-24 19:14 44564 --a------ C:\systemsl2\frintezza\systemfrintezza\msxml4a.dll
2006-07-24 19:14 3516 --a------ C:\systemsl2\linerage\systemlinerage\l2forecf.ffe
2006-07-24 19:14 3516 --a------ C:\systemsl2\frintezza\systemfrintezza\l2forecf.ffe
2006-07-24 19:14 3423 --a------ C:\systemsl2\linerage\systemlinerage\core.int
2006-07-24 19:14 3423 --a------ C:\systemsl2\frintezza\systemfrintezza\core.int
2006-07-24 19:14 249876 --a------ C:\systemsl2\linerage\systemlinerage\vorbis.dll
2006-07-24 19:14 249876 --a------ C:\systemsl2\frintezza\systemfrintezza\vorbis.dll
2006-07-24 19:14 233492 --a------ C:\systemsl2\linerage\systemlinerage\ifc23.dll
2006-07-24 19:14 233492 --a------ C:\systemsl2\frintezza\systemfrintezza\ifc23.dll
2006-07-24 19:14 193542 --a------ C:\systemsl2\linerage\systemlinerage\lineagewarrior.int
2006-07-24 19:14 193542 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagewarrior.int
2006-07-24 19:14 185632 --a------ C:\systemsl2\linerage\systemlinerage\largefont.gly
2006-07-24 19:14 185632 --a------ C:\systemsl2\frintezza\systemfrintezza\largefont.gly
2006-07-24 19:14 1840 --a------ C:\systemsl2\linerage\systemlinerage\ipdrv.int
2006-07-24 19:14 1840 --a------ C:\systemsl2\frintezza\systemfrintezza\ipdrv.int
2006-07-24 19:14 181800 --a------ C:\systemsl2\linerage\systemlinerage\smallfont.gly
2006-07-24 19:14 181800 --a------ C:\systemsl2\linerage\systemlinerage\creditfont.gly
2006-07-24 19:14 181800 --a------ C:\systemsl2\frintezza\systemfrintezza\smallfont.gly
2006-07-24 19:14 181800 --a------ C:\systemsl2\frintezza\systemfrintezza\creditfont.gly
2006-07-24 19:14 1702 --a------ C:\systemsl2\linerage\systemlinerage\soulshot.int
2006-07-24 19:14 1702 --a------ C:\systemsl2\frintezza\systemfrintezza\soulshot.int
2006-07-24 19:14 163 --a------ C:\systemsl2\linerage\systemlinerage\l2.int
2006-07-24 19:14 163 --a------ C:\systemsl2\frintezza\systemfrintezza\l2.int
2006-07-24 19:14 1560 --a------ C:\systemsl2\linerage\systemlinerage\smallfont-e.gly
2006-07-24 19:14 1560 --a------ C:\systemsl2\linerage\systemlinerage\largefont-e.gly
2006-07-24 19:14 1560 --a------ C:\systemsl2\frintezza\systemfrintezza\smallfont-e.gly
2006-07-24 19:14 1560 --a------ C:\systemsl2\frintezza\systemfrintezza\largefont-e.gly
2006-07-24 19:14 151403 --a------ C:\systemsl2\linerage\systemlinerage\lineagemonster2.int
2006-07-24 19:14 151403 --a------ C:\systemsl2\frintezza\systemfrintezza\lineagemonster2.int
2006-07-24 19:14 150548 --a------ C:\systemsl2\linerage\systemlinerage\encvag.dll
2006-07-24 19:14 150548 --a------ C:\systemsl2\frintezza\systemfrintezza\encvag.dll
2006-07-24 19:14 14452 --a------ C:\systemsl2\linerage\systemlinerage\timeenv1.int
2006-07-24 19:14 14452 --a------ C:\systemsl2\frintezza\systemfrintezza\timeenv1.int
2006-07-24 19:14 14099 --a------ C:\systemsl2\linerage\systemlinerage\timeenv3.int
2006-07-24 19:14 14099 --a------ C:\systemsl2\frintezza\systemfrintezza\timeenv3.int
2006-07-24 19:14 13322 --a------ C:\systemsl2\linerage\systemlinerage\timeenv2.int
2006-07-24 19:14 13322 --a------ C:\systemsl2\frintezza\systemfrintezza\timeenv2.int
2006-07-24 19:14 13233 --a------ C:\systemsl2\linerage\systemlinerage\timeenv0.int
2006-07-24 19:14 13233 --a------ C:\systemsl2\frintezza\systemfrintezza\timeenv0.int
2006-07-24 19:14 126996 --a------ C:\systemsl2\frintezza\systemfrintezza\lineageenv.dll
2006-07-24 19:14 1233940 --a------ C:\systemsl2\linerage\systemlinerage\msxml4.dll
2006-07-24 19:14 1233940 --a------ C:\systemsl2\frintezza\systemfrintezza\msxml4.dll
2006-07-24 19:14 110933 --a------ C:\systemsl2\linerage\systemlinerage\hair.int
2006-07-24 19:14 110933 --a------ C:\systemsl2\frintezza\systemfrintezza\hair.int
2006-07-24 19:14 106516 --a------ C:\systemsl2\linerage\systemlinerage\vorbisfile.dll
2006-07-24 19:14 106516 --a------ C:\systemsl2\frintezza\systemfrintezza\vorbisfile.dll
2006-07-24 19:14 102420 --a------ C:\systemsl2\linerage\systemlinerage\defopenal32.dll
2006-07-24 19:14 102420 --a------ C:\systemsl2\frintezza\systemfrintezza\defopenal32.dll
2006-07-24 19:14 10043 --a------ C:\systemsl2\frintezza\systemfrintezza\lineageenv.u
2006-07-24 19:13 601048 --a------ C:\systemsl2\linerage\systemlinerage\asiahm-medium.ttf
2006-07-24 19:13 601048 --a------ C:\systemsl2\frintezza\systemfrintezza\asiahm-medium.ttf
2006-07-24 19:13 350 --a------ C:\systemsl2\linerage\systemlinerage\bighead.int
2006-07-24 19:13 350 --a------ C:\systemsl2\frintezza\systemfrintezza\bighead.int
2006-07-24 18:15 729 --a------ C:\systemsl2\awbr\systemBKPAWBR\windrv.int
2006-07-24 18:15 729 --a------ C:\systemsl2\awbr\systemawbr\windrv.int
2006-07-24 18:15 729 --a------ C:\systemsl2\awbr\System.bkp0\windrv.int
2006-07-24 18:15 527005 --a------ C:\systemsl2\awbr\systemBKPAWBR\wform.bm
2006-07-24 18:15 527005 --a------ C:\systemsl2\awbr\systemawbr\wform.bm
2006-07-24 18:15 527005 --a------ C:\systemsl2\awbr\System.bkp0\wform.bm
2006-07-24 18:15 2337 --a------ C:\systemsl2\awbr\systemBKPAWBR\window.int
2006-07-24 18:15 2337 --a------ C:\systemsl2\awbr\systemawbr\window.int
2006-07-24 18:15 2337 --a------ C:\systemsl2\awbr\System.bkp0\window.int
2006-07-24 18:14 82452 --a------ C:\systemsl2\awbr\systemBKPAWBR\msxml4r.dll
2006-07-24 18:14 82452 --a------ C:\systemsl2\awbr\systemawbr\msxml4r.dll
2006-07-24 18:14 82452 --a------ C:\systemsl2\awbr\System.bkp0\msxml4r.dll
2006-07-24 18:14 795 --a------ C:\systemsl2\awbr\System.bkp0\ttfontinfo.ini
2006-07-24 18:14 62996 --a------ C:\systemsl2\awbr\systemBKPAWBR\dsetup.dll
2006-07-24 18:14 62996 --a------ C:\systemsl2\awbr\systemawbr\dsetup.dll
2006-07-24 18:14 62996 --a------ C:\systemsl2\awbr\System.bkp0\dsetup.dll
2006-07-24 18:14 61460 --a------ C:\systemsl2\awbr\systemBKPAWBR\ogg.dll
2006-07-24 18:14 61460 --a------ C:\systemsl2\awbr\systemawbr\ogg.dll
2006-07-24 18:14 61460 --a------ C:\systemsl2\awbr\System.bkp0\ogg.dll
2006-07-24 18:14 53268 --a------ C:\systemsl2\awbr\systemBKPAWBR\npkpdb.dll
2006-07-24 18:14 53268 --a------ C:\systemsl2\awbr\systemawbr\npkpdb.dll
2006-07-24 18:14 53268 --a------ C:\systemsl2\awbr\System.bkp0\npkpdb.dll
2006-07-24 18:14 454 --a------ C:\systemsl2\awbr\systemBKPAWBR\cloak.int
2006-07-24 18:14 454 --a------ C:\systemsl2\awbr\systemawbr\cloak.int
2006-07-24 18:14 454 --a------ C:\systemsl2\awbr\System.bkp0\cloak.int
2006-07-24 18:14 44564 --a------ C:\systemsl2\awbr\systemBKPAWBR\msxml4a.dll
2006-07-24 18:14 44564 --a------ C:\systemsl2\awbr\systemawbr\msxml4a.dll
2006-07-24 18:14 44564 --a------ C:\systemsl2\awbr\System.bkp0\msxml4a.dll
2006-07-24 18:14 4400 --a------ C:\systemsl2\awbr\System.bkp0\user.ini
2006-07-24 18:14 432 --a------ C:\systemsl2\awbr\System.bkp0\logongrp.dat
2006-07-24 18:14 3516 --a------ C:\systemsl2\awbr\systemBKPAWBR\l2forecf.ffe
2006-07-24 18:14 3516 --a------ C:\systemsl2\awbr\systemawbr\l2forecf.ffe
2006-07-24 18:14 3516 --a------ C:\systemsl2\awbr\System.bkp0\l2forecf.ffe
2006-07-24 18:14 3423 --a------ C:\systemsl2\awbr\systemBKPAWBR\core.int
2006-07-24 18:14 3423 --a------ C:\systemsl2\awbr\systemawbr\core.int
2006-07-24 18:14 3423 --a------ C:\systemsl2\awbr\System.bkp0\core.int
2006-07-24 18:14 304 --a------ C:\systemsl2\awbr\System.bkp0\symbolname-e.dat
2006-07-24 18:14 304 --a------ C:\systemsl2\awbr\System.bkp0\obscene-e.dat
2006-07-24 18:14 304 --a------ C:\systemsl2\awbr\System.bkp0\hairgrp.dat
2006-07-24 18:14 249876 --a------ C:\systemsl2\awbr\systemBKPAWBR\vorbis.dll
2006-07-24 18:14 249876 --a------ C:\systemsl2\awbr\systemawbr\vorbis.dll
2006-07-24 18:14 249876 --a------ C:\systemsl2\awbr\System.bkp0\vorbis.dll
2006-07-24 18:14 233492 --a------ C:\systemsl2\awbr\systemBKPAWBR\ifc23.dll
2006-07-24 18:14 233492 --a------ C:\systemsl2\awbr\systemawbr\ifc23.dll
2006-07-24 18:14 233492 --a------ C:\systemsl2\awbr\System.bkp0\ifc23.dll
2006-07-24 18:14 1968 --a------ C:\systemsl2\awbr\System.bkp0\hennagrp-e.dat
2006-07-24 18:14 193542 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineagewarrior.int
2006-07-24 18:14 193542 --a------ C:\systemsl2\awbr\systemawbr\lineagewarrior.int
2006-07-24 18:14 193542 --a------ C:\systemsl2\awbr\System.bkp0\lineagewarrior.int
2006-07-24 18:14 185632 --a------ C:\systemsl2\awbr\systemBKPAWBR\largefont.gly
2006-07-24 18:14 185632 --a------ C:\systemsl2\awbr\systemawbr\largefont.gly
2006-07-24 18:14 185632 --a------ C:\systemsl2\awbr\System.bkp0\largefont.gly
2006-07-24 18:14 1840 --a------ C:\systemsl2\awbr\systemBKPAWBR\ipdrv.int
2006-07-24 18:14 1840 --a------ C:\systemsl2\awbr\systemawbr\ipdrv.int
2006-07-24 18:14 1840 --a------ C:\systemsl2\awbr\System.bkp0\ipdrv.int
2006-07-24 18:14 181800 --a------ C:\systemsl2\awbr\systemBKPAWBR\smallfont.gly
2006-07-24 18:14 181800 --a------ C:\systemsl2\awbr\systemBKPAWBR\creditfont.gly
2006-07-24 18:14 181800 --a------ C:\systemsl2\awbr\systemawbr\smallfont.gly
2006-07-24 18:14 181800 --a------ C:\systemsl2\awbr\systemawbr\creditfont.gly
2006-07-24 18:14 181800 --a------ C:\systemsl2\awbr\System.bkp0\smallfont.gly
2006-07-24 18:14 181800 --a------ C:\systemsl2\awbr\System.bkp0\creditfont.gly
2006-07-24 18:14 1702 --a------ C:\systemsl2\awbr\systemBKPAWBR\soulshot.int
2006-07-24 18:14 1702 --a------ C:\systemsl2\awbr\systemawbr\soulshot.int
2006-07-24 18:14 1702 --a------ C:\systemsl2\awbr\System.bkp0\soulshot.int
2006-07-24 18:14 163 --a------ C:\systemsl2\awbr\systemBKPAWBR\l2.int
2006-07-24 18:14 163 --a------ C:\systemsl2\awbr\systemawbr\l2.int
2006-07-24 18:14 163 --a------ C:\systemsl2\awbr\System.bkp0\l2.int
2006-07-24 18:14 1560 --a------ C:\systemsl2\awbr\systemBKPAWBR\smallfont-e.gly
2006-07-24 18:14 1560 --a------ C:\systemsl2\awbr\systemBKPAWBR\largefont-e.gly
2006-07-24 18:14 1560 --a------ C:\systemsl2\awbr\systemawbr\smallfont-e.gly
2006-07-24 18:14 1560 --a------ C:\systemsl2\awbr\systemawbr\largefont-e.gly
2006-07-24 18:14 1560 --a------ C:\systemsl2\awbr\System.bkp0\smallfont-e.gly
2006-07-24 18:14 1560 --a------ C:\systemsl2\awbr\System.bkp0\largefont-e.gly
2006-07-24 18:14 151403 --a------ C:\systemsl2\awbr\systemBKPAWBR\lineagemonster2.int
2006-07-24 18:14 151403 --a------ C:\systemsl2\awbr\systemawbr\lineagemonster2.int
2006-07-24 18:14 151403 --a------ C:\systemsl2\awbr\System.bkp0\lineagemonster2.int
2006-07-24 18:14 150548 --a------ C:\systemsl2\awbr\systemBKPAWBR\encvag.dll
2006-07-24 18:14 150548 --a------ C:\systemsl2\awbr\systemawbr\encvag.dll
2006-07-24 18:14 150548 --a------ C:\systemsl2\awbr\System.bkp0\encvag.dll
2006-07-24 18:14 14452 --a------ C:\systemsl2\awbr\systemBKPAWBR\timeenv1.int
2006-07-24 18:14 14452 --a------ C:\systemsl2\awbr\systemawbr\timeenv1.int
2006-07-24 18:14 14452 --a------ C:\systemsl2\awbr\System.bkp0\timeenv1.int
2006-07-24 18:14 14099 --a------ C:\systemsl2\awbr\systemBKPAWBR\timeenv3.int
2006-07-24 18:14 14099 --a------ C:\systemsl2\awbr\systemawbr\timeenv3.int
2006-07-24 18:14 14099 --a------ C:\systemsl2\awbr\System.bkp0\timeenv3.int
2006-07-24 18:14 13322 --a------ C:\systemsl2\awbr\systemBKPAWBR\timeenv2.int
2006-07-24 18:14 13322 --a------ C:\systemsl2\awbr\systemawbr\timeenv2.int
2006-07-24 18:14 13322 --a------ C:\systemsl2\awbr\System.bkp0\timeenv2.int
2006-07-24 18:14 13233 --a------ C:\systemsl2\awbr\systemBKPAWBR\timeenv0.int
2006-07-24 18:14 13233 --a------ C:\systemsl2\awbr\systemawbr\timeenv0.int
2006-07-24 18:14 13233 --a------ C:\systemsl2\awbr\System.bkp0\timeenv0.int
2006-07-24 18:14 1233940 --a------ C:\systemsl2\awbr\systemBKPAWBR\msxml4.dll
2006-07-24 18:14 1233940 --a------ C:\systemsl2\awbr\systemawbr\msxml4.dll
2006-07-24 18:14 1233940 --a------ C:\systemsl2\awbr\System.bkp0\msxml4.dll
2006-07-24 18:14 110933 --a------ C:\systemsl2\awbr\systemBKPAWBR\hair.int
2006-07-24 18:14 110933 --a------ C:\systemsl2\awbr\systemawbr\hair.int
2006-07-24 18:14 110933 --a------ C:\systemsl2\awbr\System.bkp0\hair.int
2006-07-24 18:14 10800 --a------ C:\systemsl2\awbr\System.bkp0\eula-e.dat
2006-07-24 18:14 106516 --a------ C:\systemsl2\awbr\systemBKPAWBR\vorbisfile.dll
2006-07-24 18:14 106516 --a------ C:\systemsl2\awbr\systemawbr\vorbisfile.dll
2006-07-24 18:14 106516 --a------ C:\systemsl2\awbr\System.bkp0\vorbisfile.dll
2006-07-24 18:14 102420 --a------ C:\systemsl2\awbr\systemBKPAWBR\defopenal32.dll
2006-07-24 18:14 102420 --a------ C:\systemsl2\awbr\systemawbr\defopenal32.dll
2006-07-24 18:14 102420 --a------ C:\systemsl2\awbr\System.bkp0\defopenal32.dll
2006-07-24 18:13 601048 --a------ C:\systemsl2\awbr\systemBKPAWBR\asiahm-medium.ttf
2006-07-24 18:13 601048 --a------ C:\systemsl2\awbr\systemawbr\asiahm-medium.ttf
2006-07-24 18:13 601048 --a------ C:\systemsl2\awbr\System.bkp0\asiahm-medium.ttf
2006-07-24 18:13 350 --a------ C:\systemsl2\awbr\systemBKPAWBR\bighead.int
2006-07-24 18:13 350 --a------ C:\systemsl2\awbr\systemawbr\bighead.int
2006-07-24 18:13 350 --a------ C:\systemsl2\awbr\System.bkp0\bighead.int
2006-07-24 18:13 2480 --a------ C:\systemsl2\awbr\System.bkp0\chargrp.dat
2006-07-23 13:20 191259 --a------ C:\systemsl2\linerage\systemlinerage\data\system\items.ini
2006-07-20 16:09 40922 --a------ C:\systemsl2\linerage\systemlinerage\l2Second_bak.log
2006-07-20 16:09 33594 --a------ C:\systemsl2\linerage\systemlinerage\l2Second.log
2006-07-20 15:09 2572308 --a------ C:\systemsl2\linerage\systemlinerage\nwindow2.dll
2006-06-30 18:48 43 --a------ C:\systemsl2\linerage\systemlinerage\version
2006-06-20 19:01 3508 --a------ C:\systemsl2\linerage\systemlinerage\l21.log
2006-06-16 09:22 20480 --a------ C:\systemsl2\linerage\systemlinerage\Fldrvinibak.dll
2006-06-16 08:17 164884 --a------ C:\systemsl2\linerage\systemlinerage\MSVCR70.dll
2006-06-16 05:31 128 --a------ C:\systemsl2\linerage\systemlinerage\MatchOption.ini
2006-06-04 22:54 671744 --a------ C:\systemsl2\linerage\systemlinerage\ezdrv.dll
2006-06-04 22:54 40448 --a------ C:\systemsl2\linerage\systemlinerage\Client.dll
2006-06-04 22:54 34162 --a------ C:\systemsl2\linerage\systemlinerage\l2.tmp
2006-06-04 22:54 10416 --a------ C:\systemsl2\linerage\systemlinerage\eula-e.tmp
2006-05-27 18:40 482880 --a------ C:\systemsl2\linerage\systemlinerage\l2encdec
2006-04-03 17:06 178688 --a------ C:\systemsl2\linerage\systemlinerage\patch32.dll
2006-03-07 20:59 657499 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\NPSCAN.DES
2006-03-07 20:59 657499 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\NPSCAN.DES
2006-03-06 20:59 657499 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\NPSCAN.DES
2006-01-11 23:33 4144 --a------ C:\systemsl2\linerage\systemlinerage\ZoneName-cn.dat
2006-01-11 23:33 304 --a------ C:\systemsl2\linerage\systemlinerage\SymbolName-cn.dat
2006-01-11 23:33 30000 --a------ C:\systemsl2\linerage\systemlinerage\SystemMsg-cn.dat
2006-01-11 23:33 210224 --a------ C:\systemsl2\linerage\systemlinerage\SkillName-cn.dat
2006-01-11 23:33 1200 --a------ C:\systemsl2\linerage\systemlinerage\StaticObject-cn.dat
2006-01-11 23:33 11568 --a------ C:\systemsl2\linerage\systemlinerage\SysString-cn.dat
2006-01-11 23:32 47152 --a------ C:\systemsl2\linerage\systemlinerage\NpcName-cn.dat
2006-01-11 23:32 1968 --a------ C:\systemsl2\linerage\systemlinerage\Obscene-cn.dat
2006-01-11 23:32 1456 --a------ C:\systemsl2\linerage\systemlinerage\ServerName-cn.dat
2006-01-11 23:32 139952 --a------ C:\systemsl2\linerage\systemlinerage\QuestName-cn.dat
2006-01-11 23:31 816 --a------ C:\systemsl2\linerage\systemlinerage\IDCName-cn.dat
2006-01-11 23:31 816 --a------ C:\systemsl2\linerage\systemlinerage\CastleName-cn.dat
2006-01-11 23:31 74544 --a------ C:\systemsl2\linerage\systemlinerage\Armorgrp-fc.dat
2006-01-11 23:31 688 --a------ C:\systemsl2\linerage\systemlinerage\Creditgrp-cn.dat
2006-01-11 23:31 6832 --a------ C:\systemsl2\linerage\systemlinerage\EULA-cn.dat
2006-01-11 23:31 5168 --a------ C:\systemsl2\linerage\systemlinerage\ActionName-cn.dat
2006-01-11 23:31 2480 --a------ C:\systemsl2\linerage\systemlinerage\Chargrp-fc.dat
2006-01-11 23:31 1968 --a------ C:\systemsl2\linerage\systemlinerage\Hennagrp-cn.dat
2006-01-11 23:31 1840 --a------ C:\systemsl2\linerage\systemlinerage\ClassInfo-cn.dat
2006-01-11 23:31 143920 --a------ C:\systemsl2\linerage\systemlinerage\ItemName-cn.dat
2006-01-11 23:31 1200 --a------ C:\systemsl2\linerage\systemlinerage\CommandName-cn.dat
2005-12-15 20:33 3388 --a------ C:\systemsl2\linerage\systemlinerage\localizationJ.ini
2005-12-14 22:45 333 --a------ C:\systemsl2\linerage\systemlinerage\Lineage2cn.ini
2005-11-12 12:41 18 --a------ C:\systemsl2\linerage\systemlinerage\WondowsInfo.ini
2005-10-02 15:45 94208 --a------ C:\systemsl2\awbr\mozila\gkgfx.dll
2005-10-02 15:45 941 --a------ C:\systemsl2\awbr\mozila\components\jar.xpt
2005-10-02 15:45 9142 --a------ C:\systemsl2\awbr\mozila\res\html.css
2005-10-02 15:45 8946 --a------ C:\systemsl2\awbr\mozila\components\gfx.xpt
2005-10-02 15:45 8932 --a------ C:\systemsl2\awbr\mozila\components\nsAxSecurityPolicy.js
2005-10-02 15:45 8851 --a------ C:\systemsl2\awbr\mozila\components\accessibility.xpt
2005-10-02 15:45 8837 --a------ C:\systemsl2\awbr\mozila\components\docshell_base.xpt
2005-10-02 15:45 88 --a------ C:\systemsl2\awbr\mozila\greprefs\xpinstall.js
2005-10-02 15:45 8634 --a------ C:\systemsl2\awbr\mozila\components\xpcom_ds.xpt
2005-10-02 15:45 86016 --a------ C:\systemsl2\awbr\mozila\components\appshell.dll
2005-10-02 15:45 81920 --a------ C:\systemsl2\awbr\mozila\xpcom_compat.dll
2005-10-02 15:45 793 --a------ C:\systemsl2\awbr\mozila\components\necko_dns.xpt
2005-10-02 15:45 7778 --a------ C:\systemsl2\awbr\mozila\res\charsetData.properties
2005-10-02 15:45 7775 --a------ C:\systemsl2\awbr\mozila\components\dom_base.xpt
2005-10-02 15:45 7729 --a------ C:\systemsl2\awbr\mozila\res\dtd\xhtml11.dtd
2005-10-02 15:45 771 --a------ C:\systemsl2\awbr\mozila\chrome\pipnss.jar
2005-10-02 15:45 7424 --a------ C:\systemsl2\awbr\mozila\components\xpconnect.xpt
2005-10-02 15:45 728 --a------ C:\systemsl2\awbr\mozila\components\dom_stylesheets.xpt
2005-10-02 15:45 720896 --a------ C:\systemsl2\awbr\mozila\components\uconv.dll
2005-10-02 15:45 6900 --a------ C:\systemsl2\awbr\mozila\components\content_base.xpt
2005-10-02 15:45 65536 --a------ C:\systemsl2\awbr\mozila\components\chrome.dll
2005-10-02 15:45 65536 --a------ C:\systemsl2\awbr\mozila\components\caps.dll
2005-10-02 15:45 65199 --a------ C:\systemsl2\awbr\mozila\res\dtd\mathml.dtd
2005-10-02 15:45 6515 --a------ C:\systemsl2\awbr\mozila\components\xpcom_io.xpt
2005-10-02 15:45 645 --a------ C:\systemsl2\awbr\mozila\components\intl.xpt
2005-10-02 15:45 6377 --a------ C:\systemsl2\awbr\mozila\components\dom_core.xpt
2005-10-02 15:45 628 --a------ C:\systemsl2\awbr\mozila\components\pipboot.xpt
2005-10-02 15:45 6231 --a------ C:\systemsl2\awbr\mozila\components\dom_xul.xpt
2005-10-02 15:45 61440 --a------ C:\systemsl2\awbr\mozila\components\profile.dll
2005-10-02 15:45 604 --a------ C:\systemsl2\awbr\mozila\components\dom.xpt
2005-10-02 15:45 5979 --a------ C:\systemsl2\awbr\mozila\components\dom_events.xpt
2005-10-02 15:45 5917 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontMath4.properties
2005-10-02 15:45 5735 --a------ C:\systemsl2\awbr\mozila\res\language.properties
2005-10-02 15:45 5675 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontCMEX10.properties
2005-10-02 15:45 5401 --a------ C:\systemsl2\awbr\mozila\components\widget.xpt
2005-10-02 15:45 5328 --a------ C:\systemsl2\awbr\mozila\res\ua.css
2005-10-02 15:45 53248 --a------ C:\systemsl2\awbr\mozila\mozz.dll
2005-10-02 15:45 53248 --a------ C:\systemsl2\awbr\mozila\components\xppref32.dll
2005-10-02 15:45 53248 --a------ C:\systemsl2\awbr\mozila\components\xmlextras.dll
2005-10-02 15:45 53248 --a------ C:\systemsl2\awbr\mozila\components\webbrwsr.dll
2005-10-02 15:45 5287 --a------ C:\systemsl2\awbr\mozila\components\webBrowser_core.xpt
2005-10-02 15:45 52139 --a------ C:\systemsl2\awbr\mozila\greprefs\all.js
2005-10-02 15:45 52 --a------ C:\systemsl2\awbr\mozila\res\arrowd.gif
2005-10-02 15:45 498 --a------ C:\systemsl2\awbr\mozila\components\dom_xbl.xpt
2005-10-02 15:45 49 --a------ C:\systemsl2\awbr\mozila\res\arrow.gif
2005-10-02 15:45 4857 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontMath2.properties
2005-10-02 15:45 485 --a------ C:\systemsl2\awbr\mozila\components\necko_jar.xpt
2005-10-02 15:45 476 --a------ C:\systemsl2\awbr\mozila\softokn3.chk
2005-10-02 15:45 462848 --a------ C:\systemsl2\awbr\mozila\components\necko.dll
2005-10-02 15:45 4533 --a------ C:\systemsl2\awbr\mozila\components\rdf.xpt
2005-10-02 15:45 45056 --a------ C:\systemsl2\awbr\mozila\components\necko2.dll
2005-10-02 15:45 4476 --a------ C:\systemsl2\awbr\mozila\res\langGroups.properties
2005-10-02 15:45 4393 --a------ C:\systemsl2\awbr\mozila\res\fonts\fontEncoding.properties
2005-10-02 15:45 42018 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfont.properties
2005-10-02 15:45 417792 --a------ C:\systemsl2\awbr\mozila\components\editor.dll
2005-10-02 15:45 40960 --a------ C:\systemsl2\awbr\mozila\components\jar50.dll
2005-10-02 15:45 40960 --a------ C:\systemsl2\awbr\mozila\components\cookie.dll
2005-10-02 15:45 4053 --a------ C:\systemsl2\awbr\mozila\defaults\pref\activex.js
2005-10-02 15:45 3921 --a------ C:\systemsl2\awbr\mozila\components\caps.xpt
2005-10-02 15:45 3812 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontCMSY10.properties
2005-10-02 15:45 36864 --a------ C:\systemsl2\awbr\mozila\components\ipcdc.dll
2005-10-02 15:45 364544 --a------ C:\systemsl2\awbr\mozila\softokn3.dll
2005-10-02 15:45 3645 --a------ C:\systemsl2\awbr\mozila\components\appshell.xpt
2005-10-02 15:45 3624 --a------ C:\systemsl2\awbr\mozila\components\xpcom_components.xpt
2005-10-02 15:45 357 --a------ C:\systemsl2\awbr\mozila\components\necko_about.xpt
2005-10-02 15:45 348160 --a------ C:\systemsl2\awbr\mozila\nss3.dll
2005-10-02 15:45 3399 --a------ C:\systemsl2\awbr\mozila\components\xpcom_obsolete.xpt
2005-10-02 15:45 3345 --a------ C:\systemsl2\awbr\mozila\res\entityTables\html40Symbols.properties
2005-10-02 15:45 32768 --a------ C:\systemsl2\awbr\mozila\plugins\npnul32.dll
2005-10-02 15:45 32768 --a------ C:\systemsl2\awbr\mozila\components\ucvmath.dll
2005-10-02 15:45 32768 --a------ C:\systemsl2\awbr\mozila\components\pipboot.dll
2005-10-02 15:45 3145 --a------ C:\systemsl2\awbr\mozila\components\pref.xpt
2005-10-02 15:45 3115 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontSymbol.properties
2005-10-02 15:45 3095 --a------ C:\systemsl2\awbr\mozila\components\uriloader.xpt
2005-10-02 15:45 3041 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontMath1.properties
2005-10-02 15:45 30338 --a------ C:\systemsl2\awbr\mozila\res\entityTables\mathml20.properties
2005-10-02 15:45 303 --a------ C:\systemsl2\awbr\mozila\components\layout_base.xpt
2005-10-02 15:45 30 --a------ C:\systemsl2\awbr\mozila\greprefs\non-shared.txt
2005-10-02 15:45 2926 --a------ C:\systemsl2\awbr\mozila\res\viewsource.css
2005-10-02 15:45 2920 --a------ C:\systemsl2\awbr\mozila\res\entityTables\html40Latin1.properties
2005-10-02 15:45 287 --a------ C:\systemsl2\awbr\mozila\components\necko_ftp.xpt
2005-10-02 15:45 28672 --a------ C:\systemsl2\awbr\mozila\components\xpcom_compat_c.dll
2005-10-02 15:45 285 --a------ C:\systemsl2\awbr\mozila\components\necko_res.xpt
2005-10-02 15:45 2797 --a------ C:\systemsl2\awbr\mozila\components\layout_xul_tree.xpt
2005-10-02 15:45 2664 --a------ C:\systemsl2\awbr\mozila\components\xpcom_thread.xpt
2005-10-02 15:45 2543 --a------ C:\systemsl2\awbr\mozila\components\xpcom_base.xpt
2005-10-02 15:45 24576 --a------ C:\systemsl2\awbr\mozila\mozilla-ipcd.exe
2005-10-02 15:45 24576 --a------ C:\systemsl2\awbr\mozila\ipc\modules\transmgr.dll
2005-10-02 15:45 24576 --a------ C:\systemsl2\awbr\mozila\ipc\modules\lockmodule.dll
2005-10-02 15:45 2400256 --a------ C:\systemsl2\awbr\mozila\components\gklayout.dll
2005-10-02 15:45 237 --a------ C:\systemsl2\awbr\mozila\components\jsurl.xpt
2005-10-02 15:45 226 --a------ C:\systemsl2\awbr\mozila\components\dom_views.xpt
2005-10-02 15:45 2257 --a------ C:\systemsl2\awbr\mozila\components\shistory.xpt
2005-10-02 15:45 221184 --a------ C:\systemsl2\awbr\mozila\nssckbi.dll
2005-10-02 15:45 2180 --a------ C:\systemsl2\awbr\mozila\components\necko_cache.xpt
2005-10-02 15:45 2167 --a------ C:\systemsl2\awbr\mozila\components\windowwatcher.xpt
2005-10-02 15:45 2154 --a------ C:\systemsl2\awbr\mozila\components\layout_xul.xpt
2005-10-02 15:45 212992 --a------ C:\systemsl2\awbr\mozila\components\gkparser.dll
2005-10-02 15:45 2081 --a------ C:\systemsl2\awbr\mozila\components\necko_http.xpt
2005-10-02 15:45 20260 --a------ C:\systemsl2\awbr\mozila\res\entityTables\transliterate.properties
2005-10-02 15:45 2001 --a------ C:\systemsl2\awbr\mozila\greprefs\security-prefs.js
2005-10-02 15:45 196608 --a------ C:\systemsl2\awbr\mozila\components\pipnss.dll
2005-10-02 15:45 1959 --a------ C:\systemsl2\awbr\mozila\components\locale.xpt
2005-10-02 15:45 192512 --a------ C:\systemsl2\awbr\mozila\components\xpc3250.dll
2005-10-02 15:45 189 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-telnet.gif
2005-10-02 15:45 188416 --a------ C:\systemsl2\awbr\mozila\components\i18n.dll
2005-10-02 15:45 188 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-image.gif
2005-10-02 15:45 188 --a------ C:\systemsl2\awbr\mozila\components\txtsvc.xpt
2005-10-02 15:45 1860 --a------ C:\systemsl2\awbr\mozila\components\profile.xpt
2005-10-02 15:45 180224 --a------ C:\systemsl2\awbr\mozila\components\accessibility.dll
2005-10-02 15:45 180 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-movie.gif
2005-10-02 15:45 178 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-find.gif
2005-10-02 15:45 1779 --a------ C:\systemsl2\awbr\mozila\res\platform-forms.css
2005-10-02 15:45 17387 --a------ C:\systemsl2\awbr\mozila\components\dom_html.xpt
2005-10-02 15:45 165 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-binary.gif
2005-10-02 15:45 165 --a------ C:\systemsl2\awbr\mozila\res\broken-image.gif
2005-10-02 15:45 163840 --a------ C:\systemsl2\awbr\mozila\components\docshell.dll
2005-10-02 15:45 163 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-sound.gif
2005-10-02 15:45 163 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-audio.gif
2005-10-02 15:45 157 --a------ C:\systemsl2\awbr\mozila\res\loading-image.gif
2005-10-02 15:45 1560 --a------ C:\systemsl2\awbr\mozila\components\xpcom_xpti.xpt
2005-10-02 15:45 1555 --a------ C:\systemsl2\awbr\mozila\res\entityTables\html40Special.properties
2005-10-02 15:45 154 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-text.gif
2005-10-02 15:45 15376 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontPUA.properties
2005-10-02 15:45 1487 --a------ C:\systemsl2\awbr\mozila\res\fonts\mathfontMTExtra.properties
2005-10-02 15:45 148 --a------ C:\systemsl2\awbr\mozila\components\accessibility-msaa.xpt
2005-10-02 15:45 147456 --a------ C:\systemsl2\awbr\mozila\components\gkgfxwin.dll
2005-10-02 15:45 1458 --a------ C:\systemsl2\awbr\mozila\components\xmlextras.xpt
2005-10-02 15:45 1409 --a------ C:\systemsl2\awbr\mozila\components\necko_strconv.xpt
2005-10-02 15:45 1397 --a------ C:\systemsl2\awbr\mozila\components\dom_range.xpt
2005-10-02 15:45 139264 --a------ C:\systemsl2\awbr\mozila\components\gkplugin.dll
2005-10-02 15:45 135168 --a------ C:\systemsl2\awbr\mozila\components\imglib2.dll
2005-10-02 15:45 135 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-menu.gif
2005-10-02 15:45 1339 --a------ C:\systemsl2\awbr\mozila\components\uconv.xpt
2005-10-02 15:45 132 --a------ C:\systemsl2\awbr\mozila\res\html\gopher-unknown.gif
2005-10-02 15:45 1282 --a------ C:\systemsl2\awbr\mozila\components\dom_traversal.xpt
2005-10-02 15:45 12770 --a------ C:\systemsl2\awbr\mozila\res\mathml.css
2005-10-02 15:45 1257519 --a------ C:\systemsl2\awbr\mozila\chrome\embed.jar
2005-10-02 15:45 12564 --a------ C:\systemsl2\awbr\mozila\components\necko.xpt
2005-10-02 15:45 12398 --a------ C:\systemsl2\awbr\mozila\res\forms.css
2005-10-02 15:45 122880 --a------ C:\systemsl2\awbr\mozila\components\gkwidget.dll
2005-10-02 15:45 122880 --a------ C:\systemsl2\awbr\mozila\components\embedcomponents.dll
2005-10-02 15:45 1223 --a------ C:\systemsl2\awbr\mozila\res\wincharset.properties
2005-10-02 15:45 122 --a------ C:\systemsl2\awbr\mozila\components\necko_data.xpt
2005-10-02 15:45 117 --a------ C:\systemsl2\awbr\mozila\res\hiddenWindow.html
2005-10-02 15:45 11699 --a------ C:\systemsl2\awbr\mozila\res\quirk.css
2005-10-02 15:45 1146 --a------ C:\systemsl2\awbr\mozila\components\unicharutil.xpt
2005-10-02 15:45 11187 --a------ C:\systemsl2\awbr\mozila\components\dom_css.xpt
2005-10-02 15:45 11104 --a------ C:\systemsl2\awbr\mozila\res\charsetalias.properties
2005-10-02 15:45 110592 --a------ C:\systemsl2\awbr\mozila\ssl3.dll
2005-10-02 15:45 110592 --a------ C:\systemsl2\awbr\mozila\plugins\npmozax.dll
2005-10-02 15:45 1104 --a------ C:\systemsl2\awbr\mozila\res\entityTables\htmlEntityVersions.properties
2005-10-02 15:45 10902 --a------ C:\systemsl2\awbr\mozila\components\editor.xpt
2005-10-02 15:45 106496 --a------ C:\systemsl2\awbr\mozila\smime3.dll
2005-10-02 15:45 106496 --a------ C:\systemsl2\awbr\mozila\components\rdf.dll
2005-10-02 15:45 10289 --a------ C:\systemsl2\awbr\mozila\components\pipnss.xpt
2005-10-02 15:44 389120 --a------ C:\systemsl2\awbr\mozila\xpcom.dll
2005-10-02 15:44 344064 --a------ C:\systemsl2\awbr\mozila\js3250.dll
2005-10-02 15:44 28672 --a------ C:\systemsl2\awbr\mozila\plc4.dll
2005-10-02 15:44 24576 --a------ C:\systemsl2\awbr\mozila\plds4.dll
2005-10-02 15:44 24576 --a------ C:\systemsl2\awbr\mozila\mozctlx.dll
2005-10-02 15:44 196608 --a------ C:\systemsl2\awbr\mozila\mozctl.dll
2005-10-02 15:44 155648 --a------ C:\systemsl2\awbr\mozila\nspr4.dll
2005-10-02 12:32 24576 --a------ C:\systemsl2\awbr\mozila\components\embed_lite.dll
2005-06-02 04:53 176 --a------ C:\systemsl2\linerage\systemlinerage\L2.RadExe
2005-04-10 07:16 2116 --a------ C:\systemsl2\awbr\mozila\chrome\installed-chrome.txt
2005-04-03 08:06 14235 --a------ C:\systemsl2\awbr\mozila\res\builtin\platformHTMLBindings.xml
2005-03-19 05:02 113 --a------ C:\systemsl2\linerage\systemlinerage\Credits
2005-03-01 21:59 5536 --a------ C:\systemsl2\linerage\systemlinerage\smallfont-r.gly
2004-12-20 21:06 1048080 --a------ C:\systemsl2\linerage\systemlinerage\SmallFont-cn.gly
2004-12-20 21:06 1048080 --a------ C:\systemsl2\linerage\systemlinerage\LargeFont-cn.gly
2004-12-20 09:31 35263 --a------ C:\systemsl2\awbr\systemBKPAWBR\GameGuard\Splash.jpg
2004-12-20 09:31 35263 --a------ C:\systemsl2\awbr\systemawbr\GameGuard\Splash.jpg
2004-12-19 09:31 35263 --a------ C:\systemsl2\linerage\systemlinerage\GameGuard\Splash.jpg
2003-12-23 21:54 487424 --a------ C:\systemsl2\awbr\mozila\msvcp70.dll
2003-12-23 21:54 344064 --a------ C:\systemsl2\awbr\mozila\msvcr70.dll
1999-07-01 20:36 162816 --a------ C:\systemsl2\awbr\tools\wget.exe


((((((((((((((((((((((((((((( snapshot_2008-05-17_ 0.15.57.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 03:10:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 21:11:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 11:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 11:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2008-05-22 04:28:19 3,262 ----a-r C:\WINDOWS\Installer\{69C51F74-1A09-467F-864E-B3C10E6905D6}\ARPPRODUCTICON.exe
+ 2008-05-29 22:57:39 25,214 ----a-r C:\WINDOWS\Installer\{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}\ARPPRODUCTICON.exe
+ 2008-05-29 22:57:40 65,536 ----a-r C:\WINDOWS\Installer\{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}\NewShortcut3_C0B0FA55D4E943749871BBFBF2AEF0D1.exe
+ 2008-05-29 22:57:40 65,536 ----a-r C:\WINDOWS\Installer\{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}\NewShortcut4_C0B0FA55D4E943749871BBFBF2AEF0D1.exe
+ 2008-05-29 22:57:39 65,536 ----a-r C:\WINDOWS\Installer\{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}\pando.exe_ED0ECD11C6AB405E9A06D25E96BD6FD7.exe
+ 2008-05-29 22:57:39 65,536 ----a-r C:\WINDOWS\Installer\{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}\pando.exe1_ED0ECD11C6AB405E9A06D25E96BD6FD7.exe
+ 2001-07-14 20:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2008-03-14 12:38:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
+ 2008-05-30 17:31:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat
- 2008-03-14 12:38:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-05-30 17:31:23 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-31 11:57:37 297,984 ------w C:\WINDOWS\system32\DllCache\msctf.dll
+ 2008-02-26 11:49:31 297,984 ------w C:\WINDOWS\system32\DllCache\msctf.dll
+ 2008-05-17 22:07:06 171,834 ----a-w C:\WINDOWS\system32\drivers\setup\downloader\files\test9.exe
+ 2008-01-25 09:12:34 25,088 ----a-w C:\WINDOWS\system32\drivers\teamviewervpn.sys
- 2008-05-15 20:53:13 1,697,904 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-29 11:03:48 1,706,352 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-22 04:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 04:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 04:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 04:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 05:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 05:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-12-31 11:57:37 297,984 ----a-w C:\WINDOWS\system32\msctf.dll
+ 2008-02-26 11:49:31 297,984 ----a-w C:\WINDOWS\system32\msctf.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [2007-09-01 03:23 28672]
"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2008-05-28 18:50 6210888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-01-20 04:05 217088]
"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"RoxWatchTray"="C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52 240112]
"DMXLauncher"="C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]
"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [2007-09-01 03:23 28672]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 19:54 37376]
"WatchDog"="C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 04:42 36864]
"FirefoxUltimateOptimizer"="C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe" [2007-11-08 19:12 114688]
"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 08:42 176128]
"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-03 21:45 400384 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:34 44544]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\counter-strike\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\Steam.exe"=
"D:\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"D:\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"C:\\Arquivos de programas\\Winamp\\winamp.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"D:\\Jogos\\Counter-Strike Source\\hl2.exe"=
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"D:\\Jogos\\Counter-Strike Server\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\dedicated server\\hltv.exe"=
"D:\\Jogos\\Valve\\CS-No-Steam\\hlds.exe"=
"C:\\Arquivos de programas\\mIRC\\mirc.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\brunodana\\counter-strike\\hl.exe"=
"D:\\Jogos\\Battlefield Vietnam\\BfVietnam.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\day of defeat\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\team fortress classic\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\half-life\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\opposing force\\hl.exe"=
"D:\\Jogos\\LevelUpGames\\Grand Chase\\main.exe"=
"D:\\Jogos\\Valve\\CS-No-Steam\\hl.exe"=
"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"57998:TCP"= 57998:TCP:Pando P2P TCP Listening Port
"57998:UDP"= 57998:UDP:Pando P2P UDP Listening Port

R2 TeamViewer;TeamViewer 3;"C:\Arquivos de programas\TeamViewer3\TeamViewer_Host.exe" -service []
R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 06:12]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe []
S3 dump_wmimmc;dump_wmimmc;D:\Jogos\Lineage II\system\GameGuard\dump_wmimmc.sys []
S3 npkycryp;npkycryp;D:\Jogos\Lineage II\system\npkycryp.sys []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 20:11:23
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-06-01 20:18:50
ComboFix-quarantined-files.txt 2008-06-01 23:18:02
ComboFix2.txt 2008-06-01 05:26:08
ComboFix3.txt 2008-05-17 03:16:49
ComboFix4.txt 2008-04-08 21:25:49

Pre-Run: 127,179,173,888 bytes disponíveis
Post-Run: 127,197,782,016 bytes disponíveis

1492 --- E O F --- 2008-06-01 18:42:40



Malwarebytes' Anti Malware:
Malwarebytes' Anti-Malware 1.14
Versão do banco de dados: 800

20:26:42 1/6/2008
mbam-log-6-1-2008 (20-26-42).txt

Tipo de Verificação: Rápida
Objetos verificados: 33814
Tempo decorrido: 3 minute(s), 8 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registro infectadas: 2
Valores do Registro infectados: 0
Ítens do Registro infectados: 0
Pastas infectadas: 0
Arquivos infectados: 0

Processos da Memória infectados:
(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:
(Nenhum ítem malicioso foi detectado)

Pastas infectadas:
(Nenhum ítem malicioso foi detectado)

Arquivos infectados:
(Nenhum ítem malicioso foi detectado)



And when i've sended the file from ComboFix, this message has appeared:
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.



Bye there, sorry about my english.. ^^
Thanks you!

#9 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 02 June 2008 - 12:26 AM

Hi :)

And when i've sended the file from ComboFix, this message has appeared:
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

Thanks for that :thumbsup:

We're almost done, just a few more steps to make sure everything is gone -

Step 1

Open HijackThis, perform a scan and put a check next to the following items (if present):

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')


Close all programs except HijackThis and click on Fix checked.

Step 2

Be sure that you are set to see hidden files and folders:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files. Answer Yes to the prompt.
  • Press the Apply button and then the OK button and close My Computer.
Step 3

Navigate to the following files using Windows Explorer and delete them when found:

C:\WINDOWS\ope70.exe
C:\WINDOWS\system32\ope77.exe

Step 4

Close all programs before continuing, and try not to run anything during the scan.

Please do an online scan with Kaspersky WebScanner. (You will need to use Internet Explorer to run this scan)

On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:
  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)
  • Scan Options:

    Scan Archives
    Scan Mail Bases
  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop.
Step 5

In your next reply, please post:
  • the Kaspersky Online Scan report
  • a new HijackThis log
  • a description of how your computer is currently running

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#10 Bernardo amorim

Bernardo amorim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 02 June 2008 - 03:26 PM

Hello Simon! Here I'm again.

Lets go! :D

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:33, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe
C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Windows\System32\drivers\setup\hosts\hosts.exe
C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\System32\drivers\setup\irc\irc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\Arquivos de programas\TeamViewer3\TeamViewer_Host.exe
C:\Arquivos de programas\TeamViewer3\TeamViewer.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
D:\Jogos\Valve\Steam\Steam.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE
C:\Arquivos de programas\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Arquivos de programas\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [FirefoxUltimateOptimizer] "C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Pando] "C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com.br/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer3\TeamViewer_Host.exe

--
End of file - 12536 bytes



Kaspersky Online Scan report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 02, 2008 5:20:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/06/2008
Kaspersky Anti-Virus database records: 821711
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 323915
Number of viruses found: 28
Number of infected objects: 117
Number of suspicious objects: 0
Duration of the scan process: 04:32:21

Infected Object Name / Virus Name / Last Action
C:\Arquivos de programas\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Arquivos de programas\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Arquivos de programas\PowerHEX\Plugins\Example.dll Infected: Trojan.Win32.Agent.lss skipped
C:\Arquivos de programas\TeamViewer3\TeamViewer3_Logfile.log Object is locked skipped
C:\Deckard\System Scanner\20080601200154\backup\DOCUME~1\ADMINI~1\CONFIG~1\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Deckard\System Scanner\20080601200154\backup\DOCUME~1\ADMINI~1\CONFIG~1\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Deckard\System Scanner\20080601200154\backup\DOCUME~1\ADMINI~1\CONFIG~1\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20080601200154\backup\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX01.375\mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Deckard\System Scanner\20080601200154\backup\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX01.375\mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
C:\Deckard\System Scanner\20080601200154\backup\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX01.375\mirc62.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Temp\IMGCD.tmp Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Temp\~ROMFN_000006B0 Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Temp\~ROMFN_00000D28 Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\hczr0ypx.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrador\Desktop\WPE\WPE PRO.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\Administrador\Desktop\WPE\WpeSpy.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\Documents and Settings\Administrador\Desktop\[4]-Submit_2008-06-01@20.09.zip/Suspect_ope77.exe.vir/data0006 Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\Documents and Settings\Administrador\Desktop\[4]-Submit_2008-06-01@20.09.zip/Suspect_ope77.exe.vir Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\Documents and Settings\Administrador\Desktop\[4]-Submit_2008-06-01@20.09.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip/SCOTCH.part1.rar/Alien.Skin.Eye.Candy.v5.1.Impact.Keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip/SCOTCH.part1.rar Infected: Trojan-Dropper.Win32.Agent.qgq skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.AlphaStrip.v1.33.for.Adobe.Photoshop-SCOTCH\s-pas133.zip/keygen.rar/Panopticum.AlphaStrip.v1.3x.for.Photoshop.Keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.AlphaStrip.v1.33.for.Adobe.Photoshop-SCOTCH\s-pas133.zip/keygen.rar Infected: Trojan-Dropper.Win32.Agent.qgq skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.AlphaStrip.v1.33.for.Adobe.Photoshop-SCOTCH\s-pas133.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.Digitalizer.v1.24.for.Adobe.Photoshop.incl.KeyGen-SCOTCH\s-apd124.zip/scotch.rar/panopticum.digitalizer.v1.24.for.photoshop.keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.Digitalizer.v1.24.for.Adobe.Photoshop.incl.KeyGen-SCOTCH\s-apd124.zip/scotch.rar Infected: Trojan-Dropper.Win32.Agent.qgq skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.Digitalizer.v1.24.for.Adobe.Photoshop.incl.KeyGen-SCOTCH\s-apd124.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH\final2.dat/hosts/hosts.exe Infected: Backdoor.Win32.Small.czo skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH\final2.dat/manager.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH\final2.dat/irc/irc.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH\final2.dat RAR: infected - 3 skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH.zip/Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH/final2.dat/hosts/hosts.exe Infected: Backdoor.Win32.Small.czo skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH.zip/Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH/final2.dat/manager.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH.zip/Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH/final2.dat/irc/irc.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH.zip/Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH/final2.dat Infected: Backdoor.Win32.Small.cvt skipped
C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrador\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Arquivos de programas\Svconr\Svconr.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.f skipped
C:\QooBox\Quarantine\C\WINDOWS\b156.exe.vir Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu312.exe.vir Infected: Trojan-Downloader.Win32.Homles.bl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gkdpdagq.dll.vir Infected: Trojan.Win32.Monder.fb skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iDlo16\iDlo162291.exe.vir Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\omxnuycm.dll.vir Infected: Trojan.Win32.Monder.jy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\psipginp.dll.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP0\A0000002.cmd Infected: Trojan.BAT.KillAV.gh skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP190\A0012145.exe Infected: Sniffer.Win32.WpePro.a skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP190\A0012146.dll Infected: Sniffer.Win32.WpePro.a skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP192\A0012483.exe/data.rar/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP192\A0012483.exe/data.rar Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP192\A0012483.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP194\A0012691.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP210\A0017347.exe/data.rar/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP210\A0017347.exe/data.rar Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP210\A0017347.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP211\A0017427.exe/data.rar/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP211\A0017427.exe/data.rar Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP211\A0017427.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP211\A0017437.exe/data.rar/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP211\A0017437.exe/data.rar Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP211\A0017437.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP229\A0021412.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP229\A0021461.dll Infected: Trojan.Win32.Monder.fc skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP230\A0021484.exe Infected: not-a-virus:AdWare.Win32.Rond.f skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP230\A0021485.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP230\A0021486.dll Infected: Trojan.Win32.Monder.fb skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP230\A0021487.dll Infected: Trojan.Win32.Monder.jy skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\A0035444.exe Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\A0035445.exe Infected: not-a-virus:AdWare.Win32.Insider.f skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\A0035446.exe Infected: Trojan-Downloader.Win32.Homles.bl skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\A0035526.exe/data0006 Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\A0035526.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\change.log Object is locked skipped
C:\systemsl2\linerage\systemlinerage\inside.dll Infected: Trojan-PSW.Win32.LdPinch.dud skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp1.exe/data.rar/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp1.exe/data.rar Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp1.exe RarSFX: infected - 2 skipped
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp2.exe/data.rar/iepv.exe Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp2.exe/data.rar Infected: not-a-virus:PSWTool.Win32.NetPass.e skipped
C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp2.exe RarSFX: infected - 2 skipped
C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe Infected: Backdoor.Win32.Small.czo skipped
C:\WINDOWS\system32\drivers\setup\irc\irc.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\WINDOWS\system32\drivers\setup\manager.exe Infected: Backdoor.Win32.Small.cvt skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Downloads\Torrent\Complete\Adobe Photoshop CS3 Plugins Collection\Adobe Photoshop CS3 Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip/SCOTCH.part1.rar/Alien.Skin.Eye.Candy.v5.1.Impact.Keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
D:\Downloads\Torrent\Complete\Adobe Photoshop CS3 Plugins Collection\Adobe Photoshop CS3 Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip/SCOTCH.part1.rar Infected: Trojan-Dropper.Win32.Agent.qgq skipped
D:\Downloads\Torrent\Complete\Adobe Photoshop CS3 Plugins Collection\Adobe Photoshop CS3 Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip ZIP: infected - 2 skipped
D:\Downloads\Torrent\Complete\MIRC.v6.2.WinALL.Incl.Keygen-ViRiLiTY.rar/mirc62.exe/stream/data0006 Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
D:\Downloads\Torrent\Complete\MIRC.v6.2.WinALL.Incl.Keygen-ViRiLiTY.rar/mirc62.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
D:\Downloads\Torrent\Complete\MIRC.v6.2.WinALL.Incl.Keygen-ViRiLiTY.rar/mirc62.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 skipped
D:\Downloads\Torrent\Complete\MIRC.v6.2.WinALL.Incl.Keygen-ViRiLiTY.rar RAR: infected - 3 skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Alien Skin Eye Candy Bundle.zip/Alien Skin Eye Candy Bundle/Eye Candy 5 Impact/kgen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Alien Skin Eye Candy Bundle.zip ZIP: infected - 1 skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Missalaniouse Plugin-ins #2 [UNTESTED].zip/Plug-in exe's/Panoticum/lenspro38bf.exe/stream/data0001 Infected: Backdoor.Win32.VB.apv skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Missalaniouse Plugin-ins #2 [UNTESTED].zip/Plug-in exe's/Panoticum/lenspro38bf.exe/stream Infected: Backdoor.Win32.VB.apv skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Missalaniouse Plugin-ins #2 [UNTESTED].zip/Plug-in exe's/Panoticum/lenspro38bf.exe Infected: Backdoor.Win32.VB.apv skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Missalaniouse Plugin-ins #2 [UNTESTED].zip/Plug-in exe's/Panoticum/Panopticum Digitizer/panopticum.digitalizer.v1.24.for.photoshop.keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Missalaniouse Plugin-ins #2 [UNTESTED].zip ZIP: infected - 4 skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Panopticum AlphaStrip V1.33.zip/Panopticum AlphaStrip V1.33 For Adobe Photoshop/KeyGen/Panopticum.AlphaStrip.v1.3x.for.Photoshop.Keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Panopticum AlphaStrip V1.33.zip ZIP: infected - 1 skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Panopticum Digitalizer V1.24.zip/Panopticum Digitalizer V1.24 For Adobe Photoshop/KeyGen/panopticum.digitalizer.v1.24.for.photoshop.keygen.exe Infected: Trojan-Dropper.Win32.Agent.qgq skipped
D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Panopticum Digitalizer V1.24.zip ZIP: infected - 1 skipped
D:\Downloads\Torrent\Complete\Smart FTP 2.5.1006.8 + Patch [SerialNagCracker]\SmartFTP.v2.5.1006.8.exe/_SFTPNSI.exe Infected: Email-Worm.Win32.VB.dd skipped
D:\Downloads\Torrent\Complete\Smart FTP 2.5.1006.8 + Patch [SerialNagCracker]\SmartFTP.v2.5.1006.8.exe RAR: infected - 1 skipped
D:\Jogos\Lineage II\systemrage\inside.dll Infected: Trojan-PSW.Win32.LdPinch.dud skipped
D:\Jogos\Valve\Steam\logs\connection_log.txt Object is locked skipped
D:\Jogos\Valve\Steam\Steam.log Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\condition zero models.gcf Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\counter-strike.gcf Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\half-life engine.gcf Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\half-life.gcf Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\platform.gcf Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\sourceinit.gcf Object is locked skipped
D:\Jogos\Valve\Steam\SteamApps\winui.gcf Object is locked skipped
D:\Share\Network\Osbaguiodomal!\Vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP208\A0017185.exe Infected: Trojan.Win32.Delf.bur skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029299.exe/data0007 Infected: Backdoor.Win32.Bifrose.epa skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029299.exe NSIS: infected - 1 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029328.exe/data0015 Infected: Trojan.Win32.Agent.lss skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029328.exe Astrum: infected - 1 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029337.exe/data0015 Infected: Trojan.Win32.Agent.lss skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029337.exe Astrum: infected - 1 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029345.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029345.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029345.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029345.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029345.exe NSIS: infected - 4 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029357.exe Infected: Trojan-Spy.Win32.Agent.dz skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029497.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029497.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029497.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029497.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP248\A0029497.exe Inno: infected - 4 skipped
D:\System Volume Information\_restore{398B156B-1514-41CD-B0C0-F3FB794EF176}\RP254\change.log Object is locked skipped
D:\System Volume Information\_restore{CB7CFC08-84B2-4738-9480-5887320BC9DD}\RP100\A0026353.scr Infected: Trojan-PSW.Win32.Delf.apb skipped
D:\System Volume Information\_restore{CB7CFC08-84B2-4738-9480-5887320BC9DD}\RP100\A0026354.inf Infected: Trojan-PSW.Win32.Delf.aky skipped

Scan process completed.


The computer is running well, not slow like before. The computer had started to running well when i've executed the CFScript. I don't know if there is a real reason or if its just on my mind...

Thanks you again, and sorry about my english again.
Bye! :D

#11 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 03 June 2008 - 12:30 AM

Hi :thumbsup:

It's quite clear where you got infected... cracks/keygens/... will always be bundled with malware/viruses.

Please copy and paste the text in the code box into Notepad (Go to Start > Run, type Notepad and hit Enter)

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
"C:\Documents and Settings\Administrador\Desktop\[4]-Submit_2008-06-01@20.09.zip"
"C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip"
"C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.AlphaStrip.v1.33.for.Adobe.Photoshop-SCOTCH\s-pas133.zip"
"C:\Documents and Settings\Administrador\Meus documentos\plugins\Adobe Photoshop Plugins Collection\Adobe Photoshop Plugins Collection\Panopticum.Digitalizer.v1.24.for.Adobe.Photoshop.incl.KeyGen-SCOTCH\s-apd124.zip"
"C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH.zip"
"C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp1.exe"
"C:\WINDOWS\system32\drivers\setup\downloader\files\pwtemp2.exe"
"C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe"
"C:\WINDOWS\system32\drivers\setup\irc\irc.exe"
"C:\WINDOWS\system32\drivers\setup\manager.exe"
"D:\Downloads\Torrent\Complete\Adobe Photoshop CS3 Plugins Collection\Adobe Photoshop CS3 Plugins Collection\Alien.Skin.Eye.Candy.v5.1.Impact.Retail.for.Adobe.Photoshop.Incl.KeyGen-SCOTCH\aseci51a.zip"
"D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Alien Skin Eye Candy Bundle.zip"
"D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Missalaniouse Plugin-ins #2 [UNTESTED].zip"
"D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Panopticum AlphaStrip V1.33.zip"
"D:\Downloads\Torrent\Complete\Photoshop Downloads (Brushes,Plugins,Renders) [Mega Collection]\Plug-ins\Panopticum Digitalizer V1.24.zip"
"D:\Downloads\Torrent\Complete\Smart FTP 2.5.1006.8 + Patch [SerialNagCracker]\SmartFTP.v2.5.1006.8.exe"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"C:\Documents and Settings\Administrador\Meus documentos\plugins\Digital.Film.Tools.Ozone.v2.5.for.Adobe.Photoshop-SCOTCH"
"%systemdrive%\VundoFix Backups"
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
nircmd wait 7000
del %0

Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)

Double-click on Fix.bat to run the file.

If it produces a log, please post it back here. If it doesn't, restart your computer and let me know whether any problems remain.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#12 Bernardo amorim

Bernardo amorim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 June 2008 - 10:57 AM

Hello, it has generated a log:

C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe
C:\WINDOWS\system32\drivers\setup\irc\irc.exe
C:\WINDOWS\system32\drivers\setup\manager.exe


It's just that.

Thanks you again!
And i'll stop downloading KeyGen/Cracks.

Now i see where i get infected!

Bye! ^^

#13 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 03 June 2008 - 11:35 AM

Hi :thumbsup:

OK, those files are being stubborn... Please do the following -

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/147101/droppergenerictht-mrofinu312exe/

Collect::

C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe
C:\WINDOWS\system32\drivers\setup\irc\irc.exe
C:\WINDOWS\system32\drivers\setup\manager.exe

Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
    A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
Post the Combofix log (C:\Combofix.txt) in your next reply.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#14 Bernardo amorim

Bernardo amorim
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 06 June 2008 - 11:48 PM

Hi there, sorry by making you wait.


ComboFix 08-05-29.1 - Administrador 2008-06-07 1:23:14.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.958 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Desktop\CFScript.txt
* Criado um novo ponto de restauro
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\setup\hosts\hosts.exe
C:\WINDOWS\system32\drivers\setup\irc\irc.exe
C:\WINDOWS\system32\drivers\setup\manager.exe

.
((((((((((((((((((((((( Ficheiros criados de 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))
.

2008-06-06 16:31 . 2008-06-06 16:31 <DIR> d--h----- C:\WINDOWS\PIF
2008-06-02 04:15 . 2008-06-02 04:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-02 04:15 . 2008-06-02 04:15 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-02 04:15 . 2008-06-02 04:15 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab
2008-06-02 04:14 . 2008-06-02 04:14 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion
2008-06-01 20:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 20:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 19:52 . 2008-06-01 19:52 <DIR> d-------- C:\Arquivos de programas\Sun
2008-06-01 19:52 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-01 19:04 . 2008-06-01 19:52 <DIR> d-------- C:\Arquivos de programas\Java
2008-06-01 19:04 . 2008-06-01 19:04 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java
2008-06-01 14:08 . 2008-06-01 14:08 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\TeamViewer
2008-06-01 02:02 . 2008-06-01 02:02 <DIR> d-------- C:\Arquivos de programas\Yahoo!
2008-06-01 02:02 . 2008-06-01 02:02 <DIR> d-------- C:\Arquivos de programas\CCleaner
2008-05-30 14:31 . 2008-05-30 17:06 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\TeamViewer
2008-05-30 14:30 . 2008-05-30 14:31 <DIR> d-------- C:\Arquivos de programas\TeamViewer3
2008-05-30 14:29 . 2008-05-30 14:29 <DIR> d-------- C:\Documents and Settings\Administrador\temp
2008-05-30 00:57 . 2008-05-30 00:57 <DIR> d-------- C:\Arquivos de programas\EVE Interactive
2008-05-30 00:56 . 2008-05-30 00:56 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard
2008-05-29 19:57 . 2008-05-29 19:57 <DIR> d-------- C:\Arquivos de programas\Pando Networks
2008-05-26 02:38 . 2008-05-26 02:38 244 --ah----- C:\sqmnoopt04.sqm
2008-05-26 02:38 . 2008-05-26 02:38 232 --ah----- C:\sqmdata04.sqm
2008-05-23 13:09 . 2008-05-23 13:09 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MozillaControl
2008-05-23 13:09 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-23 13:05 . 2008-05-23 13:20 <DIR> d-------- C:\systemsl2
2008-05-22 01:24 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-22 01:24 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-22 01:17 . 2008-05-22 01:17 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraþ§es locais
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraþ§es locais
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraþ§es locais
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraþ§es locais
2008-05-15 20:52 . 2008-05-15 20:52 <DIR> d-------- C:\Arquivos de programas\Altia
2008-05-15 20:49 . 2008-05-15 20:49 <DIR> d-------- C:\Arquivos de programas\Albatross
2008-05-15 20:39 . 2008-05-15 20:48 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Filter Forge
2008-05-15 20:38 . 2008-05-15 20:38 <DIR> d-------- C:\Arquivos de programas\Filter Forge
2008-05-15 20:38 . 2006-11-10 19:41 1,030,144 --a------ C:\WINDOWS\system32\dbghelp-xfw.dll
2008-05-15 20:32 . 2008-05-15 20:32 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\onOne Software
2008-05-15 20:12 . 2008-06-01 15:42 <DIR> d-------- C:\Temp
2008-05-15 20:08 . 2008-05-15 20:12 <DIR> d-------- C:\Arquivos de programas\onOne Software
2008-05-15 20:08 . 2008-05-15 20:08 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\onOne Software Shared
2008-05-15 20:08 . 2005-08-21 15:57 227,840 --a------ C:\WINDOWS\system32\Deco_32.dll
2008-05-15 19:41 . 2008-05-15 19:41 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Digital Film Tools
2008-05-15 19:39 . 2008-05-15 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Digital Film Tools
2008-05-15 19:36 . 2008-05-15 19:36 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Imagenomic
2008-05-15 19:18 . 2008-05-15 19:18 <DIR> d-------- C:\Alien Skin
2008-05-15 19:03 . 2008-05-15 19:34 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Alien Skin
2008-05-15 19:02 . 2008-05-15 19:02 <DIR> d-------- C:\Arquivos de programas\Alien Skin
2008-05-15 17:53 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2008-05-15 17:53 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2008-05-15 17:53 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2008-05-15 17:53 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2008-05-15 02:16 . 2008-05-15 02:07 33,513 --a------ C:\Harold.and.Kumar.Escape.From.Guantanamo.Bay.TS.XviD-THS [mininova].torrent
2008-05-15 02:13 . 2008-05-15 05:52 90,564 --a------ C:\Harold.and.Kumar.Escape.From.Guantanamo.Bay.TS.XviD-THS.srt
2008-05-14 23:29 . 2008-05-15 00:24 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\MySQL
2008-05-14 23:28 . 2008-05-14 23:28 <DIR> d-------- C:\Arquivos de programas\MySQL
2008-05-14 23:08 . 2008-05-14 23:08 679 --a------ C:\conf_global.php
2008-05-14 20:56 . 2008-05-14 20:56 <DIR> d-------- C:\Arquivos de programas\HP
2008-05-14 20:55 . 2008-05-14 20:55 <DIR> d-------- C:\Arquivos de programas\Hewlett-Packard
2008-05-14 20:53 . 2008-05-14 20:59 232,576 --a------ C:\WINDOWS\hpdj3500.his
2008-05-14 20:53 . 2008-05-14 20:59 10,771 --a------ C:\WINDOWS\hpdj3500.ini
2008-05-14 20:51 . 2005-09-19 16:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 04:21 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
2008-06-07 04:03 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\mIRC
2008-06-07 03:29 --------- d-----w C:\Arquivos de programas\mIRC
2008-06-06 21:26 --------- d-----w C:\Arquivos de programas\Brazukas
2008-06-05 04:11 --------- d-----w C:\Arquivos de programas\AVI ReComp
2008-06-01 23:21 --------- d-----w C:\Arquivos de programas\Malwarebytes' Anti-Malware
2008-06-01 18:42 --------- d-----w C:\Arquivos de programas\Microsoft Silverlight
2008-06-01 18:01 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Vso
2008-06-01 13:49 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Skype
2008-06-01 13:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM
2008-05-31 21:03 3,532 ----a-w C:\drmHeader.bin
2008-05-31 14:31 --------- d-----w C:\Arquivos de programas\Minilyrics
2008-05-31 04:43 --------- d-----w C:\Arquivos de programas\uTorrent
2008-05-23 16:09 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information
2008-05-16 01:09 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2
2008-05-15 22:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield
2008-05-15 20:53 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\FLEXnet
2008-05-14 06:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help
2008-05-13 02:37 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2008-05-10 05:27 --------- d-----w C:\Arquivos de programas\StepMania
2008-05-06 04:18 --------- d-----w C:\Arquivos de programas\PartyGaming
2008-05-05 00:38 --------- d---a-w C:\Arquivos de programas\3D Converter
2008-05-05 00:38 --------- d-----w C:\Arquivos de programas\GCFScape
2008-04-26 10:31 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic
2008-04-24 09:13 1,460 ----a-w C:\WINDOWS\Fonts\tempcod.txt
2008-04-24 08:58 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
2008-04-24 08:58 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes
2008-04-23 05:25 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\fretsonfire
2008-04-23 05:17 --------- d-----w C:\Arquivos de programas\Frets on Fire
2008-04-22 23:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
2008-04-22 23:55 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk
2008-04-16 18:17 --------- d-----w C:\Arquivos de programas\Tibia
2008-04-13 06:53 --------- d-----w C:\Arquivos de programas\Absolute Video to Audio Converter
2008-04-10 20:07 --------- d-----w C:\Arquivos de programas\Dziobas Rar Player
2008-04-05 03:11 208,717 ----a-w C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe
2008-03-27 15:24 165,284 ----a-w C:\WINDOWS\PowerHEX Uninstaller.exe
2008-03-27 13:56 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 621,344 ------w C:\WINDOWS\system32\DllCache\mswstr10.dll
2008-03-25 04:49 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:49 183,072 ------w C:\WINDOWS\system32\DllCache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\DllCache\win32k.sys
2008-03-16 17:35 551 ---ha-w C:\os790985.bin
2008-03-14 16:30 47,360 ----a-w C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:45 15360]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [ ]
"ISUSScheduler"="C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40 86960]
"Pando"="C:\Arquivos de programas\Pando Networks\Pando\Pando.exe" [2008-05-28 18:50 6210888]
"AdobeUpdater"="C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"PWRISOVM.EXE"="C:\Arquivos de programas\PowerISO\PWRISOVM.EXE" [2008-01-20 04:05 217088]
"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"Acrobat Assistant 8.0"="C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"RoxWatchTray"="C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52 240112]
"DMXLauncher"="C:\Arquivos de programas\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]
"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [ ]
"WinampAgent"="C:\Arquivos de programas\Winamp\winampa.exe" [2008-01-15 19:54 37376]
"WatchDog"="C:\Arquivos de programas\mobile PhoneTools\WatchDog.exe" [2004-08-14 04:42 36864]
"FirefoxUltimateOptimizer"="C:\Documents and Settings\Administrador\Meus documentos\Meus vídeos\Firefox Ultimate Optimizer.exe" [2007-11-08 19:12 114688]
"HP Software Update"="C:\Arquivos de programas\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 08:42 176128]
"DeviceDiscovery"="C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37 229437]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 21:45 15360]
"MsnMsgr"="C:\Arquivos de programas\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:34 44544]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\counter-strike\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\Steam.exe"=
"D:\\VertrigoServ\\Mysql\\bin\\v_mysqld.exe"=
"D:\\VertrigoServ\\Apache\\bin\\v_apache.exe"=
"C:\\Arquivos de programas\\Winamp\\winamp.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\MSN Messenger\\livecall.exe"=
"D:\\Jogos\\Counter-Strike Source\\hl2.exe"=
"C:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=
"D:\\Jogos\\Counter-Strike Server\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\dedicated server\\hltv.exe"=
"D:\\Jogos\\Valve\\CS-No-Steam\\hlds.exe"=
"C:\\Arquivos de programas\\mIRC\\mirc.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\brunodana\\counter-strike\\hl.exe"=
"D:\\Jogos\\Battlefield Vietnam\\BfVietnam.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\day of defeat\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\team fortress classic\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\half-life\\hl.exe"=
"D:\\Jogos\\Valve\\Steam\\SteamApps\\bamorim2\\opposing force\\hl.exe"=
"D:\\Jogos\\LevelUpGames\\Grand Chase\\main.exe"=
"D:\\Jogos\\Valve\\CS-No-Steam\\hl.exe"=
"C:\\Arquivos de programas\\Pando Networks\\Pando\\pando.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"57998:TCP"= 57998:TCP:Pando P2P TCP Listening Port
"57998:UDP"= 57998:UDP:Pando P2P UDP Listening Port

R2 TeamViewer;TeamViewer 3;"C:\Arquivos de programas\TeamViewer3\TeamViewer_Host.exe" -service []
R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 06:12]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe []
S3 dump_wmimmc;dump_wmimmc;D:\Jogos\Lineage II\system\GameGuard\dump_wmimmc.sys []
S3 npkycryp;npkycryp;D:\Jogos\Lineage II\system\npkycryp.sys []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Arquivos de programas\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 01:25:37
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

**************************************************************************
.
Tempo para conclusão: 2008-06-07 1:28:28
ComboFix-quarantined-files.txt 2008-06-07 04:28:25

Pre-Run: 127,336,091,648 bytes disponíveis
Post-Run: 127,343,828,992 bytes disponíveis

242 --- E O F --- 2008-06-01 18:42:40




The message: Your file was successfully submitted. Please let the user helping you know that you have submitted the file. Appeared


Thanks you.

#15 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:25 AM

Posted 07 June 2008 - 03:54 AM

Hi :thumbsup:

Open HijackThis, perform a scan and put a check next to the following items (if present):

O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"


Close all programs except HijackThis and click on Fix checked.

Looking good for the rest. Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:

Click Start then Run....
  • Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)

    Posted Image

  • This will uninstall Combofix.
Use an Anti-Virus Program - It is very important that your computer has an anti-virus program running on your machine. This alone can save you a lot of trouble with malware in the future.

Here are a few (free) anti-virus programs, please download and install one of them:
Update your Anti-Virus Software - It is very important that you update your anti-virus software at least once a week (even more if you wish). If you do not update your anti-virus software then it will not be able to catch any of the new variants that will come out.

Make your Internet Explorer More Secure

Please read and follow the recommendations at this site - http://surfthenetsafely.com/ieseczone8.htm

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install WinPatrol - An excellent startup manager, notifies you if programs are added to startup, allows delayed startup, ... A must have! An installation guide can be found here: http://www.winpatrol.com/download.html

Install Spybot - Search and Destroy - You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here (do not install TeaTimer): http://www.bleepingcomputer.com/tutorials/using-spybot-to-remove-spyware/

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here: http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Install IE-Spyad - IE-Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here: http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD

Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.

You can also read this excellent article by TonyKlein: So how did I get infected in the first place?

Follow this list and your potential for being infected again will reduce dramatically.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users