Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 orochi1082

orochi1082

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 03 February 2009 - 10:19 PM

My sister downloaded a fake movie that asked to install something in the pc. Since then, I can't access C: nor D: without right clicking and selecting explore. When I try to double click C: I get this message(this might be somewhat off because my windows is not in english) "Windows couldn't find 'RECYCLER\S-6-4-16-100001669-100007579-1719.com'. Make sure you typed the name correctly and try again. To search for a file, click start then search'."
I'm also unable to use streaming sites such as youtube, it says the loading is "done" but nothing appears. AVG and Ad-aware didn't find anything, then most people told me AVG sucks so I installed Avira antivir premium. It found a few infections but didn't fix my problem. After that, I tried spybot search and destroy but I can't run it, probably due to the infection. Then someone told me to post a hijackthis! log in this forum
This is my log, thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:38:17, on 04/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe
C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
C:\Arquivos de programas\AIM6\aim6.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\DNA\btdna.exe
C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
C:\Arquivos de programas\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Pidgin\pidgin.exe
D:\mIRC\mirc.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
D:\mIRC\Nova pasta\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Arquivos de programas\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aim6] "C:\Arquivos de programas\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ProxyWay] C:\Arquivos de programas\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216107200531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\MapleStory\npkcmsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe

--
End of file - 11580 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 14 February 2009 - 07:26 PM

Hello, orochi1082
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 15 February 2009 - 10:38 PM

Hello Billy,
Thanks for the welcome and sorry for the delay to reply but I did not receive an email even though it says I'm tracking this thread. Should I post somewhere about it?
I got a few doubts about a few points
When you say "refrain from making any changes to your computer." does it mean no installing anything new, or absolutely changes at all including MSN/other messengers logs and downloads?
My GMER didn't have a save button, so I copy pasted in notepad. Did I get the wrong version?
Also, I forgot to put windows firewall back up, I turned it back off because it messes up my download rate, should I turn the firewall back on and re-do the scans, should I keep the firewall off or what? If the logs are still valid after my mess-up, they are as follow:

OTListIt logfile created on: 16/02/2009 00:06:29 - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = D:\mIRC\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,17% Memory free
3,72 Gb Paging File | 2,83 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 51,39 Gb Total Space | 4,65 Gb Free Space | 9,04% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 2,70 Gb Free Space | 2,77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

[2009/01/28 02:08:21 | 00,942,416 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe
[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe
[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe
[2008/05/09 12:22:43 | 00,041,217 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe
[2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2008/11/25 16:41:50 | 00,088,024 | ---- | M] () -- C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe
[2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe
[2008/12/17 03:48:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe
[2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/04/15 17:59:38 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
[2008/12/17 17:24:30 | 00,088,728 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcmsvc.exe
[2007/05/21 10:50:56 | 00,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
[2006/10/30 19:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/08/08 01:54:00 | 00,167,936 | ---- | M] () -- C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
[2007/01/04 18:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe
[2008/07/11 11:23:26 | 00,164,097 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe
[2008/06/12 13:59:51 | 00,258,305 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
[2007/05/21 10:51:10 | 00,135,233 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
[2001/10/28 09:07:34 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2008/04/13 19:21:26 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/04/13 19:21:26 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/04/13 19:21:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/07/05 05:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2006/07/11 23:26:58 | 00,237,568 | R--- | M] () -- C:\WINDOWS\system32\CmUCREye.exe
[2008/12/17 03:48:12 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe
[2009/01/28 02:08:23 | 00,507,224 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe
[2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe
[2008/07/17 09:20:34 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe
[2008/04/13 19:21:12 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Messenger\msmsgs.exe
[2009/02/03 02:41:29 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe
[2002/10/16 20:20:20 | 00,073,728 | ---- | M] () -- C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe
[2007/08/29 11:12:10 | 00,606,208 | ---- | M] () -- C:\Arquivos de programas\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe
[2008/05/21 15:23:52 | 02,797,568 | ---- | M] (mIRC Co. Ltd.) -- D:\mIRC\mirc.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/04/22 04:43:46 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe
[2008/07/01 22:46:04 | 00,061,076 | ---- | M] (The Pidgin developer community) -- C:\Arquivos de programas\Pidgin\pidgin.exe
[2007/05/11 03:06:38 | 00,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe
[2008/08/06 12:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Arquivos de programas\AIM6\aim6.exe
[2007/10/08 18:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Arquivos de programas\AIM6\aolsoftware.exe
[2009/02/13 19:44:06 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/02/16 00:04:39 | 00,419,328 | ---- | M] (OldTimer Tools) -- D:\mIRC\downloads\OTListIt2.exe

========== (O23) Win32 Services (SafeList) ==========

[2008/07/11 11:23:26 | 00,164,097 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService [Auto | Running])
[2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService [Auto | Running])
[2008/06/12 13:59:51 | 00,258,305 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe -- (antivirwebservice [Auto | Running])
[2007/03/19 22:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Arquivos de programas\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/12 10:31:20 | 00,085,096 | ---- | M] (Autodesk) -- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
[2008/05/09 12:22:43 | 00,041,217 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface [Auto | Running])
[2008/10/13 02:46:18 | 00,138,168 | ---- | M] (Google) -- C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2008/04/13 19:20:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc [Auto | Running])
[2008/11/25 16:41:50 | 00,088,024 | ---- | M] () -- C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService [Auto | Running])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/05/15 15:55:46 | 01,550,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
[2008/12/17 03:48:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/01/28 02:08:21 | 00,942,416 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/04/13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/05/08 19:47:22 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2008/04/15 17:59:38 | 00,071,096 | ---- | M] () -- C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
[2008/12/17 17:24:30 | 00,088,728 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcmsvc.exe -- (npkcmsvc [Auto | Running])
[2007/05/21 10:51:10 | 00,135,233 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
[2007/05/21 10:50:56 | 00,065,605 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
[2006/10/30 19:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/08/08 01:54:00 | 00,167,936 | ---- | M] () -- C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/01/04 18:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Arquivos de programas\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/11/02 23:31:44 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

[2008/08/13 12:03:38 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2006/07/01 23:12:36 | 00,043,520 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2006/10/18 16:12:16 | 00,012,664 | R--- | M] () -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO [System | Running])
[2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio [System | Running])
[2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2007/01/05 06:21:06 | 00,093,056 | R--- | M] (C-Media Corporation) -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR [On_Demand | Running])
[2008/10/10 19:26:29 | 00,016,224 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])
[2008/04/13 09:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/05/15 15:55:36 | 00,118,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
[2007/05/15 15:55:36 | 00,037,040 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [System | Running])
[2007/05/15 15:55:36 | 00,038,576 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [System | Running])
[2007/07/09 22:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2009/01/28 02:08:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd [Boot | Running])
[2004/08/11 13:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2008/12/17 17:25:35 | 00,054,888 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Nexon\MapleStory\npkcrypt.sys -- (npkcrypt [Auto | Running])
[2006/10/30 19:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/10/17 21:31:38 | 00,105,472 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata [Boot | Running])
[2007/05/20 23:43:08 | 00,046,080 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2007/05/20 23:43:12 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2001/10/28 09:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/04 20:40:22 | 00,215,040 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B [On_Demand | Stopped])
[2008/04/13 09:39:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2008/07/19 03:17:07 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2006/10/01 15:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Stopped])
[2008/01/23 18:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn [On_Demand | Running])
[2001/10/28 09:07:48 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-1409082233-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-1409082233-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =
HKU\S-1-5-21-1409082233-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-1409082233-630328440-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKU\S-1-5-21-1409082233-630328440-839522115-1003\S-1-5-21-1409082233-630328440-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Arquivos de programas\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1409082233-630328440-839522115-1003\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Arquivos de programas\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1409082233-630328440-839522115-1003\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Arquivos de programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKCU..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [ProxyWay] C:\Arquivos de programas\ProxyWay\proxyway.exe File not found
O4 - HKU\S-1-5-21-1409082233-630328440-839522115-1003..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-1409082233-630328440-839522115-1003..\Run: [BitTorrent DNA] "C:\Arquivos de programas\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1409082233-630328440-839522115-1003..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-1409082233-630328440-839522115-1003..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-1409082233-630328440-839522115-1003..\Run: [ProxyWay] C:\Arquivos de programas\ProxyWay\proxyway.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Image Transfer.lnk = C:\Arquivos de programas\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Wireless Configuration Utility HW.14.lnk = C:\Arquivos de programas\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1216107200531 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Arquivos de programas\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AutoCAD-2008-keygen.exe [MZ | ]
[2007/03/03 20:58:58 | 00,094,208 | ---- | M] () -- C:\AutoCAD-2008-keygen.exe -- [ NTFS ]

AUTOEXEC.BAT []
[2008/07/15 04:07:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf [[autorun] | ;dkimuwimdqchcixqsuiyulvhqjlzlcdioisdmvtnceaupeshajrjvpzragbrwryuyxcmwvnepxgmvvvbq | shellexecute="RECYCLER\S-9-1-99-100008017-100013294-100009753-2863.com c:\" | ;udwaovbtbmrffoxlgqufzcyhmmehyameydbxnnwmlchdldzjhnmpkgofjjqxoushwakqtxrgokm | shell\Open\command="RECYCLER\S-9-1-99-100008017-100013294-100009753-2863.com c:\" | ;xaaetybnhhiikxnndfyvpjuoaveoolgtcuoeperkzeycaldzobejqmbhpuymibhbmyztvarrkpnjmcsbkiikcrihjiuq | shell=Open | ]
[2009/02/16 00:05:57 | 00,000,440 | RHS- | M] () -- C:\autorun.inf -- [ NTFS ]

autorun.inf [[autorun] | ;jhiyaezccyjrwtjzemabntlgqebjnsflgfnbybcnyiqmsivwdivcxvsspfpqrvvscxomhttggzikehpnsisjroxdizpqxxmyw | shellexecute="RECYCLER\S-9-1-99-100008017-100013294-100009753-2863.com d:\" | ;hwyhrukbppgedhlstpl | shell\Open\command="RECYCLER\S-9-1-99-100008017-100013294-100009753-2863.com d:\" | ;eovlwkwkxyygkannkroitajzmigusulzbckgqyrkadjizrzneynxuygeswb | shell=Open | ]
[2009/02/16 00:05:57 | 00,000,367 | RHS- | M] () -- D:\autorun.inf -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1629cb-5221-11dd-859a-806d6172696f}\Shell]
"" = Autorun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1629cb-5221-11dd-859a-806d6172696f}\Shell\Open\command]
"" = D:\RECYCLER\S-4-9-64-100002824-100006214-100013701-6929.com -- [2009/01/27 14:59:58 | 00,065,536 | RHS- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1629cd-5221-11dd-859a-806d6172696f}\Shell]
"" = Autorun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b1629cd-5221-11dd-859a-806d6172696f}\Shell\Open\command]
"" = C:\RECYCLER\S-4-9-64-100002824-100006214-100013701-6929.com -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{978e41d6-9f34-11dd-959f-001fc66990e0}\Shell]
"" = Autorun



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{978e41d6-9f34-11dd-959f-001fc66990e0}\Shell\Open\command]
"" = RECYCLER\S-8-9-46-100025530-100027445-100003924-8182.com l:\

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/02/16 00:05:06 | 00,490,698 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\gmer.zip
[2009/02/15 18:46:58 | 00,000,000 | ---D | C] -- C:\mIRC
[2009/02/10 16:58:17 | 00,739,197 | ---- | C] () -- C:\DSC00900.JPG
[2009/02/03 22:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dados de aplicativos\Malwarebytes
[2009/02/03 22:57:28 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/03 22:57:28 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/03 22:57:26 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/03 22:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/02/03 22:57:25 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/02/03 16:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dados de aplicativos\Avira
[2009/02/03 11:12:36 | 00,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Premium.lnk
[2009/02/03 11:12:32 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/02/03 11:12:32 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/02/03 11:12:31 | 00,094,465 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\avsda.dll
[2009/02/03 11:12:31 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/02/03 11:12:30 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/02/03 11:12:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
[2009/02/03 11:12:21 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avira
[2009/02/03 10:46:50 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/02/03 10:42:22 | 00,001,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fiesta.lnk
[2009/02/03 10:42:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Outspark
[2009/02/03 02:41:31 | 99,067,6088 | ---- | C] (Acresso Software Inc.) -- C:\Documents and Settings\admin\Desktop\Fiesta-01_234_0000.exe
[2009/02/03 02:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dados de aplicativos\DNA
[2009/02/03 02:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Configurações locais\Dados de aplicativos\DNA
[2009/02/03 02:41:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DNA
[2009/02/02 22:32:16 | 00,000,996 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2009/01/31 20:47:33 | 00,000,440 | RHS- | C] () -- C:\autorun.inf
[2009/01/28 23:49:48 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/01/28 02:08:55 | 00,000,504 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/01/28 02:08:49 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/01/28 01:57:26 | 00,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/28 01:57:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/01/28 01:57:17 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Lavasoft
[2009/01/27 18:42:43 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/01/27 17:19:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\SWF Studio
[2009/01/27 00:07:17 | 00,057,316 | ---- | C] () -- C:\Documents and Settings\admin\Meus documentos\afk dom n doll x_x.jpg
[2009/01/26 03:17:48 | 33,554,432 | ---- | C] () -- C:\560 - Cooking Mama (U)(Psyfer).nds
[2009/01/25 16:48:05 | 00,000,000 | ---D | C] -- C:\nogba
[2009/01/25 05:14:21 | 00,000,000 | ---D | C] -- C:\[Shanghai Alice] Touhou 01-9.5
[2009/01/22 16:08:57 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/01/21 03:03:14 | 03,116,272 | ---- | C] () -- C:\Documents and Settings\admin\Meus documentos\me in a shortskirt-which like..never happns-lol.wmv
[2009/01/19 03:59:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\SaHa
[2009/01/17 01:50:30 | 00,561,152 | ---- | C] (SoftTech InterCorp) -- C:\WINDOWS\System32\AltST.dll
[2009/01/17 01:50:30 | 00,372,736 | ---- | C] (SoftTech InterCorp Corporation, http://www.stintercorp.com/) -- C:\WINDOWS\System32\ShellExtension.dll
[2009/01/17 01:50:30 | 00,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2009/01/17 01:50:30 | 00,057,344 | ---- | C] (SoftTech InterCorp) -- C:\WINDOWS\System32\sticversion.exe
[2009/01/17 01:50:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Batch Rename .EXE
[2009/01/17 01:50:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\SoftTech InterCorp
[2009/01/17 00:18:29 | 47,776,466 | ---- | C] () -- C:\Skill.wz

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/02/16 00:05:57 | 00,000,440 | RHS- | M] () -- C:\autorun.inf
[2009/02/16 00:05:06 | 00,490,698 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\gmer.zip
[2009/02/14 14:54:29 | 00,000,623 | ---- | M] () -- C:\Documents and Settings\admin\Meus documentos\Minhas Pastas de Compartilhamento.lnk
[2009/02/14 14:47:54 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/02/14 14:47:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/14 14:47:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/14 12:43:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/02/14 12:43:58 | 00,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/14 12:32:23 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/12 18:07:56 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/11 14:46:21 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/02/11 04:14:40 | 00,739,197 | ---- | M] () -- C:\DSC00900.JPG
[2009/02/11 02:08:03 | 00,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/04 02:20:39 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\admin\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/03 22:57:28 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/03 11:12:36 | 00,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Premium.lnk
[2009/02/03 10:42:22 | 00,001,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fiesta.lnk
[2009/02/03 05:31:22 | 99,067,6088 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\admin\Desktop\Fiesta-01_234_0000.exe
[2009/02/02 22:32:16 | 00,000,996 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Spybot - Search & Destroy.lnk
[2009/02/02 21:39:16 | 02,640,920 | -H-- | M] () -- C:\Documents and Settings\admin\Configurações locais\Dados de aplicativos\IconCache.db
[2009/01/28 21:07:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/01/28 21:07:15 | 00,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/01/28 02:08:44 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/01/28 02:08:30 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/01/28 01:57:26 | 00,000,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/27 00:07:37 | 00,057,316 | ---- | M] () -- C:\Documents and Settings\admin\Meus documentos\afk dom n doll x_x.jpg
[2009/01/25 18:41:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/01/25 18:41:50 | 00,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/01/22 16:08:57 | 00,230,752 | ---- | M] () -- C:\WINDOWS\patchw32.dll
[2009/01/21 03:25:29 | 03,116,272 | ---- | M] () -- C:\Documents and Settings\admin\Meus documentos\me in a shortskirt-which like..never happns-lol.wmv
[2009/01/19 03:29:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/01/19 03:29:57 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
< End of report >

OTListIt Extras logfile created on: 16/02/2009 00:06:29 - Run
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = D:\mIRC\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,17% Memory free
3,72 Gb Paging File | 2,83 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 51,39 Gb Total Space | 4,65 Gb Free Space | 9,04% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 2,70 Gb Free Space | 2,77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XP-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/05/15 09:53:12 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:34 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/05/21 15:23:52 | 02,797,568 | ---- | M] (mIRC Co. Ltd.) -- D:\mIRC\mirc.exe:*:Enabled:mIRC
[2008/04/13 19:20:58 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/13 19:21:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Executa uma DLL como um aplicativo
[2009/02/13 19:44:06 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game
[2008/01/10 17:23:42 | 01,220,608 | ---- | M] (Blizzard Entertainment) -- C:\Arquivos de programas\Starcraft\StarCraft.exe:*:Enabled:Starcraft
[2006/11/23 09:45:34 | 02,076,672 | ---- | M] (mIRC Co. Ltd.) -- C:\sysreset\mirc.exe:*:Enabled:mIRC
[2008/08/01 20:31:21 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Arquivos de programas\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III
[2008/05/19 22:06:05 | 00,868,352 | ---- | M] (NHN USA inc.) -- C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>
[2008/08/09 16:15:13 | 01,359,872 | ---- | M] (Softnyx) -- C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound
[2008/08/21 12:45:42 | 00,888,832 | ---- | M] (Ares Development Group) -- C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows
[2008/08/01 14:41:24 | 05,480,448 | ---- | M] (http://www.emule-project.net) -- C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule
[2008/09/17 15:01:54 | 01,707,208 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2008/03/18 15:34:14 | 00,356,352 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
[2006/11/03 04:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Arquivos de programas\Arquivos comuns\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 12:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Arquivos de programas\AIM6\aim6.exe:*:Enabled:AIM
[2009/02/03 02:41:29 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37FD253D-5064-4034-8CEC-CC3995F823A4}" = Windows Live Messenger
"{41340E1A-6849-4A27-A9A5-AA37300C76FE}" = Fiesta
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003
"{94C65B81-1CCE-3D93-95B5-853B1A3DA539}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTB
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}" = Nero 7 Essentials
"{AA6E423F-CBDF-3608-AC30-0CF08D7C9A07}" = Microsoft .NET Framework 3.5 Language Pack - ptb
"{AC76BA86-7AD7-1046-7B44-A81300000003}" = Adobe Reader 8.1.3 - Português
"{ACB62D99-B189-4CB3-A2CD-BB50B573FD21}" = Fiesta
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5560986-7A6A-4CCA-A808-853D2CED3796}" = Outspark Sharp Launcher
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}" = Opera 9.60
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{EDA9F30A-8B65-3E6F-B353-CCA1C9241471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTB
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless USB 2.0 Adapter HW.14
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FF493A32-7886-4C6B-8EDD-9387670E4F93}" = MapleStory
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM_6" = AIM 6
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Ares" = Ares 2.0.9
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Batch Rename .EXE_is1" = Batch Rename .EXE 1.0.0.59
"BCAB34F3D0437A511B21EE29B337548D35996EB3" = Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"BulletProof FTP_is1" = BulletProof FTP
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"eMule" = eMule
"Grand Chase" = Grand Chase
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"Gunbound Revolution_is1" = Gunbound Revolution
"Hamachi" = Hamachi 1.0.1.2
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.10
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}" = 802.11g Wireless USB 2.0 Adapter HW.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - ptb" = Microsoft .NET Framework 3.5 Language Pack - ptb
"mIRC" = mIRC
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MV RegClean 5.5_is1" = MV RegClean 5.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Pidgin" = Pidgin
"POD-Bot 2.5" = POD-Bot 2.5
"SopCast" = SopCast 3.0.3
"Starcraft" = Starcraft
"Trickster Online" = Trickster Online
"TVAnts 1.0" = TVAnts 1.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = Arquivo do WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"ijji.com" = ijji
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-630328440-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"ijji.com" = ijji
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/01/2009 04:48:28 | Computer Name = XP-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha mplayerc.exe, versão 6.4.9.0, módulo com falha
mplayerc.exe, versão 6.4.9.0, endereço com falha 0x002b8b88.

Error - 28/01/2009 01:07:00 | Computer Name = XP-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 31/01/2009 20:51:30 | Computer Name = XP-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha avgwdsvc.exe, versão 8.0.0.145, módulo com falha
msvcr80.dll, versão 8.0.50727.1433, endereço com falha 0x000174a0.

Error - 01/02/2009 01:37:16 | Computer Name = XP-PC | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16674, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 01/02/2009 01:44:31 | Computer Name = XP-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha avgwdsvc.exe, versão 8.0.0.145, módulo com falha
msvcr80.dll, versão 8.0.50727.1433, endereço com falha 0x0001500a.

Error - 02/02/2009 21:43:12 | Computer Name = XP-PC | Source = Application Hang | ID = 1002
Description = Aplicativo com falha iexplore.exe, versão 7.0.6000.16674, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 02/02/2009 21:46:38 | Computer Name = XP-PC | Source = Application Hang | ID = 1002
Description = Aplicativo com falha firefox.exe, versão 1.9.0.3105, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 02/02/2009 21:48:47 | Computer Name = XP-PC | Source = Application Hang | ID = 1002
Description = Aplicativo com falha firefox.exe, versão 1.9.0.3105, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 13/02/2009 23:04:04 | Computer Name = XP-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha mplayerc.exe, versão 6.4.9.0, módulo com falha
mplayerc.exe, versão 6.4.9.0, endereço com falha 0x00095fab.

Error - 13/02/2009 23:04:08 | Computer Name = XP-PC | Source = Application Error | ID = 1000
Description = Aplicativo com falha mplayerc.exe, versão 6.4.9.0, módulo com falha
mplayerc.exe, versão 6.4.9.0, endereço com falha 0x00095fab.

[ System Events ]
Error - 14/02/2009 13:54:55 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 14/02/2009 17:12:40 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 14/02/2009 20:01:03 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 15/02/2009 00:26:52 | Computer Name = XP-PC | Source = Windows Update Agent | ID = 16
Description = Não é Possível Conectar: o Windows não pode se conectar ao serviço
de atualizações automáticas e, portanto, não consegue baixar e instalar as atualizações
de acordo com a agenda estabelecida. O Windows continuará tentando estabelecer
uma conexão.

Error - 15/02/2009 02:06:12 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 15/02/2009 03:12:36 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 15/02/2009 04:24:39 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 15/02/2009 06:00:39 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 15/02/2009 07:00:43 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.

Error - 15/02/2009 08:12:40 | Computer Name = XP-PC | Source = MRxSmb | ID = 8003
Description = O localizador mestre recebeu uma notificação de servidor do computador
MARIO-PC que acredita ser o localizador mestre do domínio no transporte NetBT_Tcpip_{73228980-9A2A-4DF2-.
O
localizador mestre está parando ou está sendo forçada uma eleição.


< End of report >

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-02-16 00:27:43
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.12 ----

SSDT Lbd.sys ZwCreateKey
SSDT BAFB86E4 ZwCreateThread
SSDT spkx.sys ZwEnumerateKey
SSDT spkx.sys ZwEnumerateValueKey
SSDT spkx.sys ZwOpenKey
SSDT BAFB86D0 ZwOpenProcess
SSDT BAFB86D5 ZwOpenThread
SSDT spkx.sys ZwQueryKey
SSDT spkx.sys ZwQueryValueKey
SSDT Lbd.sys ZwSetValueKey
SSDT BAFB86DF ZwTerminateProcess
SSDT BAFB86DA ZwWriteVirtualMemory

Code 89B2B8C0 ZwFlushInstructionCache
Code 00000000 pIofCallDriver
Code 898CD51E IofCallDriver
Code 898CE29E IofCompleteRequest

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!IofCallDriver 804EF196 5 Bytes JMP 898CD523
.text ntkrnlpa.exe!IofCompleteRequest 804EF226 5 Bytes JMP 898CE2A3
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE9 80504575 3 Bytes [ 70, 6C, BA ]
.text USBPORT.SYS!DllUnload BA0A28AC 5 Bytes JMP 89AB24E0
.text ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 7C90D160 5 Bytes JMP 72033FC8

---- User code sections - GMER 1.0.12 ----

.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4367F301 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 43811667 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 438115E8 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 4381162C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 43811574 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 438115AE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 438116A2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 436A16B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] WININET.dll!HttpSendRequestA 4339CD40 5 Bytes JMP 0016F187
.text C:\Arquivos de programas\Internet Explorer\iexplore.exe[3840] WININET.dll!HttpSendRequestW 433B0825 5 Bytes JMP 0016F1C4

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 89C7C1F8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 89C7C1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8805D1F8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8805D1F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 89AB01F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 89AB01F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 89AB01F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89AB01F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 89AB01F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 89AB01F8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 89AB01F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 89AA41F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 89AA41F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 89AA41F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89AA41F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 89AA41F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 89AA41F8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 89AA41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 89C7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 89C7E1F8
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_CREATE [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_CREATE_NAMED_PIPE [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_CLOSE [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_READ [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_WRITE [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_QUERY_INFORMATION [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SET_INFORMATION [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_QUERY_EA [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SET_EA [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_FLUSH_BUFFERS [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_QUERY_VOLUME_INFORMATION [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SET_VOLUME_INFORMATION [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_DIRECTORY_CONTROL [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_FILE_SYSTEM_CONTROL [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_DEVICE_CONTROL [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SHUTDOWN [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_LOCK_CONTROL [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_CLEANUP [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_CREATE_MAILSLOT [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_QUERY_SECURITY [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SET_SECURITY [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_POWER [BA6AFE1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SYSTEM_CONTROL [BA6C4514] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_DEVICE_CHANGE [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_QUERY_QUOTA [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_SET_QUOTA [BA6EBB1C] spkx.sys
Device \Driver\PCI_PNP2632 \Device\00000048 IRP_MJ_PNP [BA6E8E8A] spkx.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 89CF01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E6BC0BD-E9EB-4988-8ED7-AE1C716D0EDB} IRP_MJ_CREATE 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E6BC0BD-E9EB-4988-8ED7-AE1C716D0EDB} IRP_MJ_CLOSE 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E6BC0BD-E9EB-4988-8ED7-AE1C716D0EDB} IRP_MJ_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E6BC0BD-E9EB-4988-8ED7-AE1C716D0EDB} IRP_MJ_INTERNAL_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E6BC0BD-E9EB-4988-8ED7-AE1C716D0EDB} IRP_MJ_CLEANUP 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3E6BC0BD-E9EB-4988-8ED7-AE1C716D0EDB} IRP_MJ_PNP 8987E500
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 89A951F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 89CF01F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 89A951F8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 89A951F8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8987E500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8987E500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8987E500
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8987E500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8987E500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8987E500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8987E500
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73228980-9A2A-4DF2-879B-F43E72D4B309} IRP_MJ_CREATE 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73228980-9A2A-4DF2-879B-F43E72D4B309} IRP_MJ_CLOSE 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73228980-9A2A-4DF2-879B-F43E72D4B309} IRP_MJ_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73228980-9A2A-4DF2-879B-F43E72D4B309} IRP_MJ_INTERNAL_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73228980-9A2A-4DF2-879B-F43E72D4B309} IRP_MJ_CLEANUP 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{73228980-9A2A-4DF2-879B-F43E72D4B309} IRP_MJ_PNP 8987E500
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 89AB01F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 89AB01F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 89AB01F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89AB01F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 89AB01F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 89AB01F8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 89AB01F8
Device \Driver\nvata \Device\0000006c IRP_MJ_CREATE 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_CREATE_NAMED_PIPE 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_CLOSE 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_READ 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_WRITE 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_EA 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_EA 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_FLUSH_BUFFERS 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_VOLUME_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_VOLUME_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_DIRECTORY_CONTROL 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_FILE_SYSTEM_CONTROL 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_DEVICE_CONTROL 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_INTERNAL_DEVICE_CONTROL 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SHUTDOWN 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_LOCK_CONTROL 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_CLEANUP 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_CREATE_MAILSLOT 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_SECURITY 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_SECURITY 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_POWER 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SYSTEM_CONTROL 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_DEVICE_CHANGE 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_QUERY_QUOTA 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_SET_QUOTA 89C7D1F8
Device \Driver\nvata \Device\0000006c IRP_MJ_PNP 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 89C7D1F8
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 89C7D1F8
Device \Driver\sptd \Device\1271101382 IRP_MJ_CREATE [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_CREATE_NAMED_PIPE [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_CLOSE [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_READ [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_WRITE [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_QUERY_INFORMATION [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SET_INFORMATION [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_QUERY_EA [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SET_EA [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_FLUSH_BUFFERS [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_QUERY_VOLUME_INFORMATION [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SET_VOLUME_INFORMATION [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_DIRECTORY_CONTROL [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_FILE_SYSTEM_CONTROL [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_DEVICE_CONTROL [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SHUTDOWN [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_LOCK_CONTROL [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_CLEANUP [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_CREATE_MAILSLOT [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_QUERY_SECURITY [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SET_SECURITY [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_POWER [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SYSTEM_CONTROL [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_DEVICE_CHANGE [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_QUERY_QUOTA [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_SET_QUOTA [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 IRP_MJ_PNP [BA6A8000] spkx.sys
Device \Driver\sptd \Device\1271101382 FastIoDeviceControl [BA6B294C] spkx.sys
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 89AA41F8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 89AA41F8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 89AA41F8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89AA41F8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 89AA41F8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 89AA41F8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 89AA41F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 897F4500
Device \Driver\NetBT \Device\NetBT_Tcpip_{52AD2068-8B6E-4EA4-B111-0C9ACE988215} IRP_MJ_CREATE 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{52AD2068-8B6E-4EA4-B111-0C9ACE988215} IRP_MJ_CLOSE 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{52AD2068-8B6E-4EA4-B111-0C9ACE988215} IRP_MJ_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{52AD2068-8B6E-4EA4-B111-0C9ACE988215} IRP_MJ_INTERNAL_DEVICE_CONTROL 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{52AD2068-8B6E-4EA4-B111-0C9ACE988215} IRP_MJ_CLEANUP 8987E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{52AD2068-8B6E-4EA4-B111-0C9ACE988215} IRP_MJ_PNP 8987E500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 897F4500
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 897F4500
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 89CF01F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 89CF01F8
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_CREATE 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_CLOSE 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_DEVICE_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_INTERNAL_DEVICE_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_POWER 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_SYSTEM_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761 IRP_MJ_PNP 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_CREATE 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_CLOSE 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_POWER 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target1Lun0 IRP_MJ_PNP 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_CREATE 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_CLOSE 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_POWER 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 89A31500
Device \Driver\aq6a2m76 \Device\Scsi\aq6a2m761Port3Path0Target0Lun0 IRP_MJ_PNP 89A31500
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8805D1F8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8805D1F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 887081F8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 887081F8

---- Modules - GMER 1.0.12 ----

Module \systemroot\system32\drivers\gaopdxnsjvyepg.sys (*** hidden *** ) B6A6E000
---- Processes - GMER 1.0.12 ----

Library C:\WINDOWS\system32\dll.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [3992] 0x10000000

---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32\drivers\gaopdxnsjvyepg.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\gaopdx
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxnsjvyepg.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys@group file system
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\gaopdxserv.sys@userdata -1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxnsjvyepg.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\gaopdxserv.sys@userdata -1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxnsjvyepg.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@userdata -1
Reg \Registry\USER\S-1-5-21-1409082233-630328440-839522115-1003\Software\SecuROM\License information@datasecu 0x50 0x3D 0xEA 0x49 ...
Reg \Registry\USER\S-1-5-21-1409082233-630328440-839522115-1003\Software\SecuROM\License information@rkeysecu 0x68 0x87 0x96 0xD3 ...

---- Files - GMER 1.0.12 ----

ADS C:\Arquivos de programas\SopCast\SopCast web site.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\30.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\asdf.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\asdf2.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\asdf3.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\BleepingComputer.com - Am I infected What do I do.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\Calculator for Magician's Accuracy.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\Faye.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\HQBB - Post a comment.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\iKnow! - The Social Learning Platform. - iKnow!.url:favicon
ADS C:\Documents and Settings\admin\Favoritos\ladynelenyan's deviantART gallery.url:favicon
ADS ...
File C:\WINDOWS\system32\drivers\gaopdxihtabkme.sys
File C:\WINDOWS\system32\drivers\gaopdxmpeqwpus.sys
File C:\WINDOWS\system32\drivers\gaopdxnsjvyepg.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\gaopdxserv.sys
File C:\WINDOWS\system32\drivers\gaopdxuocphhcq.sys
File C:\WINDOWS\system32\drivers\gaopdxwfabpgoj.sys
File C:\WINDOWS\system32\drivers\gaopdxwhdnoxqp.sys
File C:\WINDOWS\system32\drivers\gaopdxxetyefqt.sys
File C:\WINDOWS\system32\gaopdxcounter
File C:\WINDOWS\system32\gaopdxvxyrrnhc.dll

---- EOF - GMER 1.0.12 ----

thanks for your time,
orochi

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 16 February 2009 - 05:23 PM

Hello, orochi1082

When you say "refrain from making any changes to your computer." does it mean no installing anything new, or absolutely changes at all including MSN/other messengers logs and downloads?

Using your messenger is fine. Downloading stuff is not.

In fact, these "downloads" are likely the primary reason for your system's problems.

Windows firewall should never be disabled. If you have a specific program which needs to get through, adding a rule for that is okay. But disabling the firewall completely is just asking to get swamped.

Your System is Infected with a Backdoor!!
Backdoors cause severe damage to windows' internals, and allow an attacker complete control over the infected system. Because this state allows the attacker to download new malware on demand, log keystrokes, execute programs, and/or view the system's screen, it is recommended to reformat and reinstall the operating system on this machine. Several experts in the security community believe that once a system is infected with one of these types of backdoors, the system itself can never be trusted again.

I ask that you disconnect this system from the internet NOW!. While it is attached to the internet, the attacker can modify the system, and prevent fixes from working as intended.

Another danger of this type of infection is that of Identity Theft. Because such malware can read all of your passwords, bank account numbers, etc. from your keystrokes, I would recomend contacting banking institutions accessed from this machine to ensure your accounts are secure. Most banks will not charge to send you new credit/debit cards, and getting these numbers replaced would be a good idea. It would also be a good idea to change passwords for anything you commonly use online. Online stores, Facebook/Myspace, Email, etc. If it has been on that machine it may have been read by someone else. Don't do it from this machine, as it is now compromised. Do it from another known clean machine. A good place to do this is at your local public library.

I would strongly recomend format and reinstallation of this machine. For more information, you may wish to read one of these excellent articles:Please let me know if you wish to continue to clean this machine or if you wish to format.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 16 February 2009 - 10:43 PM

Several experts in the security community believe that once a system is infected with one of these types of backdoors, the system itself can never be trusted again.
Please let me know if you wish to continue to clean this machine or if you wish to format.

BillyIII

what's your personal opinion on the matter?
Also, as far as reformatting is concerned, is it possible to backup my things on the other partition or I would have to store them in another pc/notebook?
my only way of backing things up is a 4gb flash drive as my ability to write DVD-Rs seems to have been damaged so I'm a bit unwilling to reformat
but if you personally think that's the way to go, I'll do it
out of curiosity, what is the ratio of people who think the system can never be trusted again?
thanks for your help,
orochi

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 17 February 2009 - 05:55 PM

Hello, orochi1082

what's your personal opinion on the matter?

While the backdoor response above is a can, I did in fact write this particular can. I wouldn't trust such a machine after being infected with this type of backdoor.

Also, as far as reformatting is concerned, is it possible to backup my things on the other partition or I would have to store them in another pc/notebook?

Removable media should be fine. Just make sure you have a working Anti Virus program such as the free and excellent AntiVir ( http://free-av.com ) installed before copying your data back over.

out of curiosity, what is the ratio of people who think the system can never be trusted again?

I don't have a ratio. But I do know it's offical policy here to warn users of such infections, and to recommend reformats. I know all HJT Team are supposed to such warnings. How many truly believe it like I do I don't know.

I still would format.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 17 February 2009 - 06:12 PM

While the backdoor response above is a can, I did in fact write this particular can. I wouldn't trust such a machine after being infected with this type of backdoor.

I guess I'll format then

Removable media should be fine. Just make sure you have a working Anti Virus program such as the free and excellent AntiVir ( http://free-av.com ) installed before copying your data back over.

does that mean I cant put it in the data partition?
and does that mean I have to backup even the stuff in the data partition?

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 17 February 2009 - 07:22 PM

No, use of the data partition is fine. Just don't go opening the partition until you have taken care of getting an A/V active.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 18 February 2009 - 08:33 PM

thanks for all your help billy
just one more q
other than avira's antivir, what else do you recommend having?
I'll probably install ad-aware and spybot:S&D, anything else I should add to the list?

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 18 February 2009 - 09:40 PM

Hello :step4:

I wouldn't bother with AdAware or Spybot.. they don't find much anymore. If you want them, the won't hurt, but I think they aren't super duper useful anymore :thumbup2:

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 21 February 2009 - 04:58 PM

I formatted and reinstalled windows XP, but trying to access D: gives me the message it gave me for C:

When I try to double click C: I get this message(this might be somewhat off because my windows is not in english) "Windows couldn't find 'RECYCLER\S-6-4-16-100001669-100007579-1719.com'. Make sure you typed the name correctly and try again. To search for a file, click start then search'."

will I have to format D: too?
thanks in advance,
orochi

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 21 February 2009 - 06:35 PM

Hello, orochi1082
Please tell me you had an anti-virus running before you did that????

Likely an autorun file remaining on D:\... we can fix that :thumbup2:

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTListIt.txt
  • Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 21 February 2009 - 10:17 PM

I might have some bad news
yes, the anti-virus you recommended was up when I double clicked D:
but I've been opening my pen drive with that autorun thing from windows that inquiries what you want to do after plugging it in
turns out my pen drive is also having the same problem(I discovered it when I tried to open it to paste the .txt)
and I used the pen drive to transfer the anti-virus .exe, will I have to reformat again?
sorry for so much trouble ><

OTListIt logfile created on: 22/2/2009 00:06:16 - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1,87 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 84,23% Memory free
3,72 Gb Paging File | 3,53 Gb Available in Paging File | 94,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 51,39 Gb Total Space | 45,72 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 2,26 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3,73 Gb Total Space | 3,41 Gb Free Space | 91,37% Space Free | Partition Type: FAT32

Computer Name: RAFAEL
Current User Name: rafa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2006/10/30 19:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/04/13 19:21:00 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007/01/31 00:12:38 | 02,715,648 | R--- | M] () -- C:\WINDOWS\CMExplorer.exe
PRC - [2006/07/11 23:26:58 | 00,237,568 | R--- | M] () -- C:\WINDOWS\system32\CmUCReye.exe
PRC - [2009/02/22 00:03:56 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\OTListIt2.exe
PRC - [2008/04/13 19:21:26 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/04/13 19:20:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/10/30 19:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/05/09 12:15:51 | 00,045,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys -- (avgntdd [System | Running])
DRV - [2008/01/21 17:11:28 | 00,022,336 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr [Boot | Running])
DRV - [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/02/21 18:39:41 | 00,007,164 | ---- | M] () -- C:\WINDOWS\system32\drivers\CMFileDisk.sys -- (CMFileDisk [System | Running])
DRV - [2007/01/05 06:21:06 | 00,093,056 | R--- | M] (C-Media Corporation) -- C:\WINDOWS\system32\DRIVERS\cmiucr.SYS -- (CMISTOR [On_Demand | Running])
DRV - [2008/04/13 09:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/11 13:00:00 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2006/10/30 19:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/10/17 21:31:38 | 00,105,472 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2007/05/20 23:43:08 | 00,046,080 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2007/05/20 23:43:12 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2001/10/28 09:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/13 09:39:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-842925246-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-842925246-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKU\S-1-5-21-842925246-1326574676-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-842925246-1326574676-839522115-1003\S-1-5-21-842925246-1326574676-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (776 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [CMExplorer] C:\WINDOWS\CMExplorer.exe ()
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-1326574676-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-842925246-1326574676-839522115-1003\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/20 22:40:50 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/20 20:31:20 | 00,000,291 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/17 15:29:36 | 00,000,389 | RHS- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-1-1-44-100000957-100013125-100016892-3931.com d:\
O33 - MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\Shell - "" = Autorun
O33 - MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\Shell\Open\command - "" = RECYCLER\S-9-1-99-100008017-100013294-100009753-2863.com l:\

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/22 00:05:48 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\OTListIt2.exe
[2009/02/21 18:52:21 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2009/02/21 18:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rafa\Dados de aplicativos\mIRC
[2009/02/21 18:52:21 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\mIRC
[2009/02/21 18:50:52 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pidgin.lnk
[2009/02/21 18:50:45 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Pidgin
[2009/02/21 18:50:36 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\GTK
[2009/02/21 18:50:18 | 14,275,882 | ---- | C] () -- C:\Documents and Settings\rafa\Desktop\pidgin-2.5.4.exe
[2009/02/21 18:50:18 | 01,751,280 | ---- | C] (mIRC Co. Ltd.) -- C:\Documents and Settings\rafa\Desktop\mirc635.exe
[2009/02/21 18:45:35 | 00,126,976 | R--- | C] (Waves Audio Ltd.) -- C:\WINDOWS\System32\maxxaudioapo.dll
[2009/02/21 18:45:34 | 00,185,776 | R--- | C] (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSTSHD.dll
[2009/02/21 18:45:34 | 00,167,936 | R--- | C] (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSHP360.dll
[2009/02/21 18:45:33 | 00,339,968 | R--- | C] (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSTSXT.dll
[2009/02/21 18:45:33 | 00,135,168 | R--- | C] (SRS Labs, Inc.) -- C:\WINDOWS\System32\SRSWOW.dll
[2009/02/21 18:45:27 | 04,669,440 | R--- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
[2009/02/21 18:45:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/02/21 18:45:19 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/02/21 18:45:19 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2009/02/21 18:45:19 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/02/21 18:45:19 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2009/02/21 18:45:19 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/02/21 18:45:19 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2009/02/21 18:45:19 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/02/21 18:45:19 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2009/02/21 18:43:04 | 00,001,570 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2009/02/21 18:42:57 | 00,003,903 | R--- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2009/02/21 18:42:57 | 00,001,732 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/02/21 18:42:44 | 00,081,496 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2009/02/21 18:42:12 | 00,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/02/21 18:42:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2009/02/21 18:41:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rafa\Dados de aplicativos\InstallShield
[2009/02/21 18:41:32 | 00,017,241 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/21 18:41:32 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/02/21 18:41:22 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/21 18:39:45 | 00,241,664 | R--- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe
[2009/02/21 18:39:45 | 00,237,568 | R--- | C] () -- C:\WINDOWS\System32\CmUCREye.exe
[2009/02/21 18:39:45 | 00,093,056 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System32\drivers\cmiucr.SYS
[2009/02/21 18:39:45 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2009/02/21 18:39:45 | 00,015,086 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXP_en.ico
[2009/02/21 18:39:45 | 00,015,086 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXP_dis.ico
[2009/02/21 18:39:45 | 00,015,086 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXD1_en.ico
[2009/02/21 18:39:45 | 00,015,086 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXD1_dis.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXD_en.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXD_dis.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRSMS_dis.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRSD_en.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRSD_dis.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRMS_en.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRMS_dis.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRMC_en.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRMC_dis.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRCF_en.ico
[2009/02/21 18:39:45 | 00,011,502 | R--- | C] () -- C:\WINDOWS\System32\CmUCRCF_dis.ico
[2009/02/21 18:39:45 | 00,010,910 | R--- | C] () -- C:\WINDOWS\System32\CmUCRSMS_en.ico
[2009/02/21 18:39:42 | 00,464,384 | R--- | C] () -- C:\WINDOWS\CmiUCRUninstall_x64.exe
[2009/02/21 18:39:41 | 00,946,176 | R--- | C] () -- C:\WINDOWS\LanTC.dll
[2009/02/21 18:39:41 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\SecurityBox.exe
[2009/02/21 18:39:41 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\CMBox.exe
[2009/02/21 18:39:41 | 00,311,296 | R--- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe
[2009/02/21 18:39:41 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\DiskMount.exe
[2009/02/21 18:39:41 | 00,007,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\CMFileDisk.sys
[2009/02/21 18:39:41 | 00,004,238 | R--- | C] () -- C:\WINDOWS\System32\CmUCRXD_DWN.ICO
[2009/02/21 18:39:41 | 00,004,238 | R--- | C] () -- C:\WINDOWS\System32\CmUCRSD_DWN.ICO
[2009/02/21 18:39:41 | 00,004,238 | R--- | C] () -- C:\WINDOWS\System32\CmUCRMS_DWN.ICO
[2009/02/21 18:39:41 | 00,004,238 | R--- | C] () -- C:\WINDOWS\System32\CmUCRCF_DWN.ICO
[2009/02/21 18:39:41 | 00,002,666 | R--- | C] () -- C:\WINDOWS\System32\CmUCRSMS_DWN.ico
[2009/02/21 18:39:41 | 00,000,027 | RH-- | C] () -- C:\WINDOWS\Settings.ini
[2009/02/21 18:39:40 | 00,946,176 | R--- | C] () -- C:\WINDOWS\LanSC.dll
[2009/02/21 18:39:38 | 02,715,648 | R--- | C] () -- C:\WINDOWS\CMExplorer.exe
[2009/02/21 18:39:36 | 00,000,112 | R--- | C] () -- C:\WINDOWS\CMICARDREADER.INI
[2009/02/21 18:39:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\C-Media USB2.0 Card Reader
[2009/02/21 18:38:39 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\InstallShield
[2009/02/21 18:24:56 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\speedy2.lnk
[2009/02/21 00:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pure Networks
[2009/02/21 00:00:01 | 00,020,456 | ---- | C] () -- C:\Documents and Settings\rafa\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/02/20 23:58:20 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/20 23:58:10 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Meus vídeos
[2009/02/20 23:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/02/20 23:57:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/02/20 23:53:52 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2009/02/20 23:53:52 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/02/20 23:53:52 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/02/20 23:53:52 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/02/20 23:53:51 | 01,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2009/02/20 23:53:51 | 01,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2009/02/20 23:53:51 | 00,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll
[2009/02/20 23:53:51 | 00,659,766 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/02/20 23:53:51 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2009/02/20 23:53:51 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/02/20 23:53:51 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/02/20 23:53:51 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/02/20 23:53:51 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2009/02/20 23:53:51 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/02/20 23:53:51 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/02/20 23:53:51 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/02/20 23:53:51 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/02/20 23:53:51 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2009/02/20 23:53:51 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/02/20 23:53:51 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/02/20 23:53:51 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/02/20 23:53:51 | 00,072,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/02/20 23:53:51 | 00,026,943 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/02/20 23:53:51 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/02/20 23:53:51 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/02/20 23:53:51 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/02/20 23:53:51 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/02/20 23:53:50 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2009/02/20 23:53:50 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/02/20 23:53:50 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/02/20 23:53:50 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2009/02/20 23:53:50 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2009/02/20 23:53:50 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2009/02/20 23:53:50 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/02/20 23:53:50 | 00,058,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/02/20 23:53:50 | 00,034,556 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/02/20 23:53:50 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/02/20 23:53:50 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/02/20 23:53:50 | 00,013,540 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/02/20 23:53:50 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/02/20 23:53:50 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/02/20 23:53:50 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/02/20 23:53:50 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/02/20 23:53:50 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/02/20 23:53:50 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/02/20 23:53:50 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/02/20 23:53:50 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/02/20 23:53:50 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/02/20 23:53:50 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/02/20 23:53:50 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/02/20 23:53:50 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/02/20 23:53:50 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/02/20 23:53:50 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/02/20 23:53:50 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/02/20 23:53:50 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/02/20 23:53:50 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/02/20 23:53:50 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/02/20 23:53:50 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/02/20 23:53:50 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/02/20 23:53:50 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/02/20 23:53:49 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2009/02/20 23:53:49 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/02/20 23:53:49 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2009/02/20 23:53:49 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/02/20 23:53:49 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/02/20 23:53:49 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2009/02/20 23:53:49 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2009/02/20 23:53:49 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/02/20 23:53:49 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/02/20 23:53:49 | 00,184,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/02/20 23:53:49 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/02/20 23:53:49 | 00,084,411 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/02/20 23:53:49 | 00,066,142 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/02/20 23:53:49 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2009/02/20 23:53:49 | 00,036,690 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/02/20 23:53:49 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/02/20 23:53:49 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/02/20 23:53:49 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/02/20 23:53:49 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/02/20 23:53:49 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/02/20 23:53:49 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/02/20 23:53:49 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/02/20 23:53:49 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/02/20 23:53:49 | 00,001,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/02/20 23:53:49 | 00,001,483 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/02/20 23:53:49 | 00,001,482 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/02/20 23:53:49 | 00,001,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/02/20 23:53:49 | 00,001,461 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/02/20 23:53:49 | 00,001,265 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/02/20 23:53:49 | 00,001,051 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/02/20 23:53:49 | 00,001,051 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/02/20 23:53:49 | 00,001,042 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/02/20 23:53:49 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/02/20 23:53:49 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/02/20 23:53:49 | 00,000,802 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/02/20 23:53:49 | 00,000,796 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/02/20 23:53:49 | 00,000,788 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/02/20 23:53:49 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/02/20 23:53:49 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/02/20 23:53:49 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/02/20 23:53:49 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/02/20 23:53:49 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/02/20 23:53:49 | 00,000,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/02/20 23:53:49 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/02/20 23:53:49 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/02/20 23:53:48 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmp.dll
[2009/02/20 23:53:48 | 01,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll
[2009/02/20 23:53:48 | 01,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll
[2009/02/20 23:53:48 | 00,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmoe.dll
[2009/02/20 23:53:48 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll
[2009/02/20 23:53:48 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpdxm.dll
[2009/02/20 23:53:48 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll
[2009/02/20 23:53:48 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll
[2009/02/20 23:53:48 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll
[2009/02/20 23:53:47 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdmod.dll
[2009/02/20 23:53:47 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp43dmod.dll
[2009/02/20 23:53:47 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/02/20 23:53:47 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspmsnsv.dll
[2009/02/20 23:53:46 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2009/02/20 23:53:46 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2009/02/20 23:53:46 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2009/02/20 23:53:46 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/02/20 23:53:46 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/02/20 23:53:45 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2009/02/20 23:53:45 | 01,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2009/02/20 23:53:45 | 00,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/02/20 23:53:45 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/02/20 23:53:45 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/02/20 23:53:45 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/02/20 23:53:45 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/02/20 23:53:45 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/02/20 23:53:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/02/20 23:53:45 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl
[2009/02/20 23:53:45 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/02/20 23:53:45 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2009/02/20 23:53:45 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2009/02/20 23:53:45 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/02/20 23:53:45 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/02/20 23:53:45 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/02/20 23:53:45 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll
[2009/02/20 23:53:45 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2009/02/20 23:53:45 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/02/20 23:53:45 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/02/20 23:53:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/02/20 23:53:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/02/20 23:53:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/02/20 23:53:45 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/02/20 23:53:45 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthserv.dll
[2009/02/20 23:53:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/02/20 23:53:45 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
[2009/02/20 23:53:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/02/20 23:53:45 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2009/02/20 23:53:45 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2009/02/20 23:53:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/02/20 23:53:45 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/02/20 23:53:45 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/02/20 23:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/02/20 23:53:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/02/20 23:53:44 | 00,554,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2psvc.dll
[2009/02/20 23:53:44 | 00,444,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009/02/20 23:53:44 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/02/20 23:53:44 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/02/20 23:53:44 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2009/02/20 23:53:44 | 00,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/02/20 23:53:44 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
[2009/02/20 23:53:44 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/02/20 23:53:44 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2009/02/20 23:53:44 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/02/20 23:53:44 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/02/20 23:53:44 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/02/20 23:53:44 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
[2009/02/20 23:53:44 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/02/20 23:53:44 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
[2009/02/20 23:53:44 | 00,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2009/02/20 23:53:44 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
[2009/02/20 23:53:44 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/02/20 23:53:44 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
[2009/02/20 23:53:44 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/02/20 23:53:44 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/02/20 23:53:44 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/02/20 23:53:44 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2009/02/20 23:53:44 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pnrpnsp.dll
[2009/02/20 23:53:44 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2009/02/20 23:53:44 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/02/20 23:53:44 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/02/20 23:53:44 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/02/20 23:53:44 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2009/02/20 23:53:44 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/02/20 23:53:44 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009/02/20 23:53:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2009/02/20 23:53:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2009/02/20 23:53:44 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2009/02/20 23:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2009/02/20 23:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2009/02/20 23:53:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2009/02/20 23:53:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2009/02/20 23:53:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/02/20 23:53:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2009/02/20 23:53:43 | 02,945,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009/02/20 23:53:43 | 00,736,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/02/20 23:53:43 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/02/20 23:53:43 | 00,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/02/20 23:53:43 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/02/20 23:53:43 | 00,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/02/20 23:53:43 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/02/20 23:53:43 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/02/20 23:53:43 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2009/02/20 23:53:43 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/02/20 23:53:43 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/02/20 23:53:43 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/02/20 23:53:43 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2009/02/20 23:53:43 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll
[2009/02/20 23:53:43 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/02/20 23:53:43 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/02/20 23:53:43 | 00,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/02/20 23:53:43 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshbth.dll
[2009/02/20 23:53:43 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc.dll
[2009/02/20 23:53:43 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/02/20 23:53:43 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/02/20 23:53:43 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/02/20 23:53:43 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/02/20 23:53:43 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/02/20 23:53:43 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/02/20 23:53:43 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\twext.dll
[2009/02/20 23:53:43 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/02/20 23:53:43 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/02/20 23:53:43 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2009/02/20 23:53:43 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/02/20 23:53:43 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/02/20 23:53:43 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2009/02/20 23:53:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/02/20 23:53:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/02/20 23:53:43 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2009/02/20 23:53:43 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ssl.dll
[2009/02/20 23:53:43 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/02/20 23:53:43 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009/02/20 23:53:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-br
[2009/02/20 23:53:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/02/20 23:53:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2009/02/20 23:53:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2009/02/20 23:53:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/02/20 23:52:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/02/20 23:52:38 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/02/20 23:51:46 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/02/20 23:51:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/02/20 23:51:45 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/02/20 23:51:45 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/02/20 23:51:45 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/02/20 23:51:44 | 00,273,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/02/20 23:51:44 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2009/02/20 23:51:44 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/02/20 23:51:44 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/02/20 23:51:44 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/02/20 23:51:44 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/02/20 23:51:44 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/02/20 23:51:44 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/02/20 23:51:44 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/02/20 23:51:44 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/02/20 23:51:44 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/02/20 23:51:43 | 00,264,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\http.sys
[2009/02/20 23:51:43 | 00,079,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sdbus.sys
[2009/02/20 23:51:43 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/02/20 23:51:43 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/02/20 23:51:43 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelppm.sys
[2009/02/20 23:51:43 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ip6fw.sys
[2009/02/20 23:51:43 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/02/20 23:51:43 | 00,015,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mssmbios.sys
[2009/02/20 23:51:43 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/02/20 23:51:43 | 00,011,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffdisk.sys
[2009/02/20 23:51:43 | 00,011,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_sd.sys
[2009/02/20 23:51:43 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/02/20 23:51:43 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/02/20 23:51:42 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/02/20 23:51:42 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/02/20 23:51:42 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/02/20 23:51:42 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/02/20 23:51:42 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/02/20 23:51:25 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/02/20 23:51:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/02/20 23:51:16 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/02/20 23:50:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/02/20 23:50:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/02/20 23:45:44 | 31,697,3608 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-PTB.exe
[2009/02/20 23:06:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2009/02/20 23:05:59 | 01,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2009/02/20 23:05:59 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2009/02/20 23:05:59 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\rafa\Desktop\SpywareBlaster.lnk
[2009/02/20 23:05:58 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\SpywareBlaster
[2009/02/20 22:55:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/20 22:55:39 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/20 22:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rafa\Dados de aplicativos\Malwarebytes
[2009/02/20 22:55:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/20 22:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes
[2009/02/20 22:55:35 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware
[2009/02/20 22:53:33 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/02/20 22:53:31 | 02,106,106 | -H-- | C] () -- C:\Documents and Settings\rafa\Configurações locais\Dados de aplicativos\IconCache.db
[2009/02/20 22:52:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/02/20 22:51:27 | 00,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009/02/20 22:51:25 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/02/20 22:51:25 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/02/20 22:51:25 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/02/20 22:51:25 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/02/20 22:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
[2009/02/20 22:51:25 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Avira
[2009/02/20 22:50:07 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009/02/20 22:50:06 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/02/20 22:50:06 | 02,869,536 | ---- | C] (Javacool Software LLC ) -- C:\spywareblastersetup41.exe
[2009/02/20 22:50:05 | 22,058,104 | ---- | C] () -- C:\antivir_workstation_winu_en_h.exe
[2009/02/20 22:49:32 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2009/02/20 22:45:28 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/02/20 22:45:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rafa\Dados de aplicativos\Identities
[2009/02/20 22:45:23 | 00,000,078 | -HS- | C] () -- C:\Documents and Settings\rafa\Meus documentos\desktop.ini
[2009/02/20 22:45:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\rafa\Meus documentos\Minhas músicas
[2009/02/20 22:45:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\rafa\Meus documentos\Minhas imagens
[2009/02/20 22:45:23 | 00,000,000 | -H-D | C] -- C:\Arquivos de programas\Uninstall Information
[2009/02/20 22:45:16 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\rafa\Menu Iniciar\Programas\Inicializar\desktop.ini
[2009/02/20 22:45:16 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\rafa\Dados de aplicativos\desktop.ini
[2009/02/20 22:45:16 | 00,000,000 | --SD | C] -- C:\Documents and Settings\rafa\Dados de aplicativos\Microsoft
[2009/02/20 22:45:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\rafa\Configurações locais\Dados de aplicativos\Microsoft
[2009/02/20 22:43:58 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/02/20 22:43:03 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/02/20 22:41:59 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/20 22:41:54 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/02/20 22:41:54 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/02/20 22:41:54 | 00,031,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/02/20 22:41:54 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/02/20 22:41:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/02/20 22:41:53 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/02/20 22:41:53 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/02/20 22:41:52 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/02/20 22:41:52 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/02/20 22:41:51 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/02/20 22:41:51 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/02/20 22:41:51 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/02/20 22:41:51 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/02/20 22:41:50 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/02/20 22:41:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/02/20 22:41:48 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/02/20 22:41:47 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/02/20 22:41:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/02/20 22:41:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/02/20 22:41:47 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/02/20 22:41:47 | 00,012,800 | ---- | C] (Microsoft Corporation
) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/02/20 22:41:47 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2009/02/20 22:41:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/02/20 22:41:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/02/20 22:41:46 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/02/20 22:41:46 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/02/20 22:41:46 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/02/20 22:41:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/02/20 22:41:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/02/20 22:41:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/02/20 22:41:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/02/20 22:41:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/02/20 22:41:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/02/20 22:41:46 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/02/20 22:41:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/02/20 22:41:45 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2009/02/20 22:41:45 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/02/20 22:41:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/02/20 22:41:44 | 00,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/02/20 22:41:44 | 00,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/02/20 22:41:44 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2009/02/20 22:41:43 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/02/20 22:41:43 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/02/20 22:41:43 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/02/20 22:41:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/02/20 22:41:42 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/02/20 22:41:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/02/20 22:41:42 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/02/20 22:41:42 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/02/20 22:41:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/02/20 22:41:41 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/02/20 22:41:40 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/02/20 22:41:36 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/02/20 22:41:36 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/02/20 22:41:36 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/02/20 22:41:36 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/02/20 22:41:35 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/02/20 22:41:35 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/02/20 22:41:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/02/20 22:41:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/02/20 22:41:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/02/20 22:41:34 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/02/20 22:41:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/02/20 22:41:33 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/02/20 22:41:33 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/02/20 22:41:33 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/02/20 22:41:32 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/02/20 22:41:32 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/02/20 22:41:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/02/20 22:41:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/02/20 22:41:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/02/20 22:41:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/02/20 22:41:31 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/02/20 22:41:31 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/02/20 22:41:31 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/02/20 22:41:30 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/02/20 22:41:30 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/02/20 22:41:27 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/02/20 22:41:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/02/20 22:41:26 | 00,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/02/20 22:41:26 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/02/20 22:41:26 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/02/20 22:41:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/02/20 22:41:25 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/02/20 22:41:25 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/02/20 22:41:24 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/02/20 22:41:24 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/02/20 22:41:24 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/02/20 22:41:24 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/02/20 22:41:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/02/20 22:41:21 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/02/20 22:41:21 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/02/20 22:41:21 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/02/20 22:41:21 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/02/20 22:41:20 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/02/20 22:41:20 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/02/20 22:41:20 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/02/20 22:41:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/02/20 22:41:19 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/02/20 22:41:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/02/20 22:41:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/02/20 22:41:18 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2009/02/20 22:41:18 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/02/20 22:41:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/02/20 22:41:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/02/20 22:41:18 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/02/20 22:41:17 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/02/20 22:41:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/02/20 22:41:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/02/20 22:41:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/02/20 22:41:14 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2009/02/20 22:41:13 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2009/02/20 22:41:11 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/02/20 22:41:10 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/02/20 22:41:10 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/02/20 22:41:10 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/02/20 22:41:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/02/20 22:41:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/02/20 22:41:07 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/02/20 22:41:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/02/20 22:41:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\xerox
[2009/02/20 22:41:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\microsoft frontpage
[2009/02/20 22:40:50 | 00,002,969 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/20 22:40:50 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/02/20 22:40:50 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/02/20 22:40:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2009/02/20 22:40:50 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/02/20 22:40:50 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/02/20 22:40:49 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/02/20 22:40:48 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/02/20 22:40:48 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/02/20 22:40:48 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/02/20 22:40:46 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/20 22:40:44 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/02/20 22:40:18 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/02/20 22:40:18 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/02/20 22:40:18 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/02/20 22:40:18 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/02/20 22:40:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/02/20 22:40:06 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/02/20 22:39:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/02/20 22:39:04 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/02/20 22:39:04 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/02/20 22:39:04 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/02/20 22:39:04 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/02/20 22:39:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2009/02/20 22:39:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009/02/20 22:39:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2009/02/20 22:39:01 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009/02/20 22:39:01 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2009/02/20 22:39:01 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2009/02/20 22:38:56 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/02/20 22:38:56 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/02/20 22:38:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\desktop.ini
[2009/02/20 22:38:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2009/02/20 22:38:38 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2009/02/20 22:38:38 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/02/20 22:38:36 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/02/20 22:38:36 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2009/02/20 22:38:36 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2009/02/20 22:38:35 | 00,118,784 | ---- | C] (Microsoft Corporation
) -- C:\WINDOWS\System32\msg723.acm
[2009/02/20 22:38:33 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009/02/20 22:38:32 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009/02/20 22:38:32 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009/02/20 22:38:31 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2009/02/20 22:38:31 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009/02/20 22:38:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Serviços
[2009/02/20 22:38:26 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/02/20 22:38:20 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2009/02/20 22:38:20 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/02/20 22:38:19 | 00,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/02/20 22:38:19 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/02/20 22:38:19 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/02/20 22:38:19 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/02/20 22:38:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009/02/20 22:38:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2009/02/20 22:38:17 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2009/02/20 22:38:16 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009/02/20 22:38:16 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2009/02/20 22:38:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/02/20 22:38:15 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2009/02/20 22:38:15 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2009/02/20 22:38:14 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2009/02/20 22:38:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\MSSoap
[2009/02/20 22:38:09 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2009/02/20 22:38:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/02/20 22:38:02 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/02/20 22:38:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/02/20 22:38:01 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009/02/20 22:38:01 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2009/02/20 22:38:00 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/02/20 22:38:00 | 00,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2009/02/20 22:38:00 | 00,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2009/02/20 22:38:00 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009/02/20 22:38:00 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/02/20 22:37:59 | 00,327,743 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2009/02/20 22:37:58 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Movie Maker
[2009/02/20 22:37:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2009/02/20 22:37:48 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/02/20 22:37:48 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/02/20 22:37:48 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2009/02/20 22:37:48 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009/02/20 22:37:48 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2009/02/20 22:37:48 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/02/20 22:37:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/02/20 22:37:47 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/02/20 22:37:47 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2009/02/20 22:37:47 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/02/20 22:37:47 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/02/20 22:37:47 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/02/20 22:37:47 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/02/20 22:37:46 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/02/20 22:37:40 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/02/20 22:37:40 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/02/20 22:37:40 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\NetMeeting
[2009/02/20 22:37:39 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009/02/20 22:37:37 | 00,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009/02/20 22:37:37 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009/02/20 22:37:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/02/20 22:37:37 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Outlook Express
[2009/02/20 22:37:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\System
[2009/02/20 22:37:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Minhas músicas
[2009/02/20 22:37:27 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Internet Explorer
[2009/02/20 22:37:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documentos\Minhas imagens
[2009/02/20 22:37:15 | 00,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/20 22:37:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ComPlus Applications
[2009/02/20 22:37:14 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2009/02/20 22:37:14 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2009/02/20 22:37:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/02/20 22:37:12 | 00,000,000 | -H-D | C] -- C:\Arquivos de programas\WindowsUpdate
[2009/02/20 22:37:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Media Player
[2009/02/20 22:37:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Serviços on-line
[2009/02/20 22:37:09 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger
[2009/02/20 22:37:06 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/02/20 22:37:05 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/02/20 22:37:05 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/02/20 22:37:05 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/02/20 22:37:05 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/02/20 22:37:05 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/02/20 22:37:04 | 00,781,397 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/02/20 22:37:04 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/02/20 22:37:04 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/02/20 22:37:03 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/02/20 22:37:03 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/02/20 22:37:03 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/02/20 22:37:02 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/02/20 22:37:02 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/02/20 22:37:02 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/02/20 22:37:02 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/02/20 22:37:02 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/02/20 22:37:01 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/02/20 22:37:01 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/02/20 22:37:00 | 01,042,003 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/02/20 22:37:00 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/02/20 22:36:59 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/02/20 22:36:58 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/02/20 22:36:58 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/02/20 22:36:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/02/20 22:36:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/02/20 22:36:58 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSN Gaming Zone
[2009/02/20 22:36:45 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/02/20 22:36:45 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/02/20 22:36:44 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/02/20 22:36:44 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/02/20 22:36:44 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/02/20 22:36:43 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/02/20 22:36:43 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2009/02/20 22:36:43 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/02/20 22:36:43 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2009/02/20 22:36:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/02/20 22:36:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2009/02/20 22:36:41 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/02/20 22:36:41 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/02/20 22:36:32 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Deserto.bmp
[2009/02/20 22:36:32 | 00,026,680 | ---- | C] () -- C:\WINDOWS\Leques.bmp
[2009/02/20 22:36:32 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rododentro.bmp
[2009/02/20 22:36:32 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Tapete.bmp
[2009/02/20 22:36:31 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Bruma.bmp
[2009/02/20 22:36:31 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Areia.bmp
[2009/02/20 22:36:31 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Pescaria.bmp
[2009/02/20 22:36:31 | 00,016,730 | ---- | C] () -- C:\WINDOWS\Seda.bmp
[2009/02/20 22:36:30 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Bolhas de sabão.bmp
[2009/02/20 22:36:30 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Cafezinho.bmp
[2009/02/20 22:36:30 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Renda azul 16.bmp
[2009/02/20 22:36:29 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/02/20 22:36:29 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/02/20 22:36:29 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/02/20 22:36:29 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/02/20 22:36:29 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/02/20 22:36:29 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/02/20 22:36:28 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/02/20 22:36:28 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/02/20 22:36:28 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/02/20 22:36:28 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/02/20 22:36:28 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/02/20 22:36:28 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/02/20 22:36:27 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/02/20 22:36:27 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/02/20 22:36:26 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/02/20 22:36:26 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/02/20 22:36:26 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/02/20 22:36:26 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/02/20 22:36:26 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/02/20 22:36:26 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/02/20 22:36:25 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/02/20 22:36:25 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/02/20 22:36:25 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/02/20 22:36:25 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/02/20 22:36:25 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/02/20 22:36:25 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/02/20 22:36:25 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2009/02/20 22:36:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/02/20 22:36:24 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009/02/20 22:36:24 | 00,026,931 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2009/02/20 22:36:24 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/02/20 22:36:24 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2009/02/20 22:36:24 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/02/20 22:36:24 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009/02/20 22:36:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/02/20 22:36:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/02/20 22:36:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009/02/20 22:36:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009/02/20 22:36:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/02/20 22:36:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/02/20 22:36:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/02/20 22:36:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009/02/20 22:36:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009/02/20 22:36:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2009/02/20 22:36:24 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009/02/20 22:36:24 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2009/02/20 22:36:24 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/02/20 22:36:24 | 00,001,221 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/02/20 22:36:23 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/02/20 22:36:23 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2009/02/20 22:36:23 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/02/20 22:36:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/02/20 22:36:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2009/02/20 22:36:23 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/02/20 22:36:23 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2009/02/20 22:36:22 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/02/20 22:36:22 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/02/20 22:36:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2009/02/20 22:36:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2009/02/20 22:36:21 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/02/20 22:36:21 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/02/20 22:36:20 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/02/20 22:36:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/02/20 22:36:20 | 00,003,828 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009/02/20 22:36:20 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/02/20 22:36:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2009/02/20 22:36:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/02/20 22:36:17 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/02/20 22:36:17 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/02/20 22:36:17 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/02/20 22:36:16 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/02/20 22:36:16 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/02/20 22:36:16 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/02/20 22:36:16 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/02/20 22:36:15 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/02/20 22:36:15 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/02/20 22:36:15 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/02/20 22:36:14 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/02/20 22:36:14 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009/02/20 22:36:14 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/02/20 22:36:13 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2009/02/20 22:36:06 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2009/02/20 22:36:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2009/02/20 22:36:06 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2009/02/20 22:36:06 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2009/02/20 22:36:06 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2009/02/20 22:36:06 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009/02/20 22:36:05 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2009/02/20 22:36:05 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2009/02/20 22:36:05 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2009/02/20 22:36:05 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2009/02/20 22:36:05 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009/02/20 22:36:05 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2009/02/20 22:36:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2009/02/20 22:36:03 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2009/02/20 22:36:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2009/02/20 22:36:02 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2009/02/20 22:36:01 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/02/20 22:36:01 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/02/20 22:36:01 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/02/20 22:36:00 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/02/20 22:35:51 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/02/20 22:35:51 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/02/20 22:35:51 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/02/20 22:35:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows NT
[2009/02/20 22:35:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\MSN
[2009/02/20 22:35:50 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/02/20 22:35:49 | 01,135,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/02/20 22:35:49 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/02/20 22:35:49 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/02/20 22:35:48 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/02/20 22:35:48 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/02/20 22:35:48 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2009/02/20 22:35:47 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009/02/20 22:35:47 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/02/20 22:35:47 | 00,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/02/20 22:35:47 | 00,390,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2009/02/20 22:35:47 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/02/20 22:35:47 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009/02/20 22:35:47 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/02/20 22:35:46 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009/02/20 22:35:46 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/02/20 22:35:46 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/02/20 22:35:46 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/02/20 22:35:46 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/02/20 22:35:46 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2009/02/20 22:35:46 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/02/20 22:35:45 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/02/20 22:35:45 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/02/20 22:35:44 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/02/20 22:35:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/02/20 22:35:43 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/02/20 22:35:43 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/02/20 22:35:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/02/20 22:35:36 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/02/20 22:35:36 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/02/20 22:35:36 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/02/20 22:34:08 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/02/20 22:34:08 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/02/20 22:34:08 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/02/20 22:34:08 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cintlgnt.ime
[2009/02/20 22:34:08 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/02/20 22:34:07 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/02/20 22:34:07 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/02/20 22:34:07 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/02/20 22:34:07 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/02/20 22:34:07 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/02/20 22:34:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/02/20 22:34:06 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tintlgnt.ime
[2009/02/20 22:34:06 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/02/20 22:34:06 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/02/20 22:34:06 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/02/20 22:34:06 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/02/20 22:34:06 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/02/20 22:34:06 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/02/20 22:34:06 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/02/20 22:34:06 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/02/20 22:34:06 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/02/20 22:34:06 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/02/20 22:34:06 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/02/20 22:34:06 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/02/20 22:34:06 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/02/20 22:34:06 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/02/20 22:34:05 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/02/20 22:34:05 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/02/20 22:34:05 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/02/20 22:34:05 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/02/20 22:34:05 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/02/20 22:34:05 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/02/20 22:34:04 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/02/20 22:34:04 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/02/20 22:34:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/02/20 22:33:55 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2009/02/20 22:33:55 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/02/20 22:33:55 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/02/20 22:33:55 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/02/20 22:33:55 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/02/20 22:33:54 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/02/20 22:33:54 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/02/20 22:33:54 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/02/20 22:33:54 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/02/20 22:33:53 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/02/20 22:33:53 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/02/20 22:33:53 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/02/20 22:33:53 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/02/20 22:33:53 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/02/20 22:33:53 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/02/20 22:33:52 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/02/20 22:33:52 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/02/20 22:33:52 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/02/20 22:33:52 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/02/20 22:33:52 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/02/20 22:33:52 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/02/20 22:33:52 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/02/20 22:33:51 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/02/20 22:33:51 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/02/20 22:33:51 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/02/20 22:33:51 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/02/20 22:33:50 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/02/20 22:33:50 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/02/20 22:33:50 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/02/20 22:33:50 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/02/20 22:33:50 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/02/20 22:33:49 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/02/20 22:33:49 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/02/20 22:33:49 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/02/20 22:33:49 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/02/20 22:33:49 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/02/20 22:33:48 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/02/20 22:33:48 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/02/20 22:33:48 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/02/20 22:33:48 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/02/20 22:33:39 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/02/20 22:33:31 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/02/20 22:33:31 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/02/20 22:33:31 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/02/20 22:33:31 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/02/20 22:33:31 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/02/20 22:33:31 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/02/20 22:33:31 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/02/20 22:33:31 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/02/20 22:33:31 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/02/20 22:33:31 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/02/20 22:33:30 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/02/20 22:33:30 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/02/20 22:33:30 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/02/20 22:33:30 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/02/20 22:33:30 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/02/20 22:33:29 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/02/20 22:33:29 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/02/20 22:33:29 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/02/20 22:33:27 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/02/20 22:33:27 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/02/20 22:33:17 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/02/20 22:33:17 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/02/20 22:33:17 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winzm.ime
[2009/02/20 22:33:17 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsp.ime
[2009/02/20 22:33:17 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/02/20 22:33:17 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/02/20 22:33:16 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/02/20 22:33:16 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winpy.ime
[2009/02/20 22:33:16 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/02/20 22:33:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingb.ime
[2009/02/20 22:33:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/02/20 22:33:15 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/02/20 22:33:15 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/02/20 22:33:14 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/02/20 22:33:14 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/02/20 22:33:13 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/02/20 22:33:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2009/02/20 22:33:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/02/20 22:33:07 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/02/20 22:33:07 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/02/20 22:33:07 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/02/20 22:33:07 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/02/20 22:33:06 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/02/20 22:33:06 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/02/20 22:33:06 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/02/20 22:32:54 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/02/20 22:32:54 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/02/20 22:32:54 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2009/02/20 22:32:52 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/02/20 22:32:52 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/02/20 22:32:52 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/02/20 22:32:51 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2009/02/20 22:32:51 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/02/20 22:32:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2009/02/20 22:32:51 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/02/20 22:32:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2009/02/20 22:32:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2009/02/20 22:32:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2009/02/20 22:32:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/02/20 22:32:51 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2009/02/20 22:32:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2009/02/20 22:32:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2009/02/20 22:32:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2009/02/20 22:32:51 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2009/02/20 22:32:50 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/02/20 22:32:50 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/02/20 22:32:50 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/02/20 22:32:49 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/02/20 22:32:43 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/02/20 22:32:18 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/02/20 22:32:17 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/02/20 22:32:09 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/02/20 22:32:09 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/02/20 22:32:09 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/02/20 22:32:09 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/02/20 22:32:09 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/02/20 22:32:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/02/20 22:32:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/02/20 22:32:09 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/02/20 22:32:09 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/02/20 22:32:08 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/02/20 22:32:07 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/02/20 22:32:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/02/20 22:32:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/02/20 22:32:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/02/20 22:32:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009/02/20 22:32:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/02/20 22:27:04 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/02/20 22:26:52 | 00,058,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/02/20 22:26:42 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/02/20 22:26:19 | 00,002,675 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/02/20 22:26:16 | 00,752,010 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/20 22:26:16 | 00,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/20 22:26:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\ODBC
[2009/02/20 22:26:15 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2009/02/20 22:26:15 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2009/02/20 22:26:14 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/02/20 22:26:14 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2009/02/20 22:26:14 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/02/20 22:26:14 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/02/20 22:26:13 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/02/20 22:26:13 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009/02/20 22:26:13 | 00,000,000 | R--D | C] -- C:\Arquivos de programas
[2009/02/20 22:26:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
[2009/02/20 22:26:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
[2009/02/20 22:26:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns
[2009/02/20 22:26:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/02/20 22:26:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/02/20 22:26:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/02/20 22:26:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/02/20 22:26:11 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2009/02/20 22:26:11 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2009/02/20 22:26:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2009/02/20 22:26:11 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2009/02/20 22:26:11 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2009/02/20 22:26:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2009/02/20 22:26:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2009/02/20 22:26:09 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2009/02/20 22:26:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2009/02/20 22:26:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/02/20 22:26:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/02/20 22:26:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/02/20 22:26:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/02/20 22:26:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/02/20 22:26:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/02/20 22:26:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/02/20 22:26:07 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2009/02/20 22:26:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2009/02/20 22:26:07 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2009/02/20 22:26:07 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2009/02/20 22:26:07 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2009/02/20 22:26:07 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2009/02/20 22:26:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2009/02/20 22:26:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2009/02/20 22:26:07 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2009/02/20 22:26:07 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2009/02/20 22:26:07 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2009/02/20 22:26:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2009/02/20 22:26:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2009/02/20 22:26:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2009/02/20 22:26:06 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2009/02/20 22:26:06 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2009/02/20 22:26:06 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2009/02/20 22:26:06 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2009/02/20 22:26:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2009/02/20 22:26:06 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2009/02/20 22:26:05 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/02/20 22:26:05 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/02/20 22:26:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/02/20 22:26:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2009/02/20 22:26:05 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2009/02/20 22:26:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2009/02/20 22:26:05 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2009/02/20 22:26:04 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2009/02/20 22:26:04 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2009/02/20 22:26:04 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2009/02/20 22:26:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2009/02/20 22:26:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2009/02/20 22:26:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2009/02/20 22:26:04 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2009/02/20 22:26:04 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2009/02/20 22:26:03 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/02/20 22:26:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/02/20 22:26:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/02/20 22:26:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/02/20 22:26:03 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2009/02/20 22:26:03 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2009/02/20 22:26:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2009/02/20 22:26:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2009/02/20 22:26:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2009/02/20 22:26:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2009/02/20 22:26:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2009/02/20 22:26:03 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2009/02/20 22:26:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2009/02/20 22:26:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2009/02/20 22:26:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2009/02/20 22:26:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2009/02/20 22:26:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2009/02/20 22:26:03 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2009/02/20 22:26:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2009/02/20 22:26:03 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2009/02/20 22:26:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2009/02/20 22:26:03 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2009/02/20 22:26:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/02/20 22:26:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/02/20 22:26:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/02/20 22:26:02 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009/02/20 22:26:01 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/02/20 22:26:01 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/02/20 22:26:01 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2009/02/20 22:26:01 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009/02/20 22:26:01 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2009/02/20 22:26:01 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/02/20 22:26:01 | 00,009,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2009/02/20 22:26:01 | 00,009,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/02/20 22:26:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2009/02/20 22:26:01 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/02/20 22:26:01 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2009/02/20 22:26:01 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/02/20 22:26:01 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2009/02/20 22:26:01 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/02/20 22:26:00 | 00,127,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2009/02/20 22:26:00 | 00,127,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009/02/20 22:26:00 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2009/02/20 22:26:00 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009/02/20 22:26:00 | 00,073,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2009/02/20 22:26:00 | 00,073,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009/02/20 22:26:00 | 00,070,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll
[2009/02/20 22:26:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2009/02/20 22:26:00 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009/02/20 22:26:00 | 00,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2009/02/20 22:26:00 | 00,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009/02/20 22:26:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2009/02/20 22:26:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009/02/20 22:26:00 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2009/02/20 22:26:00 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009/02/20 22:26:00 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2009/02/20 22:26:00 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009/02/20 22:26:00 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2009/02/20 22:26:00 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/02/20 22:26:00 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2009/02/20 22:26:00 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/02/20 22:26:00 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2009/02/20 22:26:00 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/02/20 22:26:00 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2009/02/20 22:26:00 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009/02/20 22:25:59 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/02/20 22:25:59 | 00,109,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2009/02/20 22:25:59 | 00,109,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009/02/20 22:25:59 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2009/02/20 22:25:59 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/02/20 22:25:59 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2009/02/20 22:25:59 | 00,033,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2009/02/20 22:25:59 | 00,033,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009/02/20 22:25:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009/02/20 22:25:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2009/02/20 22:25:59 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/02/20 22:25:59 | 00,000,515 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/02/20 22:25:58 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/02/20 22:25:56 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini
[2009/02/20 22:25:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documentos\desktop.ini
[2009/02/20 22:25:56 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
[2009/02/20 22:25:27 | 00,809,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/02/20 22:25:27 | 00,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2009/02/20 22:25:27 | 00,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/02/20 22:25:27 | 00,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2009/02/20 22:25:27 | 00,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2009/02/20 22:25:27 | 00,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2009/02/20 22:25:27 | 00,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/02/20 22:25:27 | 00,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2009/02/20 22:25:27 | 00,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2009/02/20 22:25:27 | 00,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2009/02/20 22:25:27 | 00,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/02/20 22:25:27 | 00,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/02/20 22:25:27 | 00,007,407 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/02/20 22:25:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/02/20 22:25:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/02/20 22:25:14 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
[2009/02/20 22:24:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/02/20 22:24:54 | 00,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/20 19:23:51 | 00,000,211 | RHS- | C] () -- C:\boot.ini
[2009/02/20 19:23:50 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/02/20 19:20:45 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/02/20 19:20:45 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/02/20 19:20:45 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/02/20 19:20:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1046
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/02/20 19:20:45 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/02/22 00:06:06 | 00,752,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/22 00:06:06 | 00,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009/02/22 00:06:06 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/22 00:06:06 | 00,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009/02/22 00:06:06 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/22 00:03:56 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\OTListIt2.exe
[2009/02/22 00:02:09 | 00,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/02/22 00:02:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/22 00:02:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/21 19:06:22 | 02,106,106 | -H-- | M] () -- C:\Documents and Settings\rafa\Configurações locais\Dados de aplicativos\IconCache.db
[2009/02/21 18:52:21 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2009/02/21 18:50:59 | 01,751,280 | ---- | M] (mIRC Co. Ltd.) -- C:\Documents and Settings\rafa\Desktop\mirc635.exe
[2009/02/21 18:50:52 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pidgin.lnk
[2009/02/21 18:50:23 | 14,275,882 | ---- | M] () -- C:\Documents and Settings\rafa\Desktop\pidgin-2.5.4.exe
[2009/02/21 18:41:33 | 00,017,241 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/21 18:39:41 | 00,626,688 | ---- | M] () -- C:\WINDOWS\System32\SecurityBox.exe
[2009/02/21 18:39:41 | 00,385,024 | ---- | M] () -- C:\WINDOWS\System32\CMBox.exe
[2009/02/21 18:39:41 | 00,028,672 | ---- | M] () -- C:\WINDOWS\System32\DiskMount.exe
[2009/02/21 18:39:41 | 00,007,164 | ---- | M] () -- C:\WINDOWS\System32\drivers\CMFileDisk.sys
[2009/02/21 18:24:56 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\speedy2.lnk
[2009/02/21 00:00:12 | 00,000,078 | -HS- | M] () -- C:\Documents and Settings\rafa\Meus documentos\desktop.ini
[2009/02/21 00:00:02 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/02/21 00:00:01 | 00,020,456 | ---- | M] () -- C:\Documents and Settings\rafa\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2009/02/20 23:59:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/20 23:58:23 | 00,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/20 23:57:37 | 00,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/20 23:56:55 | 00,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/20 23:55:47 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/02/20 23:51:37 | 00,251,696 | RHS- | M] () -- C:\ntldr
[2009/02/20 23:51:37 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/20 23:25:30 | 31,697,3608 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-PTB.exe
[2009/02/20 23:05:59 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\rafa\Desktop\SpywareBlaster.lnk
[2009/02/20 22:55:39 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/20 22:53:17 | 00,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009/02/20 22:45:27 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/02/20 22:43:03 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/02/20 22:41:59 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/02/20 22:40:50 | 00,002,969 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/20 22:40:50 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\rafa\Menu Iniciar\Programas\Inicializar\desktop.ini
[2009/02/20 22:40:50 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini
[2009/02/20 22:40:50 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/02/20 22:40:50 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/20 22:40:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/02/20 22:40:50 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/20 22:40:50 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/20 22:40:48 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/02/20 22:40:48 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/02/20 22:40:48 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/02/20 22:40:44 | 00,004,207 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/20 22:40:18 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/02/20 22:40:18 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/02/20 22:40:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/02/20 22:37:15 | 00,021,844 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/20 22:37:14 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/02/20 22:37:14 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/02/20 22:26:13 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/20 22:25:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\rafa\Dados de aplicativos\desktop.ini
[2009/02/20 22:25:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documentos\desktop.ini
[2009/02/20 22:25:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
[2009/02/20 20:50:22 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/02/19 17:30:46 | 02,869,536 | ---- | M] (Javacool Software LLC ) -- C:\spywareblastersetup41.exe
[2009/02/18 23:20:46 | 33,180,5736 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009/02/17 20:13:28 | 22,058,104 | ---- | M] () -- C:\antivir_workstation_winu_en_h.exe
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34
< End of report >

OTListIt Extras logfile created on: 22/2/2009 00:06:16 - Run
OTListIt2 by OldTimer - Version 2.0.1.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1,87 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 84,23% Memory free
3,72 Gb Paging File | 3,53 Gb Available in Paging File | 94,71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 51,39 Gb Total Space | 45,72 Gb Free Space | 88,98% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 2,26 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3,73 Gb Total Space | 3,41 Gb Free Space | 91,37% Space Free | Partition Type: FAT32

Computer Name: RAFAEL
Current User Name: rafa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 11:53:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"GTK 2.0" = GTK+ Runtime 2.14.6 rev a (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/2/2009 21:52:30 | Computer Name = RAFAEL | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code: 2

Error - 21/2/2009 17:47:48 | Computer Name = RAFAEL | Source = Application Error | ID = 1000
Description = Aplicativo com falha iexplore.exe, versão 6.0.2900.5512, módulo com
falha ntdll.dll, versão 5.1.2600.5512, endereço com falha 0x000109f9.

[ System Events ]
Error - 20/2/2009 21:52:36 | Computer Name = RAFAEL | Source = System Error | ID = 1003
Description = Código de erro 10000050, parâmetro1 e1e2fff8, parâmetro2 00000000,
parâmetro3 805380be, parâmetro4 00000001.

Error - 20/2/2009 22:58:12 | Computer Name = RAFAEL | Source = Service Control Manager | ID = 7023
Description = O serviço Número de série de mídia portátil terminou com o erro: %%126


< End of report >

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:06:54 PM

Posted 21 February 2009 - 10:30 PM

Hello, orochi1082

but I've been opening my pen drive with that autorun thing from windows that inquiries what you want to do after plugging it in
turns out my pen drive is also having the same problem(I discovered it when I tried to open it to paste the .txt)
and I used the pen drive to transfer the anti-virus .exe, will I have to reformat again?

Nah... looks like the loading point was still there but the baddie file was gone :thumbup2:

We need to run an OTListIt2 Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTLI
    O33 - MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\Shell - "" = Autorun
    O33 - MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\Shell\Open\command - "" = RECYCLER\S-1-1-44-100000957-100013125-100016892-3931.com d:\
    O33 - MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\Shell - "" = Autorun
    O33 - MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\Shell\Open\command - "" = RECYCLER\S-9-1-99-100008017-100013294-100009753-2863.com l:\
    :commands
    [EmptyTemp]
  • Push Posted Image
  • OTLI2 may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTListIt2 Fix Log
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 orochi1082

orochi1082
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 22 February 2009 - 01:02 AM

Hello Billy,
I accidentally ran the fix twice, as I had to go eat dinner and forgot I had already done it
here are the two logs that resulted from it, plus the online scanner's result

========== OTLISTIT ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
File not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.1.0 log created on 02222009_010239

========== OTLISTIT ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007a9367-ff9a-11dd-8985-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d66bb1b-ffb9-11dd-93f3-c780abc62731}\ not found.
File not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.1.0 log created on 02222009_010155

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3876 (20090221)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=fe240ec1e048aa49b7e9cee5641de498
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-22 05:25:09
# local_time=2009-02-22 02:25:09 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=5.1.2600 NT Service Pack 3
# scanned=109657
# found=0
# scan_time=4678




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users