Jump to content


Foto

virus think point



1 resposta(s) nesse tópico

#1 aninhatrl    

aninhatrl
  • Participante
  • 2 mensagens

Publicado 30 November 2010 - 12:29 PM

Oi,
Eu estava com o virus think point no meu computador, aí li os tópicos a respeito e usei o combofix, porem ele fez toda a atualizaçao e aparentemente não tem mais o virus, pois agora consigo acessar a internet e outros programas que estavam bloqueados. Mas preciso de uma análise do log, pois sou leiga nesse assunto. Como faço?


Agradeço desde já.



ComboFix 10-11-29.05 - iarh 30/11/2010 10:53:42.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1015.460 [GMT -2:00]
Executando de: c:\documents and settings\iarh\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\ComboFix.exe
AV: avast! antivírus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\iarh\Dados de aplicativos\completescan
c:\documents and settings\iarh\Dados de aplicativos\hotfix.exe
c:\documents and settings\iarh\Dados de aplicativos\install
c:\Windows\system32\sshnas21.dll
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


(((((((((((((((( Arquivos/Ficheiros criados de 2010-10-28 to 2010-11-30 ))))))))))))))))))))))))))))
.

2010-11-30 12:40 . 2010-11-30 12:34 3982557 ----a-r- c:\documents and settings\iarh\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\ComboFix.exe
2010-11-30 11:05 . 2010-11-30 11:05 178176 ----a-w- c:\Windows\Wpujaa.exe
2010-11-16 13:07 . 2010-11-16 13:07 -------- d-----w- c:\arquivos de programas\ABSVD
2010-11-13 12:12 . 2010-11-13 12:13 -------- d-----w- c:\Windows\ShellNew
2010-11-13 10:10 . 2010-11-13 10:10 -------- d-----w- c:\documents and settings\iarh\Configurações locais\Dados de aplicativos\Identities
2010-11-12 13:58 . 2010-11-12 13:58 -------- d-----w- c:\documents and settings\iarh\Dados de aplicativos\Thinstall
2010-11-12 10:47 . 2007-03-31 10:04 129165278 ----a-w- c:\documents and settings\iarh\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\CorelDRAW.exe
2010-11-06 13:37 . 2010-11-06 13:37 103864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 13:37 . 2010-11-06 13:37 103864 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 11:02 . 2010-09-06 19:52 45472 ----a-w- c:\Windows\system32\drivers\gbpkm.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\Windows\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\Windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\Windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\Windows\system32\drivers\asyncmac.sys

[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\Windows\system32\dllcache\beep.sys
[-] 2001-10-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\Windows\system32\drivers\beep.sys

[-] 2008-04-14 . D3D4832B494CBF9A87CF86D7517013CB . 25088 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\kbdclass.sys
[-] 2004-08-04 . 7FC1E330386610D5EB3E7C4C7893CA93 . 25088 . . [5.1.2600.2180] . . c:\Windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\Windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\Windows\system32\drivers\ntfs.sys

[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\Windows\system32\dllcache\null.sys
[-] 2001-10-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\Windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\Windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\Windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\Windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\Windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\Windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 572AEDA840986672DA2BB9D4183E2AA9 . 77824 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\browser.dll
[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\Windows\system32\browser.dll
[-] 2004-08-04 . B90D6814CF36244818E8B4F0A4AC6F84 . 77312 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\browser.dll

[-] 2008-04-14 . 9607142710D3B64AB7FCCE4BE4E30D37 . 13312 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\lsass.exe
[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\Windows\system32\lsass.exe
[-] 2004-08-04 . 35C6463B3C5F62D2B20C953B6E1538E9 . 13312 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . B199C4F441DDAB10253ABC0AC4858BFF . 198144 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\netman.dll
[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\Windows\system32\netman.dll
[-] 2004-08-04 . BA900E1190BA4CCD70F218A23DEC89D1 . 198144 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\netman.dll

[-] 2008-04-14 . F0F5EEF8C4B0444E6E4D8E09F7A8F0A8 . 409088 . . [6.7.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\qmgr.dll
[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\Windows\system32\qmgr.dll
[-] 2004-08-04 . C1AA680B70BD0771A0850E04C3E634A5 . 382464 . . [6.6.2600.2180] . . c:\Windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . B5AE6227853C4B6A723567A8DEF68F03 . 401408 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . F3763E01E7536F7A6D0C6E392C603EC2 . 401408 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\Windows\system32\rpcss.dll
[-] 2009-02-09 . 2CB8373AC68E387BDF5472CB7AF347EF . 399360 . . [5.1.2600.3520] . . c:\Windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . CB6BBDCCC9F7984E2CA6CA5842746635 . 401408 . . [5.1.2600.3520] . . c:\Windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . E34A1B6160A90C7CB90BF2EE8D6AD921 . 399360 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\rpcss.dll
[-] 2004-08-04 . 7461E79FD81D467A03CD35091D384D2B . 395776 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-09 . C52DEB6D8CD4B096BF1A9EC001F36507 . 111104 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-09 . 38867483E0CB504BB8F277E05729881E . 111104 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\Windows\system32\services.exe
[-] 2009-02-09 . 96D7D86D3AA68A57BBE835441DC23107 . 111104 . . [5.1.2600.3520] . . c:\Windows\system32\dllcache\services.exe
[-] 2009-02-09 . E64296F1D45C776FAC6EE8F89EF3C303 . 111104 . . [5.1.2600.3520] . . c:\Windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . EE7999BAACA84CFAA03726E677EE2A33 . 109056 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\services.exe
[-] 2004-08-04 . CC73C4430C2FC27FDE16A0A4E3678148 . 108544 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . AF1D9AE15C11163F576DF6ED6194B53C . 57856 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\spoolsv.exe
[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\Windows\system32\spoolsv.exe
[-] 2004-08-04 . 3971289FA7072812CAF4D053BBC6352B . 57856 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . 71D440F79B711627B12B567FB2EADB42 . 509952 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\winlogon.exe
[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\Windows\system32\winlogon.exe
[-] 2004-08-04 . 6F7BDE7A1126DEBF0CC359A54953EFC1 . 504320 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 085C5892D9C1E19B3CEFD1B79F5BBF13 . 617472 . . [5.82] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\comctl32.dll
[-] 2008-04-14 . 3356DF9145BC1AD45B43C528F9F7527C . 1054208 . . [6.0] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\asms\60\msft\Windows\common\controls\comctl32.dll
[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\Windows\system32\comctl32.dll
[-] 2004-08-04 . 021631D9D0729D9E52300CCEACE4F054 . 611328 . . [5.82] . . c:\Windows\system32\dllcache\comctl32.dll
[-] 2004-08-04 . 3680CF24C64348BFDC89E290790398E7 . 1050624 . . [6.0] . . c:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2001-10-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2008-04-14 . 554798AAD881736DFC4D08C572DECD7A . 62464 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\cryptsvc.dll
[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\Windows\system32\cryptsvc.dll
[-] 2004-08-04 . 7836E32505D817311E8F8384A18C1128 . 60416 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\Windows\system32\es.dll
[-] 2008-07-07 20:31 . C8FDAFC91302E9E905182EC6A2D1612A . 253952 . . [2001.12.4414.320] . . c:\Windows\system32\dllcache\es.dll
[-] 2008-07-07 20:28 . B024AB8B7692D47C8176BE92AB36D316 . 253952 . . [2001.12.4414.706] . . c:\Windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:25 . 58586EB44E6FD9A711943647C8451741 . 253952 . . [2001.12.4414.706] . . c:\Windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:18 . 788A6C475F332290217C33921623CF48 . 253952 . . [2001.12.4414.320] . . c:\Windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 02:20 . 957E7822860EB8E5CD9EDB7BA04B7E65 . 246272 . . [2001.12.4414.701] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\es.dll
[-] 2004-08-04 03:45 . 74C397E17E946D61012C301186C84124 . 243200 . . [2001.12.4414.258] . . c:\Windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 05C621EAA979D33A12F3B510FF4C6F9F . 110080 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\imm32.dll
[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\Windows\system32\imm32.dll
[-] 2004-08-04 . 602B88592E0690D0DFB5E5F44A9EF820 . 110080 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\Windows\system32\kernel32.dll
[-] 2009-03-21 . 407DEDFD4D52D6FFFBDF6A1D2F9FDAC7 . 1025024 . . [5.1.2600.3541] . . c:\Windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 6A5A13A014F72F3C8E8A23B662C9DAF1 . 1028608 . . [5.1.2600.5781] . . c:\Windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . 03DA51CE83B0D693A10C91B139BBD221 . 1030656 . . [5.1.2600.5781] . . c:\Windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 424919C0378FD828E0FE4683B480BE9B . 1028096 . . [5.1.2600.3541] . . c:\Windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . 68ECDAD8AE2768DE61C20C41A28CC0B0 . 1028608 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\kernel32.dll
[-] 2004-08-04 . AD72A244955E89EBBB8FABF02F8041C6 . 1022464 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . 1E47527C69E79ECC13326BFB2E178394 . 19968 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\linkinfo.dll
[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\Windows\system32\linkinfo.dll
[-] 2004-08-04 . E9B587DBAE9F212A394618CE06013EAF . 18944 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 5F6337EAC9EA401AA0F9040CB6F16C80 . 22016 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\lpk.dll
[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\Windows\system32\lpk.dll
[-] 2004-08-04 . CFFC7F8E8F898BE4561887EF301F8BF3 . 22016 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\lpk.dll

[-] 2010-04-16 . 434769906DF2EAAECE48E9D8AC39A6C2 . 3094016 . . [6.00.2900.5969] . . c:\Windows\$hf_mig$\KB982381\SP3GDR\mshtml.dll
[-] 2010-04-16 . 323D7959E60C22A0603A4960E36EBEE4 . 3094528 . . [6.00.2900.5969] . . c:\Windows\$hf_mig$\KB982381\SP3QFE\mshtml.dll
[-] 2010-04-16 . 65DFAA6586101DBD31102AEE98C83159 . 3086336 . . [6.00.2900.3698] . . c:\Windows\system32\mshtml.dll
[-] 2010-04-16 . 65DFAA6586101DBD31102AEE98C83159 . 3086336 . . [6.00.2900.3698] . . c:\Windows\system32\dllcache\mshtml.dll
[-] 2010-04-16 . F2C502DFB5CCC3002854B8F809E9E269 . 3094016 . . [6.00.2900.3698] . . c:\Windows\$hf_mig$\KB982381\SP2QFE\mshtml.dll
[-] 2008-04-14 . 64C5EB55D74A90AB4DC89F9A6C2E797F . 3066880 . . [6.00.2900.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mshtml.dll
[-] 2004-08-04 . 2D36439FE3C0FBD30F5ABD8FDBAA31B5 . 3003392 . . [6.00.2900.2180] . . c:\Windows\$NtUninstallKB982381$\mshtml.dll

[-] 2008-04-14 . 63C2A8E1E33C8C714F11C91400F291E0 . 343040 . . [7.0.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\msvcrt.dll
[-] 2008-04-14 . 25E2B1C5D3CE1EC3517C755A1FCD3B0E . 343040 . . [7.0.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\asms\70\msft\Windows\mswincrt\msvcrt.dll
[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\Windows\system32\msvcrt.dll
[-] 2004-08-04 . FD5A817258E47E54F4CF8F5E071D1DD8 . 343040 . . [7.0.2600.2180] . . c:\Windows\system32\dllcache\msvcrt.dll
[-] 2004-08-04 . B7BDD03E2D7422CE226DA4029CE8C13C . 343040 . . [7.0.2600.2180] . . c:\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2001-10-28 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll

[-] 2008-06-20 . 401BBBCD7A0116BF42BE81171510486A . 247808 . . [5.1.2600.5625] . . c:\Windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . 5265EA72F599CF8277A34780F6369B60 . 247808 . . [5.1.2600.5625] . . c:\Windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\Windows\system32\mswsock.dll
[-] 2008-06-20 . 59AB513554BA8770BF493D6F2121637B . 247808 . . [5.1.2600.3394] . . c:\Windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . E8C71AECFD3B76407430A22C9EB371FF . 247808 . . [5.1.2600.3394] . . c:\Windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . CF7C16037A5905AA5A173813D14D5C4A . 247808 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mswsock.dll
[-] 2004-08-04 . DB19E9D916B10319A17572B3E7E63FAC . 247808 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB951748$\mswsock.dll

[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\Windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2009-02-06 . B8F0B2CF73FD662A39F0E4392C28E73D . 408064 . . [5.1.2600.3520] . . c:\Windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 49897D67B04E62F8E59EB8B1C7DF7072 . 407040 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\netlogon.dll
[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\Windows\system32\netlogon.dll
[-] 2004-08-04 . 82777C1BE8E9F0B1574DAC5BC29C7D6F . 407040 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . C008BBC88156E0EE109C7FF445CD9555 . 17408 . . [6.00.2900.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\powrprof.dll
[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\Windows\system32\powrprof.dll
[-] 2004-08-04 . 0F81EB414DE1D77DD315F4A3D324BC1E . 17408 . . [6.00.2900.2180] . . c:\Windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . 879E802EF4EF2405014B170EA41E552B . 184832 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\scecli.dll
[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\Windows\system32\scecli.dll
[-] 2004-08-04 . E95230A31F912E07B19F8335D4DFF110 . 183808 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . 39FD0DD101277F7261C7D602462C9A95 . 5120 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfc.dll
[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\Windows\system32\sfc.dll
[-] 2004-08-04 . FA7EE4A359AE09930904881982D22AB8 . 5120 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . ED2D69CD4B0EBE37EFE11D4DC4ABC68F . 14336 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\svchost.exe
[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\Windows\system32\svchost.exe
[-] 2004-08-04 . 5DE3E7B6F7624552F2F06664F110820D . 14336 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . FEFA8CEBD17A788FDCB9A1C78311AFC3 . 249856 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tapisrv.dll
[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\Windows\system32\tapisrv.dll
[-] 2004-08-04 . 573EFF2DBCAFDA95587FBB9B71F88464 . 246272 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . 54907DB28872A7A6D3EE2B4747A23828 . 579072 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\user32.dll
[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\Windows\system32\user32.dll
[-] 2004-08-04 . E0FF28447D1038DE106D1F2FDF851647 . 577536 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\user32.dll

[-] 2008-04-14 . A7EA40F680163808D96F89B4FF991876 . 26112 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\userinit.exe
[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\Windows\system32\userinit.exe
[-] 2004-08-04 . 4CA695EC1EE4C7CF2144DFA00EA0E1F7 . 24576 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\userinit.exe

[-] 2010-04-16 . 64CB96D9C7F4ACBD1CFC6952885353AD . 669184 . . [6.00.2900.5969] . . c:\Windows\$hf_mig$\KB982381\SP3GDR\wininet.dll
[-] 2010-04-16 . 354E4C3993B9B841828EB1F5231EE30C . 670720 . . [6.00.2900.5969] . . c:\Windows\$hf_mig$\KB982381\SP3QFE\wininet.dll
[-] 2010-04-16 . 2057F34641A97E76BAB5618AA8B7BC40 . 664064 . . [6.00.2900.3698] . . c:\Windows\system32\wininet.dll
[-] 2010-04-16 . 2057F34641A97E76BAB5618AA8B7BC40 . 664064 . . [6.00.2900.3698] . . c:\Windows\system32\dllcache\wininet.dll
[-] 2010-04-16 . 3A9839645E1935CF024010556EFBFF6B . 670720 . . [6.00.2900.3698] . . c:\Windows\$hf_mig$\KB982381\SP2QFE\wininet.dll
[-] 2008-04-14 . DF6D0F37A71883BE3505DD517EB8AD83 . 668160 . . [6.00.2900.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wininet.dll
[-] 2004-08-04 . 398A619CE60090303042D1F8CC68F712 . 658432 . . [6.00.2900.2180] . . c:\Windows\$NtUninstallKB982381$\wininet.dll

[-] 2008-04-14 . 1FA3C4B2D7E35176E65FB69AB597B0F0 . 82432 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ws2_32.dll
[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\Windows\system32\ws2_32.dll
[-] 2004-08-04 . A5163442377D3C305BBFF612F80047D7 . 82944 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . 6832C2FB8F0D4E97B850BC6515A49633 . 19968 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ws2help.dll
[-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\Windows\system32\ws2help.dll
[-] 2004-08-04 . D781E40EEBC31A3C6AF96769F16205B4 . 19968 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ws2help.dll

[-] 2008-04-14 . 064EC7FF5F58B928C3E119402977FA6D . 1035776 . . [6.00.2900.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\explorer.exe
[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\Windows\explorer.exe
[-] 2004-08-04 . FA61A19050AE14BEC1A26DE82390DD65 . 1034240 . . [6.00.2900.2180] . . c:\Windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 4DA89C78A5AC43DD98E7497324000378 . 1287168 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ole32.dll
[-] 2004-08-04 . C44792D0F3070F7959E4DC4F49380595 . 1281024 . . [5.1.2600.2180] . . c:\Windows\system32\ole32.dll
[-] 2004-08-04 . C44792D0F3070F7959E4DC4F49380595 . 1281024 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ole32.dll

[-] 2008-04-14 . A380011155FA92E1B374D9EA7FFA20CD . 406016 . . [1.0420.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\usp10.dll
[-] 2004-08-04 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\Windows\system32\usp10.dll
[-] 2004-08-04 . 96405954A94A3890670D2648FBF22CC8 . 406528 . . [1.0420.2600.2180] . . c:\Windows\system32\dllcache\usp10.dll

[-] 2008-04-14 . 4423787F4261EE43B7341429AF0CBB77 . 171520 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\srsvc.dll
[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\Windows\system32\srsvc.dll
[-] 2004-08-04 . 0B1D7BF8EB2BC685D154CB925F3629CB . 171008 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wscntfy.exe
[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\Windows\system32\wscntfy.exe
[-] 2004-08-04 . EDE207E8FFBCB3909C078DCB60E29044 . 13824 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 568DF6E220B431A92B57C4C3BD97870D . 129024 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\xmlprov.dll
[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\Windows\system32\xmlprov.dll
[-] 2004-08-04 . DA44ACE43CCA958C7917D5115FC4DDEF . 129536 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . A8CDC8DECE4735B86BBEF28460996C30 . 56320 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\eventlog.dll
[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\Windows\system32\eventlog.dll
[-] 2004-08-04 . BD18C87A4E1EA136C44D374296B981DC . 55808 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll
[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\Windows\system32\sfcfiles.dll
[-] 2004-08-04 . 1DD4FC7EEE3A45257528A34FDF7BC689 . 1548288 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . 4E486ADFE3A0B9ED0EB0639902E9F64F . 15360 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ctfmon.exe
[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\Windows\system32\ctfmon.exe
[-] 2004-08-04 . F40BC97996B8E53799EEF1D63996674B . 15360 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . 8FB4E8C957C22458452EBE96C36F1D94 . 135168 . . [6.00.2900.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\shsvcs.dll
[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\Windows\system32\shsvcs.dll
[-] 2004-08-04 . 5810EFAEA004B3824B0487ECCF2EA32E . 134656 . . [6.00.2900.2180] . . c:\Windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\regsvc.dll
[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\Windows\system32\regsvc.dll
[-] 2004-08-04 . D1F735C4079E58D016C1AA2227C28F47 . 59904 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 9C2C97DF8224061D9F7EE18BCA61B02E . 193536 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\schedsvc.dll
[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\Windows\system32\schedsvc.dll
[-] 2004-08-04 . C386259AFC206462679867D3ED464C1D . 192000 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . 4424AE68E670D1270F5026E1AF417933 . 71680 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ssdpsrv.dll
[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\Windows\system32\ssdpsrv.dll
[-] 2004-08-04 . C6822E1A5DAFDC1F9CCF8CB7B455AB53 . 71680 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . 0F4DB70DCE17B9DC1A5D835B1A5EE469 . 296960 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\termsrv.dll
[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\Windows\system32\termsrv.dll
[-] 2004-08-04 . 23DFF6DAA7565CC5802E057A6B9F585E . 296960 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 27683D3EE8FCB7E620B25C8A84B329D6 . 172032 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\appmgmts.dll
[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\Windows\system32\appmgmts.dll
[-] 2004-08-04 . 2E131621557A6EF486FC86D738CBC8B6 . 172032 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\appmgmts.dll

[-] 2001-10-28 . EBD5CF43AD9526EAB9B2A15A54760EA9 . 11904 . . [5.1.2600.0] . . c:\Windows\system32\drivers\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\aec.sys
[-] 2004-08-04 00:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\Windows\system32\dllcache\aec.sys
[-] 2004-08-04 00:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\Windows\system32\drivers\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\Windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 02:20 . DAE8EC624824A8AD8660C2EF5F1ECE0B . 927504 . . [4.1.0.61] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mfc40u.dll
[-] 2001-10-28 18:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\Windows\system32\mfc40u.dll
[-] 2001-10-28 18:06 . 168C72C281EC3BE3201AC95F42A577CF . 924432 . . [4.1.6140] . . c:\Windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 1DCE231F3E55B71B66AA0B7B8FD9BD97 . 33792 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\msgsvc.dll
[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\Windows\system32\msgsvc.dll
[-] 2004-08-04 . 0B572FBB16E7E10D7DAB749CD390017C . 33792 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 02:20 . 60103CA5992F18B1EEF8D4511318C4B3 . 52736 . . [9.0.1.56] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\mspmsnsv.dll
[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\Windows\system32\mspmsnsv.dll
[-] 2004-08-04 03:45 . 2E693831AF9D63784F96018CE4E41897 . 52736 . . [9.0.1.56] . . c:\Windows\system32\dllcache\mspmsnsv.dll

[-] 2010-02-17 . E82629C3A6FA6BD524A91A68E430C461 . 2067968 . . [5.1.2600.3670] . . c:\Windows\$hf_mig$\KB979683\SP2QFE\ntkrnlpa.exe
[-] 2010-02-16 . 87D05BF79B9BF6352B0C13CC8020037B . 2062592 . . [5.1.2600.3670] . . c:\Windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-02-16 . 87D05BF79B9BF6352B0C13CC8020037B . 2062592 . . [5.1.2600.3670] . . c:\Windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . FC992F26DA531CB100319A4103F05C7D . 2020864 . . [5.1.2600.3670] . . c:\Windows\system32\ntkrnlpa.exe
[-] 2010-02-16 . 1F54DE75A9C8EC46E9FB53C1890C9ED3 . 2071040 . . [5.1.2600.5938] . . c:\Windows\$hf_mig$\KB979683\SP3GDR\ntkrnlpa.exe
[-] 2010-02-16 . E94AC126E7ADFD40DC4E38D2E91236D8 . 2071168 . . [5.1.2600.5938] . . c:\Windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-02-10 . DBAD62B9A518249C1A1408CF3AB9064A . 2070272 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-09 . 22557C1B42929B1C5A0A42541C668D5A . 2019840 . . [5.1.2600.3520] . . c:\Windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-02-09 . 9CFC9992BF7C7AFE6FF7E5DE76D74A5F . 2067200 . . [5.1.2600.3520] . . c:\Windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-09 . FF7FE874B6DA494303EE3DD9B97AB007 . 2070400 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . F84054BFD1D688B901AD907499879BBD . 2070144 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntkrnlpa.exe
[-] 2004-08-04 . 31DFE96B6B6FA4C9CA098CEAF21B29A5 . 2019328 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB956572$\ntkrnlpa.exe

[-] 2008-04-14 02:20 . 209683D85036AAA4E4D8CA732FA51A2B . 437248 . . [5.1.2400.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntmssvc.dll
[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\Windows\system32\ntmssvc.dll
[-] 2004-08-04 03:45 . BC0F28B3C2AB6ACDA3361721442E4CB7 . 437248 . . [5.1.2400.2180] . . c:\Windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . E3C0A6F5732C9E9B2BD2FD3D0AFCEB87 . 186368 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\upnphost.dll
[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\Windows\system32\upnphost.dll
[-] 2004-08-04 . 6E7F6BAEA10965B2065585149DC5E7E6 . 185344 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\upnphost.dll

[-] 2008-04-14 . 24713AE49611471DF8924D5FF562883D . 367616 . . [5.3.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\dsound.dll
[-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\Windows\system32\dsound.dll
[-] 2004-08-04 . 583C0FB31E40883676779E09587620FF . 367616 . . [5.3.2600.2180] . . c:\Windows\system32\dllcache\dsound.dll

[-] 2008-04-14 . 22DCF487731B84C57807F85E16044073 . 1689088 . . [5.03.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\d3d9.dll
[-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\Windows\system32\d3d9.dll
[-] 2004-08-04 . 7994AEA92DAF7CC66098F0ECF5BDE4C1 . 1689088 . . [5.03.2600.2180] . . c:\Windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . B948C29C72073A7B8C9D822C66F9FADA . 279552 . . [5.03.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ddraw.dll
[-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\Windows\system32\ddraw.dll
[-] 2004-08-04 . 55D16097F68A7C961A570855CACFCCCA . 266240 . . [5.03.2600.2180] . . c:\Windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 02:20 . 30A6FA4B34A2EC96CDFE2BA3B69233C0 . 84992 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\olepro32.dll
[-] 2004-08-04 03:45 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\Windows\system32\olepro32.dll
[-] 2004-08-04 03:45 . 53878A6AB006A6FC63B3CFD2404B85A9 . 83456 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . 84A41B2B978AB366873CDB289118786C . 40960 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\perfctrs.dll
[-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\Windows\system32\perfctrs.dll
[-] 2004-08-04 . 30B30692A5BC889429887F59ACDA1E8C . 40960 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\perfctrs.dll

[-] 2008-04-14 . 5383E4C03D7AAE01AA653E756CF20D2E . 18944 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\version.dll
[-] 2004-08-04 . EDF655E907022DF8006221DFF1C2439A . 18944 . . [5.1.2600.2180] . . c:\Windows\system32\version.dll
[-] 2004-08-04 . EDF655E907022DF8006221DFF1C2439A . 18944 . . [5.1.2600.2180] . . c:\Windows\system32\dllcache\version.dll

[-] 2008-04-14 . 04CABAD69BE78EB9C03CD4346D776DA5 . 93184 . . [6.00.2900.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\iexplore.exe
[-] 2004-08-04 . 69E3202DCB3F4C432262100A2175BDD5 . 93184 . . [6.00.2900.2180] . . c:\Windows\system32\dllcache\iexplore.exe

[-] 2010-02-17 . 124F4EC97A7683D1A67B3AECFE258ABD . 2194176 . . [5.1.2600.5938] . . c:\Windows\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[-] 2010-02-16 . E3AB5BB31F1E60E3E1E6121A85CBE281 . 2185600 . . [5.1.2600.3670] . . c:\Windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-02-16 . 0821020298A361B905343CE80B5BE2A3 . 2141184 . . [5.1.2600.3670] . . c:\Windows\system32\ntoskrnl.exe
[-] 2010-02-16 . E3AB5BB31F1E60E3E1E6121A85CBE281 . 2185600 . . [5.1.2600.3670] . . c:\Windows\system32\dllcache\ntoskrnl.exe
[-] 2010-02-16 . BB99D86301E766593A9E7398B942DC89 . 2191104 . . [5.1.2600.3670] . . c:\Windows\$hf_mig$\KB979683\SP2QFE\ntoskrnl.exe
[-] 2010-02-16 . 8A47EB27E99109826F8A54BB64BE8131 . 2194304 . . [5.1.2600.5938] . . c:\Windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . B0BF079AF000D97D8C043D1DFF08086D . 2193408 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 514F2B2055B58556ACCFEE763E14D78F . 2140160 . . [5.1.2600.3520] . . c:\Windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-02-09 . AF8A3B4150C87E692E5CD27836BFA83D . 2190336 . . [5.1.2600.3520] . . c:\Windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-09 . C667CA055AA4E24A0733061282276AA5 . 2193280 . . [5.1.2600.5755] . . c:\Windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2008-04-14 . 185F6C64734019E7E9F626E53CC37FB4 . 2193280 . . [5.1.2600.5512] . . c:\Windows\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\ntoskrnl.exe
[-] 2004-08-04 . 91448D27F6DFAF50DD1D5FD3D8C1F3BD . 2152448 . . [5.1.2600.2180] . . c:\Windows\$NtUninstallKB956572$\ntoskrnl.exe
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\Windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\Windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\Windows\system32\igfxpers.exe" [2008-02-15 131072]
"HDAudDeck"="c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-09-25 33517568]
"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"HPUsageTracking"="c:\arquivos de programas\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-10-25 10:59 342816 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 02:07 932288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 17:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\iarh\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"c:\\Windows\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Windows\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=

R0 GbpKm;Gbp KernelMode;c:\Windows\system32\drivers\gbpkm.sys [6/9/2010 17:52 45472]
R1 aswSP;aswSP;c:\Windows\system32\drivers\aswSP.sys [20/1/2010 10:59 162640]
R2 aswFsBlk;aswFsBlk;c:\Windows\system32\drivers\aswFsBlk.sys [20/1/2010 10:59 19024]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [6/9/2010 17:52 55072]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\Windows\system32\drivers\viahduaa.sys [20/1/2010 10:55 874880]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-11-30 c:\Windows\Tasks\OGALogon.job
- c:\Windows\system32\OGAEXEC.exe [2009-08-03 17:07]

2010-11-30 c:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
- c:\Windows\Wpujaa.exe [2010-11-30 11:05]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://cpne.bradesco.com.br/certifexp.cab
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab
FF - ProfilePath - c:\documents and settings\iarh\Dados de aplicativos\Mozilla\Firefox\Profiles\aoy49wgr.default\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 10:59
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\arquivos de programas\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????????????

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\arquivos de programas\GbPlugin\gbieh.dll

- - - - - - - > 'explorer.exe'(3972)
c:\arquivos de programas\GbPlugin\gbieh.dll
c:\arquivos de programas\Scpad\scpLIB.dll
c:\arquivos de programas\Scpad\scpMIB.dll
c:\arquivos de programas\Scpad\sshib.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
c:\Windows\System32\spool\DRIVERS\W32X86\3\HP1005MC.EXE
c:\Windows\system32\wscntfy.exe
c:\Windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-11-30 11:03:06 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-11-30 13:03

Pré-execução: 8 pasta(s) 98.021.113.856 bytes disponíveis
Pós execução: 9 pasta(s) 98.575.945.728 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\Windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\Windows="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 337B0674097D7FA40300FF4B3D5FC215

PUBLICIDADE  
 

#2 Mr.Million    

Mr.Million

    Consumer Security MVP

  • Especialista
  • 65901 mensagens

Publicado 30 November 2010 - 02:54 PM

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas
Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque
Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão
Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


MillionMPV.gif


PUBLICIDADE