Log do ComboFix:ComboFix 12-07-30.01 - Josafá 30/07/2012 16:24:13.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.2070.18.4094.2945 [GMT -3:00]
Executando de: c:\users\Josafß\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-28 to 2012-07-30 ))))))))))))))))))))))))))))
.
.
2012-07-30 19:32 . 2012-07-30 19:32 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3508BF01-748F-4125-B2B7-E11F3AC26583}\offreg.dll
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 09:29 . 2012-07-30 09:29 -------- d-----w- c:\users\Josafá\AppData\Local\{E7B7EE92-4445-4F88-9AB4-E639DF5B690D}
2012-07-30 09:29 . 2012-07-30 09:29 -------- d-----w- c:\users\Josafá\AppData\Local\{952EAB5D-EDA3-4438-81F6-E668BCD10F79}
2012-07-29 20:01 . 2012-07-29 20:01 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-29 16:21 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3508BF01-748F-4125-B2B7-E11F3AC26583}\mpengine.dll
2012-07-29 16:02 . 2012-07-29 16:02 -------- d-----w- c:\users\Josafá\AppData\Roaming\Malwarebytes
2012-07-29 16:02 . 2012-07-29 16:02 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 14:10 . 2012-07-29 14:10 -------- d-----w- c:\users\Josafá\AppData\Local\{BCCD2F87-1D0C-43D9-A176-8395E65C93DF}
2012-07-29 14:10 . 2012-07-29 14:10 -------- d-----w- c:\users\Josafá\AppData\Local\{D369DE2B-BFDF-4334-A4A7-095801748E3D}
2012-07-29 02:09 . 2012-07-29 02:09 -------- d-----w- c:\users\Josafá\AppData\Local\{0454BED5-9565-4FE9-8C02-7EE441E99CEE}
2012-07-29 02:09 . 2012-07-29 02:09 -------- d-----w- c:\users\Josafá\AppData\Local\{751657EF-E62F-4D51-9E51-7782D4AC3A98}
2012-07-28 15:31 . 2012-07-28 15:31 -------- d-----w- c:\windows\system32\appmgmt
2012-07-28 15:03 . 2012-07-28 15:03 -------- d-----w- c:\users\Josafá\AppData\Roaming\Opera
2012-07-28 15:03 . 2012-07-28 15:03 -------- d-----w- c:\users\Josafá\AppData\Local\Opera
2012-07-28 15:03 . 2012-07-28 15:03 -------- d-----w- c:\program files (x86)\Opera
2012-07-28 13:41 . 2012-07-28 13:41 71012 ----a-w- C:\cc_20120728_104118.reg
2012-07-28 13:38 . 2012-07-28 13:38 -------- d-----w- c:\program files\CCleaner
2012-07-28 13:24 . 2012-07-28 13:24 -------- d-----w- c:\users\Josafá\AppData\Local\{74EF14CC-647C-48C2-BAA4-D11DAB240742}
2012-07-28 13:23 . 2012-07-28 13:24 -------- d-----w- c:\users\Josafá\AppData\Local\{DF4D1505-5CC4-4CF7-8066-1803DE442E31}
2012-07-28 10:21 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 01:22 . 2012-07-28 01:22 -------- d-----w- c:\users\Josafá\AppData\Local\{61C0F41A-1E5D-4607-878A-FC88651F5E55}
2012-07-28 01:22 . 2012-07-28 01:22 -------- d-----w- c:\users\Josafá\AppData\Local\{9D3DB013-09A4-4428-9F1F-D7DF78813E39}
2012-07-27 11:59 . 2012-07-27 11:59 -------- d-----w- c:\users\Josafá\AppData\Local\{40F97AE5-82D0-4AB0-A734-A61254D82141}
2012-07-27 11:59 . 2012-07-27 11:59 -------- d-----w- c:\users\Josafá\AppData\Local\{67E32985-AE27-4CA3-9F39-03AA3F043990}
2012-07-27 11:47 . 2012-07-27 11:47 -------- d-----w- c:\users\Josafá\AppData\Local\{BE41CE02-6CA3-47C1-B5CE-E09E8DC2053B}
2012-07-27 11:47 . 2012-07-27 11:47 -------- d-----w- c:\users\Josafá\AppData\Local\{F968FD40-985F-485E-A859-B7F71CE6B733}
2012-07-26 23:08 . 2012-07-26 23:08 -------- d-----w- c:\users\Josafá\AppData\Local\{51DBD826-D5FE-4F99-9E06-771C37050EAB}
2012-07-26 23:08 . 2012-07-26 23:08 -------- d-----w- c:\users\Josafá\AppData\Local\{EE8A845C-0E53-485D-A707-25FCB2EF6CE5}
2012-07-26 21:54 . 2012-07-26 22:26 -------- d-----w- c:\users\Josafá\AppData\Roaming\Vso
2012-07-26 21:53 . 2010-02-09 19:37 65602 ----a-w- c:\windows\SysWow64\cook3260.dll
2012-07-26 21:53 . 2010-02-09 19:37 626688 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-07-26 21:53 . 2010-02-09 19:37 217127 ----a-w- c:\windows\SysWow64\drv43260.dll
2012-07-26 21:53 . 2010-02-09 19:37 208935 ----a-w- c:\windows\SysWow64\drv33260.dll
2012-07-26 21:53 . 2010-02-09 19:37 176165 ----a-w- c:\windows\SysWow64\drv23260.dll
2012-07-26 21:53 . 2010-02-09 19:37 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-07-26 21:53 . 2010-02-09 19:37 102439 ----a-w- c:\windows\SysWow64\sipr3260.dll
2012-07-26 21:53 . 2012-07-26 21:53 -------- d-----w- c:\program files (x86)\VSO
2012-07-26 09:28 . 2012-07-26 09:28 -------- d-----w- c:\users\Josafá\AppData\Local\{ABE2C57D-2C90-4FAC-910E-67DC8B4A3297}
2012-07-26 09:28 . 2012-07-26 09:28 -------- d-----w- c:\users\Josafá\AppData\Local\{E4A7F920-A397-48EE-A312-FA818E714FF1}
2012-07-25 21:21 . 2012-07-25 21:21 -------- d-----w- c:\users\Josafá\AppData\Local\{3E81E615-4CF9-477C-B853-E84C952D6CE4}
2012-07-25 21:21 . 2012-07-25 21:21 -------- d-----w- c:\users\Josafá\AppData\Local\{11BB1DF2-BDB1-4240-84BD-C0786BEE54D4}
2012-07-25 09:14 . 2012-07-25 09:14 -------- d-----w- c:\users\Josafá\AppData\Local\{FDEEC049-1DF1-4FED-A4D5-C19BB7A95519}
2012-07-25 09:13 . 2012-07-25 09:14 -------- d-----w- c:\users\Josafá\AppData\Local\{A4A40B4D-A32F-452F-BF99-9A3349B06DFC}
2012-07-24 21:07 . 2012-07-24 21:08 -------- d-----w- c:\users\Josafá\AppData\Local\{EB322661-7136-4E1A-BCAB-6899220A84F5}
2012-07-24 21:07 . 2012-07-24 21:07 -------- d-----w- c:\users\Josafá\AppData\Local\{A70FA429-E8EA-43C1-BF62-F459D775C13D}
2012-07-24 21:05 . 2012-07-24 21:05 -------- d-----w- C:\found.000
2012-07-24 10:47 . 2012-07-24 10:47 -------- d-----w- c:\users\Josafá\AppData\Local\{7316D154-B4E1-4B85-B03C-626CA33D9C38}
2012-07-23 22:47 . 2012-07-23 22:47 -------- d-----w- c:\users\Josafá\AppData\Local\{A0D66886-18E4-4417-8470-D943CE9091F5}
2012-07-23 22:47 . 2012-07-23 22:47 -------- d-----w- c:\users\Josafá\AppData\Local\{108DC403-4A55-4342-94B0-E50E5469B379}
2012-07-23 15:16 . 2012-07-28 15:31 -------- d-----w- c:\program files (x86)\Safari
2012-07-23 12:04 . 2012-07-23 19:52 -------- d-----w- c:\users\Josafá\dwhelper
2012-07-23 09:59 . 2012-07-23 09:59 -------- d-----w- c:\users\Josafá\AppData\Local\{2E22CF49-5FC7-4DD6-8765-2E45E4C2348F}
2012-07-23 09:59 . 2012-07-23 09:59 -------- d-----w- c:\users\Josafá\AppData\Local\{5981C018-79AA-42A8-A84F-33DB9238D7FB}
2012-07-22 21:58 . 2012-07-22 21:59 -------- d-----w- c:\users\Josafá\AppData\Local\{81DE75DE-C0D5-45A7-9054-71B9AA6B1F96}
2012-07-22 21:58 . 2012-07-22 21:58 -------- d-----w- c:\users\Josafá\AppData\Local\{3A71DDA5-0C5A-4B73-B48B-1F26A6FCBBA5}
2012-07-22 10:30 . 2012-07-22 10:30 -------- d-----w- c:\users\Josafá\AppData\Roaming\Media Player Classic
2012-07-22 10:30 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-07-22 10:30 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2012-07-22 10:30 . 2011-10-01 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-22 10:30 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-07-22 09:57 . 2012-07-22 09:57 -------- d-----w- c:\users\Josafá\AppData\Local\{4182937C-4805-45CF-84D7-657388BF6DE1}
2012-07-22 09:56 . 2012-07-22 09:57 -------- d-----w- c:\users\Josafá\AppData\Local\{D66FA1E6-8AB9-4E4B-A070-2312417D3086}
2012-07-21 21:56 . 2012-07-21 21:56 -------- d-----w- c:\users\Josafá\AppData\Local\{486D0D0E-2340-4FE2-8FDF-849DA41EC983}
2012-07-21 21:56 . 2012-07-21 21:56 -------- d-----w- c:\users\Josafá\AppData\Local\{6F4A5DAD-4791-48DF-ABC5-F9163896D15F}
2012-07-21 21:56 . 2012-07-21 21:56 -------- d-----w- c:\users\Josafá\AppData\Local\{CBCEB889-164F-4FF1-B67B-59959947D7F2}
2012-07-21 21:56 . 2012-07-21 21:56 -------- d-----w- c:\users\Josafá\AppData\Local\{98AFF5AE-AD88-4086-A5B9-DB0941FCCBCC}
2012-07-21 09:54 . 2012-07-21 09:54 -------- d-----w- c:\users\Josafá\AppData\Local\{F1929389-E69F-449B-AF0F-FB3B18822F25}
2012-07-21 09:54 . 2012-07-21 09:54 -------- d-----w- c:\users\Josafá\AppData\Local\{569028D4-AB63-4094-A2E5-53DEC98530E8}
2012-07-20 21:53 . 2012-07-20 21:54 -------- d-----w- c:\users\Josafá\AppData\Local\{0B7FCCB0-4F47-4E3B-A544-8E98F352F153}
2012-07-20 21:53 . 2012-07-20 21:53 -------- d-----w- c:\users\Josafá\AppData\Local\{A46C0925-8046-4579-A67C-55DF8615D585}
2012-07-20 09:46 . 2012-07-20 09:46 -------- d-----w- c:\users\Josafá\AppData\Local\{7279CC1D-CB73-476F-AFA7-85E7559A269C}
2012-07-20 09:45 . 2012-07-20 09:46 -------- d-----w- c:\users\Josafá\AppData\Local\{CC63628A-F8BC-4548-BCBD-4DD5CC505FF1}
2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\users\Josafá\AppData\Local\{0620EED2-37DF-49B1-8B40-6317AF7255E1}
2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\users\Josafá\AppData\Local\{DABD8384-C4EE-4A45-BF27-12C4139C4E1D}
2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\users\Josafá\AppData\Local\{1AA3B8AD-D5F8-4BBD-ABC0-F35B20D498C6}
2012-07-19 21:45 . 2012-07-19 21:45 -------- d-----w- c:\users\Josafá\AppData\Local\{9C91EA7A-BB76-4A9E-A894-04889A774C11}
2012-07-19 09:44 . 2012-07-19 09:44 -------- d-----w- c:\users\Josafá\AppData\Local\{C42992EF-1755-4279-9D29-6AA6B0CBEABB}
2012-07-19 09:44 . 2012-07-19 09:44 -------- d-----w- c:\users\Josafá\AppData\Local\{C949F49D-9964-47E9-A8BC-DE7920114552}
2012-07-18 15:07 . 2012-07-18 15:08 -------- d-----w- c:\users\Josafá\AppData\Local\{5743FC36-D11B-49C6-8F27-EED960CF02F2}
2012-07-18 15:07 . 2012-07-18 15:07 -------- d-----w- c:\users\Josafá\AppData\Local\{A91A611D-2A8A-431E-8013-338B450004A9}
2012-07-18 03:07 . 2012-07-18 03:07 -------- d-----w- c:\users\Josafá\AppData\Local\{B9AD8493-59C2-4D9B-A4F3-E2AB886B4F93}
2012-07-18 03:07 . 2012-07-18 03:07 -------- d-----w- c:\users\Josafá\AppData\Local\{106EE2F3-1FF6-4E20-BFA6-0F0BB2440B2F}
2012-07-17 12:07 . 2012-07-17 12:07 -------- d-----w- c:\users\Josafá\AppData\Local\{BD85C744-4F00-43C4-9982-1E989FBCD4ED}
2012-07-17 12:06 . 2012-07-17 12:07 -------- d-----w- c:\users\Josafá\AppData\Local\{419CF8E2-78E2-4955-BCA8-CB2A2007F8B9}
2012-07-17 00:06 . 2012-07-17 00:06 -------- d-----w- c:\users\Josafá\AppData\Local\{233D09C5-F26D-412F-9410-008976243C3F}
2012-07-17 00:06 . 2012-07-17 00:06 -------- d-----w- c:\users\Josafá\AppData\Local\{9458635A-5554-4C9C-B641-96EABDE801E3}
2012-07-16 12:04 . 2012-07-16 12:04 -------- d-----w- c:\users\Josafá\AppData\Local\{8F8C00C9-6BBE-4465-A8BF-28AC47BC8890}
2012-07-16 12:04 . 2012-07-16 12:04 -------- d-----w- c:\users\Josafá\AppData\Local\{696F2846-C87A-49DE-99CD-1EE8569BB50A}
2012-07-15 23:26 . 2012-07-15 23:26 -------- d-----w- c:\users\Josafá\AppData\Local\{F2E38896-9227-49C0-8941-DD4EE60225AE}
2012-07-15 23:25 . 2012-07-15 23:26 -------- d-----w- c:\users\Josafá\AppData\Local\{A862F40B-7EAD-426F-9072-09BC339CA209}
2012-07-15 10:41 . 2012-07-15 10:41 -------- d-----w- c:\users\Josafá\AppData\Local\{1F5BFADC-34A7-4502-89DE-CFB16C960E35}
2012-07-15 10:41 . 2012-07-15 10:41 -------- d-----w- c:\users\Josafá\AppData\Local\{D26E4C1B-4D66-42F9-9CF0-8AA3D1CE15FD}
2012-07-14 22:40 . 2012-07-14 22:40 -------- d-----w- c:\users\Josafá\AppData\Local\{8D962BC3-4871-45B5-8179-2205A91DA6F0}
2012-07-14 22:40 . 2012-07-14 22:40 -------- d-----w- c:\users\Josafá\AppData\Local\{DF125F39-7F1E-4919-829D-F54548B1ACCE}
2012-07-14 10:09 . 2012-07-14 10:09 -------- d-----w- c:\users\Josafá\AppData\Local\{571C6763-1DFB-4643-B33B-E10F7D631F9F}
2012-07-14 10:09 . 2012-07-14 10:09 -------- d-----w- c:\users\Josafá\AppData\Local\{1DA4868E-121F-492E-8F32-1A5EF0A9EFCE}
2012-07-13 21:27 . 2012-07-13 21:27 -------- d-----w- c:\users\Josafá\AppData\Local\{A1C12343-CD7B-4AD0-9226-AB2087E96BBD}
2012-07-13 21:27 . 2012-07-13 21:27 -------- d-----w- c:\users\Josafá\AppData\Local\{E2B6F7C2-533F-46FD-9B6D-B4117032BFAF}
2012-07-13 09:10 . 2012-07-13 09:11 -------- d-----w- c:\users\Josafá\AppData\Local\{57FBD91E-C3C9-482B-8FB4-CB8905978E60}
2012-07-13 09:10 . 2012-07-13 09:10 -------- d-----w- c:\users\Josafá\AppData\Local\{4FB895FE-621A-4439-9740-8103A7AFFA12}
2012-07-12 15:09 . 2012-07-12 15:09 -------- d-----w- c:\users\Josafá\AppData\Local\{3AF3B8F1-4401-41BD-97EA-BB106410B5D2}
2012-07-12 15:09 . 2012-07-12 15:09 -------- d-----w- c:\users\Josafá\AppData\Local\{9B6E6528-A458-4B36-B917-04EA8683329F}
2012-07-12 03:29 . 2012-06-12 02:58 3151872 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:25 . 2012-07-12 03:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 00:25 . 2012-07-12 00:25 -------- d-----w- c:\users\Josafá\AppData\Local\{1D688444-713D-4DA7-A58F-D1B381510F14}
2012-07-12 00:25 . 2012-07-12 00:25 -------- d-----w- c:\users\Josafá\AppData\Local\{0E3E31BD-1DC0-46A1-921F-6E8FB8664DD5}
2012-07-11 11:59 . 2012-07-11 11:59 -------- d-----w- c:\users\Josafá\AppData\Local\{3EF19DDF-27E7-44F9-B71D-1EE9FC2F2100}
2012-07-11 11:59 . 2012-07-11 11:59 -------- d-----w- c:\users\Josafá\AppData\Local\{89D418BC-F2E9-4AE9-B87B-3CAD8D428184}
2012-07-11 11:22 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:22 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 11:22 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 11:22 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 11:22 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 11:22 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 11:22 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 11:22 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 11:22 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 11:22 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 11:22 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 11:22 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 11:22 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-10 23:58 . 2012-07-10 23:58 -------- d-----w- c:\users\Josafá\AppData\Local\{1060D73B-C25C-40E2-B3F9-35CF5D1CF2EB}
2012-07-10 23:58 . 2012-07-10 23:58 -------- d-----w- c:\users\Josafá\AppData\Local\{E50222D4-B3F0-49B2-843D-A4698B00F40E}
2012-07-10 11:58 . 2012-07-10 11:58 -------- d-----w- c:\users\Josafá\AppData\Local\{64587871-34D9-4EC3-BC06-14FEF3017576}
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 23:37 . 2012-05-04 22:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 23:37 . 2012-05-04 22:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 03:27 . 2012-05-04 22:25 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-28 00:56 . 2012-06-28 00:56 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-21 22:20 . 2011-03-28 21:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-22 02:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 02:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 02:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 02:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 02:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 02:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 02:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 18:19 . 2012-06-22 02:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 18:15 . 2012-06-22 02:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 21:50 . 2012-05-09 22:45 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-05-23 21:49 . 2012-05-23 21:49 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-05-12 00:54 . 2012-05-05 19:37 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-12 00:54 . 2012-05-05 19:37 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-12 00:54 . 2012-05-05 19:37 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-12 00:54 . 2012-05-05 19:37 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-04 23:11 . 2012-05-04 23:11 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 23:11 . 2012-05-04 23:11 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 10:51 . 2012-06-13 08:01 5561200 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 08:01 3916656 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 08:01 3971952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-02 05:30 . 2012-06-13 07:26 212480 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-05_11.56.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-18 20:43 . 2012-02-18 20:43 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-11 11:27 . 2012-06-02 04:50 96768 c:\windows\SysWOW64\sspicli.dll
- 2012-02-18 20:43 . 2012-02-18 20:43 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-11 11:27 . 2012-06-02 04:55 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-12 03:26 . 2012-06-02 08:17 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-13 09:56 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-13 09:56 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-12 03:26 . 2012-06-02 08:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-07-12 03:26 . 2012-06-02 08:21 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-13 09:56 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-28 00:56 . 2012-07-01 09:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-28 00:56 . 2012-07-26 23:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-07-01 09:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 09:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-01 09:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-26 23:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-12 03:25 . 2012-07-12 03:29 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-27 17:00 . 2012-07-27 17:00 54890 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-11-21 03:09 . 2012-07-30 19:34 40024 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-30 19:34 39480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-04 22:18 . 2012-07-30 19:34 13308 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3178217555-1150039162-2934846931-1001_UserData.bin
+ 2012-07-11 11:27 . 2012-06-04 07:54 29184 c:\windows\system32\sspisrv.dll
- 2012-02-18 20:43 . 2012-02-18 20:43 29184 c:\windows\system32\sspisrv.dll
+ 2012-07-11 11:27 . 2012-06-04 07:54 28160 c:\windows\system32\secur32.dll
- 2012-02-18 20:43 . 2012-02-18 20:43 28160 c:\windows\system32\secur32.dll
+ 2012-07-12 03:26 . 2012-06-02 11:57 96768 c:\windows\system32\mshtmled.dll
- 2012-06-13 09:56 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
- 2012-06-13 09:56 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-07-12 03:26 . 2012-06-02 12:03 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-07-11 11:27 . 2012-06-04 07:51 31232 c:\windows\system32\lsass.exe
- 2012-02-18 20:43 . 2012-02-18 20:43 31232 c:\windows\system32\lsass.exe
+ 2012-07-12 03:26 . 2012-06-02 12:03 85504 c:\windows\system32\jsproxy.dll
- 2012-06-13 09:56 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
+ 2012-03-20 23:44 . 2012-03-20 23:44 98688 c:\windows\system32\drivers\NisDrvWFP.sys
- 2012-02-18 20:43 . 2012-02-18 20:43 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-07-11 11:27 . 2012-06-04 07:55 95600 c:\windows\system32\drivers\ksecdd.sys
- 2012-05-04 22:22 . 2012-07-04 10:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-04 22:22 . 2012-07-30 00:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-05-04 22:22 . 2012-07-04 10:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-05-04 22:22 . 2012-07-30 00:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-30 00:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-04 10:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-06-23 01:33 90336 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-07-15 10:31 90336 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-04 22:49 . 2012-07-12 03:29 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-20 09:28 . 2011-07-20 09:28 54104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCANOST.EXE
+ 2011-07-20 09:28 . 2011-07-20 09:28 75624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RM.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 38248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RECALL.DLL
+ 2011-05-26 23:18 . 2011-05-26 23:18 52088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLVBA.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 34208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DUMPSTER.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 87408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\DLGSETP.DLL
- 2012-05-19 02:49 . 2012-07-04 09:40 3274 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-19 02:49 . 2012-07-28 03:40 3274 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-23 17:19 . 2012-07-23 17:19 9560 c:\windows\system32\NetworkList\Icons\{4A4ABEDE-025D-45D1-A9A2-7E951B690ECA}_48.bin
+ 2012-07-23 17:19 . 2012-07-23 17:19 4280 c:\windows\system32\NetworkList\Icons\{4A4ABEDE-025D-45D1-A9A2-7E951B690ECA}_32.bin
+ 2012-07-23 17:19 . 2012-07-23 17:19 2456 c:\windows\system32\NetworkList\Icons\{4A4ABEDE-025D-45D1-A9A2-7E951B690ECA}_24.bin
- 2012-07-05 11:56 . 2012-07-05 11:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 19:32 . 2012-07-30 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-30 19:32 . 2012-07-30 19:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-05 11:56 . 2012-07-05 11:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-06 07:16 . 2011-06-24 14:28 650752 c:\windows\SysWOW64\xvidcore.dll
- 2012-06-13 09:56 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-12 03:26 . 2012-06-02 08:23 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-11 11:27 . 2012-06-02 04:55 225280 c:\windows\SysWOW64\schannel.dll
- 2012-02-18 20:22 . 2012-02-18 20:22 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-11 11:27 . 2012-06-02 04:54 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-07-26 23:37 . 2012-07-26 23:37 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-07-26 22:37 . 2012-07-26 22:37 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-26 22:37 . 2012-07-26 22:37 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
- 2012-05-04 22:25 . 2012-06-23 14:38 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-04 22:25 . 2012-07-26 23:37 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-06-13 09:56 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-07-12 03:26 . 2012-06-02 08:19 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-07-12 03:26 . 2012-06-02 08:20 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-13 09:56 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-13 09:56 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-07-12 03:26 . 2012-06-02 08:14 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-05-10 15:15 . 2012-07-27 11:44 190554 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2012-06-13 09:56 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
+ 2012-07-12 03:26 . 2012-06-02 12:04 237056 c:\windows\system32\url.dll
+ 2012-07-11 11:27 . 2012-06-04 07:54 136192 c:\windows\system32\sspicli.dll
- 2012-02-18 20:43 . 2012-02-18 20:43 136192 c:\windows\system32\sspicli.dll
+ 2012-07-11 11:27 . 2012-06-04 07:54 340992 c:\windows\system32\schannel.dll
- 2012-02-18 20:43 . 2012-02-18 20:43 340992 c:\windows\system32\schannel.dll
+ 2011-04-12 12:55 . 2012-07-30 19:09 684382 c:\windows\system32\prfh0816.dat
+ 2012-05-04 23:04 . 2012-07-30 19:09 668844 c:\windows\system32\prfh0416.dat
+ 2011-04-12 12:55 . 2012-07-30 19:09 135632 c:\windows\system32\prfc0816.dat
+ 2012-05-04 23:04 . 2012-07-30 19:09 129974 c:\windows\system32\prfc0416.dat
+ 2009-07-14 02:36 . 2012-07-30 19:09 621048 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-30 19:09 108268 c:\windows\system32\perfc009.dat
+ 2012-07-11 11:27 . 2012-06-04 07:54 307200 c:\windows\system32\ncrypt.dll
- 2012-02-18 20:22 . 2012-02-18 20:22 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-26 23:37 . 2012-07-26 23:37 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2012-07-26 22:37 . 2012-07-26 22:37 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-26 22:37 . 2012-07-26 22:37 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
- 2012-06-13 09:56 . 2012-05-18 01:55 818688 c:\windows\system32\jscript.dll
+ 2012-07-12 03:26 . 2012-06-02 12:00 818688 c:\windows\system32\jscript.dll
+ 2012-07-12 03:26 . 2012-06-02 12:01 173056 c:\windows\system32\ieUnatt.exe
- 2012-06-13 09:56 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
- 2012-06-13 09:56 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
+ 2012-07-12 03:26 . 2012-06-02 11:54 248320 c:\windows\system32\ieui.dll
+ 2012-03-20 23:44 . 2012-03-20 23:44 203888 c:\windows\system32\drivers\MpFilter.sys
+ 2012-07-11 11:27 . 2012-06-04 07:55 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-11 11:27 . 2012-06-04 07:53 458704 c:\windows\system32\drivers\cng.sys
- 2009-07-14 05:12 . 2012-06-28 23:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-26 23:37 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-05 11:55 543756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-30 19:31 543756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-04 22:35 . 2012-07-05 12:08 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
- 2012-05-04 22:35 . 2012-05-04 22:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-07-05 12:08 . 2012-07-05 12:08 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-05-04 22:35 . 2012-07-05 12:08 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
- 2012-05-04 22:35 . 2012-05-04 22:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-04 22:35 . 2012-07-05 12:08 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-05-04 22:35 . 2012-05-04 22:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
- 2012-05-04 22:35 . 2012-05-04 22:35 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-05-04 22:35 . 2012-07-05 12:08 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-07-20 09:28 . 2011-07-20 09:28 282032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST64.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 273832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\SCNPST32.DLL
+ 2011-07-27 07:55 . 2011-07-27 07:55 410992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\RTFHTML.DLL
+ 2011-07-20 10:06 . 2011-07-20 10:06 770480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\REGFORM.EXE
+ 2011-07-20 09:28 . 2011-07-20 09:28 421736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\PSTPRX32.DLL
+ 2011-05-31 19:15 . 2011-05-31 19:15 177040 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLPH.DLL
+ 2011-07-27 07:55 . 2011-07-27 07:55 596888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLMIME.DLL
+ 2011-05-26 23:18 . 2011-05-26 23:18 136536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLCTL.DLL
+ 2011-07-27 09:03 . 2011-07-27 09:03 194448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSXP32.DLL
+ 2011-07-27 09:03 . 2011-07-27 09:03 661888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OMSMAIN.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 253824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLKFSTUB.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 340320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MIMEDIR.DLL
+ 2012-05-05 02:19 . 2012-05-05 02:19 117160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOMINT.DLL
+ 2011-07-20 10:06 . 2011-07-20 10:06 176024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPOLK.DLL
+ 2011-07-20 09:28 . 2011-07-20 09:28 138088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IMPMAIL.DLL
+ 2009-02-26 15:09 . 2009-02-26 15:09 154000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\ENVELOPE.DLL
+ 2011-05-26 23:18 . 2011-05-26 23:18 115584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\EMABLT32.DLL
+ 2011-07-27 07:55 . 2011-07-27 07:55 128376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\CONTAB32.DLL
- 2012-05-05 02:19 . 2012-05-05 02:19 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2012-07-12 03:26 . 2012-07-12 03:26 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2012-06-13 09:56 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-12 03:26 . 2012-06-02 08:25 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-07-12 03:26 . 2012-06-02 08:26 1103872 c:\windows\SysWOW64\urlmon.dll
- 2012-06-13 09:56 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-07-11 11:27 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 1390080 c:\windows\SysWOW64\msxml6.dll
+ 2012-07-11 11:27 . 2012-06-06 04:25 1236480 c:\windows\SysWOW64\msxml3.dll
+ 2012-07-26 23:37 . 2012-07-26 23:37 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-26 23:37 . 2012-07-26 23:37 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
+ 2012-07-12 03:26 . 2012-06-02 08:33 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-13 09:56 . 2012-05-17 22:45 1800192 c:\windows\SysWOW64\jscript9.dll
- 2012-06-13 09:56 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-12 03:26 . 2012-06-02 08:19 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-07-12 03:26 . 2012-06-02 08:43 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-06-13 09:56 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-06-13 09:56 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-07-12 03:26 . 2012-06-02 12:05 1392128 c:\windows\system32\wininet.dll
- 2012-06-13 09:56 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
+ 2012-07-12 03:26 . 2012-06-02 12:05 1346048 c:\windows\system32\urlmon.dll
+ 2012-07-11 11:27 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 2004480 c:\windows\system32\msxml6.dll
+ 2012-07-11 11:27 . 2012-06-06 05:24 1879552 c:\windows\system32\msxml3.dll
+ 2012-07-11 11:27 . 2012-06-04 07:54 1446400 c:\windows\system32\lsasrv.dll
+ 2012-07-12 03:26 . 2012-06-02 12:12 2311680 c:\windows\system32\jscript9.dll
- 2012-06-13 09:56 . 2012-05-18 02:06 2311680 c:\windows\system32\jscript9.dll
- 2012-06-13 09:56 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
+ 2012-07-12 03:26 . 2012-06-02 11:59 2144768 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-06-13 11:38 5101048 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-07-12 10:11 5101048 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-06-22 09:51 7089771 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-12 10:14 7089771 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-26 22:21 . 2012-03-26 22:21 7622656 c:\windows\Installer\b09d5.msi
+ 2012-07-30 09:32 . 2012-07-30 09:32 7184384 c:\windows\Installer\471ed.msi
+ 2012-05-30 10:19 . 2012-05-30 10:19 1738240 c:\windows\Installer\3811083.msp
+ 2012-06-19 15:54 . 2012-06-19 15:54 2239488 c:\windows\Installer\3811078.msp
+ 2012-06-19 15:54 . 2012-06-19 15:54 5009920 c:\windows\Installer\3811060.msp
+ 2012-04-05 01:37 . 2012-04-05 01:37 2540544 c:\windows\Installer\3811048.msp
+ 2012-04-05 01:37 . 2012-04-05 01:37 3149824 c:\windows\Installer\3811022.msp
- 2012-05-04 22:49 . 2012-06-13 10:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-05-04 22:49 . 2012-07-12 03:29 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2012-05-04 22:49 . 2012-06-13 10:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-10 02:10 . 2009-10-10 02:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2011-07-27 07:55 . 2011-07-27 07:55 3004800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OLMAPI32.DLL
+ 2011-07-27 08:09 . 2011-07-27 08:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPEDITOR.DLL
+ 2011-07-27 08:09 . 2011-07-27 08:09 5484416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\IPDESIGN.DLL
+ 2011-07-27 08:09 . 2011-07-27 08:09 1460088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\INFOPATH.EXE
+ 2012-07-11 11:27 . 2012-06-09 04:24 12874752 c:\windows\SysWOW64\shell32.dll
+ 2012-07-12 03:26 . 2012-06-02 09:07 12314624 c:\windows\SysWOW64\mshtml.dll
- 2012-06-13 09:56 . 2012-05-17 23:11 12314624 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-07-12 10:10 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-22 02:52 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-11 11:27 . 2012-06-09 05:23 14175232 c:\windows\system32\shell32.dll
- 2012-06-13 09:56 . 2012-05-18 02:47 17807360 c:\windows\system32\mshtml.dll
+ 2012-07-12 03:26 . 2012-06-02 12:49 17807360 c:\windows\system32\mshtml.dll
+ 2012-07-26 23:37 . 2012-07-26 23:37 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2012-07-12 03:26 . 2012-06-02 12:17 10924032 c:\windows\system32\ieframe.dll
- 2012-06-13 09:56 . 2012-05-18 02:16 10924032 c:\windows\system32\ieframe.dll
+ 2012-05-04 23:01 . 2012-07-30 19:31 43330296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3178217555-1150039162-2934846931-1001-12288.dat
+ 2012-05-30 10:18 . 2012-05-30 10:18 11885056 c:\windows\Installer\38110b4.msp
+ 2012-07-09 20:38 . 2012-07-09 20:38 12750848 c:\windows\Installer\1fa3840.msi
+ 2011-08-03 21:18 . 2011-08-03 21:18 12997488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\OUTLOOK.EXE
.
-- Snapshot resetado para data atual --
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-06-11 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2012-02-18 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 114144]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-28 283200]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 149640]
S3 RTL8167;Controlador Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 23:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.uol.com.br/
mStart Page = hxxp://xooxle.net/?lr=EEEE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fazer o download de todos os links usando o IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Fazer o download usando o IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Josafá\AppData\Roaming\Mozilla\Firefox\Profiles\9wnaw4wb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.uol.com.br
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-Browser Infrastructure Helper - c:\users\Josafá\AppData\Local\Smartbar\Application\Smartbar.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-3178217555-1150039162-2934846931-1001_Classes\Wow6432Node\CLSID\{06d2f130-ee78-4cd8-9f9f-35d862465be5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,b5,39,be,a4,20,f7,77,22,be,cb,54,c4,60,68,d0,d6,1b,db,bd,ce,1e,\
.
[HKEY_USERS\S-1-5-21-3178217555-1150039162-2934846931-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ce,11,b7,93,62,32,e2,97,32,c0,c1,3b,6e,b2,db,50,f2,fa,95,2b,01,
a4,99,72,ef,82,e1,dc,62,36,31,4e,56,20,5f,e3,02,8f,34,17,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied:
(Users)
@Denied:
(Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied:
(Users)
@Denied:
(Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied:
(Users)
@Denied:
(Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-07-30 16:38:55 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-07-30 19:38
ComboFix2.txt 2012-07-05 12:02
.
Pré-execução: 42.978.062.336 bytes disponíveis
Pós execução: 42.785.054.720 bytes disponíveis
.
- - End Of File - - 191B968A1DE70E5472D28F77FCD48954
Novo log do HijackThis:Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:58, on 30/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Users\Josafá\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.uol.com.br/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://xooxle.net/?lr=EEEER0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6936 bytes
