[Resolvido] &nbspNão consigo instalar nenhum antivirus

[Felipe e Jully 0]

Não consigo instalar nenhum antivirus, nenhum arquivo .exe é instalado...

Os executáveis desaparecem em segundos quando os procuro.!

Abaixo o log do Hijack...

alguem me ajude pro favor!!!!!!!!!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 06:33:11, on 7/3/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\DOCUME~1\Jully\CONFIG~1\Temp\qdhas.exe

C:\WINDOWS\system32\msiexec.exe

C:\DOCUME~1\Jully\CONFIG~1\Temp\winosemd.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Jully\Desktop\SOluçao\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60346

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60346

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60346

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60346

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60346

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [Windows Service] winsvc32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\ARQUIV~1\KASPER~1\KASPER~1\mzvkbd3.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 5250 bytes

[advaldomesquita 93]

Felipe e Jully

Bem vindo ao Fórum, mas seu post esta em lugar errado.

 

Peça a um moderador para mover para a area de SEGURANÇA & MALWARES

 

Se atente as regras desta área:

 

Regras do Fórum de Remoção de Malwares

Leia antes de postar.

REGRA Nº 01 - Como criar um tópico com o seu problema.

REGRA Nº 02 - Utilizando O Hijackthis.

REGRA Nº 03 - Evite invadir tópicos existentes.

REGRA Nº 04 - Tempo de espera: 7 dias pelo membro e 30 dias pelo moderador.

REGRA Nº 05 - Análise de Logs.

 

No mais, boa sorte e bem vindo ao fórum!

[wings 22]

Olá Felipe e Jully

 

Há uma contaminação pelo sality. O procedimento mais seguro é a formatação, porém se desejas tentar a remoção...

 

*Baixe o RSIT e salve-o no desktop

*Execute-o e clique [Continue]

*Cole o relatório C:\rsit\log.txt

[Felipe e Jully 0]

Colar onde aki no C:?

 

SE FOR AKI AI ESTAR !!!

 

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jully at 2005-03-07 00:15:02

Microsoft Windows XP Professional Service Pack 2

System drive C: has 34 GB (67%) free of 50 GB

Total RAM: 991 MB (57% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:15:30, on 7/3/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\DOCUME~1\Jully\CONFIG~1\Temp\winbpqxd.exe

C:\DOCUME~1\Jully\CONFIG~1\Temp\wintdnf.exe

C:\Documents and Settings\Jully\Meus documentos\Downloads\RSIT.exe

C:\Documents and Settings\Jully\Desktop\SOluçao\Jully.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60346

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60346

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60346

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60346

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60346

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [Windows Service] winsvc32.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10q_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 4814 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-1801674531-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-1801674531-1003UA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"Malwarebytes' Anti-Malware"=C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 503120]

"SiSPower"=SiSPower.dll,ModeAgent []

"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2005-03-07 2244608]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"HP Software Update"=C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

""= []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe [2005-03-07 3346432]

"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2010-08-10 2349776]

"Windows Service"=winsvc32.exe []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10q_Plugin.exe [2005-03-07 239776]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\Programas\wrar371br.exe"="F:\Programas\wrar371br.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\WinRAR\uninstall.exe"="C:\Arquivos de programas\WinRAR\uninstall.exe:*:Enabled:ipsec"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"C:\Documents and Settings\Jully\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Jully\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec"

"C:\Documents and Settings\Jully\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Jully\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\sistray.exe"="C:\WINDOWS\system32\sistray.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\S8Z95D47.EXE"="C:\WINDOWS\system32\S8Z95D47.EXE:*:Enabled:ipsec"

"C:\WINDOWS\system32\XP-B1558770.EXE"="C:\WINDOWS\system32\XP-B1558770.EXE:*:Enabled:ipsec"

"C:\WINDOWS\system32\NOTEPAD.EXE"="C:\WINDOWS\system32\notepad.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe"="C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:ipsec"

"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

"F:\lekn.exe"="F:\lekn.exe:*:Enabled:ipsec"

"E:\ANTIVIRUS\N360.2011.By.ColdFire\N360_5.0.0.125_MS_LOEM_MRF1441_5671.exe"="E:\ANTIVIRUS\N360.2011.By.ColdFire\N360_5.0.0.125_MS_LOEM_MRF1441_5671.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Norton 360\Engine\5.0.0.125\symerr.exe"="C:\Arquivos de programas\Norton 360\Engine\5.0.0.125\symerr.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"="C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\winsvc32.exe"="C:\WINDOWS\system32\winsvc32.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\5.0.0.125\InstStub.exe"="C:\Arquivos de programas\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\5.0.0.125\InstStub.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe"="C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe"="C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\vghrh.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\vghrh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winfntgqr.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winfntgqr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winjuypt.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winjuypt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winkdho.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winkdho.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wyih.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wyih.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winkwhlm.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winkwhlm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wintjubmh.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wintjubmh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winayhtxq.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winayhtxq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wintaayur.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wintaayur.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\axkrbt.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\axkrbt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\vnubm.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\vnubm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\rrqb.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\rrqb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winvehvnk.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winvehvnk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\xyubg.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\xyubg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winymdni.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winymdni.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winmort.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winmort.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winejmurr.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winejmurr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\leong.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\leong.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\ksrg.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\ksrg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winspfcv.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winspfcv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\eayux.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\eayux.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winuixb.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winuixb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\ucpsh.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\ucpsh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winsjaesk.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winsjaesk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winrqej.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winrqej.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winxkgypu.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winxkgypu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\rjcpv.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\rjcpv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\qelwev.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\qelwev.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winxogsx.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winxogsx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winuhuh.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winuhuh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wingwijy.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wingwijy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winfuvme.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winfuvme.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\mvoqbn.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\mvoqbn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wintcyb.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wintcyb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winvxwm.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winvxwm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winhmicny.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winhmicny.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wintyuhr.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wintyuhr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\evjyce.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\evjyce.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wsaeh.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wsaeh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wsqjv.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wsqjv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wcrds.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wcrds.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winenodj.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winenodj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\rqreng.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\rqreng.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wincynody.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wincynody.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\ecigx.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\ecigx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winkpnd.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winkpnd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\bbffi.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\bbffi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winfnugib.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winfnugib.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winbstto.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winbstto.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\qepnj.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\qepnj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winpbeuyk.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winpbeuyk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\qnwroe.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\qnwroe.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wingxgmq.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wingxgmq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winagixt.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winagixt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wineyfd.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wineyfd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\vrnkm.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\vrnkm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winjgdls.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winjgdls.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winytootm.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winytootm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winbuoo.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winbuoo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\lwxsq.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\lwxsq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\sffa.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\sffa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\qdhas.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\qdhas.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winosemd.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winosemd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winbpqxd.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winbpqxd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wintdnf.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wintdnf.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======List of files/folders created in the last 1 months======

 

2011-05-13 23:03:59 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2011-05-13 22:41:01 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Adobe

2011-05-13 22:23:52 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Macromedia

2011-05-13 21:00:50 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2011-05-13 21:00:50 ----D---- C:\Arquivos de programas\Alwil Software

2011-05-13 20:37:40 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Malwarebytes

2011-05-13 20:37:36 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-05-13 20:37:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2011-05-13 20:37:34 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2011-05-13 20:37:34 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2011-05-13 20:37:13 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\WinRAR

2011-05-13 20:35:39 ----A---- C:\WINDOWS\system32\drivers\splitter.sys

2011-05-13 20:35:37 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys

2011-05-13 20:35:34 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys

2011-05-13 20:35:33 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys

2011-05-13 20:35:30 ----A---- C:\WINDOWS\system32\drivers\aec.sys

2011-05-13 20:35:27 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys

2011-05-13 20:35:26 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys

2011-05-13 20:35:24 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys

2011-05-13 20:35:21 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011-05-13 20:35:19 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys

2011-05-13 20:35:14 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011-05-13 20:35:09 ----RAH---- C:\WINDOWS\system32\Audio3D.dll

2011-05-13 20:35:08 ----RAH---- C:\WINDOWS\system32\a3d.dll

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\udaprop.dll

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\drivers\cmuda.sys

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\cmuda.dll

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\cmirmdrv.exe

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\cmirmdrv.dll

2011-05-13 20:35:01 ----A---- C:\WINDOWS\system32\ksuser.dll

2011-05-13 20:35:01 ----A---- C:\WINDOWS\system32\drivers\portcls.sys

2011-05-13 20:35:00 ----A---- C:\WINDOWS\system32\drivers\drmk.sys

2011-05-13 20:34:47 ----A---- C:\WINDOWS\CMISETUP.INI

2011-05-13 20:34:45 ----A---- C:\WINDOWS\CMCDPLAY.INI

2011-05-13 20:34:42 ----A---- C:\WINDOWS\Wininit.ini

2011-05-13 20:34:39 ----RAH---- C:\WINDOWS\Cmuda.ini

2011-05-13 20:34:38 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2011-05-13 20:34:38 ----D---- C:\Arquivos de programas\C-Media 3D Audio

2011-05-13 20:34:38 ----A---- C:\WINDOWS\CMIUninstall.exe

2011-05-13 20:34:38 ----A---- C:\WINDOWS\CmiRmRedundDir.exe

2011-05-13 20:34:38 ----A---- C:\WINDOWS\CMIRmDriver.dll

2011-05-13 20:34:30 ----A---- C:\WINDOWS\ODBC.INI

2011-05-13 20:34:22 ----A---- C:\WINDOWS\system32\mdimon.dll

2011-05-13 20:34:13 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2011-05-13 20:33:20 ----SHD---- C:\RECYCLER

2011-05-13 20:31:34 ----D---- C:\Arquivos de programas\XP Codec Pack

2011-05-13 20:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$

2011-05-13 20:29:56 ----N---- C:\WINDOWS\system32\spmsg.dll

2011-05-13 20:29:53 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2011-05-13 20:29:35 ----D---- C:\Arquivos de programas\Windows Media Connect 2

2011-05-13 20:29:25 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2011-05-13 20:28:44 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2011-05-13 20:28:13 ----A---- C:\WINDOWS\system32\S8Z95D47.EXE

2011-05-13 20:28:12 ----SH---- C:\WINDOWS\system32\ZH593.EXE

2011-05-13 20:28:09 ----D---- C:\WINDOWS\system32\drivers\UMDF

2011-05-13 20:28:04 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2011-05-13 20:28:03 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2011-05-13 20:27:39 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

2011-05-13 20:27:18 ----D---- C:\WINDOWS\system32\LogFiles

2011-05-13 20:27:12 ----D---- C:\Arquivos de programas\WinRAR

2011-05-13 20:26:31 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS

2011-05-13 20:24:40 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Identities

2011-05-13 20:24:37 ----HD---- C:\Arquivos de programas\Uninstall Information

2011-05-13 20:24:21 ----ASH---- C:\Documents and Settings\Jully\Dados de aplicativos\desktop.ini

2011-05-13 20:24:20 ----SD---- C:\Documents and Settings\Jully\Dados de aplicativos\Microsoft

2011-05-13 20:23:10 ----D---- C:\WINDOWS\SoftwareDistribution

2011-05-13 20:23:00 ----SD---- C:\WINDOWS\system32\Microsoft

2011-05-13 20:23:00 ----D---- C:\WINDOWS\Prefetch

2011-05-13 20:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2011-05-13 20:17:43 ----D---- C:\WINDOWS\system32\xircom

2011-05-13 20:17:43 ----D---- C:\Arquivos de programas\xerox

2011-05-13 20:17:43 ----D---- C:\Arquivos de programas\microsoft frontpage

2011-05-13 20:17:09 ----RASH---- C:\MSDOS.SYS

2011-05-13 20:17:09 ----RASH---- C:\IO.SYS

2011-05-13 20:17:09 ----A---- C:\WINDOWS\control.ini

2011-05-13 20:17:09 ----A---- C:\CONFIG.SYS

2011-05-13 20:17:09 ----A---- C:\AUTOEXEC.BAT

2011-05-13 20:16:42 ----A---- C:\WINDOWS\system32\mapi32.dll

2011-05-13 20:15:16 ----SD---- C:\WINDOWS\Downloaded Program Files

2011-05-13 20:15:16 ----RD---- C:\WINDOWS\Offline Web Pages

2011-05-13 20:15:16 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2011-05-13 20:15:06 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2011-05-13 20:15:00 ----HD---- C:\Arquivos de programas\WindowsUpdate

2011-05-13 20:14:56 ----D---- C:\Arquivos de programas\Serviços on-line

2011-05-13 20:14:35 ----D---- C:\WINDOWS\system32\DirectX

2011-05-13 20:14:13 ----A---- C:\WINDOWS\system32\atrace.dll

2011-05-13 20:14:11 ----A---- C:\WINDOWS\system32\desktop.ini

2011-05-13 20:14:11 ----A---- C:\WINDOWS\desktop.ini

2011-05-13 20:14:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll

2011-05-13 20:14:03 ----A---- C:\WINDOWS\system32\acctres.dll

2011-05-13 20:14:02 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços

2011-05-13 20:14:00 ----SD---- C:\WINDOWS\Tasks

2011-05-13 20:14:00 ----A---- C:\WINDOWS\system32\icfgnt5.dll

2011-05-13 20:13:59 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap

2011-05-13 20:13:55 ----D---- C:\WINDOWS\srchasst

2011-05-13 20:13:54 ----D---- C:\WINDOWS\system32\Macromed

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wuweb.dll

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wucltui.dll

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wuauserv.dll

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wups.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuaueng.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuauclt.exe

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuapi.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2011-05-13 20:13:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2011-05-13 20:13:49 ----A---- C:\WINDOWS\system32\qmgr.dll

2011-05-13 20:13:45 ----D---- C:\Arquivos de programas\Movie Maker

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\safrslv.dll

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\safrdm.dll

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\safrcdlg.dll

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\racpldlg.dll

2011-05-13 20:13:38 ----A---- C:\WINDOWS\system32\fltMc.exe

2011-05-13 20:13:38 ----A---- C:\WINDOWS\system32\fltlib.dll

2011-05-13 20:13:38 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys

2011-05-13 20:13:37 ----D---- C:\WINDOWS\system32\Restore

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\srsvc.dll

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\srrstr.dll

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\srclient.dll

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\drivers\sr.sys

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\nmmkcert.dll

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\mnmsrvc.exe

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\mnmdd.dll

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\isrdbg32.dll

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\ils.dll

2011-05-13 20:13:35 ----A---- C:\WINDOWS\system32\msconf.dll

2011-05-13 20:13:33 ----D---- C:\Arquivos de programas\NetMeeting

2011-05-13 20:13:33 ----A---- C:\WINDOWS\system32\msoert2.dll

2011-05-13 20:13:33 ----A---- C:\WINDOWS\system32\msoeacct.dll

2011-05-13 20:13:32 ----A---- C:\WINDOWS\system32\inetres.dll

2011-05-13 20:13:31 ----A---- C:\WINDOWS\system32\inetcomm.dll

2011-05-13 20:13:29 ----D---- C:\Arquivos de programas\Outlook Express

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\schedsvc.dll

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\mstinit.exe

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\mstask.dll

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\icwphbk.dll

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\icwdial.dll

2011-05-13 20:13:28 ----A---- C:\WINDOWS\system32\isign32.dll

2011-05-13 20:13:28 ----A---- C:\WINDOWS\system32\inetcfg.dll

2011-05-13 20:13:22 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2011-05-13 20:13:20 ----D---- C:\Arquivos de programas\Internet Explorer

2011-05-13 20:12:26 ----D---- C:\Arquivos de programas\ComPlus Applications

2011-05-13 20:12:24 ----A---- C:\WINDOWS\vbaddin.ini

2011-05-13 20:12:24 ----A---- C:\WINDOWS\vb.ini

2011-05-13 20:12:20 ----D---- C:\WINDOWS\Registration

2011-05-13 20:12:13 ----D---- C:\Arquivos de programas\Windows Media Player

2011-05-13 20:12:05 ----D---- C:\Arquivos de programas\Messenger

2011-05-13 20:12:02 ----D---- C:\Arquivos de programas\MSN Gaming Zone

2011-05-13 20:12:01 ----A---- C:\WINDOWS\system32\write.exe

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\sndvol32.exe

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\hticons.dll

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\avwav.dll

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\avtapi.dll

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\avmeter.dll

2011-05-13 20:11:49 ----A---- C:\WINDOWS\system32\winchat.exe

2011-05-13 20:11:42 ----A---- C:\WINDOWS\system32\getuname.dll

2011-05-13 20:11:42 ----A---- C:\WINDOWS\system32\charmap.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\winmine.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\sol.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\mshearts.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\calc.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tslabels.ini

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tskill.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tscon.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\shadow.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\rwinsta.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\reset.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\regini.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\freecell.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\qwinsta.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\qappsrv.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\msg.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\logoff.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\cdmodem.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\mtxex.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\mtxdm.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\comrepl.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\comaddin.dll

2011-05-13 20:11:37 ----A---- C:\WINDOWS\system32\stclient.dll

2011-05-13 20:11:37 ----A---- C:\WINDOWS\system32\comsnap.dll

2011-05-13 20:11:32 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2011-05-13 20:11:31 ----A---- C:\WINDOWS\system32\accwiz.exe

2011-05-13 20:11:30 ----D---- C:\Arquivos de programas\Windows NT

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\sndrec32.exe

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\mspaint.exe

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\mplay32.exe

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\hypertrm.dll

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\spider.exe

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\clipbrd.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\sessmgr.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\remotepg.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\rdshost.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\rdchost.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\mstscax.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\mstsc.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\termsrv.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\rdpclip.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\qprocess.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\icaapi.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2011-05-13 20:11:26 ----D---- C:\WINDOWS\system32\MsDtc

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\xolehlp.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\mtxoci.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\msdtctm.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2011-05-13 20:11:25 ----D---- C:\WINDOWS\system32\Com

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\msdtclog.dll

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\msdtc.exe

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\colbact.dll

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\catsrvps.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\comuid.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\comsvcs.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\clbcatex.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\catsrvut.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\catsrv.dll

2011-05-13 20:11:23 ----A---- C:\WINDOWS\system32\clbcatq.dll

2011-05-13 20:11:17 ----A---- C:\WINDOWS\system32\servdeps.dll

2011-05-13 20:11:16 ----A---- C:\WINDOWS\system32\mmfutil.dll

2011-05-13 20:11:16 ----A---- C:\WINDOWS\system32\licwmi.dll

2011-05-13 20:11:16 ----A---- C:\WINDOWS\system32\cmprops.dll

2011-05-13 20:11:12 ----A---- C:\WINDOWS\system32\drivers\termdd.sys

2011-05-13 20:11:12 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

2009-12-22 15:39:20 ----N---- C:\WINDOWS\system32\imapi2fs.dll

2009-12-22 15:39:20 ----N---- C:\WINDOWS\system32\imapi2.dll

2009-12-17 01:53:54 ----A---- C:\WINDOWS\system32\msvbvm60.dll

2009-06-07 08:27:20 ----A---- C:\WINDOWS\system32\vbzlib1.dll

2008-12-19 12:15:58 ----A---- C:\WINDOWS\system32\libavcodec.dll

2008-12-17 14:41:18 ----A---- C:\WINDOWS\system32\ff_x264.dll

2008-12-17 14:22:58 ----A---- C:\WINDOWS\system32\ff_wmv9.dll

2008-12-17 14:22:48 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2008-12-17 14:17:34 ----A---- C:\WINDOWS\system32\ff_theora.dll

2008-12-17 13:59:54 ----A---- C:\WINDOWS\system32\libmplayer.dll

2008-12-11 08:27:02 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-11-29 17:26:36 ----A---- C:\WINDOWS\system32\VSFilter.dll

2006-11-17 18:22:22 ----A---- C:\WINDOWS\system32\FM20PTB.DLL

2006-11-02 13:10:16 ----A---- C:\WINDOWS\system32\sherlock2.exe

2006-11-02 11:52:56 ----N---- C:\WINDOWS\system32\wpdshextres.dll

2006-10-26 13:10:06 ----A---- C:\WINDOWS\system32\FM20ENU.DLL

2006-10-18 21:58:00 ----N---- C:\WINDOWS\system32\wdfmgr.exe

2006-10-18 21:58:00 ----N---- C:\WINDOWS\system32\uwdf.exe

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdsp.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WPDShServiceObj.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WpdShext.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdmtpus.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdmtp.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdconns.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpd_ci.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVXENCD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVSENCD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVSDECD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVENCOD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVDECOD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVADVE.DLL

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVADVD.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpsrcwp.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpps.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpmde.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpencen.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpeffects.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmdrmsdk.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmdrmnet.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\wmdrmdev.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\wdfapi.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceWMDRM.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceTypes.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceApi.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MPG4DECD.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MP4SDECD.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MP43DECD.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MFPLAT.dll

2006-10-18 21:47:08 ----N---- C:\WINDOWS\system32\audiodev.dll

2006-10-18 20:00:46 ----N---- C:\WINDOWS\system32\drmupgds.exe

2006-10-18 20:00:14 ----N---- C:\WINDOWS\system32\wpdshextautoplay.exe

2006-10-18 20:00:00 ----N---- C:\WINDOWS\system32\drivers\wpdusb.sys

2006-10-02 15:28:42 ----N---- C:\WINDOWS\system32\msdelta.dll

2006-09-28 20:13:26 ----N---- C:\WINDOWS\system32\WUDFCoinstaller.dll

2006-09-28 19:00:34 ----N---- C:\WINDOWS\system32\drivers\WudfRd.sys

2006-09-28 18:56:38 ----N---- C:\WINDOWS\system32\WUDFx.dll

2006-09-28 18:56:38 ----N---- C:\WINDOWS\system32\WudfHost.exe

2006-09-28 18:56:16 ----N---- C:\WINDOWS\system32\WudfPlatform.dll

2006-09-28 18:56:14 ----N---- C:\WINDOWS\system32\WudfSvc.dll

2006-09-28 18:55:50 ----N---- C:\WINDOWS\system32\drivers\WudfPf.sys

2005-03-07 13:14:48 ----D---- C:\Arquivos de programas\Crawler

2005-03-07 13:14:45 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2005-03-07 13:14:44 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Spyware Terminator

2005-03-07 13:14:40 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2005-03-07 13:14:39 ----D---- C:\Arquivos de programas\Spyware Terminator

2005-03-07 12:44:40 ----D---- C:\WINDOWS\pss

2005-03-07 08:22:50 ----D---- C:\Arquivos de programas\DsNET Corp

2005-03-07 07:59:18 ----D---- C:\Arquivos de programas\PhotoScape

2005-03-07 06:46:42 ----SHD---- C:\Config.Msi

2005-03-07 06:00:28 ----D---- C:\Arquivos de programas\CCleaner

2005-03-07 05:02:09 ----A---- C:\WINDOWS\system32\MRT.exe

2005-03-07 04:59:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

2005-03-07 04:44:03 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Yahoo!

2005-03-07 04:44:01 ----D---- C:\Arquivos de programas\Yahoo!

2005-03-07 04:43:56 ----D---- C:\Arquivos de programas\Recuva

2005-03-07 04:43:14 ----DC---- C:\WINDOWS\system32\DRVSTORE

2005-03-07 04:37:07 ----D---- C:\WINDOWS\SHELLNEW

2005-03-07 04:36:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2005-03-07 04:36:42 ----D---- C:\Arquivos de programas\Microsoft Office

2005-03-07 04:36:20 ----RHD---- C:\MSOCache

2005-03-07 04:35:50 ----D---- C:\WINDOWS\system32\appmgmt

2005-03-07 04:29:20 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Mozilla

2005-03-07 04:29:12 ----D---- C:\Arquivos de programas\Mozilla Firefox

2005-03-07 04:16:37 ----A---- C:\WINDOWS\system32\ODBCTL32.dll

2005-03-07 04:16:36 ----A---- C:\WINDOWS\system32\MsRepl35.dll

2005-03-07 04:16:35 ----A---- C:\WINDOWS\system32\VB5DB.dll

2005-03-07 04:16:35 ----A---- C:\WINDOWS\system32\MSRD2x35.dll

2005-03-07 04:16:34 ----A---- C:\WINDOWS\system32\MSJET35.DLL

2005-03-07 04:16:31 ----A---- C:\WINDOWS\system32\MSJtEr35.dll

2005-03-07 04:16:31 ----A---- C:\WINDOWS\system32\MSJInt35.dll

2005-03-07 04:15:44 ----D---- C:\Arquivos de programas\Show do Milhao

2005-03-07 04:13:42 ----A---- C:\WINDOWS\system32\VB5StKit.dll

2005-03-07 04:13:41 ----A---- C:\WINDOWS\ST5UNST.EXE

2005-03-07 04:06:17 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2005-03-07 02:48:03 ----A---- C:\WINDOWS\system32\drivers\bthpan.sys

2005-03-07 02:47:53 ----A---- C:\WINDOWS\system32\drivers\rfcomm.sys

2005-03-07 02:47:52 ----A---- C:\WINDOWS\system32\drivers\BthEnum.sys

2005-03-07 02:47:51 ----A---- C:\WINDOWS\system32\irmon.dll

2005-03-07 02:47:51 ----A---- C:\WINDOWS\system32\irftp.exe

2005-03-07 02:47:50 ----A---- C:\WINDOWS\system32\wshirda.dll

2005-03-07 02:47:44 ----A---- C:\WINDOWS\system32\drivers\bthport.sys

2005-03-07 02:47:43 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS

2005-03-07 01:38:56 ----A---- C:\vqmrv.exe

2005-03-07 01:29:58 ----ASH---- C:\hiberfil.sys

2005-03-07 01:26:42 ----A---- C:\WINDOWS\VGAsetup.ini

2005-03-07 01:26:39 ----N---- C:\WINDOWS\system32\TVMode.dll

2005-03-07 01:26:39 ----N---- C:\WINDOWS\system32\SiSHook.dll

2005-03-07 01:26:39 ----N---- C:\WINDOWS\system32\SiSApCom.dll

2005-03-07 01:26:39 ----D---- C:\WINDOWS\SIS

2005-03-07 01:26:37 ----A---- C:\WINDOWS\system32\sistray.exe

2005-03-07 01:26:29 ----A---- C:\WINDOWS\system32\SiSPower.dll

2005-03-07 01:26:29 ----A---- C:\WINDOWS\Progress.exe

2005-03-07 01:26:29 ----A---- C:\WINDOWS\InstFunc.exe

2005-03-07 01:26:29 ----A---- C:\WINDOWS\InstFunc.dll

2005-03-07 01:26:29 ----A---- C:\WINDOWS\difxapi.dll

2005-03-07 01:26:22 ----A---- C:\WINDOWS\system32\SiSPInst.dll

2005-03-07 01:26:17 ----D---- C:\Arquivos de programas\SiS VGA Utilities V3.74

2005-03-07 01:25:59 ----A---- C:\WINDOWS\system32\VGAunistlog.ini

2005-03-07 01:25:49 ----A---- C:\WINDOWS\system32\SiSParse.dll

2005-03-07 01:25:49 ----A---- C:\WINDOWS\system32\SiSInst.dll

2005-03-07 01:25:49 ----A---- C:\WINDOWS\system32\drivers\srvkp.sys

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\sisgrv.dll

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\sisgl.dll

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\SiSBase.dll

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\drivers\sisgrp.sys

2005-03-07 01:15:49 ----D---- C:\Arquivos de programas\Windows Sidebar

2005-03-07 01:15:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Norton

2005-03-07 01:12:35 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NortonInstaller

2005-03-07 00:38:42 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\IObit

2005-03-07 00:38:42 ----D---- C:\Arquivos de programas\IObit

2005-03-07 00:34:23 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2005-03-07 00:32:55 ----D---- C:\Arquivos de programas\Fotosizer

2005-03-07 00:30:41 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\HP Photo Creations

2005-03-07 00:30:41 ----D---- C:\Arquivos de programas\HP Photo Creations

2005-03-07 00:30:32 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\HpUpdate

2005-03-07 00:30:12 ----N---- C:\WINDOWS\system32\HPDiscoPM9311.dll

2005-03-07 00:29:59 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys

2005-03-07 00:29:56 ----A---- C:\WINDOWS\system32\HPScanMiniDrv_DJ3050_J610.dll

2005-03-07 00:29:41 ----A---- C:\WINDOWS\system32\hpinksts9311LM.dll

2005-03-07 00:29:41 ----A---- C:\WINDOWS\system32\hpinksts9311.dll

2005-03-07 00:29:41 ----A---- C:\WINDOWS\system32\hpinkcoi9311.dll

2005-03-07 00:29:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2005-03-07 00:29:08 ----D---- C:\Arquivos de programas\HP

2005-03-07 00:26:24 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys

2005-03-07 00:26:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2005-03-07 00:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$

2005-03-07 00:24:02 ----D---- C:\Arquivos de programas\Google

2005-03-07 00:15:02 ----D---- C:\rsit

2005-03-07 00:11:17 ----D---- C:\Arquivos de programas\Microsoft.NET

2005-03-07 00:10:31 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER

2005-03-07 00:08:23 ----A---- C:\WINDOWS\system32\S6PABB1C.EXE

2005-03-07 00:08:22 ----SH---- C:\WINDOWS\system32\ZH596.EXE

2005-03-07 00:04:10 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Tific

2005-03-06 21:50:56 ----A---- C:\WINDOWS\system32\h323log.txt

2005-03-06 21:41:03 ----A---- C:\WINDOWS\system32\drivers\audstub.sys

2005-03-06 21:40:17 ----A---- C:\WINDOWS\system32\hidserv.dll

2005-03-06 21:39:51 ----A---- C:\WINDOWS\system32\drivers\redbook.sys

2005-03-06 21:39:08 ----A---- C:\WINDOWS\system32\drivers\sisnic.sys

2005-03-06 21:38:59 ----A---- C:\WINDOWS\system32\usbui.dll

2005-03-06 21:38:53 ----A---- C:\WINDOWS\system32\drivers\UAGP35.SYS

2005-03-06 21:37:19 ----SHD---- C:\WINDOWS\Installer

2005-03-06 21:37:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2005-03-06 21:37:18 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC

2005-03-06 21:37:18 ----A---- C:\WINDOWS\ODBCINST.INI

2005-03-06 21:37:14 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2005-03-06 21:37:14 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2005-03-06 21:37:13 ----RD---- C:\Arquivos de programas

2005-03-06 21:37:13 ----D---- C:\Arquivos de programas\Arquivos comuns

2005-03-06 21:37:10 ----RA---- C:\WINDOWS\system32\kbdtuq.dll

2005-03-06 21:37:10 ----RA---- C:\WINDOWS\system32\kbdtuf.dll

2005-03-06 21:37:10 ----RA---- C:\WINDOWS\system32\kbdazel.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdur.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdtat.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdru1.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdru.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdmon.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdkyr.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdbu.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdblr.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdest.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdro.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\spxcoins.dll

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\irclass.dll

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\dgsetup.dll

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2005-03-06 21:36:58 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2005-03-06 21:36:56 ----N---- C:\WINDOWS\system32\CONFIG.TMP

2005-03-06 21:36:56 ----A---- C:\WINDOWS\TASKMAN.EXE

2005-03-06 21:36:56 ----A---- C:\WINDOWS\system32\drivers\irenum.sys

2005-03-06 21:36:56 ----A---- C:\WINDOWS\system32\batt.dll

2005-03-06 21:36:54 ----A---- C:\WINDOWS\NOTEPAD.EXE

2005-03-06 21:36:52 ----A---- C:\WINDOWS\system32\storprop.dll

2005-03-06 21:36:43 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

2005-03-06 21:34:59 ----RA---- C:\WINDOWS\SET8.tmp

2005-03-06 21:34:56 ----RA---- C:\WINDOWS\SET4.tmp

2005-03-06 21:34:55 ----RA---- C:\WINDOWS\SET3.tmp

2005-03-06 21:34:49 ----D---- C:\WINDOWS\system32\CatRoot2

2005-03-06 21:34:49 ----D---- C:\WINDOWS\system32\CatRoot

2005-03-06 21:34:43 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2005-03-06 21:34:19 ----D---- C:\Documents and Settings

2005-03-06 21:34:18 ----SHD---- C:\System Volume Information

2005-03-06 21:33:11 ----SH---- C:\boot.ini

2005-03-06 21:28:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

2005-03-06 21:28:38 ----RSD---- C:\WINDOWS\Fonts

2005-03-06 21:28:38 ----RD---- C:\WINDOWS\Web

2005-03-06 21:28:38 ----HD---- C:\WINDOWS\inf

2005-03-06 21:28:38 ----D---- C:\WINDOWS\WinSxS

2005-03-06 21:28:38 ----D---- C:\WINDOWS\twain_32

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Temp

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\wins

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\wbem

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\usmt

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\spool

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\ShellExt

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\Setup

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\ras

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\oobe

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\npp

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\mui

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\inetsrv

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\IME

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\icsxml

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\ias

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\export

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\drivers\etc

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\drivers\disdn

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\drivers

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\dhcp

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\config

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\3com_dmi

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\3076

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\2052

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1054

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1046

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1042

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1041

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1037

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1033

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1031

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1028

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1025

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system

2005-03-06 21:28:38 ----D---- C:\WINDOWS\security

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Resources

2005-03-06 21:28:38 ----D---- C:\WINDOWS\repair

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Provisioning

2005-03-06 21:28:38 ----D---- C:\WINDOWS\PeerNet

2005-03-06 21:28:38 ----D---- C:\WINDOWS\pchealth

2005-03-06 21:28:38 ----D---- C:\WINDOWS\mui

2005-03-06 21:28:38 ----D---- C:\WINDOWS\msapps

2005-03-06 21:28:38 ----D---- C:\WINDOWS\msagent

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Media

2005-03-06 21:28:38 ----D---- C:\WINDOWS\java

2005-03-06 21:28:38 ----D---- C:\WINDOWS\ime

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Help

2005-03-06 21:28:38 ----D---- C:\WINDOWS\ehome

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Driver Cache

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Debug

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Cursors

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Connection Wizard

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Config

2005-03-06 21:28:38 ----D---- C:\WINDOWS\AppPatch

2005-03-06 21:28:38 ----D---- C:\WINDOWS\addins

2005-03-06 21:28:38 ----D---- C:\WINDOWS

2005-03-06 21:28:38 ----ASH---- C:\pagefile.sys

 

======List of files/folders modified in the last 1 months======

 

2011-05-13 20:27:07 ----A---- C:\WINDOWS\system.ini

2011-05-13 20:16:27 ----ASH---- C:\WINDOWS\fonts\desktop.ini

2006-11-03 00:21:18 ----A---- C:\WINDOWS\system32\wmploc.dll

2006-11-02 23:31:26 ----A---- C:\WINDOWS\system32\wmpshell.dll

2006-11-02 23:30:08 ----A---- C:\WINDOWS\system32\wmerror.dll

2006-11-02 23:24:36 ----A---- C:\WINDOWS\system32\asferror.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmvdmod.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmvcore.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMSPDMOE.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmsdmod.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmpdxm.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmpasf.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmp.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\WMNetMgr.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmidx.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\wmdmps.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\wmdmlog.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\WMASF.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\WMADMOE.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\WMADMOD.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\qasf.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\mswmdm.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\msscp.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\mspmsp.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\mspmsnsv.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\msnetobj.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MPG4DMOD.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MP4SDMOD.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MP43DMOD.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\LAPRXY.dll

2006-10-18 21:47:10 ----A---- C:\WINDOWS\system32\drmv2clt.dll

2006-10-18 21:47:10 ----A---- C:\WINDOWS\system32\cewmdm.dll

2006-10-18 21:47:10 ----A---- C:\WINDOWS\system32\blackbox.dll

2006-10-18 20:03:58 ----A---- C:\WINDOWS\system32\logagent.exe

2005-03-07 04:37:34 ----A---- C:\WINDOWS\win.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 uagp35;Filtro Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-03 44672]

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-05-05 12288]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\nsmqj.sys []

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-05-08 254976]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S3 BthEnum;Driver de Bloqueio de Solicitação Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

S3 BTHPORT;Driver de Porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274560]

S3 BTHUSB;Driver USB de Rádio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

S3 RFCOMM;Dispositivo Bluetooth (TDI do Protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 MBAMService;MBAMService; C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-03 276816]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2005-03-07 523776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 942592]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

[wings 22]

1.

*Baixe o RegUnlocker e salve-o no desktop

*Execute o programa e na aba [A - Restricciones], selecione:

1 - Elimina las restricciones del Sistema

2 - Eliminar restricciones del Explorador

*Clique [Aplicar]

*Não reinicie o PC!

 

2.

*Baixe o SalityKiller e salve-o no desktop

*Extraia o seu conteúdo para C:\

*Desative a Restauração do Sistema

*Clique com o botão direito do mouse em Meu Computador e selecione Propriedades

*Clique em Restauração do Sistema

*Selecione a opção:

[X] Desativar Restauração do Sistema

*Clique [Aplicar] > [sim] > [OK]

 

*Este programa será executado em 2 janelas distintas ao mesmo tempo!!

 

*A primeira janela:

*Clique em [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -m

*Clique [OK]

 

*Mantenha a janela rodando. Não feche-a!! Se desejar, minimize-a.

 

*A segunda janela:

*Clique [iniciar] > [Executar] > copie e cole: C:\salitykiller.exe -y -l sality.txt -v

*Clique [OK]

 

*Ao término, a janela 2 será fechada automaticamente. Feche, então, a janela 1.

*Cole o resumo localizado no final do arquivo C:\sality.txt, conforme mostrado abaixo:

23:57:51:0 Infected files: 8

23:57:51:0 Infected processes: 0

23:57:51:0 Infected threads: 2

23:57:51:0 Cured files: 8

23:57:51:0 Executed registry scripts: 1

 

3.

*Baixe este arquivo e salve-o no desktop

*Extraia para o desktop

*Execute-o e aceite a entrada no registro

*Reinicie o PC

 

4.

*Baixe o sality_regkeys e salve-o no desktop

*Extraia o conteúdo para o desktop

*Na pasta SalityRegKeys execute o arquivo SafeBootWinXP.reg e aceite a entrada no registro

*Reinicie o PC

 

5.

*Novo log do RSIT

[Felipe e Jully 0]

beleza a fiz tudo que você me pediu

 

mas na 2ª etapa nao achei esse final do log que você colocou

 

23:57:51:0 Infected files: 8

23:57:51:0 Infected processes: 0

23:57:51:0 Infected threads: 2

23:57:51:0 Cured files: 8

23:57:51:0 Executed registry scripts: 1

 

Entao vou colocar ele todo ai você olhar melhor!!!

 

 

 

 

 

 

00:12:51:171 3308 scanning threads ...

00:12:51:187 3308 KillThreads: Scan process PID: 440 Name "smss.exe" ThreadCount 3

00:12:51:187 3308 ScanThread: Thread 444 base addr: 4858A4C8

00:12:51:187 3308 ScanThread: Thread 448 base addr: 485893B2

00:12:51:187 3308 ScanThread: Thread 452 base addr: 13AA

00:12:51:187 3308 KillThreads: Scan process PID: 496 Name "csrss.exe" ThreadCount 11

00:12:51:187 3308 ScanThread: Thread 508 base addr: 75B3B329

00:12:51:187 3308 ScanThread: Thread 512 base addr: 75B354A4

00:12:51:203 3308 ScanThread: Thread 516 base addr: 75B14616

00:12:51:203 3308 ScanThread: Thread 520 base addr: 75B13B3A

00:12:51:203 3308 ScanThread: Thread 532 base addr: 75B14616

00:12:51:203 3308 ScanThread: Thread 540 base addr: 75B3B0F7

00:12:51:218 3308 ScanThread: Thread 544 base addr: 75B3B0F7

00:12:51:218 3308 ScanThread: Thread 592 base addr: 75B3B0F7

00:12:51:234 3308 ScanThread: Thread 1612 base addr: 75B14616

00:12:51:234 3308 ScanThread: Thread 1200 base addr: 75B3B59C

00:12:51:234 3308 ScanThread: Thread 3784 base addr: 75B32272

00:12:51:250 3308 KillThreads: Scan process PID: 524 Name "winlogon.exe" ThreadCount 21

00:12:51:250 3308 ScanThread: Thread 528 base addr: 103D353

00:12:51:250 3308 ScanThread: Thread 556 base addr: 77DB6BF0

00:12:51:265 3308 ScanThread: Thread 560 base addr: 7C92798D

00:12:51:296 3308 ScanThread: Thread 564 base addr: 7C910760

00:12:51:312 3308 ScanThread: Thread 568 base addr: 77DB6BF0

00:12:51:343 3308 ScanThread: Thread 580 base addr: 7C929FAE

00:12:51:359 3308 ScanThread: Thread 964 base addr: 1039156

00:12:51:375 3308 ScanThread: Thread 968 base addr: 765D2DC9

00:12:51:375 3308 ScanThread: Thread 1000 base addr: 7FF93C38

00:12:51:375 3308 ScanThread: Thread 1024 base addr: 7FF93399

00:12:51:375 3308 ScanThread: Thread 1028 base addr: 7FF93691

00:12:51:375 3308 ScanThread: Thread 1052 base addr: 76C4C86B

00:12:51:375 3308 ScanThread: Thread 1064 base addr: 76C4C5AE

00:12:51:375 3308 ScanThread: Thread 1088 base addr: 769A8831

00:12:51:406 3308 ScanThread: Thread 1092 base addr: 769B3CF1

00:12:51:437 3308 ScanThread: Thread 1212 base addr: 769B3CF1

00:12:51:453 3308 ScanThread: Thread 1532 base addr: 72CD30E8

00:12:51:453 3308 ScanThread: Thread 1536 base addr: 76B24DD6

00:12:51:453 3308 ScanThread: Thread 392 base addr: 77DB6BF0

00:12:51:484 3308 ScanThread: Thread 2548 base addr: 77DB6BF0

00:12:51:500 3308 ScanThread: Thread 2556 base addr: 77DB6BF0

00:12:51:500 3308 KillThreads: Scan process PID: 572 Name "services.exe" ThreadCount 16

00:12:51:500 3308 ScanThread: Thread 596 base addr: 7C92798D

00:12:51:562 3308 ScanThread: Thread 600 base addr: 7C910ACA

00:12:51:578 3308 ScanThread: Thread 604 base addr: 7C929FAE

00:12:51:593 3308 ScanThread: Thread 708 base addr: 7C910760

00:12:51:609 3308 ScanThread: Thread 712 base addr: 7C810856

00:12:51:625 3308 ScanThread: Thread 716 base addr: 77DB6BF0

00:12:51:640 3308 ScanThread: Thread 724 base addr: 776A39C0

00:12:51:640 3308 ScanThread: Thread 748 base addr: 100963B

00:12:51:687 3308 ScanThread: Thread 772 base addr: 788

00:12:51:687 3308 ScanThread: Thread 900 base addr: 7589349F

00:12:51:687 3308 ScanThread: Thread 904 base addr: 75895DF7

00:12:51:687 3308 ScanThread: Thread 2020 base addr: 55ED

00:12:51:687 3308 ScanThread: Thread 2036 base addr: 7C810856

00:12:51:718 3308 ScanThread: Thread 196 base addr: 77DB6BF0

00:12:51:734 3308 ScanThread: Thread 3448 base addr: 5FBF3E24

00:12:51:734 3308 ScanThread: Thread 3452 base addr: 5FBF1D97

00:12:51:750 3308 KillThreads: Scan process PID: 584 Name "lsass.exe" ThreadCount 20

00:12:51:750 3308 ScanThread: Thread 608 base addr: 75426767

00:12:51:765 3308 ScanThread: Thread 612 base addr: 7C92798D

00:12:51:812 3308 ScanThread: Thread 616 base addr: 7C910760

00:12:51:828 3308 ScanThread: Thread 620 base addr: 7C929FAE

00:12:51:843 3308 ScanThread: Thread 624 base addr: 264

00:12:51:843 3308 ScanThread: Thread 640 base addr: 7C910ACA

00:12:51:875 3308 ScanThread: Thread 652 base addr: 77DB6BF0

00:12:51:890 3308 ScanThread: Thread 660 base addr: 57ED

00:12:51:890 3308 ScanThread: Thread 668 base addr: 75418E06

00:12:51:906 3308 ScanThread: Thread 672 base addr: 75418E06

00:12:51:953 3308 ScanThread: Thread 680 base addr: 77DB6BF0

00:12:51:968 3308 ScanThread: Thread 704 base addr: 75418E06

00:12:51:984 3308 ScanThread: Thread 728 base addr: 7C810856

00:12:52:015 3308 ScanThread: Thread 1296 base addr: 7C810856

00:12:52:031 3308 ScanThread: Thread 280 base addr: 77F6B479

00:12:52:093 3308 ScanThread: Thread 412 base addr: 77C1A341

00:12:52:109 3308 ScanThread: Thread 416 base addr: 77C1A341

00:12:52:125 3308 ScanThread: Thread 420 base addr: 77C1A341

00:12:52:125 3308 ScanThread: Thread 2932 base addr: 769A8831

00:12:52:140 3308 ScanThread: Thread 2016 base addr: 7C810856

00:12:52:171 3308 KillThreads: Scan process PID: 736 Name "svchost.exe" ThreadCount 19

00:12:52:171 3308 ScanThread: Thread 740 base addr: 1002509

00:12:52:171 3308 ScanThread: Thread 752 base addr: 7C92798D

00:12:52:187 3308 ScanThread: Thread 760 base addr: 7C929FAE

00:12:52:250 3308 ScanThread: Thread 384 base addr: 7C810856

00:12:52:265 3308 ScanThread: Thread 980 base addr: 766FFE60

00:12:52:281 3308 ScanThread: Thread 1100 base addr: 1457

00:12:52:281 3308 ScanThread: Thread 1124 base addr: 1415

00:12:52:281 3308 ScanThread: Thread 1112 base addr: 766EE99C

00:12:52:296 3308 ScanThread: Thread 1132 base addr: 766EE894

00:12:52:296 3308 ScanThread: Thread 1104 base addr: 769A8831

00:12:52:312 3308 ScanThread: Thread 1140 base addr: 766EA72E

00:12:52:359 3308 ScanThread: Thread 1144 base addr: 7C810856

00:12:52:390 3308 ScanThread: Thread 1148 base addr: 77DB6BF0

00:12:52:406 3308 ScanThread: Thread 1184 base addr: 56E4

00:12:52:406 3308 ScanThread: Thread 1192 base addr: 7C810856

00:12:52:421 3308 ScanThread: Thread 1188 base addr: 766F685E

00:12:52:437 3308 ScanThread: Thread 2744 base addr: 7C910760

00:12:52:484 3308 ScanThread: Thread 1548 base addr: 77DB6BF0

00:12:52:500 3308 ScanThread: Thread 1164 base addr: 77DB6BF0

00:12:52:515 3308 KillThreads: Scan process PID: 780 Name "svchost.exe" ThreadCount 11

00:12:52:515 3308 ScanThread: Thread 784 base addr: 1002509

00:12:52:515 3308 ScanThread: Thread 788 base addr: 77F6B479

00:12:52:531 3308 ScanThread: Thread 792 base addr: 7C92798D

00:12:52:562 3308 ScanThread: Thread 796 base addr: 7C910760

00:12:52:578 3308 ScanThread: Thread 800 base addr: 7C929FAE

00:12:52:625 3308 ScanThread: Thread 804 base addr: 7C810856

00:12:52:656 3308 ScanThread: Thread 812 base addr: 7C810856

00:12:52:703 3308 ScanThread: Thread 884 base addr: 7C810856

00:12:52:718 3308 ScanThread: Thread 3980 base addr: 77DB6BF0

00:12:52:765 3308 ScanThread: Thread 3464 base addr: 76A7E78E

00:12:52:781 3308 ScanThread: Thread 2820 base addr: 77DB6BF0

00:12:52:843 3308 KillThreads: Scan process PID: 848 Name "svchost.exe" ThreadCount 53

00:12:52:843 3308 ScanThread: Thread 852 base addr: 1002509

00:12:52:843 3308 ScanThread: Thread 856 base addr: 51F1

00:12:52:843 3308 ScanThread: Thread 860 base addr: 7C92798D

00:12:52:859 3308 ScanThread: Thread 868 base addr: 1B19

00:12:52:859 3308 ScanThread: Thread 888 base addr: 77F6B479

00:12:52:875 3308 ScanThread: Thread 932 base addr: 76D6AE19

00:12:52:875 3308 ScanThread: Thread 948 base addr: 77DB6BF0

00:12:53:000 3308 ScanThread: Thread 1168 base addr: 7C910760

00:12:53:140 3308 ScanThread: Thread 1336 base addr: 77DB6BF0

00:12:53:140 3308 ScanThread: Thread 1340 base addr: 77646BB2

00:12:53:156 3308 ScanThread: Thread 1344 base addr: 77F6B479

00:12:53:265 3308 ScanThread: Thread 1388 base addr: 77F6B479

00:12:53:281 3308 ScanThread: Thread 1392 base addr: 77DB6BF0

00:12:53:406 3308 ScanThread: Thread 1400 base addr: 77DB6BF0

00:12:53:515 3308 ScanThread: Thread 1404 base addr: 76B5B153

00:12:53:515 3308 ScanThread: Thread 1408 base addr: 76B5A89A

00:12:53:515 3308 ScanThread: Thread 1412 base addr: 76B5A597

00:12:53:515 3308 ScanThread: Thread 1428 base addr: 76B6709D

00:12:53:531 3308 ScanThread: Thread 1456 base addr: 7C810856

00:12:53:656 3308 ScanThread: Thread 1488 base addr: 7C810856

00:12:53:671 3308 ScanThread: Thread 1848 base addr: 7C910ACA

00:12:53:796 3308 ScanThread: Thread 2004 base addr: 77DB6BF0

00:12:53:812 3308 ScanThread: Thread 2028 base addr: 77F6B479

00:12:53:953 3308 ScanThread: Thread 184 base addr: 923

00:12:53:953 3308 ScanThread: Thread 188 base addr: 68DF1560

00:12:53:953 3308 ScanThread: Thread 200 base addr: 68DF1AE0

00:12:53:953 3308 ScanThread: Thread 228 base addr: 7C810856

00:12:54:062 3308 ScanThread: Thread 352 base addr: 77DB6BF0

00:12:54:078 3308 ScanThread: Thread 380 base addr: 7C810856

00:12:54:203 3308 ScanThread: Thread 400 base addr: 7C810856

00:12:54:312 3308 ScanThread: Thread 500 base addr: 3A0A

00:12:54:312 3308 ScanThread: Thread 836 base addr: 7C810856

00:12:54:453 3308 ScanThread: Thread 840 base addr: 769A8831

00:12:54:468 3308 ScanThread: Thread 872 base addr: 77F6B479

00:12:54:593 3308 ScanThread: Thread 876 base addr: 767A28DE

00:12:54:609 3308 ScanThread: Thread 880 base addr: 77F6B479

00:12:54:718 3308 ScanThread: Thread 632 base addr: 77F6B479

00:12:54:734 3308 ScanThread: Thread 996 base addr: 776D6207

00:12:54:734 3308 ScanThread: Thread 1228 base addr: 7C810856

00:12:54:859 3308 ScanThread: Thread 1236 base addr: 7C810856

00:12:54:937 3308 ScanThread: Thread 1304 base addr: 55EF

00:12:54:937 3308 ScanThread: Thread 1316 base addr: 774D319A

00:12:55:000 3308 ScanThread: Thread 1056 base addr: 74EC742E

00:12:55:000 3308 ScanThread: Thread 2080 base addr: 74EC2555

00:12:55:000 3308 ScanThread: Thread 2632 base addr: 39F1

00:12:55:000 3308 ScanThread: Thread 2640 base addr: 77DB6BF0

00:12:55:046 3308 ScanThread: Thread 3428 base addr: 5FBC3C44

00:12:55:046 3308 ScanThread: Thread 3436 base addr: 5FBF1C49

00:12:55:046 3308 ScanThread: Thread 3440 base addr: 5FBF1C49

00:12:55:046 3308 ScanThread: Thread 3724 base addr: 7C910760

00:12:55:062 3308 ScanThread: Thread 3800 base addr: 7C810856

00:12:55:125 3308 ScanThread: Thread 2800 base addr: 751D9A1E

00:12:55:125 3308 ScanThread: Thread 3552 base addr: 774D319A

00:12:55:171 3308 KillThreads: Scan process PID: 940 Name "svchost.exe" ThreadCount 6

00:12:55:171 3308 ScanThread: Thread 944 base addr: 1002509

00:12:55:171 3308 ScanThread: Thread 1012 base addr: 767556A3

00:12:55:171 3308 ScanThread: Thread 1016 base addr: 7675464B

00:12:55:171 3308 ScanThread: Thread 1020 base addr: 7C810856

00:12:55:187 3308 ScanThread: Thread 1096 base addr: 579F

00:12:55:187 3308 ScanThread: Thread 144 base addr: 7C810856

00:12:55:218 3308 KillThreads: Scan process PID: 1152 Name "svchost.exe" ThreadCount 14

00:12:55:218 3308 ScanThread: Thread 1156 base addr: 1002509

00:12:55:218 3308 ScanThread: Thread 1272 base addr: 77F6B479

00:12:55:265 3308 ScanThread: Thread 1284 base addr: 74C01B04

00:12:55:265 3308 ScanThread: Thread 1892 base addr: 5AB257C5

00:12:55:265 3308 ScanThread: Thread 1896 base addr: 5AB257C5

00:12:55:265 3308 ScanThread: Thread 1900 base addr: 77DB6BF0

00:12:55:296 3308 ScanThread: Thread 1476 base addr: 77F6B479

00:12:55:312 3308 ScanThread: Thread 1480 base addr: 7C92798D

00:12:55:328 3308 ScanThread: Thread 1500 base addr: 7C929FAE

00:12:55:343 3308 ScanThread: Thread 1552 base addr: 7C810856

00:12:55:390 3308 ScanThread: Thread 1560 base addr: 7694721F

00:12:55:390 3308 ScanThread: Thread 1616 base addr: 1AD5

00:12:55:390 3308 ScanThread: Thread 2784 base addr: 7C910760

00:12:55:406 3308 ScanThread: Thread 2832 base addr: 77DB6BF0

00:12:55:421 3308 KillThreads: Scan process PID: 1288 Name "explorer.exe" ThreadCount 21

00:12:55:421 3308 ScanThread: Thread 1292 base addr: 10FE85A

00:12:55:453 3308 ScanThread: Thread 1360 base addr: 55CC

00:12:55:453 3308 ScanThread: Thread 1368 base addr: 77EBF56F

00:12:55:468 3308 ScanThread: Thread 1372 base addr: 7C92798D

00:12:55:515 3308 ScanThread: Thread 1380 base addr: 7C929FAE

00:12:55:546 3308 ScanThread: Thread 1544 base addr: 55CA

00:12:55:546 3308 ScanThread: Thread 1556 base addr: 77EBF56F

00:12:55:562 3308 ScanThread: Thread 1700 base addr: 1A10000

00:12:55:562 3308 ScanThread: Thread 1964 base addr: 765836F7

00:12:55:562 3308 ScanThread: Thread 1972 base addr: 77EBF56F

00:12:55:578 3308 ScanThread: Thread 1980 base addr: 77EBF56F

00:12:55:578 3308 ScanThread: Thread 956 base addr: 72CD30E8

00:12:55:578 3308 ScanThread: Thread 2168 base addr: 55CE

00:12:55:578 3308 ScanThread: Thread 3848 base addr: 774D319A

00:12:55:609 3308 ScanThread: Thread 3220 base addr: 77F79981

00:12:55:640 3308 ScanThread: Thread 952 base addr: 7C910760

00:12:55:703 3308 ScanThread: Thread 2464 base addr: 76B24DD6

00:12:55:703 3308 ScanThread: Thread 2044 base addr: 75F7E9D5

00:12:55:734 3308 ScanThread: Thread 3600 base addr: 77C1A341

00:12:55:750 3308 ScanThread: Thread 3272 base addr: 75F7E9D5

00:12:55:812 3308 ScanThread: Thread 3500 base addr: 7C910760

00:12:55:843 3308 KillThreads: Scan process PID: 1420 Name "spoolsv.exe" ThreadCount 11

00:12:55:843 3308 ScanThread: Thread 1424 base addr: 1016881

00:12:55:843 3308 ScanThread: Thread 1432 base addr: 77F6B479

00:12:55:859 3308 ScanThread: Thread 1436 base addr: 77DB6BF0

00:12:55:875 3308 ScanThread: Thread 1440 base addr: 2908

00:12:55:875 3308 ScanThread: Thread 1448 base addr: 10051DC

00:12:55:890 3308 ScanThread: Thread 2340 base addr: 100569C

00:12:55:890 3308 ScanThread: Thread 2636 base addr: 723C17D7

00:12:55:890 3308 ScanThread: Thread 2676 base addr: 76202C4F

00:12:55:890 3308 ScanThread: Thread 2680 base addr: 7620885C

00:12:56:031 3308 ScanThread: Thread 2780 base addr: 77DB6BF0

00:12:56:046 3308 ScanThread: Thread 3240 base addr: 77DB6BF0

00:12:56:062 3308 KillThreads: Scan process PID: 1596 Name "rundll32.exe" ThreadCount 3

00:12:56:062 3308 ScanThread: Thread 1600 base addr: 100A800

00:12:56:062 3308 ScanThread: Thread 1708 base addr: C50000

00:12:56:062 3308 ScanThread: Thread 252 base addr: 72CD30E8

00:12:56:062 3308 KillThreads: Scan process PID: 1604 Name "mbamgui.exe" ThreadCount 1

00:12:56:062 3308 ScanThread: Thread 1716 base addr: 1CC0000

00:12:56:062 3308 KillThreads: Scan process PID: 1628 Name "SpywareTerminatorShield.Exe" ThreadCount 6

00:12:56:062 3308 ScanThread: Thread 1632 base addr: 63180A

00:12:56:156 3308 ScanThread: Thread 1724 base addr: 3B0000

00:12:56:156 3308 ScanThread: Thread 1920 base addr: 405298

00:12:56:203 3308 ScanThread: Thread 1924 base addr: 405298

00:12:56:296 3308 ScanThread: Thread 816 base addr: 405298

00:12:56:343 3308 ScanThread: Thread 892 base addr: 405298

00:12:56:421 3308 KillThreads: Scan process PID: 1636 Name "rundll32.exe" ThreadCount 5

00:12:56:421 3308 ScanThread: Thread 1640 base addr: 100A800

00:12:56:421 3308 ScanThread: Thread 1732 base addr: A10000

00:12:56:421 3308 ScanThread: Thread 1816 base addr: 7C92798D

00:12:56:437 3308 ScanThread: Thread 1820 base addr: 7C910760

00:12:56:453 3308 ScanThread: Thread 1824 base addr: 7C929FAE

00:12:56:468 3308 KillThreads: Scan process PID: 1644 Name "hpwuschd2.exe" ThreadCount 2

00:12:56:484 3308 ScanThread: Thread 1648 base addr: 4020C8

00:12:56:484 3308 ScanThread: Thread 1740 base addr: AA0000

00:12:56:484 3308 KillThreads: Scan process PID: 1652 Name "SpywareTerminatorUpdate.exe" ThreadCount 10

00:12:56:484 3308 ScanThread: Thread 1656 base addr: 73C233

00:12:56:687 3308 ScanThread: Thread 1748 base addr: 340000

00:12:56:687 3308 ScanThread: Thread 1904 base addr: 404BA0

00:12:56:906 3308 ScanThread: Thread 1908 base addr: 404BA0

00:12:57:109 3308 ScanThread: Thread 1928 base addr: 101356C9

00:12:57:234 3308 ScanThread: Thread 1932 base addr: 101356C9

00:12:57:375 3308 ScanThread: Thread 1944 base addr: 404BA0

00:12:57:578 3308 ScanThread: Thread 1976 base addr: 101356C9

00:12:57:640 3308 ScanThread: Thread 1996 base addr: 101356C9

00:12:57:765 3308 ScanThread: Thread 2000 base addr: 71A1D5AF

00:12:57:781 3308 KillThreads: Scan process PID: 1684 Name "AWC.exe" ThreadCount 7

00:12:57:781 3308 ScanThread: Thread 1760 base addr: 522C30

00:12:57:921 3308 ScanThread: Thread 504 base addr: 1B30000

00:12:57:921 3308 ScanThread: Thread 1280 base addr: 7C810856

00:12:58:046 3308 ScanThread: Thread 2024 base addr: 7C810856

00:12:58:109 3308 ScanThread: Thread 2216 base addr: 40006828

00:12:58:125 3308 ScanThread: Thread 2228 base addr: 40006828

00:12:58:187 3308 ScanThread: Thread 2996 base addr: 771B3E0F

00:12:58:234 3308 KillThreads: Scan process PID: 1800 Name "sistray.exe" ThreadCount 1

00:12:58:234 3308 ScanThread: Thread 648 base addr: F60000

00:12:58:234 3308 KillThreads: Scan process PID: 1912 Name "svchost.exe" ThreadCount 3

00:12:58:234 3308 ScanThread: Thread 1916 base addr: 1002509

00:12:58:234 3308 ScanThread: Thread 1988 base addr: 4C1230D5

00:12:58:234 3308 ScanThread: Thread 248 base addr: 7C810856

00:12:58:296 3308 KillThreads: Scan process PID: 208 Name "mbamservice.exe" ThreadCount 4

00:12:58:296 3308 ScanThread: Thread 176 base addr: 401280

00:12:58:312 3308 ScanThread: Thread 276 base addr: 77F6B479

00:12:58:312 3308 ScanThread: Thread 2180 base addr: 4224D0

00:12:58:375 3308 ScanThread: Thread 2256 base addr: 424F80

00:12:58:375 3308 KillThreads: Scan process PID: 348 Name "sp_rsser.exe" ThreadCount 10

00:12:58:375 3308 ScanThread: Thread 360 base addr: 48C82F

00:12:58:390 3308 ScanThread: Thread 468 base addr: 77F6B479

00:12:58:437 3308 ScanThread: Thread 464 base addr: 42F1F0

00:12:58:468 3308 ScanThread: Thread 492 base addr: 404F98

00:12:58:531 3308 ScanThread: Thread 476 base addr: 404F98

00:12:58:546 3308 ScanThread: Thread 820 base addr: 404F98

00:12:58:609 3308 ScanThread: Thread 832 base addr: 404F98

00:12:58:625 3308 ScanThread: Thread 2792 base addr: 404F98

00:12:58:640 3308 ScanThread: Thread 2796 base addr: 404F98

00:12:58:687 3308 ScanThread: Thread 3068 base addr: 404F98

00:12:58:703 3308 KillThreads: Scan process PID: 484 Name "svchost.exe" ThreadCount 7

00:12:58:703 3308 ScanThread: Thread 488 base addr: 1002509

00:12:58:703 3308 ScanThread: Thread 768 base addr: 77F6B479

00:12:58:750 3308 ScanThread: Thread 896 base addr: 521E

00:12:58:750 3308 ScanThread: Thread 976 base addr: 75BDC47C

00:12:58:765 3308 ScanThread: Thread 1008 base addr: 55CD

00:12:58:765 3308 ScanThread: Thread 2772 base addr: 77DB6BF0

00:12:58:812 3308 ScanThread: Thread 3248 base addr: 55CB

00:12:58:812 3308 KillThreads: Scan process PID: 2096 Name "svchost.exe" ThreadCount 8

00:12:58:812 3308 ScanThread: Thread 2100 base addr: 1002509

00:12:58:812 3308 ScanThread: Thread 2112 base addr: 77F6B479

00:12:58:828 3308 ScanThread: Thread 2120 base addr: 5AED1F6F

00:12:58:828 3308 ScanThread: Thread 2132 base addr: 5A3398C0

00:12:58:828 3308 ScanThread: Thread 2136 base addr: 7C92798D

00:12:58:921 3308 ScanThread: Thread 2144 base addr: 7C910760

00:12:58:984 3308 ScanThread: Thread 2148 base addr: 7C929FAE

00:12:59:000 3308 ScanThread: Thread 2152 base addr: 5A33F916

00:12:59:046 3308 KillThreads: Scan process PID: 4068 Name "firefox.exe" ThreadCount 32

00:12:59:046 3308 ScanThread: Thread 4072 base addr: 401870

00:12:59:062 3308 ScanThread: Thread 576 base addr: 102AE82C

00:12:59:781 3308 ScanThread: Thread 1520 base addr: 1029F30E

00:13:00:734 3308 ScanThread: Thread 1516 base addr: 78132C50

00:13:00:812 3308 ScanThread: Thread 1320 base addr: 78132C50

00:13:00:875 3308 ScanThread: Thread 1568 base addr: 78132C50

00:13:00:921 3308 ScanThread: Thread 2008 base addr: 71A1D5AF

00:13:00:937 3308 ScanThread: Thread 1956 base addr: 78132C50

00:13:00:968 3308 ScanThread: Thread 2040 base addr: 78132C50

00:13:01:046 3308 ScanThread: Thread 2052 base addr: 78132C50

00:13:01:156 3308 ScanThread: Thread 2116 base addr: 7C810856

00:13:01:203 3308 ScanThread: Thread 2140 base addr: 78132C50

00:13:01:250 3308 ScanThread: Thread 2212 base addr: 24D0000

00:13:01:250 3308 ScanThread: Thread 1264 base addr: 78132C50

00:13:01:312 3308 ScanThread: Thread 1172 base addr: 78132C50

00:13:01:328 3308 ScanThread: Thread 1224 base addr: 78132C50

00:13:01:359 3308 ScanThread: Thread 1328 base addr: 78132C50

00:13:01:375 3308 ScanThread: Thread 688 base addr: 78132C50

00:13:01:421 3308 ScanThread: Thread 2424 base addr: 78132C50

00:13:01:484 3308 ScanThread: Thread 1528 base addr: 78132C50

00:13:01:500 3308 ScanThread: Thread 1524 base addr: 78132C50

00:13:01:562 3308 ScanThread: Thread 2524 base addr: 78132C50

00:13:01:609 3308 ScanThread: Thread 244 base addr: 78132C50

00:13:01:640 3308 ScanThread: Thread 268 base addr: 78132C50

00:13:01:656 3308 ScanThread: Thread 2624 base addr: 78132C50

00:13:01:687 3308 ScanThread: Thread 2712 base addr: 78132C50

00:13:01:703 3308 ScanThread: Thread 1460 base addr: 7C929FAE

00:13:01:718 3308 ScanThread: Thread 2872 base addr: 7C92798D

00:13:01:781 3308 ScanThread: Thread 2876 base addr: 7C910760

00:13:01:828 3308 ScanThread: Thread 3260 base addr: 7C810856

00:13:01:906 3308 ScanThread: Thread 3812 base addr: 72CD30E8

00:13:01:906 3308 ScanThread: Thread 3824 base addr: 76B24DD6

00:13:01:921 3308 KillThreads: Scan process PID: 2316 Name "notepad.exe" ThreadCount 2

00:13:01:921 3308 ScanThread: Thread 2312 base addr: 101A4E4

00:13:01:921 3308 ScanThread: Thread 2492 base addr: B00000

00:13:01:921 3308 KillThreads: Scan process PID: 1888 Name "plugin-container.exe" ThreadCount 11

00:13:01:921 3308 ScanThread: Thread 1808 base addr: 401580

00:13:01:921 3308 ScanThread: Thread 2880 base addr: 1029F30E

00:13:02:687 3308 ScanThread: Thread 2232 base addr: 1680000

00:13:02:687 3308 ScanThread: Thread 2972 base addr: 116BD40

00:13:03:031 3308 ScanThread: Thread 2980 base addr: 116BD40

00:13:03:359 3308 ScanThread: Thread 3016 base addr: 72CD30E8

00:13:03:359 3308 ScanThread: Thread 3028 base addr: 116BD40

00:13:03:656 3308 ScanThread: Thread 3040 base addr: 116BD40

00:13:03:968 3308 ScanThread: Thread 3048 base addr: 116BD40

00:13:04:281 3308 ScanThread: Thread 3056 base addr: 116BD40

00:13:04:546 3308 ScanThread: Thread 3084 base addr: 116BD40

00:13:05:000 3308 KillThreads: Scan process PID: 3504 Name "winxkxk.exe" ThreadCount 5

00:13:05:000 3308 ScanThread: Thread 3512 base addr: 46D5F0

00:13:05:015 3308 ScanThread: Thread 3416 base addr: 40307E

00:13:05:031 3308 ScanThread: Thread 3400 base addr: 401820

00:13:05:031 3308 ScanThread: Thread 3608 base addr: 3A0000

00:13:05:031 3308 ScanThread: Thread 3256 base addr: 71A1D5AF

00:13:05:046 3308 KillThreads: Scan process PID: 3968 Name "vqmrv.exe" ThreadCount 1

00:13:05:046 3308 ScanThread: Thread 2660 base addr: C80000

00:13:05:046 3308 KillThreads: Scan process PID: 756 Name "winwbxn.exe" ThreadCount 6

00:13:05:046 3308 ScanThread: Thread 3196 base addr: 6468A9

00:13:05:234 3308 ScanThread: Thread 3264 base addr: 40A34B

00:13:05:406 3308 ScanThread: Thread 3268 base addr: 40BEA1

00:13:05:531 3308 ScanThread: Thread 3000 base addr: 390000

00:13:05:531 3308 ScanThread: Thread 3460 base addr: 77F79981

00:13:05:593 3308 ScanThread: Thread 2724 base addr: 71A1D5AF

00:13:05:593 3308 KillThreads: Scan process PID: 2868 Name "SalityKiller.exe" ThreadCount 1

00:13:05:593 3308 ScanThread: Thread 2816 base addr: 478244

00:13:05:671 3308 ScanThread: Antifalse detected...

00:13:05:671 3308 KillThreads: Scan process PID: 3292 Name "SalityKiller.exe" ThreadCount 1

00:13:05:671 3308 KillThreads: Current thread, skipping...

00:13:05:671 3308

00:13:05:671 3308 scanning processes ...

00:13:05:703 3308 InterateAllProcesses: OpenProcess ([system Process], 0) error 87

00:13:05:703 3308 InterateAllProcesses: GetModuleFileNameEx (System, 4) error 299

00:13:05:703 3308 fopen_ex: Trying to open file C:\WINDOWS\System32\smss.exe

00:13:05:703 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\System32\smss.exe) returned status 00000000

00:13:05:703 3308 fopen_ex: File opened ok

00:13:05:765 3308 fclose_ex: Try to close file C:\WINDOWS\System32\smss.exe

00:13:05:765 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\csrss.exe

00:13:05:781 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\csrss.exe) returned status 00000000

00:13:05:781 3308 fopen_ex: File opened ok

00:13:05:781 3308 fclose_ex: Try to close file C:\WINDOWS\system32\csrss.exe

00:13:05:781 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\winlogon.exe

00:13:05:828 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\winlogon.exe) returned status 00000000

00:13:05:828 3308 fopen_ex: File opened ok

00:13:05:828 3308 fclose_ex: Try to close file C:\WINDOWS\system32\winlogon.exe

00:13:05:828 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\services.exe

00:13:05:859 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\services.exe) returned status 00000000

00:13:05:859 3308 fopen_ex: File opened ok

00:13:05:875 3308 fclose_ex: Try to close file C:\WINDOWS\system32\services.exe

00:13:05:875 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\lsass.exe

00:13:05:875 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\lsass.exe) returned status 00000000

00:13:05:875 3308 fopen_ex: File opened ok

00:13:05:875 3308 fclose_ex: Try to close file C:\WINDOWS\system32\lsass.exe

00:13:05:875 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\svchost.exe

00:13:05:875 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\svchost.exe) returned status 00000000

00:13:05:875 3308 fopen_ex: File opened ok

00:13:05:875 3308 fclose_ex: Try to close file C:\WINDOWS\system32\svchost.exe

00:13:05:875 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\svchost.exe

00:13:05:875 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\svchost.exe) returned status 00000000

00:13:05:875 3308 fopen_ex: File opened ok

00:13:05:890 3308 fclose_ex: Try to close file C:\WINDOWS\system32\svchost.exe

00:13:05:890 3308 fopen_ex: Trying to open file C:\WINDOWS\System32\svchost.exe

00:13:05:890 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\System32\svchost.exe) returned status 00000000

00:13:05:890 3308 fopen_ex: File opened ok

00:13:05:890 3308 fclose_ex: Try to close file C:\WINDOWS\System32\svchost.exe

00:13:05:890 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\svchost.exe

00:13:05:890 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\svchost.exe) returned status 00000000

00:13:05:890 3308 fopen_ex: File opened ok

00:13:05:890 3308 fclose_ex: Try to close file C:\WINDOWS\system32\svchost.exe

00:13:05:890 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\svchost.exe

00:13:05:890 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\svchost.exe) returned status 00000000

00:13:05:890 3308 fopen_ex: File opened ok

00:13:05:890 3308 fclose_ex: Try to close file C:\WINDOWS\system32\svchost.exe

00:13:05:890 3308 fopen_ex: Trying to open file C:\WINDOWS\Explorer.EXE

00:13:05:890 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\Explorer.EXE) returned status 00000000

00:13:05:890 3308 fopen_ex: File opened ok

00:13:05:921 3308 fclose_ex: Try to close file C:\WINDOWS\Explorer.EXE

00:13:05:921 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\spoolsv.exe

00:13:05:921 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\spoolsv.exe) returned status 00000000

00:13:05:921 3308 fopen_ex: File opened ok

00:13:05:937 3308 fclose_ex: Try to close file C:\WINDOWS\system32\spoolsv.exe

00:13:05:937 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\RunDll32.exe

00:13:05:937 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\RunDll32.exe) returned status 00000000

00:13:05:937 3308 fopen_ex: File opened ok

00:13:05:968 3308 fclose_ex: Try to close file C:\WINDOWS\system32\RunDll32.exe

00:13:05:968 3308 fopen_ex: Trying to open file C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:05:968 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe) returned status 00000000

00:13:05:968 3308 fopen_ex: File opened ok

00:13:06:187 3308 fclose_ex: Try to close file C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:06:187 3308 C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe infected Virus.Win32.Sality.bh ...00:13:06:187 3308 not terminated

00:13:06:187 3308 DetectCure: Scan file: C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:06:187 3308 fopen_ex: Trying to open file C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:06:187 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe) returned status 00000000

00:13:06:187 3308 fopen_ex: File opened ok

00:13:06:296 3308 fclose_ex: Try to close file C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:06:296 3308 fopen_ex: Trying to open file C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:06:296 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe) returned status 00000000

00:13:06:296 3308 fopen_ex: File opened ok

00:13:32:265 3308 fclose_ex: Try to close file C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

00:13:32:281 3308 C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe infected Virus.Win32.Sality.bh ...00:13:32:281 3308 cured

00:13:32:281 3308 fopen_ex: Trying to open file C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

00:13:32:281 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe) returned status 00000000

00:13:32:281 3308 fopen_ex: File opened ok

00:13:32:281 3308 fclose_ex: Try to close file C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

00:13:32:281 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\rundll32.exe

00:13:32:312 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\rundll32.exe) returned status 00000000

00:13:32:312 3308 fopen_ex: File opened ok

00:13:32:312 3308 fclose_ex: Try to close file C:\WINDOWS\system32\rundll32.exe

00:13:32:312 3308 fopen_ex: Trying to open file C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

00:13:32:312 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe) returned status 00000000

00:13:32:312 3308 fopen_ex: File opened ok

00:13:32:328 3308 fclose_ex: Try to close file C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

00:13:32:328 3308 fopen_ex: Trying to open file C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

00:13:32:328 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe) returned status 00000000

00:13:32:328 3308 fopen_ex: File opened ok

00:13:32:343 3308 fclose_ex: Try to close file C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

00:13:32:343 3308 fopen_ex: Trying to open file C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

00:13:32:343 3308 MyNtCreateFileW: NtCreateFile(\??\C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe) returned status 00000000

00:13:32:343 3308 fopen_ex: File opened ok

00:13:32:406 3308 fclose_ex: Try to close file C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

00:13:32:406 3308 fopen_ex: Trying to open file C:\WINDOWS\system32\sistray.exe

00:13:32:406 3308 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\sistray.exe) returned status 00000000

00:13:32:406 3308 fopen_ex: File opened ok

 

 

 

Agora aki em baixo segue o log do RSIT!!!

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Jully at 2005-03-07 00:31:33

Microsoft Windows XP Professional Service Pack 2

System drive C: has 34 GB (68%) free of 50 GB

Total RAM: 991 MB (56% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:32:33, on 7/3/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\vqmrv.exe

C:\WINDOWS\system32\notepad.exe

C:\DOCUME~1\Jully\CONFIG~1\Temp\winrvttq.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Jully\Desktop\RSIT.exe

C:\Documents and Settings\Jully\Desktop\SOluçao\Jully.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/homepage.aspx?tbid=60346

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60346

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60346

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60346

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60346

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O4 - HKCU\..\Run: [Windows Service] winsvc32.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe

 

--

End of file - 4706 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-1801674531-1003Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-115176313-1801674531-1003UA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"Malwarebytes' Anti-Malware"=C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe [2005-03-07 429392]

"SiSPower"=SiSPower.dll,ModeAgent []

"SpywareTerminator"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe [2005-03-07 2244608]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"HP Software Update"=C:\Arquivos de programas\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

""= []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"=C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorUpdate.exe [2005-03-07 3346432]

"Advanced SystemCare 3"=C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe [2010-08-10 2349776]

"Windows Service"=winsvc32.exe []

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

"C:\WINDOWS\system32\sistray.exe"="C:\WINDOWS\system32\sistray.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\wingcstod.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\wingcstod.exe:*:Enabled:ipsec"

"C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe"="C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Jully\CONFIG~1\Temp\winrvttq.exe"="C:\DOCUME~1\Jully\CONFIG~1\Temp\winrvttq.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======List of files/folders created in the last 1 months======

 

2011-05-13 23:03:59 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2011-05-13 22:41:01 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Adobe

2011-05-13 22:23:52 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Macromedia

2011-05-13 21:00:50 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

2011-05-13 21:00:50 ----D---- C:\Arquivos de programas\Alwil Software

2011-05-13 20:37:40 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Malwarebytes

2011-05-13 20:37:36 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011-05-13 20:37:34 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2011-05-13 20:37:34 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2011-05-13 20:37:34 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2011-05-13 20:37:13 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\WinRAR

2011-05-13 20:35:39 ----A---- C:\WINDOWS\system32\drivers\splitter.sys

2011-05-13 20:35:37 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys

2011-05-13 20:35:34 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys

2011-05-13 20:35:33 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys

2011-05-13 20:35:30 ----A---- C:\WINDOWS\system32\drivers\aec.sys

2011-05-13 20:35:27 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys

2011-05-13 20:35:26 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys

2011-05-13 20:35:24 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys

2011-05-13 20:35:21 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011-05-13 20:35:19 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys

2011-05-13 20:35:14 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011-05-13 20:35:09 ----RAH---- C:\WINDOWS\system32\Audio3D.dll

2011-05-13 20:35:08 ----RAH---- C:\WINDOWS\system32\a3d.dll

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\udaprop.dll

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\drivers\cmuda.sys

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\cmuda.dll

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\cmirmdrv.exe

2011-05-13 20:35:05 ----RAH---- C:\WINDOWS\system32\cmirmdrv.dll

2011-05-13 20:35:01 ----A---- C:\WINDOWS\system32\ksuser.dll

2011-05-13 20:35:01 ----A---- C:\WINDOWS\system32\drivers\portcls.sys

2011-05-13 20:35:00 ----A---- C:\WINDOWS\system32\drivers\drmk.sys

2011-05-13 20:34:47 ----A---- C:\WINDOWS\CMISETUP.INI

2011-05-13 20:34:45 ----A---- C:\WINDOWS\CMCDPLAY.INI

2011-05-13 20:34:42 ----A---- C:\WINDOWS\Wininit.ini

2011-05-13 20:34:39 ----RAH---- C:\WINDOWS\Cmuda.ini

2011-05-13 20:34:38 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2011-05-13 20:34:38 ----D---- C:\Arquivos de programas\C-Media 3D Audio

2011-05-13 20:34:38 ----A---- C:\WINDOWS\CMIUninstall.exe

2011-05-13 20:34:38 ----A---- C:\WINDOWS\CmiRmRedundDir.exe

2011-05-13 20:34:38 ----A---- C:\WINDOWS\CMIRmDriver.dll

2011-05-13 20:34:30 ----A---- C:\WINDOWS\ODBC.INI

2011-05-13 20:34:22 ----A---- C:\WINDOWS\system32\mdimon.dll

2011-05-13 20:34:13 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield

2011-05-13 20:33:20 ----SHD---- C:\RECYCLER

2011-05-13 20:31:34 ----D---- C:\Arquivos de programas\XP Codec Pack

2011-05-13 20:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$

2011-05-13 20:29:56 ----N---- C:\WINDOWS\system32\spmsg.dll

2011-05-13 20:29:53 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2011-05-13 20:29:35 ----D---- C:\Arquivos de programas\Windows Media Connect 2

2011-05-13 20:29:25 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2011-05-13 20:28:44 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2011-05-13 20:28:13 ----A---- C:\WINDOWS\system32\S8Z95D47.EXE

2011-05-13 20:28:12 ----SH---- C:\WINDOWS\system32\ZH593.EXE

2011-05-13 20:28:09 ----D---- C:\WINDOWS\system32\drivers\UMDF

2011-05-13 20:28:04 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2011-05-13 20:28:03 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2011-05-13 20:27:39 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

2011-05-13 20:27:18 ----D---- C:\WINDOWS\system32\LogFiles

2011-05-13 20:27:12 ----D---- C:\Arquivos de programas\WinRAR

2011-05-13 20:26:31 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS

2011-05-13 20:24:40 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Identities

2011-05-13 20:24:37 ----HD---- C:\Arquivos de programas\Uninstall Information

2011-05-13 20:24:21 ----ASH---- C:\Documents and Settings\Jully\Dados de aplicativos\desktop.ini

2011-05-13 20:24:20 ----SD---- C:\Documents and Settings\Jully\Dados de aplicativos\Microsoft

2011-05-13 20:23:10 ----D---- C:\WINDOWS\SoftwareDistribution

2011-05-13 20:23:00 ----SD---- C:\WINDOWS\system32\Microsoft

2011-05-13 20:23:00 ----D---- C:\WINDOWS\Prefetch

2011-05-13 20:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2011-05-13 20:17:43 ----D---- C:\WINDOWS\system32\xircom

2011-05-13 20:17:43 ----D---- C:\Arquivos de programas\xerox

2011-05-13 20:17:43 ----D---- C:\Arquivos de programas\microsoft frontpage

2011-05-13 20:17:09 ----RASH---- C:\MSDOS.SYS

2011-05-13 20:17:09 ----RASH---- C:\IO.SYS

2011-05-13 20:17:09 ----A---- C:\WINDOWS\control.ini

2011-05-13 20:17:09 ----A---- C:\CONFIG.SYS

2011-05-13 20:17:09 ----A---- C:\AUTOEXEC.BAT

2011-05-13 20:16:42 ----A---- C:\WINDOWS\system32\mapi32.dll

2011-05-13 20:15:16 ----SD---- C:\WINDOWS\Downloaded Program Files

2011-05-13 20:15:16 ----RD---- C:\WINDOWS\Offline Web Pages

2011-05-13 20:15:16 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2011-05-13 20:15:06 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2011-05-13 20:15:00 ----HD---- C:\Arquivos de programas\WindowsUpdate

2011-05-13 20:14:56 ----D---- C:\Arquivos de programas\Serviços on-line

2011-05-13 20:14:35 ----D---- C:\WINDOWS\system32\DirectX

2011-05-13 20:14:13 ----A---- C:\WINDOWS\system32\atrace.dll

2011-05-13 20:14:11 ----A---- C:\WINDOWS\system32\desktop.ini

2011-05-13 20:14:11 ----A---- C:\WINDOWS\desktop.ini

2011-05-13 20:14:04 ----A---- C:\WINDOWS\system32\nmevtmsg.dll

2011-05-13 20:14:03 ----A---- C:\WINDOWS\system32\acctres.dll

2011-05-13 20:14:02 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços

2011-05-13 20:14:00 ----SD---- C:\WINDOWS\Tasks

2011-05-13 20:14:00 ----A---- C:\WINDOWS\system32\icfgnt5.dll

2011-05-13 20:13:59 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap

2011-05-13 20:13:55 ----D---- C:\WINDOWS\srchasst

2011-05-13 20:13:54 ----D---- C:\WINDOWS\system32\Macromed

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wuweb.dll

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wucltui.dll

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wuauserv.dll

2011-05-13 20:13:51 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wups.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuaueng.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuauclt.exe

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\wuapi.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2011-05-13 20:13:50 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2011-05-13 20:13:49 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2011-05-13 20:13:49 ----A---- C:\WINDOWS\system32\qmgr.dll

2011-05-13 20:13:45 ----D---- C:\Arquivos de programas\Movie Maker

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\safrslv.dll

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\safrdm.dll

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\safrcdlg.dll

2011-05-13 20:13:41 ----A---- C:\WINDOWS\system32\racpldlg.dll

2011-05-13 20:13:38 ----A---- C:\WINDOWS\system32\fltMc.exe

2011-05-13 20:13:38 ----A---- C:\WINDOWS\system32\fltlib.dll

2011-05-13 20:13:38 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys

2011-05-13 20:13:37 ----D---- C:\WINDOWS\system32\Restore

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\srsvc.dll

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\srrstr.dll

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\srclient.dll

2011-05-13 20:13:37 ----A---- C:\WINDOWS\system32\drivers\sr.sys

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\nmmkcert.dll

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\mnmsrvc.exe

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\mnmdd.dll

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\isrdbg32.dll

2011-05-13 20:13:36 ----A---- C:\WINDOWS\system32\ils.dll

2011-05-13 20:13:35 ----A---- C:\WINDOWS\system32\msconf.dll

2011-05-13 20:13:33 ----D---- C:\Arquivos de programas\NetMeeting

2011-05-13 20:13:33 ----A---- C:\WINDOWS\system32\msoert2.dll

2011-05-13 20:13:33 ----A---- C:\WINDOWS\system32\msoeacct.dll

2011-05-13 20:13:32 ----A---- C:\WINDOWS\system32\inetres.dll

2011-05-13 20:13:31 ----A---- C:\WINDOWS\system32\inetcomm.dll

2011-05-13 20:13:29 ----D---- C:\Arquivos de programas\Outlook Express

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\schedsvc.dll

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\mstinit.exe

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\mstask.dll

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\icwphbk.dll

2011-05-13 20:13:29 ----A---- C:\WINDOWS\system32\icwdial.dll

2011-05-13 20:13:28 ----A---- C:\WINDOWS\system32\isign32.dll

2011-05-13 20:13:28 ----A---- C:\WINDOWS\system32\inetcfg.dll

2011-05-13 20:13:22 ----D---- C:\Arquivos de programas\Arquivos comuns\System

2011-05-13 20:13:20 ----D---- C:\Arquivos de programas\Internet Explorer

2011-05-13 20:12:26 ----D---- C:\Arquivos de programas\ComPlus Applications

2011-05-13 20:12:24 ----A---- C:\WINDOWS\vbaddin.ini

2011-05-13 20:12:24 ----A---- C:\WINDOWS\vb.ini

2011-05-13 20:12:20 ----D---- C:\WINDOWS\Registration

2011-05-13 20:12:13 ----D---- C:\Arquivos de programas\Windows Media Player

2011-05-13 20:12:05 ----D---- C:\Arquivos de programas\Messenger

2011-05-13 20:12:02 ----D---- C:\Arquivos de programas\MSN Gaming Zone

2011-05-13 20:12:01 ----A---- C:\WINDOWS\system32\write.exe

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\sndvol32.exe

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\hticons.dll

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\avwav.dll

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\avtapi.dll

2011-05-13 20:11:50 ----A---- C:\WINDOWS\system32\avmeter.dll

2011-05-13 20:11:49 ----A---- C:\WINDOWS\system32\winchat.exe

2011-05-13 20:11:42 ----A---- C:\WINDOWS\system32\getuname.dll

2011-05-13 20:11:42 ----A---- C:\WINDOWS\system32\charmap.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\winmine.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\sol.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\mshearts.exe

2011-05-13 20:11:41 ----A---- C:\WINDOWS\system32\calc.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tslabels.ini

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tskill.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\tscon.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\shadow.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\rwinsta.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\reset.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\regini.exe

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2011-05-13 20:11:40 ----A---- C:\WINDOWS\system32\freecell.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\qwinsta.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\qappsrv.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\msg.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\logoff.exe

2011-05-13 20:11:39 ----A---- C:\WINDOWS\system32\cdmodem.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\mtxex.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\mtxdm.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\comrepl.dll

2011-05-13 20:11:38 ----A---- C:\WINDOWS\system32\comaddin.dll

2011-05-13 20:11:37 ----A---- C:\WINDOWS\system32\stclient.dll

2011-05-13 20:11:37 ----A---- C:\WINDOWS\system32\comsnap.dll

2011-05-13 20:11:32 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2011-05-13 20:11:31 ----A---- C:\WINDOWS\system32\accwiz.exe

2011-05-13 20:11:30 ----D---- C:\Arquivos de programas\Windows NT

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\sndrec32.exe

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\mspaint.exe

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\mplay32.exe

2011-05-13 20:11:30 ----A---- C:\WINDOWS\system32\hypertrm.dll

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\spider.exe

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys

2011-05-13 20:11:29 ----A---- C:\WINDOWS\system32\clipbrd.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\sessmgr.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\remotepg.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\rdshost.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\rdchost.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\mstscax.dll

2011-05-13 20:11:28 ----A---- C:\WINDOWS\system32\mstsc.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\tscupgrd.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\termsrv.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\rdpclip.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\qprocess.exe

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\icaapi.dll

2011-05-13 20:11:27 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2011-05-13 20:11:26 ----D---- C:\WINDOWS\system32\MsDtc

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\xolehlp.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\mtxoci.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\msdtctm.dll

2011-05-13 20:11:26 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2011-05-13 20:11:25 ----D---- C:\WINDOWS\system32\Com

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\msdtclog.dll

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\msdtc.exe

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\colbact.dll

2011-05-13 20:11:25 ----A---- C:\WINDOWS\system32\catsrvps.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\comuid.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\comsvcs.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\clbcatex.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\catsrvut.dll

2011-05-13 20:11:24 ----A---- C:\WINDOWS\system32\catsrv.dll

2011-05-13 20:11:23 ----A---- C:\WINDOWS\system32\clbcatq.dll

2011-05-13 20:11:17 ----A---- C:\WINDOWS\system32\servdeps.dll

2011-05-13 20:11:16 ----A---- C:\WINDOWS\system32\mmfutil.dll

2011-05-13 20:11:16 ----A---- C:\WINDOWS\system32\licwmi.dll

2011-05-13 20:11:16 ----A---- C:\WINDOWS\system32\cmprops.dll

2011-05-13 20:11:12 ----A---- C:\WINDOWS\system32\drivers\termdd.sys

2011-05-13 20:11:12 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys

2009-12-22 15:39:20 ----N---- C:\WINDOWS\system32\imapi2fs.dll

2009-12-22 15:39:20 ----N---- C:\WINDOWS\system32\imapi2.dll

2009-12-17 01:53:54 ----A---- C:\WINDOWS\system32\msvbvm60.dll

2009-06-07 08:27:20 ----A---- C:\WINDOWS\system32\vbzlib1.dll

2008-12-19 12:15:58 ----A---- C:\WINDOWS\system32\libavcodec.dll

2008-12-17 14:41:18 ----A---- C:\WINDOWS\system32\ff_x264.dll

2008-12-17 14:22:58 ----A---- C:\WINDOWS\system32\ff_wmv9.dll

2008-12-17 14:22:48 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2008-12-17 14:17:34 ----A---- C:\WINDOWS\system32\ff_theora.dll

2008-12-17 13:59:54 ----A---- C:\WINDOWS\system32\libmplayer.dll

2008-12-11 08:27:02 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-11-29 17:26:36 ----A---- C:\WINDOWS\system32\VSFilter.dll

2006-11-17 18:22:22 ----A---- C:\WINDOWS\system32\FM20PTB.DLL

2006-11-02 13:10:16 ----A---- C:\WINDOWS\system32\sherlock2.exe

2006-11-02 11:52:56 ----N---- C:\WINDOWS\system32\wpdshextres.dll

2006-10-26 13:10:06 ----A---- C:\WINDOWS\system32\FM20ENU.DLL

2006-10-18 21:58:00 ----N---- C:\WINDOWS\system32\wdfmgr.exe

2006-10-18 21:58:00 ----N---- C:\WINDOWS\system32\uwdf.exe

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdsp.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WPDShServiceObj.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WpdShext.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdmtpus.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdmtp.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpdconns.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\wpd_ci.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVXENCD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVSENCD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVSDECD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVENCOD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVDECOD.dll

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVADVE.DLL

2006-10-18 21:47:22 ----N---- C:\WINDOWS\system32\WMVADVD.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpsrcwp.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpps.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpmde.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpencen.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmpeffects.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmdrmsdk.dll

2006-10-18 21:47:20 ----N---- C:\WINDOWS\system32\wmdrmnet.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\wmdrmdev.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\wdfapi.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceWMDRM.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceTypes.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceClassExtension.dll

2006-10-18 21:47:18 ----N---- C:\WINDOWS\system32\PortableDeviceApi.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MPG4DECD.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MP4SDECD.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MP43DECD.dll

2006-10-18 21:47:14 ----N---- C:\WINDOWS\system32\MFPLAT.dll

2006-10-18 21:47:08 ----N---- C:\WINDOWS\system32\audiodev.dll

2006-10-18 20:00:46 ----N---- C:\WINDOWS\system32\drmupgds.exe

2006-10-18 20:00:14 ----N---- C:\WINDOWS\system32\wpdshextautoplay.exe

2006-10-18 20:00:00 ----N---- C:\WINDOWS\system32\drivers\wpdusb.sys

2006-10-02 15:28:42 ----N---- C:\WINDOWS\system32\msdelta.dll

2006-09-28 20:13:26 ----N---- C:\WINDOWS\system32\WUDFCoinstaller.dll

2006-09-28 19:00:34 ----N---- C:\WINDOWS\system32\drivers\WudfRd.sys

2006-09-28 18:56:38 ----N---- C:\WINDOWS\system32\WUDFx.dll

2006-09-28 18:56:38 ----N---- C:\WINDOWS\system32\WudfHost.exe

2006-09-28 18:56:16 ----N---- C:\WINDOWS\system32\WudfPlatform.dll

2006-09-28 18:56:14 ----N---- C:\WINDOWS\system32\WudfSvc.dll

2006-09-28 18:55:50 ----N---- C:\WINDOWS\system32\drivers\WudfPf.sys

2005-05-31 07:31:32 ----A---- C:\WINDOWS\system32\SubTimer.dll

2005-03-07 13:14:48 ----D---- C:\Arquivos de programas\Crawler

2005-03-07 13:14:45 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2005-03-07 13:14:44 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Spyware Terminator

2005-03-07 13:14:40 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spyware Terminator

2005-03-07 13:14:39 ----D---- C:\Arquivos de programas\Spyware Terminator

2005-03-07 12:44:40 ----D---- C:\WINDOWS\pss

2005-03-07 08:22:50 ----D---- C:\Arquivos de programas\DsNET Corp

2005-03-07 07:59:18 ----D---- C:\Arquivos de programas\PhotoScape

2005-03-07 06:46:42 ----SHD---- C:\Config.Msi

2005-03-07 06:00:28 ----D---- C:\Arquivos de programas\CCleaner

2005-03-07 05:02:09 ----A---- C:\WINDOWS\system32\MRT.exe

2005-03-07 04:59:04 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\IObit

2005-03-07 04:44:03 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Yahoo!

2005-03-07 04:44:01 ----D---- C:\Arquivos de programas\Yahoo!

2005-03-07 04:43:56 ----D---- C:\Arquivos de programas\Recuva

2005-03-07 04:43:14 ----DC---- C:\WINDOWS\system32\DRVSTORE

2005-03-07 04:37:07 ----D---- C:\WINDOWS\SHELLNEW

2005-03-07 04:36:42 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2005-03-07 04:36:42 ----D---- C:\Arquivos de programas\Microsoft Office

2005-03-07 04:36:20 ----RHD---- C:\MSOCache

2005-03-07 04:35:50 ----D---- C:\WINDOWS\system32\appmgmt

2005-03-07 04:29:20 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Mozilla

2005-03-07 04:29:12 ----D---- C:\Arquivos de programas\Mozilla Firefox

2005-03-07 04:16:37 ----A---- C:\WINDOWS\system32\ODBCTL32.dll

2005-03-07 04:16:36 ----A---- C:\WINDOWS\system32\MsRepl35.dll

2005-03-07 04:16:35 ----A---- C:\WINDOWS\system32\VB5DB.dll

2005-03-07 04:16:35 ----A---- C:\WINDOWS\system32\MSRD2x35.dll

2005-03-07 04:16:34 ----A---- C:\WINDOWS\system32\MSJET35.DLL

2005-03-07 04:16:31 ----A---- C:\WINDOWS\system32\MSJtEr35.dll

2005-03-07 04:16:31 ----A---- C:\WINDOWS\system32\MSJInt35.dll

2005-03-07 04:15:44 ----D---- C:\Arquivos de programas\Show do Milhao

2005-03-07 04:13:42 ----A---- C:\WINDOWS\system32\VB5StKit.dll

2005-03-07 04:13:41 ----A---- C:\WINDOWS\ST5UNST.EXE

2005-03-07 04:06:17 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2005-03-07 02:48:03 ----A---- C:\WINDOWS\system32\drivers\bthpan.sys

2005-03-07 02:47:53 ----A---- C:\WINDOWS\system32\drivers\rfcomm.sys

2005-03-07 02:47:52 ----A---- C:\WINDOWS\system32\drivers\BthEnum.sys

2005-03-07 02:47:51 ----A---- C:\WINDOWS\system32\irmon.dll

2005-03-07 02:47:51 ----A---- C:\WINDOWS\system32\irftp.exe

2005-03-07 02:47:50 ----A---- C:\WINDOWS\system32\wshirda.dll

2005-03-07 02:47:44 ----A---- C:\WINDOWS\system32\drivers\bthport.sys

2005-03-07 02:47:43 ----A---- C:\WINDOWS\system32\drivers\BTHUSB.SYS

2005-03-07 01:38:56 ----A---- C:\vqmrv.exe

2005-03-07 01:29:58 ----ASH---- C:\hiberfil.sys

2005-03-07 01:26:42 ----A---- C:\WINDOWS\VGAsetup.ini

2005-03-07 01:26:39 ----N---- C:\WINDOWS\system32\TVMode.dll

2005-03-07 01:26:39 ----N---- C:\WINDOWS\system32\SiSHook.dll

2005-03-07 01:26:39 ----N---- C:\WINDOWS\system32\SiSApCom.dll

2005-03-07 01:26:39 ----D---- C:\WINDOWS\SIS

2005-03-07 01:26:37 ----A---- C:\WINDOWS\system32\sistray.exe

2005-03-07 01:26:29 ----A---- C:\WINDOWS\system32\SiSPower.dll

2005-03-07 01:26:29 ----A---- C:\WINDOWS\Progress.exe

2005-03-07 01:26:29 ----A---- C:\WINDOWS\InstFunc.exe

2005-03-07 01:26:29 ----A---- C:\WINDOWS\InstFunc.dll

2005-03-07 01:26:29 ----A---- C:\WINDOWS\difxapi.dll

2005-03-07 01:26:22 ----A---- C:\WINDOWS\system32\SiSPInst.dll

2005-03-07 01:26:17 ----D---- C:\Arquivos de programas\SiS VGA Utilities V3.74

2005-03-07 01:25:59 ----A---- C:\WINDOWS\system32\VGAunistlog.ini

2005-03-07 01:25:49 ----A---- C:\WINDOWS\system32\SiSParse.dll

2005-03-07 01:25:49 ----A---- C:\WINDOWS\system32\SiSInst.dll

2005-03-07 01:25:49 ----A---- C:\WINDOWS\system32\drivers\srvkp.sys

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\sisgrv.dll

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\sisgl.dll

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\SiSBase.dll

2005-03-07 01:25:47 ----A---- C:\WINDOWS\system32\drivers\sisgrp.sys

2005-03-07 01:15:49 ----D---- C:\Arquivos de programas\Windows Sidebar

2005-03-07 01:15:44 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Norton

2005-03-07 01:12:35 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NortonInstaller

2005-03-07 00:38:42 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\IObit

2005-03-07 00:38:42 ----D---- C:\Arquivos de programas\IObit

2005-03-07 00:34:23 ----AD---- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2005-03-07 00:32:55 ----D---- C:\Arquivos de programas\Fotosizer

2005-03-07 00:31:33 ----D---- C:\rsit

2005-03-07 00:30:41 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\HP Photo Creations

2005-03-07 00:30:41 ----D---- C:\Arquivos de programas\HP Photo Creations

2005-03-07 00:30:32 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\HpUpdate

2005-03-07 00:30:12 ----N---- C:\WINDOWS\system32\HPDiscoPM9311.dll

2005-03-07 00:29:59 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys

2005-03-07 00:29:56 ----A---- C:\WINDOWS\system32\HPScanMiniDrv_DJ3050_J610.dll

2005-03-07 00:29:41 ----A---- C:\WINDOWS\system32\hpinksts9311LM.dll

2005-03-07 00:29:41 ----A---- C:\WINDOWS\system32\hpinksts9311.dll

2005-03-07 00:29:41 ----A---- C:\WINDOWS\system32\hpinkcoi9311.dll

2005-03-07 00:29:10 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\HP

2005-03-07 00:29:08 ----D---- C:\Arquivos de programas\HP

2005-03-07 00:26:24 ----A---- C:\WINDOWS\system32\drivers\usbprint.sys

2005-03-07 00:26:20 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2005-03-07 00:24:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$

2005-03-07 00:24:02 ----D---- C:\Arquivos de programas\Google

2005-03-07 00:12:51 ----A---- C:\sality.txt

2005-03-07 00:11:55 ----A---- C:\SalityKiller.exe

2005-03-07 00:11:55 ----A---- C:\eula.txt

2005-03-07 00:11:17 ----D---- C:\Arquivos de programas\Microsoft.NET

2005-03-07 00:10:31 ----D---- C:\Arquivos de programas\Arquivos comuns\DESIGNER

2005-03-07 00:08:47 ----D---- C:\RegUnlocker Backups

2005-03-07 00:08:23 ----A---- C:\WINDOWS\system32\S6PABB1C.EXE

2005-03-07 00:08:22 ----SH---- C:\WINDOWS\system32\ZH596.EXE

2005-03-07 00:04:10 ----D---- C:\Documents and Settings\Jully\Dados de aplicativos\Tific

2005-03-06 21:50:56 ----A---- C:\WINDOWS\system32\h323log.txt

2005-03-06 21:41:03 ----A---- C:\WINDOWS\system32\drivers\audstub.sys

2005-03-06 21:40:17 ----A---- C:\WINDOWS\system32\hidserv.dll

2005-03-06 21:39:51 ----A---- C:\WINDOWS\system32\drivers\redbook.sys

2005-03-06 21:39:08 ----A---- C:\WINDOWS\system32\drivers\sisnic.sys

2005-03-06 21:38:59 ----A---- C:\WINDOWS\system32\usbui.dll

2005-03-06 21:38:53 ----A---- C:\WINDOWS\system32\drivers\UAGP35.SYS

2005-03-06 21:37:19 ----SHD---- C:\WINDOWS\Installer

2005-03-06 21:37:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2005-03-06 21:37:18 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC

2005-03-06 21:37:18 ----A---- C:\WINDOWS\ODBCINST.INI

2005-03-06 21:37:14 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines

2005-03-06 21:37:14 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared

2005-03-06 21:37:13 ----RD---- C:\Arquivos de programas

2005-03-06 21:37:13 ----D---- C:\Arquivos de programas\Arquivos comuns

2005-03-06 21:37:10 ----RA---- C:\WINDOWS\system32\kbdtuq.dll

2005-03-06 21:37:10 ----RA---- C:\WINDOWS\system32\kbdtuf.dll

2005-03-06 21:37:10 ----RA---- C:\WINDOWS\system32\kbdazel.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdycc.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbduzb.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdur.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdtat.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdru1.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdru.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdmon.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdkyr.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdkaz.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdbu.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdblr.dll

2005-03-06 21:37:08 ----RA---- C:\WINDOWS\system32\kbdaze.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhept.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhela3.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhela2.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhe319.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhe220.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdhe.dll

2005-03-06 21:37:06 ----RA---- C:\WINDOWS\system32\kbdgkl.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlv1.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlv.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlt1.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdlt.dll

2005-03-06 21:37:04 ----RA---- C:\WINDOWS\system32\kbdest.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdycl.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdsl1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdsl.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdro.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdpl1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdpl.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdhu1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdhu.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcz2.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcz1.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcz.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\kbdcr.dll

2005-03-06 21:37:02 ----RA---- C:\WINDOWS\system32\KBDAL.DLL

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\spxcoins.dll

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\irclass.dll

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\dgsetup.dll

2005-03-06 21:36:59 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2005-03-06 21:36:58 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2005-03-06 21:36:56 ----N---- C:\WINDOWS\system32\CONFIG.TMP

2005-03-06 21:36:56 ----A---- C:\WINDOWS\TASKMAN.EXE

2005-03-06 21:36:56 ----A---- C:\WINDOWS\system32\drivers\irenum.sys

2005-03-06 21:36:56 ----A---- C:\WINDOWS\system32\batt.dll

2005-03-06 21:36:54 ----A---- C:\WINDOWS\NOTEPAD.EXE

2005-03-06 21:36:52 ----A---- C:\WINDOWS\system32\storprop.dll

2005-03-06 21:36:43 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

2005-03-06 21:34:59 ----RA---- C:\WINDOWS\SET8.tmp

2005-03-06 21:34:56 ----RA---- C:\WINDOWS\SET4.tmp

2005-03-06 21:34:55 ----RA---- C:\WINDOWS\SET3.tmp

2005-03-06 21:34:49 ----D---- C:\WINDOWS\system32\CatRoot2

2005-03-06 21:34:49 ----D---- C:\WINDOWS\system32\CatRoot

2005-03-06 21:34:43 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft

2005-03-06 21:34:19 ----D---- C:\Documents and Settings

2005-03-06 21:34:18 ----SHD---- C:\System Volume Information

2005-03-06 21:33:11 ----SH---- C:\boot.ini

2005-03-06 21:28:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

2005-03-06 21:28:38 ----RSD---- C:\WINDOWS\Fonts

2005-03-06 21:28:38 ----RD---- C:\WINDOWS\Web

2005-03-06 21:28:38 ----HD---- C:\WINDOWS\inf

2005-03-06 21:28:38 ----D---- C:\WINDOWS\WinSxS

2005-03-06 21:28:38 ----D---- C:\WINDOWS\twain_32

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Temp

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\wins

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\wbem

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\usmt

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\spool

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\ShellExt

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\Setup

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\ras

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\oobe

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\npp

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\mui

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\inetsrv

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\IME

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\icsxml

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\ias

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\export

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\drivers\etc

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\drivers\disdn

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\drivers

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\dhcp

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\config

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\3com_dmi

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\3076

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\2052

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1054

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1046

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1042

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1041

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1037

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1033

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1031

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1028

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32\1025

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system32

2005-03-06 21:28:38 ----D---- C:\WINDOWS\system

2005-03-06 21:28:38 ----D---- C:\WINDOWS\security

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Resources

2005-03-06 21:28:38 ----D---- C:\WINDOWS\repair

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Provisioning

2005-03-06 21:28:38 ----D---- C:\WINDOWS\PeerNet

2005-03-06 21:28:38 ----D---- C:\WINDOWS\pchealth

2005-03-06 21:28:38 ----D---- C:\WINDOWS\mui

2005-03-06 21:28:38 ----D---- C:\WINDOWS\msapps

2005-03-06 21:28:38 ----D---- C:\WINDOWS\msagent

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Media

2005-03-06 21:28:38 ----D---- C:\WINDOWS\java

2005-03-06 21:28:38 ----D---- C:\WINDOWS\ime

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Help

2005-03-06 21:28:38 ----D---- C:\WINDOWS\ehome

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Driver Cache

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Debug

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Cursors

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Connection Wizard

2005-03-06 21:28:38 ----D---- C:\WINDOWS\Config

2005-03-06 21:28:38 ----D---- C:\WINDOWS\AppPatch

2005-03-06 21:28:38 ----D---- C:\WINDOWS\addins

2005-03-06 21:28:38 ----D---- C:\WINDOWS

2005-03-06 21:28:38 ----ASH---- C:\pagefile.sys

 

======List of files/folders modified in the last 1 months======

 

2011-05-13 20:27:07 ----A---- C:\WINDOWS\system.ini

2011-05-13 20:16:27 ----ASH---- C:\WINDOWS\fonts\desktop.ini

2006-11-03 00:21:18 ----A---- C:\WINDOWS\system32\wmploc.dll

2006-11-02 23:31:26 ----A---- C:\WINDOWS\system32\wmpshell.dll

2006-11-02 23:30:08 ----A---- C:\WINDOWS\system32\wmerror.dll

2006-11-02 23:24:36 ----A---- C:\WINDOWS\system32\asferror.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmvdmoe2.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmvdmod.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmvcore.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMSPDMOE.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\WMSPDMOD.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmsdmoe2.dll

2006-10-18 21:47:22 ----A---- C:\WINDOWS\system32\wmsdmod.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmpdxm.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmpasf.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmp.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\WMNetMgr.dll

2006-10-18 21:47:20 ----A---- C:\WINDOWS\system32\wmidx.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\wmdmps.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\wmdmlog.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\WMASF.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\WMADMOE.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\WMADMOD.dll

2006-10-18 21:47:18 ----A---- C:\WINDOWS\system32\qasf.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\mswmdm.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\msscp.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\mspmsp.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\mspmsnsv.dll

2006-10-18 21:47:16 ----A---- C:\WINDOWS\system32\msnetobj.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MPG4DMOD.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MP4SDMOD.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\MP43DMOD.dll

2006-10-18 21:47:14 ----A---- C:\WINDOWS\system32\LAPRXY.dll

2006-10-18 21:47:10 ----A---- C:\WINDOWS\system32\drmv2clt.dll

2006-10-18 21:47:10 ----A---- C:\WINDOWS\system32\cewmdm.dll

2006-10-18 21:47:10 ----A---- C:\WINDOWS\system32\blackbox.dll

2006-10-18 20:03:58 ----A---- C:\WINDOWS\system32\logagent.exe

2005-03-07 04:37:34 ----A---- C:\WINDOWS\win.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 uagp35;Filtro Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-03 44672]

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41472]

R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2006-05-05 12288]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\nsmqj.sys []

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-08-23 821760]

R3 hidusb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-28 9600]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-28 12288]

R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2006-05-08 254976]

R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S3 BthEnum;Driver de Bloqueio de Solicitação Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

S3 BTHPORT;Driver de Porta Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274560]

S3 BTHUSB;Driver USB de Rádio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

S3 RFCOMM;Dispositivo Bluetooth (TDI do Protocolo RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 MBAMService;MBAMService; C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe [2009-12-03 276816]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Arquivos de programas\Spyware Terminator\sp_rsser.exe [2005-03-07 523776]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Serviço de Compartilhamento de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-02 942592]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

 

-----------------EOF-----------------

[wings 22]

Tem certeza de que fez o procedimento do salitykiller corretamente conforme orientei?

 

Se positivo, a versão deste sality será difícil de remover. Recomendo salvar seus arquivos pessoais, exceto .exe (aplicativos) e formatar todas as partições do PC.

 

Depois, instale o Windows, o Office e instale um antivírus.

[Felipe e Jully 0]

Fiz mais agora tentei dinovo

e agora nao abriu as duas janelas que eram para abrir da 2ª etapa !!!!

o que sera que e e se tem mais alguma SOLUÇÃO!!!!

desde ja agradeco

[wings 22]

Recomendo a formatação. A versão do sality na sua máquina (Virus.Win32.Sality.bh) é de difícil remoção.

 

O sality é um file infector que contamina arquivos .exe. Geralmente a fonte é o uso de cracks, keygens.

 

Conforme informei antes...

 

Recomendo salvar seus arquivos pessoais, exceto .exe (aplicativos) e formatar todas as partições do PC.

 

Depois, instale o Windows, o Office e instale um antivírus.

É preciso formatar todas as partições C:\, D:\...

Não salve arquivos .exe. Faça um backup dos arquivos pessoais num pen drive.

Antes de repor os arquivos pessoais, no PC recém formatado, instale um antivírus e faça um scan no pen drive. Recomendo o Avira ou Avast.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.