PDA

View Full Version : "Total Security" runs automatically



Dragaodacampineira
2009-08-27, 21:44
Hi, there.
I opened a topic called "'Total Security' installs automatcally", and was replying to it when i received a message "Sorry! This forum is not accepting new posts!". What happened? The topic got closed?
I was replying to Katana. I installed and runned all tools indicated (MGADiag and RSIT). I am still troubled with this infection and willing to have your guidance. Should i post the logs created?
I will take the liberty of posting the logs asked, for a (new) beginning.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:49, on 27/8/2001
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\WindowsXP\Desktop\RSIT.exe
C:\Documents and Settings\WindowsXP\Desktop\WindowsXP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k
O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [HotVideo_br] c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de programas\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

--
End of file - 4555 bytes

Dragaodacampineira
2009-08-27, 21:46
Here goes the MGADiag log:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Clock sync error
Validation Code: 10

Cached Validation Code: N/A
Windows Product Key: *****-*****-YXRKT-8TG6W-2B7Q8
Windows Product Key Hash: RVvFciZMdQfJLyDpZteolhaqicQ=
Windows Product ID: 55274-640-0000356-23309
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
ID: {7730CCCE-66D2-4ADC-8DD2-461451A35A85}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: FCEE394C-458-80041001_025D1FF3-344-80041001_025D1FF3-229-80041001_025D1FF3-230-1_025D1FF3-238-2_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 101 Not Activated
Microsoft Office XP Professional - 101 Not Activated
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-458-80041001_025D1FF3-344-80041001_025D1FF3-229-80041001_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Arquivos de programas\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7730CCCE-66D2-4ADC-8DD2-461451A35A85}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2B7Q8</PKey><PID>55274-640-0000356-23309</PID><PIDType>1</PIDType><SID>S-1-5-21-1202660629-1708537768-2146889571</SID><SYSTEM/><BIOS/><HWID>631D398F0184A049</HWID><UserLCID>0416</UserLCID><SystemLCID>0416</SystemLCID><TimeZone>Hora oficial do Brasil(GMT-03:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>101</Result><Products><Product GUID="{91110416-6000-11D3-8CFE-0050048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>A110F76D971C7DC</Val><Hash>dVd/CksZKHMCpyWAuCWteTqQe6o=</Hash><Pid>54507-750-3144781-17921</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="101"/><App Id="16" Version="10" Result="101"/><App Id="18" Version="10" Result="101"/><App Id="1A" Version="10" Result="101"/><App Id="1B" Version="10" Result="101"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Dragaodacampineira
2009-08-27, 21:48
This is RSIT's info.txt

info.txt logfile of random's system information tool 1.06 2001-08-27 01:52:01

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe ActiveShare 1.5-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{B3C7CA81-27EB-11D4-A59C-00E02C071F5C}\setup.exe" UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Agere Systems PCI Soft Modem-->agrsmdel
AntiViral Toolkit Pro-->C:\ARQUIV~1\ANTIVI~1\UNWISE.EXE C:\ARQUIV~1\ANTIVI~1\INSTALL.LOG
Barra do iG-->regsvr32.exe /u /s "C:\ARQUIV~1\IG\igshop.dll"
Désinstaller Le Petit Robert de la langue française-->C:\WINDOWS\IsUn040c.exe -f"C:\Arquivos de programas\Le Robert\Le Petit Robert\Uninst.isu"
DivX Codec 3.1alpha release-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
Edição Eletrônica de Freud-->C:\WINDOWS\ST4UNST.EXE -n "C:\Arquivos de programas\freud\ST4UNST.LOG"
EVEREST Ultimate Edition v5.02-->"C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Grand Theft Auto-->C:\Games\Uninstal.exe
Half-Life: Opposing Force-->C:\GAMES\HALFLIFE\gearbox\UNWISE.EXE C:\GAMES\HALFLIFE\gearbox\INSTALL.LOG
Half-Life-->C:\WINDOWS\IsUninst.exe -fc:\Games\Halflife\Uninst.isu -c"c:\Games\Halflife\HLUNINST.DLL"
HijackThis 2.0.2-->"C:\Documents and Settings\WindowsXP\Desktop\HijackThis.exe" /uninstall
HP PrecisionScan LTX-->C:\WINDOWS\IsUn0816.exe -f"C:\Arquivos de programas\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Arquivos de programas\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
Kazaa Media Desktop 2.0.2-->RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_291 "{A2756524-E9F9-4AC1-AF4E-15F3460ACB3E}"
LiveReg (Symantec Corporation)-->C:\Arquivos de programas\Arquivos comuns\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Macromedia Dreamweaver MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 9-->C:\WINDOWS\IsUninst.exe -f"C:\Arquivos de programas\Macromedia\FreeHand 9\Uninst.isu"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000416-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Professional-->MsiExec.exe /I{91110416-6000-11D3-8CFE-0050048383C9}
mIRC-->"C:\Scoop2003\scoop.exe" -uninstall
Outlook Express Update Q330994-->C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Sierra Utilities-->C:\Arquivos de programas\Sierra On-Line\sutil32.exe uninstall
SiS Audio Driver-->C:\Progra~1\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Software para Impressoras EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\epupdate.exe /r
Suplemento MSN para Windows Messenger-->rundll32.exe "C:\Arquivos de programas\Messenger\MSGSC.dll",UnregisterMSNExt
SystemSecurity2009-->C:\Documents and Settings\WindowsXP\Menu Iniciar\Programas\Total Security\Total Security 2009.lnk
UltraDiscador iBest-->"C:\Arquivos de programas\UltraDiscador iBest\uninst.exe"
Winamp3 (remove only)-->C:\Arquivos de programas\Winamp3\uninst-wa3.EXE
Windows XP Application Compatibility Update[Q319580]-->C:\WINDOWS\$NtUninstallQ319580$\spuninst\spuninst.exe
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q309521 for more information]-->C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q311889 for more information]-->C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q311967 for more information]-->C:\WINDOWS\$NtUninstallQ311967$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q313450 for more information]-->C:\WINDOWS\$NtUninstallQ313450$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q314147 for more information]-->C:\WINDOWS\$NtUninstallQ314147$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q314862 for more information]-->C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q315000 for more information]-->C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q315403 for more information]-->C:\WINDOWS\$NtUninstallQ315403$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q317277 for more information]-->C:\WINDOWS\$NtUninstallQ317277$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q318138 for more information]-->C:\WINDOWS\$NtUninstallQ318138$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q323172 for more information]-->C:\WINDOWS\$NtUninstallQ323172$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q324096 for more information]-->C:\WINDOWS\$NtUninstallQ324096$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q324380 for more information]-->C:\WINDOWS\$NtUninstallQ324380$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q326830 for more information]-->C:\WINDOWS\$NtUninstallQ326830$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q331953-->C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
Windows XP Hotfix Package [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Dragaodacampineira
2009-08-27, 22:09
This is the part 1 of RSIT's log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by WindowsXP at 2001-08-27 01:51:43
WIN_XP
System drive C: has 23 GB (58%) free of 39 GB
Total RAM: 255 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:49, on 27/8/2001
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\WindowsXP\Desktop\RSIT.exe
C:\Documents and Settings\WindowsXP\Desktop\WindowsXP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &iG - {7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O4 - HKLM\..\Run: [Eac_Download] C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k
O4 - HKLM\..\Run: [Sysres] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [regtmlp] C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [KAZAA] C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [HotVideo_br] c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [odby] C:\WINDOWS\odb.exe
O4 - HKLM\..\Run: [netc] C:\WINDOWS\svc.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\Run: [13843124] C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124.exe
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE" "C:\Arquivos de programas\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UltraDiscador iBest] "C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [Le Petit Robert Hyperappel] C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\Run: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-21-1202660629-1708537768-2146889571-1003\..\RunServices: [UpdateWin] C:\WINDOWS\System32\2052t.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra button: Barra do iG - {FD1672E0-AE0D-465B-B345-F7B0944A121D} - C:\ARQUIV~1\IG\igshop.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

--
End of file - 4555 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7EEF1E3D-FD97-4401-BCDB-5827F2D11709}]
&iG - C:\ARQUIV~1\IG\igshop.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2001-08-27 846876]
{7EEF1E3D-FD97-4401-BCDB-5827F2D11709} - &iG - C:\ARQUIV~1\IG\igshop.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Eac_Download"=C:\Arquivos de programas\Arquivos comuns\eAcceleration\download.exe -k []
"Sysres"=C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe []
"regtmlp"=C:\ARQUIV~1\NORTON~1\NORTON~1\navapw32.exe []
"WinampAgent"=C:\Arquivos de programas\Winamp3\winampa.exe []
"KAZAA"=C:\Arquivos de programas\Kazaa\kazaa.exe /SYSTRAY []
"HotVideo_br"=c:\program files\dialers\hotvideo_br\hotvideo_br.exe /noconnect []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2002-02-01 87037]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"odby"=C:\WINDOWS\odb.exe [2001-08-27 234496]
"netc"=C:\WINDOWS\svc.exe [2001-08-27 233472]
"lsass"=C:\WINDOWS\lsass.exe [2001-08-27 279552]
"UpdateWin"=C:\WINDOWS\System32\2052t.exe [2001-08-27 41984]
"13843124"=C:\Documents and Settings\All Users\Dados de aplicativos\13843124\13843124 [2001-08-27 56]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DELDIR0.EXE"=C:\DOCUME~1\WINDOW~1\CONFIG~1\Temp\DELDIR0.EXE [2003-10-16 32768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-08-27 13312]
"UltraDiscador iBest"=C:\Arquivos de programas\UltraDiscador iBest\autoupdate.exe [2003-01-17 16384]
"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2003-04-14 1491216]
"Le Petit Robert Hyperappel"=C:\Arquivos de programas\Le Robert\Le Petit Robert\prhyper.exe [2001-10-11 22560]
"UpdateWin"=C:\WINDOWS\System32\2052t.exe [2001-08-27 41984]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Arquivos de programas\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2006-08-18 11:54:04 ----SHD---- C:\FOUND.045
2006-07-26 18:09:10 ----SHD---- C:\FOUND.044
2006-07-10 15:52:54 ----SHD---- C:\FOUND.043
2006-06-28 09:29:11 ----SHD---- C:\WINDOWS\CSC
2006-05-17 15:22:20 ----SHD---- C:\FOUND.042
2006-05-09 15:16:12 ----SHD---- C:\FOUND.041
2006-04-26 11:26:23 ----A---- C:\WINDOWS\System32\ntdll.dll
2005-12-14 14:09:11 ----A---- C:\WINDOWS\System32\MRT.exe
2005-09-13 02:03:53 ----D---- C:\quake 1
2005-09-11 13:23:52 ----SHD---- C:\FOUND.040
2005-09-10 23:28:40 ----D---- C:\Show Chic Corea e Banda
2005-09-10 23:21:43 ----HD---- C:\WINDOWS\$NtUninstallKB828741$
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\txflog.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\rpcss.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\rpcrt4.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\ole32.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\mtxoci.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\mtxclu.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\msdtctm.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\comuid.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\colbact.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\clbcatq.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\clbcatex.dll
2005-09-10 23:21:41 ----A---- C:\WINDOWS\System32\catsrv.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\es.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\comsvcs.dll
2005-09-10 23:21:40 ----A---- C:\WINDOWS\System32\catsrvut.dll
2005-09-10 23:20:15 ----HD---- C:\WINDOWS\$NtUninstallKB835732$
2005-09-10 23:20:14 ----A---- C:\WINDOWS\System32\rtcdll.dll
2005-09-10 23:20:14 ----A---- C:\WINDOWS\System32\netapi32.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\schannel.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\msgina.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\msasn1.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\mf3216.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\lsasrv.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\ipnathlp.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\h323msp.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\gdi32.dll
2005-09-10 23:20:13 ----A---- C:\WINDOWS\System32\browser.dll
2005-09-10 23:19:17 ----HD---- C:\WINDOWS\$NtUninstallKB823559$
2005-09-10 23:18:23 ----RA---- C:\WINDOWS\agrsmdel.exe
2005-09-10 23:18:22 ----RA---- C:\WINDOWS\AGRSMMSG.exe
2005-09-10 23:18:08 ----A---- C:\WINDOWS\System32\zipfldr.dll
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\WININET.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\URLMON.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\URL.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHLWAPI.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHDOCVW.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\SHDOCLC.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\PNGFILT.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\MSHTML.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\INSENG.DLL
2005-09-10 23:17:09 ----A---- C:\WINDOWS\System32\BROWSEUI.DLL
2005-09-10 23:17:08 ----HD---- C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$
2005-09-10 23:15:48 ----HD---- C:\WINDOWS\$NtUninstallQ810833$
2005-09-10 23:15:48 ----A---- C:\WINDOWS\System32\locator.exe
2005-09-10 23:15:26 ----A---- C:\WINDOWS\System32\srrstr.dll
2005-09-10 23:14:29 ----HD---- C:\WINDOWS\$NtUninstallQ817606$
2005-08-22 15:37:30 ----D---- C:\WINDOWS\System32\SoftwareDistribution
2005-07-13 20:18:07 ----D---- C:\Arquivos de programas\Arquivos comuns\Macromedia
2005-07-13 20:02:07 ----N---- C:\WINDOWS\System32\cfperfmon_mx.dll
2005-07-13 19:45:30 ----D---- C:\Arquivos de programas\Macromedia
2005-05-26 04:16:30 ----A---- C:\WINDOWS\System32\wups2.dll
2005-02-11 13:36:12 ----SHD---- C:\FOUND.039
2005-01-21 14:48:57 ----D---- C:\NFS5
2005-01-21 14:34:14 ----SHD---- C:\FOUND.038
2005-01-05 11:42:22 ----D---- C:\Activision
2004-11-08 17:34:25 ----HD---- C:\WINDOWS\$hf_mig$
2004-10-16 14:48:35 ----D---- C:\WINDOWS\System32\bits
2004-10-16 14:48:23 ----HD---- C:\WINDOWS\$NtUninstallKB842773$
2004-09-16 12:26:39 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2004-09-16 12:26:39 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2004-09-16 12:26:39 ----A---- C:\WINDOWS\System32\winhttp.dll
2004-09-16 12:26:38 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2004-09-14 14:38:00 ----D---- C:\WINDOWS\SoftwareDistribution
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuweb.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wups.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wucltui.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuaueng1.dll
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuauclt1.exe
2004-09-14 14:37:37 ----A---- C:\WINDOWS\System32\wuapi.dll
2004-07-30 11:36:09 ----A---- C:\WINDOWS\PR1V2.INI
2004-07-30 11:29:37 ----D---- C:\Arquivos de programas\Le Robert
2004-07-30 11:28:39 ----A---- C:\WINDOWS\IsUn040c.exe
2004-06-30 16:59:34 ----N---- C:\WINDOWS\System32\xpob2res.dll
2003-11-01 11:54:06 ----H---- C:\WINDOWS\System32\MFCEH32.DLL
2003-10-16 22:20:24 ----A---- C:\WINDOWS\AVPM.INI
2003-10-16 22:20:24 ----A---- C:\WINDOWS\AVP32.INI
2003-10-16 22:20:16 ----D---- C:\Arquivos de programas\Arquivos comuns\AVP Shared
2003-10-16 22:20:16 ----D---- C:\Arquivos de programas\AntiViral Toolkit Pro
2003-10-16 21:36:56 ----D---- C:\Arquivos de programas\McAfee VirusScan 6.01.2000 Retail
2003-10-16 21:34:37 ----D---- C:\Arquivos de programas\Lavasoft
2003-10-16 20:59:54 ----D---- C:\Arquivos de programas\Trojan Remover
2003-09-27 14:01:16 ----SHD---- C:\FOUND.037
2003-09-21 20:04:38 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Macromedia
2003-09-21 15:00:06 ----SHD---- C:\FOUND.036
2003-09-17 11:30:36 ----SHD---- C:\FOUND.035
2003-08-16 15:22:44 ----SHD---- C:\FOUND.034
2003-08-12 21:11:08 ----SHD---- C:\FOUND.033
2003-07-21 15:03:40 ----D---- C:\Arquivos de programas\EMusic Download Manager
2003-07-21 14:48:54 ----A---- C:\WINDOWS\Winamp.ini
2003-07-21 14:48:15 ----D---- C:\Arquivos de programas\Winamp3
2003-07-20 23:50:18 ----A---- C:\WINDOWS\Video.INI
2003-07-19 13:22:38 ----SHD---- C:\FOUND.032
2003-07-15 15:59:30 ----A---- C:\WINDOWS\Icon.INI
2003-07-15 15:42:19 ----D---- C:\Arquivos de programas\UltraDiscador iBest
2003-07-14 17:35:33 ----HD---- C:\WINDOWS\$NtUninstallQ815021$
2003-07-14 17:34:12 ----A---- C:\WINDOWS\ieuninst.exe
2003-07-14 17:31:04 ----SHD---- C:\FOUND.031
2003-07-14 01:17:19 ----A---- C:\WINDOWS\uninst.exe
2003-07-10 23:47:18 ----SHD---- C:\FOUND.030
2003-06-24 21:12:28 ----SHD---- C:\FOUND.029
2003-06-02 23:50:46 ----SHD---- C:\FOUND.028
2003-05-27 17:55:41 ----HD---- C:\WINDOWS\$NtUninstallQ331953$
2003-05-27 17:54:52 ----D---- C:\WINDOWS\RegisteredPackages
2003-05-27 17:54:21 ----HD---- C:\WINDOWS\$NtUninstallQ811493$
2003-05-27 17:53:01 ----A---- C:\WINDOWS\System32\inetcomm.dll
2003-05-27 17:52:27 ----D---- C:\Arquivos de programas\Common Files
2003-05-21 18:47:51 ----N---- C:\WINDOWS\KiG.exe
2003-05-13 19:11:00 ----SHD---- C:\FOUND.027
2003-05-13 19:07:24 ----A---- C:\WINDOWS\System32\jscript.dll
2003-05-11 14:27:40 ----N---- C:\WINDOWS\Setup1.exe
2003-05-11 14:27:38 ----A---- C:\WINDOWS\ST6UNST.EXE
2003-05-11 14:21:19 ----A---- C:\WINDOWS\WORDPAD.INI
2003-05-08 01:19:56 ----D---- C:\WINDOWS\aod
2003-05-08 01:19:40 ----D---- C:\Arquivos de programas\ICQLite
2003-04-30 12:13:59 ----D---- C:\WINDOWS\Minidump
2003-04-22 18:43:24 ----SHD---- C:\FOUND.026
2003-04-04 11:58:08 ----SHD---- C:\FOUND.025
2003-03-21 15:17:26 ----SHD---- C:\FOUND.024
2003-03-14 12:18:06 ----HD---- C:\WINDOWS\$NtUninstallQ329170$
2003-03-14 12:15:57 ----HD---- C:\WINDOWS\$NtUninstallQ810577$
2003-03-14 12:14:23 ----HD---- C:\WINDOWS\$NtUninstallQ328310$
2003-03-14 12:14:23 ----A---- C:\WINDOWS\System32\winsrv.dll
2003-03-14 12:14:23 ----A---- C:\WINDOWS\System32\user32.dll
2003-03-14 12:13:02 ----HD---- C:\WINDOWS\$NtUninstallQ329115$
2003-03-14 12:12:50 ----HD---- C:\WINDOWS\$NtUninstallQ329390$
2003-03-14 12:12:16 ----HD---- C:\WINDOWS\$NtUninstallQ329441$
2003-03-12 12:22:48 ----SHD---- C:\FOUND.023
2003-03-03 15:26:12 ----A---- C:\WINDOWS\Q330994.exe
2003-02-23 13:50:20 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2003-02-22 13:43:32 ----SHD---- C:\FOUND.022
2003-01-28 16:11:32 ----SHD---- C:\FOUND.021
2003-01-20 17:20:29 ----A---- C:\WINDOWS\ntbtlog.txt
2003-01-20 16:51:37 ----D---- C:\WINDOWS\pss
2003-01-08 14:40:24 ----SHD---- C:\FOUND.020
2002-12-17 02:35:08 ----A---- C:\WINDOWS\nscstiu_error.txt
2002-12-16 13:50:16 ----SHD---- C:\FOUND.019
2002-12-12 12:54:18 ----A---- C:\WINDOWS\System32\wmv9dmod.dll
2002-12-03 15:28:06 ----SHD---- C:\FOUND.018
2002-11-19 13:48:52 ----SHD---- C:\FOUND.017
2002-11-18 17:05:16 ----A---- C:\WINDOWS\System32\HotVideo_br-uninstall.exe
2002-11-12 14:24:30 ----SHD---- C:\FOUND.016
2002-11-08 19:23:28 ----SHD---- C:\FOUND.015
2002-11-08 12:23:44 ----HD---- C:\WINDOWS\$NtUninstallQ329834$
2002-11-08 12:23:07 ----HD---- C:\WINDOWS\$NtUninstallQ329048$
2002-11-08 12:23:06 ----HD---- C:\WINDOWS\$xpsp1hfm$
2002-11-08 12:23:06 ----A---- C:\WINDOWS\System32\xpsp1hfm.exe
2002-11-08 12:22:33 ----HD---- C:\WINDOWS\$NtUninstallQ324096$
2002-11-08 12:22:09 ----HD---- C:\WINDOWS\$NtUninstallQ323172$
2002-11-08 12:21:41 ----HD---- C:\WINDOWS\$NtUninstallQ324380$
2002-10-31 01:11:14 ----A---- C:\WINDOWS\System32\iuengine.dll
2002-10-28 22:21:26 ----SHD---- C:\FOUND.014
2002-10-18 20:43:22 ----HD---- C:\WINDOWS\$NtUninstallQ326830$
2002-10-10 17:22:14 ----A---- C:\WINDOWS\System32\ibestutl.dll
2002-10-08 16:33:27 ----A---- C:\WINDOWS\readme.txt
2002-09-23 15:11:26 ----A---- C:\WINDOWS\System32\crypt32.dll
2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\itss.dll
2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\itircl.dll
2002-09-23 13:15:10 ----A---- C:\WINDOWS\System32\hhsetup.dll
2002-09-21 20:13:26 ----A---- C:\WINDOWS\hh.exe
2002-09-19 11:29:58 ----A---- C:\WINDOWS\System32\shmedia.dll
2002-09-17 16:02:50 ----SHD---- C:\FOUND.013
2002-09-08 20:21:46 ----SHD---- C:\FOUND.012
2002-08-30 16:14:22 ----D---- C:\WINDOWS\solcache
2002-08-27 15:58:18 ----SHD---- C:\FOUND.011
2002-08-20 21:08:17 ----HD---- C:\WINDOWS\$NtUninstallQ313450$
2002-08-09 13:05:42 ----SHD---- C:\FOUND.010
2002-07-27 13:36:30 ----SHD---- C:\FOUND.009
2002-07-27 13:22:48 ----HD---- C:\WINDOWS\$NtUninstallQ318138$
2002-07-27 13:22:39 ----A---- C:\WINDOWS\System32\dxmasf.dll
2002-07-27 13:22:37 ----A---- C:\WINDOWS\System32\wmpcore.dll
2002-07-26 22:56:44 ----SHD---- C:\FOUND.008
2002-07-25 18:20:04 ----A---- C:\WINDOWS\System32\xactsrv.dll
2002-07-25 17:21:47 ----A---- C:\WINDOWS\System32\MVBK14N.DLL
2002-07-25 17:21:46 ----A---- C:\WINDOWS\System32\MVTL14N.DLL
2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVSR14N.DLL
2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVMG14N.DLL
2002-07-25 17:21:45 ----A---- C:\WINDOWS\System32\MVMC14N.DLL
2002-07-25 17:21:44 ----A---- C:\WINDOWS\System32\MVIX14N.DLL
2002-07-25 17:21:44 ----A---- C:\WINDOWS\System32\MVFS14N.DLL
2002-07-25 17:21:43 ----A---- C:\WINDOWS\System32\MVUT14N.DLL
2002-07-25 17:21:43 ----A---- C:\WINDOWS\System32\MVCL14N.DLL
2002-07-25 17:21:37 ----A---- C:\WINDOWS\System32\GRDKRN32.DLL
2002-07-25 17:21:34 ----D---- C:\Arquivos de programas\freud
2002-07-24 00:57:42 ----D---- C:\WINDOWS\LogFiles
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\WININET(3).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\WININET(2).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URLMON(3).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URLMON(2).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URL(3).DLL
2002-07-23 08:58:16 ----A---- C:\WINDOWS\System32\URL(2).DLL
2002-07-23 08:58:14 ----A---- C:\WINDOWS\System32\SHDOCVW(2).DLL
2002-07-23 08:58:14 ----A---- C:\WINDOWS\System32\shdoclc(2).dll
2002-07-22 16:01:46 ----A---- C:\WINDOWS\System32\TrackerNET.dll
2002-07-22 16:01:46 ----A---- C:\WINDOWS\System32\libmySQL.dll
2002-07-18 18:54:20 ----A---- C:\WINDOWS\System32\rdpdd.dll
2002-07-02 11:19:58 ----SHD---- C:\FOUND.007
2002-06-27 13:26:24 ----SHD---- C:\FOUND.006
2002-06-27 01:08:24 ----SHD---- C:\FOUND.005
2002-06-22 14:06:53 ----A---- C:\WINDOWS\War3Unin.exe
2002-06-19 16:23:12 ----SHD---- C:\FOUND.004
2002-06-17 22:03:02 ----SHD---- C:\FOUND.003
2002-06-11 15:46:56 ----HD---- C:\WINDOWS\$NtUninstallQ309521$
2002-06-11 15:46:43 ----HD---- C:\WINDOWS\$NtUninstallQ311889$
2002-06-11 15:46:30 ----HD---- C:\WINDOWS\$NtUninstallQ315000$
2002-06-11 15:46:20 ----HD---- C:\WINDOWS\$NtUninstallQ314862$
2002-06-11 15:46:08 ----HD---- C:\WINDOWS\$NtUninstallQ315403$
2002-06-11 15:45:58 ----HD---- C:\WINDOWS\$NtUninstallQ314147$
2002-06-11 15:45:46 ----HD---- C:\WINDOWS\$NtUninstallQ311967$
2002-06-11 15:45:16 ----HD---- C:\WINDOWS\$NtUninstallQ319580$
2002-06-11 15:44:49 ----N---- C:\WINDOWS\System32\spmsg.dll
2002-06-11 15:44:29 ----HD---- C:\WINDOWS\$NtUninstallQ317277$
2002-06-11 15:44:00 ----HD---- C:\WINDOWS\msdownld.tmp
2002-05-27 00:41:18 ----SHD---- C:\FOUND.002
2002-05-18 20:00:32 ----SHD---- C:\FOUND.001
2002-04-29 12:40:50 ----SHD---- C:\FOUND.000
2002-04-17 00:18:21 ----RA---- C:\WINDOWS\System32\qdcspi.dll
2002-04-01 12:22:18 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\MSN6
2002-04-01 12:22:18 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\MSN6
2002-03-21 16:14:21 ----D---- C:\Arquivos de programas\ICQ
2002-03-15 19:37:54 ----D---- C:\sierra
2002-03-15 19:01:47 ----D---- C:\Temp
2002-03-15 18:39:15 ----D---- C:\SAVE
2002-03-15 16:43:21 ----A---- C:\WINDOWS\System32\SNWValid.dll
2002-03-15 16:43:21 ----A---- C:\WINDOWS\System32\SierraNW.dll
2002-03-15 16:43:18 ----D---- C:\Arquivos de programas\Sierra On-Line
2002-03-15 16:43:17 ----D---- C:\Games
2002-03-15 16:41:38 ----A---- C:\WINDOWS\SIERRA.INI
2002-02-26 14:58:06 ----A---- C:\WINDOWS\System32\vbscript.dll
2002-02-23 12:23:12 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Help
2002-02-15 15:59:08 ----A---- C:\WINDOWS\System32\msxml3.dll
2002-02-15 15:59:08 ----A---- C:\WINDOWS\System32\msxml3(2).dll
2002-02-12 22:24:54 ----A---- C:\WINDOWS\System32\rasdlg.dll
2002-02-12 22:24:52 ----A---- C:\WINDOWS\System32\rasapi32.dll
2002-02-12 22:24:52 ----A---- C:\WINDOWS\System32\rasapi32(2).dll
2002-02-12 22:03:02 ----A---- C:\WINDOWS\System32\snmpapi.dll
2002-02-12 22:02:36 ----A---- C:\WINDOWS\System32\wsnmp32.dll
2002-02-12 18:14:06 ----A---- C:\WINDOWS\System32\rassapi.dll
2002-01-25 03:36:44 ----A---- C:\WINDOWS\Access.exe
2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicutil4.exe
2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicutil4.dll
2002-01-23 01:59:10 ----N---- C:\WINDOWS\asicunst.exe
2002-01-22 15:38:56 ----A---- C:\WINDOWS\System32\qmgr.dll
2002-01-22 15:38:56 ----A---- C:\WINDOWS\System32\qmgr(2).dll
2002-01-07 17:15:34 ----A---- C:\WINDOWS\System32\msxml2.dll
2001-12-19 18:20:12 ----A---- C:\WINDOWS\System32\termsrv.dll
2001-12-19 18:20:12 ----A---- C:\WINDOWS\System32\termsrv(2).dll
2001-12-18 15:10:56 ----A---- C:\WINDOWS\System32\netsetup.exe
2001-12-18 13:33:14 ----D---- C:\WINDOWS\System32\appmgmt
2001-12-17 18:02:20 ----A---- C:\WINDOWS\System32\upnp.dll
2001-12-17 18:02:20 ----A---- C:\WINDOWS\System32\upnp(2).dll
2001-12-11 22:09:10 ----D---- C:\WINDOWS\DIALPASS
2001-12-09 03:17:53 ----D---- C:\Arquivos de programas\fotos-videos
2001-12-05 10:17:06 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBUtil.dll
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\ebpthp.dll
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBPMON2.DLL
2001-12-05 10:16:57 ----A---- C:\WINDOWS\System32\EBAPI.dll
2001-12-05 10:16:56 ----D---- C:\Arquivos de programas\Arquivos comuns\EPSON
2001-12-03 00:46:43 ----HD---- C:\WINDOWS\PIF
2001-12-03 00:26:52 ----SD---- C:\WINDOWS\Temporary Internet Files
2001-12-03 00:26:52 ----SD---- C:\WINDOWS\Hist¾rico
2001-12-01 11:51:32 ----RA---- C:\WINDOWS\System32\hpsjvset.dll
2001-12-01 11:46:15 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2001-12-01 11:44:45 ----D---- C:\Adobe Albums
2001-12-01 11:43:22 ----D---- C:\sj645
2001-12-01 11:39:14 ----A---- C:\WINDOWS\System32\Dc50v11_32.dll
2001-12-01 11:39:14 ----A---- C:\WINDOWS\System32\Dc50ip32.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\SC.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixjpeg.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixio130.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekfpixguid.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\ekexifio.dll
2001-12-01 11:39:13 ----A---- C:\WINDOWS\System32\DC265.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psParse.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psl350.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\psdkReg.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\pscSetup.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\pscParse.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\F210.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixpsets.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixexif.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\ekfpixaudio.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC280.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC240.dll
2001-12-01 11:39:12 ----A---- C:\WINDOWS\System32\DC210.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscLL.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Pscl2STI.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscDvlp.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscDcd.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscCllct.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\pscAdimg.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Deimg603.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg602.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg401.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg301.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\deimg.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Comm32.dll
2001-12-01 11:39:11 ----A---- C:\WINDOWS\System32\Camapi32.dll
2001-12-01 11:39:10 ----D---- C:\Arquivos de programas\Arquivos comuns\FotoNation
2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\npplg10N.dll
2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\lttwn10N.dll
2001-12-01 11:39:10 ----A---- C:\WINDOWS\System32\ltthk10w.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltkrn10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltisi10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltimg10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltfil10N.DLL
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltefx10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltdlg10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\LTDIS10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\ltann10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfwmf10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lftif10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpsd10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpng10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfpcd10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfgif10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lffax10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\LFCMP10N.DLL
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfbmp10N.dll
2001-12-01 11:39:09 ----A---- C:\WINDOWS\System32\lfawd10N.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\SfClientDLL.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\PLUGIN.DLL
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\lfavi10N.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\ioRdyRes.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\Iordy.dll
2001-12-01 11:39:08 ----A---- C:\WINDOWS\System32\ECircles.dll
2001-12-01 11:38:47 ----D---- C:\Arquivos de programas\Arquivos comuns\Adobe
2001-12-01 11:38:46 ----HD---- C:\Arquivos de programas\InstallShield Installation Information
2001-12-01 11:38:46 ----D---- C:\Arquivos de programas\Adobe
2001-12-01 11:38:04 ----D---- C:\Arquivos de programas\Arquivos comuns\InstallShield
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\ltkrn70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\ltfil70n.DLL
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lftif70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfpng70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfpcx70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\Lfkodak.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lfgif70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\lffpx70n.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\Lffpx7.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\hpsj32.dll
2001-12-01 11:37:37 ----A---- C:\WINDOWS\System32\hpgreg32.dll
2001-12-01 11:37:36 ----A---- C:\WINDOWS\System32\lffax70n.dll
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\LFCMP70n.DLL
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipeistor12.dll
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipebase12.dll
2001-12-01 11:37:35 ----A---- C:\WINDOWS\System32\ipeapi12.dll
2001-12-01 11:37:14 ----D---- C:\Arquivos de programas\Hewlett-Packard
2001-12-01 11:06:10 ----D---- C:\WINDOWS\System32\ReinstallBackups
2001-12-01 11:03:29 ----A---- C:\WINDOWS\hppsapp.INI
2001-12-01 10:53:31 ----A---- C:\WINDOWS\IsUn0816.exe
2001-11-30 15:16:29 ----D---- C:\Clips
2001-11-30 13:30:21 ----D---- C:\WINDOWS\System32\NtmsData
2001-11-30 12:22:54 ----A---- C:\WINDOWS\IsUn0416.exe
2001-11-30 12:17:43 ----A---- C:\WINDOWS\ODBC.INI
2001-11-30 12:14:25 ----D---- C:\Arquivos de programas\Microsoft Visual Studio
2001-11-30 12:14:25 ----D---- C:\Arquivos de programas\Arquivos comuns\Designer
2001-11-30 12:11:03 ----D---- C:\WINDOWS\ShellNew
2001-11-30 12:10:55 ----D---- C:\Arquivos de programas\Microsoft Office
2001-11-30 11:49:41 ----SHD---- C:\RECYCLED
2001-11-30 11:48:05 ----A---- C:\WINDOWS\System32\msjter35.dll
2001-11-30 11:48:05 ----A---- C:\WINDOWS\System32\Msjint35.dll
2001-11-30 11:48:03 ----A---- C:\WINDOWS\System32\msrd2x35.dll
2001-11-30 11:48:01 ----A---- C:\WINDOWS\System32\vbar332.dll
2001-11-30 11:48:01 ----A---- C:\WINDOWS\System32\msjet35.dll
2001-11-30 11:45:39 ----SD---- C:\WINDOWS\System32\Microsoft
2001-11-30 11:45:28 ----D---- C:\Arquivos de programas\Norton SystemWorks
2001-11-30 11:45:19 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Symantec
2001-11-30 11:45:08 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec
2001-11-30 11:45:06 ----D---- C:\Arquivos de programas\Symantec
2001-11-30 11:44:51 ----D---- C:\Arquivos de programas\Arquivos comuns\Symantec Shared
2001-11-30 11:44:43 ----A---- C:\WINDOWS\System32\msstkprp.dll
2001-11-30 11:44:36 ----A---- C:\WINDOWS\IsUninst.exe
2001-11-30 11:41:42 ----SHD---- C:\WINDOWS\Installer
2001-11-30 11:41:38 ----D---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Identities
2001-11-30 11:41:34 ----HD---- C:\Arquivos de programas\Uninstall Information
2001-11-30 11:41:23 ----SD---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\Microsoft
2001-11-30 11:41:23 ----ASH---- C:\Documents and Settings\WindowsXP\Dados de aplicativos\desktop.ini
2001-11-30 11:39:59 ----D---- C:\WINDOWS\Prefetch
2001-11-30 11:39:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2001-11-30 11:33:34 ----D---- C:\Arquivos de programas\xerox
2001-11-30 11:33:33 ----D---- C:\WINDOWS\System32\xircom
2001-11-30 11:33:33 ----D---- C:\Arquivos de programas\microsoft frontpage
2001-11-30 11:32:44 ----A---- C:\WINDOWS\control.ini
2001-11-30 11:32:44 ----A---- C:\AUTOEXEC.BAT
2001-11-30 11:32:28 ----A---- C:\WINDOWS\OEWABLog.txt
2001-11-30 11:32:21 ----A---- C:\WINDOWS\System32\mapi32.dll
2001-11-30 11:30:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2001-11-30 11:30:14 ----RD---- C:\WINDOWS\Offline Web Pages
2001-11-30 11:30:14 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2001-11-30 11:30:01 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2001-11-30 11:29:26 ----D---- C:\WINDOWS\srchasst
2001-11-30 11:29:20 ----D---- C:\WINDOWS\System32\Macromed
2001-11-30 11:29:20 ----D---- C:\WINDOWS\System32\DirectX
2001-11-30 11:29:10 ----D---- C:\Arquivos de programas\Movie Maker
2001-11-30 11:29:00 ----A---- C:\WINDOWS\System32\safrslv.dll
2001-11-30 11:29:00 ----A---- C:\WINDOWS\System32\safrdm.dll
2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\racpldlg.dll
2001-11-30 11:28:59 ----A---- C:\WINDOWS\System32\atrace.dll
2001-11-30 11:28:56 ----A---- C:\WINDOWS\System32\desktop.ini
2001-11-30 11:28:56 ----A---- C:\WINDOWS\desktop.ini
2001-11-30 11:28:53 ----D---- C:\WINDOWS\System32\Restore
2001-11-30 11:28:53 ----D---- C:\Arquivos de programas\Windows Media Player
2001-11-30 11:28:53 ----A---- C:\WINDOWS\System32\srsvc.dll
2001-11-30 11:28:53 ----A---- C:\WINDOWS\System32\srclient.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\msconf.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\mnmdd.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2001-11-30 11:28:52 ----A---- C:\WINDOWS\System32\ils.dll
2001-11-30 11:28:50 ----D---- C:\WINDOWS\PCHEALTH
2001-11-30 11:28:50 ----D---- C:\Arquivos de programas\NetMeeting
2001-11-30 11:28:50 ----A---- C:\WINDOWS\System32\msoert2.dll
2001-11-30 11:28:49 ----D---- C:\Arquivos de programas\Arquivos comuns\Serviços
2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\msoeacct.dll
2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\inetres.dll
2001-11-30 11:28:49 ----A---- C:\WINDOWS\System32\acctres.dll
2001-11-30 11:28:46 ----SD---- C:\WINDOWS\Tasks
2001-11-30 11:28:46 ----D---- C:\Arquivos de programas\Outlook Express
2001-11-30 11:28:46 ----A---- C:\WINDOWS\System32\schedsvc.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\mstinit.exe
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\mstask.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\isign32.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\inetcfg.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icwphbk.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icwdial.dll
2001-11-30 11:28:45 ----A---- C:\WINDOWS\System32\icfgnt5.dll
2001-11-30 11:28:44 ----D---- C:\Arquivos de programas\Arquivos comuns\MSSoap
2001-11-30 11:28:42 ----D---- C:\Arquivos de programas\Arquivos comuns\System
2001-11-30 11:28:41 ----D---- C:\Arquivos de programas\Internet Explorer
2001-11-30 11:27:14 ----D---- C:\Arquivos de programas\ComPlus Applications
2001-11-30 11:27:11 ----A---- C:\WINDOWS\vbaddin.ini
2001-11-30 11:27:11 ----A---- C:\WINDOWS\vb.ini
2001-11-30 11:27:02 ----D---- C:\WINDOWS\Registration
2001-11-30 11:26:45 ----HD---- C:\Arquivos de programas\WindowsUpdate
2001-11-30 11:26:45 ----D---- C:\Arquivos de programas\Serviços on-line
2001-11-30 11:26:32 ----D---- C:\Arquivos de programas\Messenger
2001-11-30 11:26:25 ----D---- C:\Arquivos de programas\MSN
2001-11-30 11:26:23 ----D---- C:\Arquivos de programas\MSN Gaming Zone
2001-11-30 11:26:23 ----A---- C:\WINDOWS\System32\write.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\sndvol32.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\sndrec32.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\mplay32.exe
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\hypertrm.dll
2001-11-30 11:26:15 ----A---- C:\WINDOWS\System32\accwiz.exe
2001-11-30 11:26:14 ----D---- C:\Arquivos de programas\Windows NT
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\winchat.exe
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\hticons.dll
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avwav.dll
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avtapi.dll
2001-11-30 11:26:14 ----A---- C:\WINDOWS\System32\avmeter.dll
2001-11-30 11:26:13 ----A---- C:\WINDOWS\System32\mspaint.exe
2001-11-30 11:26:10 ----A---- C:\WINDOWS\System32\getuname.dll
2001-11-30 11:26:10 ----A---- C:\WINDOWS\System32\clipbrd.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\winmine.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\spider.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\sol.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\mshearts.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\charmap.exe
2001-11-30 11:26:09 ----A---- C:\WINDOWS\System32\calc.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuauserv.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuaueng.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\wuauclt.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\sessmgr.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\reset.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\remotepg.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdshost.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\rdchost.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\mstscax.dll
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\mstsc.exe
2001-11-30 11:26:08 ----A---- C:\WINDOWS\System32\freecell.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\usrlogon.cmd
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tsshutdn.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tslabels.ini
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tskill.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tsdiscon.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\tscon.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\shadow.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rwinsta.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\regini.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpclip.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qwinsta.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qprocess.exe
2001-11-30 11:26:07 ----A---- C:\WINDOWS\System32\qappsrv.exe
2001-11-30 11:26:06 ----D---- C:\WINDOWS\System32\MsDtc
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\xolehlp.dll
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\msg.exe
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\msdtcprf.ini
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\logoff.exe
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\icaapi.dll
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2001-11-30 11:26:06 ----A---- C:\WINDOWS\System32\cdmodem.dll
2001-11-30 11:26:05 ----A---- C:\WINDOWS\System32\msdtclog.dll
2001-11-30 11:26:05 ----A---- C:\WINDOWS\System32\msdtc.exe
2001-11-30 11:26:04 ----D---- C:\WINDOWS\System32\Com
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\stclient.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxex.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\mtxdm.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\comrepl.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\comaddin.dll
2001-11-30 11:26:04 ----A---- C:\WINDOWS\System32\catsrvps.dll
2001-11-30 11:26:03 ----A---- C:\WINDOWS\System32\comsnap.dll
2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\wmimgmt.msc
2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\servdeps.dll
2001-11-30 11:25:56 ----A---- C:\WINDOWS\System32\mmfutil.dll
2001-11-30 11:25:55 ----A---- C:\WINDOWS\System32\licwmi.dll
2001-11-30 11:25:55 ----A---- C:\WINDOWS\System32\cmprops.dll
2001-11-30 11:23:54 ----A---- C:\WINDOWS\System32\h323log.txt
2001-11-30 11:20:55 ----A---- C:\WINDOWS\System32\nv4.dll
2001-11-30 11:20:43 ----A---- C:\WINDOWS\System32\usbui.dll
2001-11-30 11:18:26 ----A---- C:\WINDOWS\imsins.BAK
2001-11-30 11:18:18 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2001-11-30 11:18:16 ----D---- C:\Arquivos de programas\Arquivos comuns\ODBC
2001-11-30 11:18:16 ----A---- C:\WINDOWS\ODBCINST.INI
2001-11-30 11:18:11 ----D---- C:\Arquivos de programas\Arquivos comuns\SpeechEngines
2001-11-30 11:18:11 ----D---- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2001-11-30 11:18:11 ----AD---- C:\Arquivos de programas\Arquivos comuns
2001-11-30 11:18:11 ----AD---- C:\Arquivos de programas
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\spxcoins.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\irclass.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\EqnClass.Dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\dgsetup.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
2001-11-30 11:18:02 ----A---- C:\WINDOWS\System32\batt.dll
2001-11-30 11:18:01 ----N---- C:\WINDOWS\System32\CONFIG.TMP
2001-11-30 11:18:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2001-11-30 11:18:01 ----A---- C:\WINDOWS\NOTEPAD.EXE
2001-11-30 11:18:00 ----A---- C:\WINDOWS\System32\storprop.dll
2001-11-30 11:17:44 ----ASH---- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini
2001-11-30 11:17:23 ----D---- C:\WINDOWS\System32\CatRoot2
2001-11-30 11:17:23 ----D---- C:\WINDOWS\System32\CatRoot
2001-11-30 11:17:17 ----SD---- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft
2001-11-30 11:17:03 ----A---- C:\WINDOWS\setuplog.txt
2001-11-30 11:16:54 ----D---- C:\Documents and Settings
2001-11-30 11:12:09 ----RSHD---- C:\WINDOWS\System32\dllcache
2001-11-30 11:12:09 ----RD---- C:\WINDOWS\Web
2001-11-30 11:12:09 ----D---- C:\WINDOWS\WinSxS
2001-11-30 11:12:09 ----D---- C:\WINDOWS\twain_32
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Temp
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\wbem
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\usmt
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\ShellExt
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\Setup
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\oobe
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\npp
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\mui
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\inetsrv
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\IME
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\icsxml
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\ias
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\export
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\3com_dmi
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\3076
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\2052
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1054
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1046
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1042
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1041
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1037
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1033
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1031
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1028
2001-11-30 11:12:09 ----D---- C:\WINDOWS\System32\1025
2001-11-30 11:12:09 ----D---- C:\WINDOWS\security
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Resources
2001-11-30 11:12:09 ----D---- C:\WINDOWS\mui
2001-11-30 11:12:09 ----D---- C:\WINDOWS\msapps
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Media
2001-11-30 11:12:09 ----D---- C:\WINDOWS\java
2001-11-30 11:12:09 ----D---- C:\WINDOWS\ime
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Driver Cache
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Debug
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Cursors
2001-11-30 11:12:09 ----D---- C:\WINDOWS\Connection Wizard

Dragaodacampineira
2009-08-27, 22:20
qqqqqqqqq

tashi
2009-08-27, 22:24
Hello


Hi, there.
I opened a topic called "'Total Security' installs automatcally", and was replying to it when i received a message "Sorry! This forum is not accepting new posts!". What happened? The topic got closed?
I was replying to Katana. I installed and runned all tools indicated (MGADiag and RSIT). I am still troubled with this infection and willing to have your guidance. Should i post the logs created?
I will take the liberty of posting the logs asked, for a (new) beginning.

Your topic was archived, which is why you could not post to it.


Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
http://forums.spybot.info/showthread.php?t=51009

Please follow those instructions. :)


qqqqqqqqq :scratch:

Due to the amount of posts in this thread helpers will think you are already being assisted, so this topic is closed.

Best regards.