[Arquivado] meu gerenciador de tarefas nao abre mais!

beta15 · Outubro 11, 2008

Olá pessoal..tudo bem com vcs? bom,estou com um probleminha, meu gerenciador de tarefas nao abre mais...preciso de uma solução...agradeço desde jah ;) qualquer coisa jah tem aih o log do hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:07, on 2008-10-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\domino.exe

C:\WINDOWS\VMSnap1.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Microsoft Office\Office12\WINWORD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\siteadvisor\mcieplg.dll

O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\ARQUIV~1\FreshDevices\FreshDownload\fdiebar.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\siteadvisor\mcieplg.dll

O4 - HKLM\..\Run: [avast!] "C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe

O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\S-1-5-21-448539723-1645522239-1801674531-500\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: FreshDownload - {3EA0FF1C-D61E-43AF-B189-857FC94413BF} - C:\Arquivos de programas\FreshDevices\FreshDownload\fd.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221510508703

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\siteadvisor\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: VideoAcceleratorService - VIA Technologies inc,.ltd - (no file)

--

End of file - 9754 bytes

DigRam · Outubro 12, 2008

Bom Dia! beta15

<@> Baixe: < ComboFix.exe >

<@> Salve-o no Desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.
Salve-a no desktop,renomeada como: Kombo.exe

Ps: Nomeie durante o salvamento,e não após salvá-la!

Ps: Caso ocorra alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Digite a opção para continuar! --> Aperte Enter.

<@> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N".

----------------------

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

Abraços!

beta15 · Outubro 12, 2008

ComboFix 08-10-11.04 - Administrador 2008-10-12 13:35:55.1 - NTFSx86

Executando de: C:\Documents and Settings\Administrador\Meus documentos\Outros\Trabalhos\ComboFix.exe

ATENÇAO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Administrador\Cookies\ID15.tmp

C:\Documents and Settings\Administrador\Cookies\ID21.tmp

C:\Documents and Settings\Administrador\Cookies\ID36.tmp

C:\Documents and Settings\Administrador\Cookies\ID3A.tmp

C:\WINDOWS\system32\dllcache\smdata32

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_13154F3_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_13154F3_2_DRMv1.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_13154F3_PATHS.txt

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_36912BEE_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_44CD59D8_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_4D41181B_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_5B2B45A5_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_6DB47B8B_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_6E0C2CC5_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_72DF2174_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_7E691402_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\fxddsk\FILE_B5134F3_1_PubKey.key

C:\WINDOWS\system32\dllcache\smdata32\odldtrk.cfg

C:\WINDOWS\system32\dllcache\smdata32\odTxt.dat

C:\WINDOWS\system32\dllcache\smdata32\olstscn.cfg

C:\WINDOWS\system32\dllcache\smdata32\onfy_.dll

C:\WINDOWS\system32\dllcache\smdata32\ozipmrrtrk.cfg

C:\WINDOWS\system32\dllcache\smdata32\sett1ngs.s0l

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\data.rar

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\01.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\aapfLogin.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\estilo.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\bgBarraInferior.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\bgBarraInfPadrao.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\botaoBusca.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_04.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_05.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_06.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_07.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_08.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_09.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\index_10.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\images\spacer.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa01\logingov.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa02\02.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa02\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa02\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa02\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa02\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa03\03.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa03\banner.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa03\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa03\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa03\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa03\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa04\04.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa04\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa04\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa04\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa04\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa05\05.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa05\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa05\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa05\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa05\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\06.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa06\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\07.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_04.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_05.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_06.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_07.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_08.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_09.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_11.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_12.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_13.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\index_14.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa07\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\08.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\erro.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\index_06.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\index_07.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\index_09.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\spacer.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa08\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa10\10.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa10\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa10\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa10\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa10\home.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa10\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa11\11.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa11\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa11\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa11\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa11\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa12\12.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa12\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa12\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa12\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa12\home.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa12\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa13\13.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa13\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa13\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa13\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa13\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa13\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\14.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\castro001.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\common004.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\b.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\i_editprofile.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\i_key.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\i_letter.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\i_tool.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\Nova pasta\floats002.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\Nova pasta\urchin.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\p_camera.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\p_list.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\p_pen.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\p_profile.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\p_scrap.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\p_video.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa14\index_arquivos\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\17.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa17\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\18.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\erro_meio.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\latedireita.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\latesquerda.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\meio.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\rodape.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa18\topo.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\19.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_04.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_05.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_06.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_07.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_08.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_09.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_10.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_11.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\index_12.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\spacer.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa19\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa20\20.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa20\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa20\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa20\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa20\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\21.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\duvidas.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\common_utils.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\efx_logo.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\hdr_login.jpg

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\pop_core.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\pop_events.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\pop_pse.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\script.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\style.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\teclado.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\teclado.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\template_style.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa21\index_arquivos\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa22\22.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa22\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa22\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa22\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa22\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa26\26.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa26\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa26\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa26\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa26\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa27\27.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa27\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa27\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa27\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa27\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa28\28.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa28\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa28\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa28\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa28\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa29\29.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa29\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa29\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa29\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa29\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\30.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\images\Cópia de index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\images\index_04.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa30\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\31.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_04.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_05.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_07.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\index_08.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\images\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa31\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa32\32.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa32\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa32\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa32\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa32\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa33\33.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa33\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa33\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa33\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa33\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa34\34.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa34\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa34\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa34\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa34\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa34\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa35\35.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa35\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa35\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa35\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa35\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa36\36.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa36\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa36\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa36\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa36\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa37\37.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa37\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa37\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa37\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa37\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa38\38.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa38\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa38\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa38\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa38\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa39\39.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa39\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa39\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa39\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa39\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa40\40.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa40\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa40\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa40\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa40\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\41.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\estilo.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\estiloCompleto.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\images\bgBarraInfPadrao.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\images\botaoBusca.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\images\index_05.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\images\spacer.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa41\loginpfe.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\42.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\estilo.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\estiloCompleto.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\images\bgBarraInfPadrao.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\images\botaoBusca.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\images\index_01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\images\index_02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\images\index_05.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\images\spacer.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\logingov.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa42\loginpfe.css

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\43.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\banner.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa43\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa44\44.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa44\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa44\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa44\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa44\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa45\45.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa45\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa45\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa45\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa45\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa46\46.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa46\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa46\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa46\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa46\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa46\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa47\47.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa47\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa47\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa47\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa47\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa47\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\48.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\a0_hostnet_isee1_net.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\antispam.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\arremate.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\arremate2.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\base_logo.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\bg02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\bs01.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\chahim.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\fio02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\fundo.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\novo_banner_100br.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\ponto_branco.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\ponto_cinza.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\quina02.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\quina03.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\spacer.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\Thumbs.db

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\tit_senha.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\top_banner.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\topo_canto_direito.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa48\index_arquivos\topo_canto_esquerdo.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa49\49.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa49\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa49\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa49\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa49\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa49\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa50\50.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa50\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa50\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa50\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa50\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa50\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa51\51.swf

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa51\erro.gif

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa51\erro.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa51\erro01.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa51\flash.js

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\empresa51\index.html

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\id.txt

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\sync.txt

C:\WINDOWS\system32\dllcache\smdata32\Temporary Internet Files\sync2.txt

C:\WINDOWS\system32\dllcache\smdata32\unrar.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-12 to 2008-10-12 ))))))))))))))))))))))))))))

.

2008-10-12 13:57 . 2008-10-12 14:02 <DIR> d-------- C:\WINDOWS\system32\VIRepair

2008-10-11 21:07 . 2008-10-11 21:07 <DIR> d-------- C:\Arquivos de programas\Trend Micro

2008-10-11 20:01 . 2008-10-11 20:01 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-10-09 17:12 . 2008-10-09 17:12 268 --ah----- C:\sqmdata00.sqm

2008-10-09 17:12 . 2008-10-09 17:12 244 --ah----- C:\sqmnoopt00.sqm

2008-10-08 18:24 . 2008-10-11 01:20 <DIR> d-------- C:\Documents and Settings\LocalService\Dados de aplicativos\SACore

2008-10-07 23:58 . 2008-10-08 16:45 <DIR> d-------- C:\Arquivos de programas\McAfee

2008-10-07 23:58 . 2008-10-07 23:58 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\McAfee

2008-10-07 17:04 . 2008-10-07 17:04 <DIR> d-------- C:\WINDOWS\CatRoot

2008-10-07 17:04 . 2008-10-07 17:04 <DIR> d-------- C:\Arquivos de programas\Vimicro

2008-10-07 17:04 . 2000-10-31 13:00 307,200 --a------ C:\WINDOWS\vidcap32.Exe

2008-10-07 17:04 . 2006-05-24 14:38 57,344 --a------ C:\WINDOWS\StillCap.exe

2008-10-07 16:46 . 2008-04-13 12:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2008-10-07 16:46 . 2008-04-13 12:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2008-10-07 16:46 . 2008-04-13 12:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2008-10-07 16:46 . 2008-04-13 20:21 16,384 --a------ C:\WINDOWS\system32\ipsink.ax

2008-10-07 16:46 . 2008-04-13 12:46 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2008-10-07 16:46 . 2008-04-13 12:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2008-10-07 16:46 . 2008-04-13 12:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

2008-10-07 16:46 . 2008-04-13 12:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2008-10-07 01:54 . 2008-10-07 01:54 <DIR> d-------- C:\Arquivos de programas\ImTOO

2008-10-06 21:46 . 2008-10-06 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-10-06 15:53 . 2008-10-10 17:28 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent

2008-10-06 15:53 . 2008-10-06 15:53 <DIR> d-------- C:\Arquivos de programas\uTorrent

2008-10-06 01:54 . 2008-10-06 02:04 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\gtk-2.0

2008-10-06 01:54 . 2008-10-06 01:54 <DIR> d-------- C:\Documents and Settings\Administrador\.thumbnails

2008-10-06 01:52 . 2008-10-10 01:10 <DIR> d-------- C:\Documents and Settings\Administrador\.gimp-2.6

2008-10-06 01:52 . 2008-10-06 01:52 <DIR> d-------- C:\Documents and Settings\Administrador\.gegl-0.0

2008-10-05 02:29 . 2008-10-05 02:29 <DIR> d-------- C:\Arquivos de programas\Xvid

2008-10-05 02:29 . 2008-04-27 11:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-10-05 02:29 . 2008-04-27 11:35 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-10-05 02:29 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-10-05 02:06 . 2008-10-05 02:08 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic

2008-10-04 02:41 . 2008-10-04 02:41 76,214 --a------ C:\WINDOWS\Icon_2.ico

2008-10-04 02:08 . 2008-10-04 02:08 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Styler

2008-10-04 02:02 . 2008-10-04 02:02 78,942 --a------ C:\WINDOWS\Icon_1.ico

2008-10-04 02:01 . 2008-10-12 14:03 <DIR> d-------- C:\WINDOWS\system32\VITrans

2008-10-04 02:01 . 2008-10-04 02:49 <DIR> d-------- C:\VTPFiles

2008-10-04 02:01 . 2008-04-13 20:21 141,312 --a------ C:\WINDOWS\system32\taskmgr.exe

2008-10-04 02:01 . 2006-12-03 18:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe

2008-10-04 02:01 . 2004-11-27 19:00 94,208 --a------ C:\WINDOWS\system32\pskill.exe

2008-10-04 02:01 . 2006-12-03 18:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe

2008-10-04 02:01 . 2006-12-03 18:15 19,968 --a------ C:\WINDOWS\system32\reico.exe

2008-10-04 02:01 . 2006-12-03 18:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe

2008-10-01 02:19 . 2008-10-01 02:19 <DIR> d-------- C:\Arquivos de programas\FreshDevices

2008-09-27 02:39 . 2008-09-27 02:41 36,118 --a------ C:\WINDOWS\picpick.lng

2008-09-26 01:28 . 2008-09-26 01:28 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-09-26 01:27 . 2008-10-04 17:56 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM

2008-09-26 01:25 . 2008-10-04 18:42 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Skype

2008-09-26 01:24 . 2008-09-26 01:24 <DIR> dr------- C:\Arquivos de programas\Skype

2008-09-26 01:24 . 2008-09-26 01:24 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Skype

2008-09-26 01:23 . 2008-09-26 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Skype

2008-09-26 00:27 . 2008-09-26 00:27 <DIR> d-------- C:\Arquivos de programas\Microsoft Silverlight

2008-09-25 03:01 . 2008-09-25 03:01 <DIR> d-------- C:\Arquivos de programas\Internet Download Manager

2008-09-25 03:01 . 2008-09-25 03:01 <DIR> d-------- C:\Arquivos de programas\Free Download Manager

2008-09-25 03:01 . 2008-09-25 03:01 <DIR> d-------- C:\Arquivos de programas\Corel

2008-09-25 03:01 . 2008-09-25 03:01 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-09-25 03:00 . 2008-09-25 03:00 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos

2008-09-25 03:00 . 2008-10-06 15:53 <DIR> dr------- C:\Documents and Settings\Administrador\Menu Iniciar

2008-09-25 03:00 . 2008-09-25 03:00 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts

2008-09-25 03:00 . 2008-09-25 03:00 <DIR> d-------- C:\Documents and Settings\Administrador\amsn

2008-09-25 02:59 . 2008-10-12 13:52 <DIR> d-------- C:\Documents and Settings\Administrador\Tracing

2008-09-25 02:59 . 2008-09-25 02:59 <DIR> d--h----- C:\Documents and Settings\Administrador\Modelos

2008-09-25 02:59 . 2008-09-25 02:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Simply Super Software

2008-09-25 02:59 . 2008-09-25 23:55 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Orbit

2008-09-25 02:59 . 2008-09-25 02:59 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\NCH Swift Sound

2008-09-24 21:08 . 2008-09-25 02:56 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Real(2)

2008-09-24 02:41 . 2008-09-24 02:41 <DIR> d-------- C:\88f830c3dfdfb281ff

2008-09-24 02:41 . 2008-09-24 02:41 <DIR> d-------- C:\327882R2FWJFW

2008-09-24 01:34 . 2008-09-25 02:57 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla(2)

2008-09-24 01:27 . 2008-09-24 22:33 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\SiteAdvisor(2)

2008-09-24 01:21 . 2008-10-12 02:47 <DIR> dr------- C:\Documents and Settings\Administrador\Meus documentos

2008-09-24 01:20 . 2008-09-24 01:20 <DIR> dr------- C:\Documents and Settings\Administrador\Favoritos

2008-09-24 01:18 . 2008-09-24 01:18 <DIR> d-------- C:\Documents and Settings\Administrador\Modelos(2)

2008-09-24 01:16 . 2008-09-24 01:16 <DIR> d-------- C:\Documents and Settings\Beta_2\Dados de aplicativos\Apple Computer

2008-09-24 00:52 . 2008-09-25 02:59 <DIR> d-------- C:\Documents and Settings\Beta_2\Modelos

2008-09-24 00:52 . 2008-09-25 02:59 <DIR> d-------- C:\Documents and Settings\Beta_2\Favoritos

2008-09-24 00:52 . 2008-09-25 02:59 <DIR> d-------- C:\Documents and Settings\Beta_2\Dados de aplicativos

2008-09-24 00:52 . 2008-10-12 13:38 <DIR> d-------- C:\Documents and Settings\Beta_2\Configurações locais

2008-09-24 00:52 . 2008-09-25 02:59 <DIR> d---s---- C:\Documents and Settings\Beta_2

2008-09-22 01:38 . 2008-09-25 03:01 <DIR> d-------- C:\Arquivos de programas\Easy CD-DA Extractor 11

2008-09-20 04:26 . 2008-09-20 04:26 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-09-18 17:31 . 2008-09-18 17:31 0 --a------ C:\WINDOWS\WB.ini

2008-09-18 17:27 . 2008-09-18 17:27 <DIR> d-------- C:\Arquivos de programas\Stardock

2008-09-18 17:27 . 2008-04-26 17:14 42,672 --a------ C:\WINDOWS\system32\wbsys.dll

2008-09-18 00:53 . 2008-09-18 00:53 <DIR> d-------- C:\Arquivos de programas\Free FLV to AVI Video Converter

2008-09-16 16:35 . 2007-04-17 07:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-09-16 16:35 . 2007-03-08 03:12 1,024,000 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-09-16 16:35 . 2008-06-23 14:29 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-09-16 16:35 . 2008-06-23 14:29 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-09-16 16:35 . 2008-06-23 14:29 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-09-16 16:35 . 2008-06-23 07:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-09-16 16:34 . 2008-06-23 14:29 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-09-16 16:34 . 2008-06-23 14:29 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-09-16 16:34 . 2008-06-23 14:29 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-09-16 01:42 . 2008-09-16 01:42 <DIR> d-------- C:\Arquivos de programas\MeeSoft

2008-09-16 01:00 . 2008-06-14 15:34 272,384 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-16 01:00 . 2008-06-14 15:34 272,384 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-16 00:43 . 2008-05-09 08:55 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll

2008-09-16 00:43 . 2008-05-09 08:55 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll

2008-09-16 00:43 . 2008-05-08 09:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe

2008-09-16 00:43 . 2008-05-09 06:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe

2008-09-16 00:43 . 2008-05-09 08:55 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll

2008-09-15 20:12 . 2008-05-08 12:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-09-15 19:38 . 2008-05-01 12:36 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

2008-09-15 19:34 . 2008-04-11 17:05 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-09-15 19:06 . 2008-07-18 23:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-09-15 19:06 . 2008-07-18 23:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-09-14 20:06 . 2008-09-13 15:54 54,784 --a------ C:\WINDOWS\system\P8250075.exe

2008-09-13 00:42 . 2008-04-13 20:20 721,920 --a------ C:\WINDOWS\system32\82d1E.tmp

2008-09-13 00:42 . 2008-09-13 00:42 54,624 --a------ C:\WINDOWS\system32\2d91D.sys

2008-09-12 23:09 . 2008-09-12 23:09 2,335,270 --a------ C:\WINDOWS\system32\7fc4.mht

2008-09-12 18:51 . 2008-09-12 18:51 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\GeoVid

2008-09-12 18:50 . 2004-08-18 17:00 1,712,128 --a------ C:\WINDOWS\system32\gdiplus.dll

2008-09-12 18:50 . 2003-03-19 10:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-09-12 18:50 . 2003-03-19 08:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2008-09-12 18:50 . 2005-06-07 17:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll

2008-09-12 18:35 . 2008-10-01 03:01 <DIR> d-------- C:\Arquivos de programas\MessengerDiscovery

2008-09-12 18:35 . 2004-03-09 01:00 609,824 --a------ C:\WINDOWS\system32\COMCTL32.ocx

2008-09-12 18:35 . 2004-03-09 01:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX

2008-09-12 18:35 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-11 21:11 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-10 03:47 --------- d-----w C:\Arquivos de programas\Marcos Velasco Security

2008-10-08 18:45 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SiteAdvisor

2008-10-08 01:59 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\McAfee

2008-10-07 23:10 --------- d-----w C:\Arquivos de programas\Total Video Converter

2008-10-07 19:04 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-10-07 19:04 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-10-06 18:02 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

2008-10-06 03:12 --------- d-----w C:\Arquivos de programas\Yahoo!

2008-10-02 03:17 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-09-25 05:02 --------- d-----w C:\Arquivos de programas\Messenger Plus! Live

2008-09-25 05:00 --------- d-----w C:\Arquivos de programas\iTunes

2008-09-25 04:59 --------- d-----w C:\Arquivos de programas\Last.fm

2008-09-25 00:29 --------- d-----w C:\Arquivos de programas\BraZip

2008-09-21 22:07 --------- d-----w C:\Arquivos de programas\LimeWire

2008-09-20 07:08 --------- d-----w C:\Arquivos de programas\Windows Live

2008-09-15 19:50 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-09-11 13:55 --------- d---a-w C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-09-11 01:59 --------- d-----w C:\Arquivos de programas\Ares

2008-09-10 20:45 --------- d-----w C:\Arquivos de programas\Trojan Remover

2008-09-10 19:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Simply Super Software

2008-09-10 04:48 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\DFX

2008-09-10 04:48 --------- d-----w C:\Arquivos de programas\DFX

2008-09-10 04:48 --------- d-----w C:\Arquivos de programas\Arquivos comuns\DFX

2008-09-08 18:15 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\DMCache

2008-09-07 02:36 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-09-06 22:07 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\IDM

2008-09-06 17:37 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\GrabPro

2008-09-06 12:55 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-06 12:55 --------- d-----w C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-09-06 12:43 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-09-06 03:00 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-09-06 02:31 267,304 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll

2008-09-06 02:30 951,336 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe

2008-09-05 20:02 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

2008-09-04 17:48 --------- d-----w C:\Arquivos de programas\Windows Updates Downloader

2008-09-03 12:37 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys

2008-09-03 02:17 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab Setup Files

2008-08-31 21:10 --------- d-----w C:\Arquivos de programas\Allok RM RMVB to AVI MPEG DVD Converter

2008-08-23 05:55 --------- d-----w C:\Arquivos de programas\ZikiTranslator

2008-08-17 23:29 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-08-17 23:26 --------- d-----w C:\Arquivos de programas\MSBuild

2008-08-17 22:26 --------- d-----w C:\Arquivos de programas\Microsoft Visual Studio 8

2008-08-17 22:21 --------- d-----w C:\Arquivos de programas\CoolSMS

2008-08-16 06:10 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE

2008-08-14 18:01 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer

2008-08-14 17:55 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

2008-08-06 18:19 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll

2008-07-29 23:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll

2008-07-19 01:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-19 01:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-19 01:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-19 01:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-19 01:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-19 01:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-19 01:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-19 01:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-19 01:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll

2008-07-12 18:36 2,887,680 ----a-w C:\WINDOWS\system32\VagalumePluginWMP.dll

.

------- Sigcheck -------

2008-04-13 20:21 14336 ed2d69cd4b0ebe37efe11d4dc4abc68f C:\WINDOWS\system32\svchost.exe

2008-04-13 20:20 579072 54907db28872a7a6d3ee2b4747a23828 C:\WINDOWS\system32\user32.dll

2008-04-13 20:20 82432 1fa3c4b2d7e35176e65fb69ab597b0f0 C:\WINDOWS\system32\ws2_32.dll

2008-04-13 20:21 509952 71d440f79b711627b12b567fb2eadb42 C:\WINDOWS\system32\winlogon.exe

2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 20:34 2070144 f84054bfd1d688b901ad907499879bbd C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-13 20:01 2193280 185f6c64734019e7e9f626e53cc37fb4 C:\WINDOWS\system32\ntoskrnl.exe

2008-04-13 20:21 1035776 064ec7ff5f58b928c3e119402977fa6d C:\WINDOWS\explorer.exe

2008-04-13 20:21 109056 ee7999baaca84cfaa03726e677ee2a33 C:\WINDOWS\system32\services.exe

2008-04-13 20:21 13312 9607142710d3b64ab7fcce4be4e30d37 C:\WINDOWS\system32\lsass.exe

2001-02-20 14:09 8192 d36a33c21eeed5a6c1daecb7c80a1909 C:\WINDOWS\system32\CTFMON.EXE

2008-04-13 20:21 57856 af1d9ae15c11163f576df6ed6194b53c C:\WINDOWS\system32\spoolsv.exe

2008-04-13 20:21 26112 a7ea40f680163808d96f89b4ff991876 C:\WINDOWS\system32\userinit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDesktopCleanupWizard"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoStartMenuPinnedList"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoStartMenuPinnedList"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-09-17 09:05 210168 C:\Arquivos de programas\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

backup=C:\WINDOWS\pss\Orbit.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViOrb

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 03:38 34672 C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]

--a------ 2006-07-04 15:16 49152 C:\WINDOWS\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 08:00 33648 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

--a------ 2008-04-13 20:21 171520 C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 11:50 413696 C:\Arquivos de programas\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-06-14 19:28 26992424 C:\Arquivos de programas\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 05:27 144784 C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-07-18 22:12 185896 C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]

--a------ 2006-07-17 12:27 49152 C:\WINDOWS\VMSnap1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2001-02-20 14:09 8192 C:\WINDOWS\system32\CTFMON.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"C:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Jogos\\4x4 Evolution\\4x4.exe"=

"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"C:\\Documents and Settings\\Administrador\\Meus documentos\\Outros\\Trabalhos\\utorrent.exe"=

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:57]

.

------- Scan Suplementar -------

.

FireFox -: Profile - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\cgu85kv7.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orkut.com.br/

FF -: plugin - C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\Arquivos de programas\Microsoft Silverlight\2.0.30523.8\npctrl.dll

FF -: plugin - C:\Arquivos de programas\Yahoo!\Common\npyaxmpb.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-12 13:38:27

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-10-12 13:40:39

ComboFix-quarantined-files.txt 2008-10-12 15:40:36

Pré-execução: 16 pasta(s) 28,012,134,400 bytes disponíveis

Pós execução: 19 pasta(s) 28,004,302,848 bytes disponíveis

738 --- E O F --- 2008-10-08 22:24:56

beta15 · Outubro 12, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:45:53, on 12/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)