[Resolvido!]Sistema a 100% e acusa "a large amount of hijacke

[DoutorBanner 0]

Boa tarde, moçada.

 

Agradeço demais quem puder me dar uma luz com este problema.

 

Assim que o sistema sobe (windows 2000 - e não posso desinstalá-lo), aparece a seguinte mensagem:

 

"System.exe - Entry Point not Found

"The procedure entry point GetProcessImageFileNameA could not be located in the dynamic link library PSAPI.DLL"

 

Depois, o computador fica super lento. O HijackThis levou 21 minutos entre ser iniciado e gerar o log, que posto abaixo. E me deu a seguinte mensagem antes de realizar o scan:

 

"You have a particulary large amount of hijacked domains. It's probably better to delete the file itself then to fix each item (and create a backup).

"If you see the same ip address in all the reported O1 itens, consider deleting your host file, which is located at c:\winnt\system32\drivers\etc\hosts"

 

Posso mesmo apagar o tal host file? Aqui vai o log, ainda que eu tenha que gerá-lo apenas depois de apagar o host file.

 

Logfile of HijackThis v1.99.1

Scan saved at 4:00:46 PM, on 2/2/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\rundll32.exe

C:\WINNT\system32\sysdll.exe

C:\WINNT\system32\svchhost.exe

C:\WINNT\system32\rundll32.exe

C:\Documents and Settings\simone.SIMONE\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 127.1 localhost

O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn

O1 - Hosts: 127.1 61.134.37.12

O1 - Hosts: 127.1 ko.ssa387.cn

O1 - Hosts: 127.1 www.ndxrr.cn

O1 - Hosts: 127.1 12345.ssa387.cn

O1 - Hosts: 127.1 lihai88.com

O1 - Hosts: 127.1 wwwwhf.cn

O1 - Hosts: 127.1 a89369093.sq.u9idc.com

O1 - Hosts: 127.1 www.mmd178.cn

O1 - Hosts: 127.1 www.178mmd.cn

O1 - Hosts: 127.1 www.wenzhuoyyy.cn

O1 - Hosts: 127.1 tw.lovechina.tw.cn

O1 - Hosts: 127.1 222.189.238.151

O1 - Hosts: 127.1 222.179.185.78

O1 - Hosts: 127.1 www.wq9q.cn

O1 - Hosts: 127.1 593ffcey.cn

O1 - Hosts: 127.1 set.yay520.cn

O1 - Hosts: 127.1 tenmoc999.cn

O1 - Hosts: 127.1 lihai88.com

O1 - Hosts: 127.1 121.kcuf-01.com

O1 - Hosts: 127.1 www.ew1q.cn

O1 - Hosts: 127.1 www.b3sk.cn

O1 - Hosts: 127.1 up.bizmd.cn

O1 - Hosts: 127.1 www.ms2a.cn

O1 - Hosts: 127.1 www.wo9188.cn

O1 - Hosts: 127.1 www.fgetchr.cn

O1 - Hosts: 127.1 www.e6zx.cn

O1 - Hosts: 127.1 hai067.com

O1 - Hosts: 127.1 hai088.com

O1 - Hosts: 127.1 778899.jd8j.cn

O1 - Hosts: 127.1 sql.78-11.net

O1 - Hosts: 127.1 www.bbbirdy.com

O1 - Hosts: 127.1 www.s1na1.com.cn

O1 - Hosts: 127.1 www.dianyinjzd.cn

O1 - Hosts: 127.1 www.dj5201314dj.com

O1 - Hosts: 127.1 max-2.cn

O1 - Hosts: 127.1 a.asp-o.cn

O1 - Hosts: 127.1 b.asp-o.cn

O1 - Hosts: 127.1 c.asp-o.cn

O1 - Hosts: 127.1 x.kprobb.cn

O1 - Hosts: 127.1 js.php-k.cn

O1 - Hosts: 127.1 max-1.cn

O1 - Hosts: 127.1 max-3.cn

O1 - Hosts: 127.1 max-4.cn

O1 - Hosts: 127.1 max-5.cn

O1 - Hosts: 127.1 max-6.cn

O1 - Hosts: 127.1 max-7.cn

O1 - Hosts: 127.1 max-8.cn

O1 - Hosts: 127.1 max-9.cn

O1 - Hosts: 127.1 max-10.cn

O1 - Hosts: 127.1 max-11.cn

O1 - Hosts: 127.1 max-12.cn

O1 - Hosts: 127.1 twocannon250.com.cn

O1 - Hosts: 127.1 www.133mm.cn

O1 - Hosts: 127.1 www.51vmm.cn

O1 - Hosts: 127.1 www.7mmoo.cn

O1 - Hosts: 127.1 www.99mmm.org.cn

O1 - Hosts: 127.1 www.hdec.cn

O1 - Hosts: 127.1 www.picc18.com

O1 - Hosts: 127.1 www.kissdh.com

O1 - Hosts: 127.1 www.x7v.cn

O1 - Hosts: 127.1 biqulu.cn

O1 - Hosts: 127.1 2008.qq2006.com.cn

O1 - Hosts: 127.1 giaitrisex.com

O1 - Hosts: 127.1 www.giaitrisex.com

O1 - Hosts: 127.1 www.giaitrituoitre.net

O1 - Hosts: 127.1 mekiep.com

O1 - Hosts: 127.1 www.1sex1day.com

O1 - Hosts: 127.1 a.9ymm.com

O1 - Hosts: 127.1 bobo.7wyt.com

O1 - Hosts: 127.1 www.591caobi.cn

O1 - Hosts: 127.1 www.hrz008.cn

O1 - Hosts: 127.1 asp-15.cn

O1 - Hosts: 127.1 asp-12.cn

O1 - Hosts: 127.1 www.jb88.net

O1 - Hosts: 127.1 6.a88a.com

O1 - Hosts: 127.1 w.b2c3.cn

O1 - Hosts: 127.1 m.c5x8.com

O1 - Hosts: 127.1 www.518sfw.cn

O1 - Hosts: 127.1 www.jjyyzmj.cn

O1 - Hosts: 127.1 u.cnmrx.net

O1 - Hosts: 127.1 duowan.czm.cn

O1 - Hosts: 127.1 xccxcxcxcxcx.cn

O1 - Hosts: 127.1 google-yahoo.org.cn

O1 - Hosts: 127.1 tudou-net.org.cn

O1 - Hosts: 127.1 downloads.zango.com

O1 - Hosts: 127.1 ftp.surfnet.nl

O1 - Hosts: 127.1 bis.180solutions.com

O1 - Hosts: 127.1 installs.hotbar.com

O1 - Hosts: 127.1 www.hbdownloads.com

O1 - Hosts: 127.1 static.zangocash.com

O1 - Hosts: 127.1 www.qq-songli.cn

O1 - Hosts: 127.1 aa.9234.net

O1 - Hosts: 127.1 www.97love.info

O1 - Hosts: 127.1 97love.info

O1 - Hosts: 127.1 www.zyzhuiku.cn

O1 - Hosts: 127.1 zyzhuiku.cn

O1 - Hosts: 127.1 www.lang18.com

O1 - Hosts: 127.1 lang18.com

O1 - Hosts: 127.1 sao6666.com

O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINNT\Downloaded Program Files\ThunderAdvise.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [system DLL Resources] C:\WINNT\system32\sysdll.exe

O4 - HKLM\..\Run: [GlobalFlagimglog2] C:\WINNT\system32\svchhost.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HBService32] System.exe

O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINNT\Update.dll",Main

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{47A70847-A477-4924-AD71-06CD5B94140C}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{B00E5750-61CC-488C-9DB6-EDDE80415F50}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{47A70847-A477-4924-AD71-06CD5B94140C}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{47A70847-A477-4924-AD71-06CD5B94140C}: NameServer = 200.204.0.10,200.204.0.138

O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll

O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINNT\Downloaded Program Files\ThunderAdvise.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

 

Aviso que fiz as atualizações do windows 2000 faz um mês, mas que no adicionar ou remover programas aparecem umas 60 ocorrências de "Windows 2000 Hotfix - KB95(mais monte de números)". E aviso também que no task manager eu vejo o maldito svchhost.exe (taí no log também) e que a licença do Avast expirou na sexta-feira (coincidência para não ser ignorada, decerto).

 

Obrigado e abraços a todos.

[Sam Spade 2]

Olá DoutorBanner! Você não pode apagar o arquivo hosts. Se conserta mas não se apaga, pois'ele é necessário. As ferramentas que usará, deverão consertar o arquivo. O PC está bastante infectado.

 

Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

 

Salve-o em sua área de trabalho. Dê um duplo clique no SDFix.exe e a ferramenta será instalada em %SystemDrive%\SDFix (geralmente C:\SDFix)

 

Baixe: ComboFix > salve na área de trabalho

 

Salve ou imprima estas instruções:

 

Reinicie o PC e aperte F8 intermitentemente. No menu escolha: modo seguro.

 

1. Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat
   
2. Tecle Y e depois dê o Enter para que a ferramenta inicie o processo de remoção
   
3. Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar. Ao pressionar qualquer tecla, o computador será reiniciado automaticamente
   
4. Após reiniciar, a ferramenta ainda será executada novamente e irá terminar o seu trabalho e a palavra Finished irá aparecer. Pressione qualquer tecla.
   
5. Uma janela com o relatório do SDFix irá aparecer. Uma cópia do relatório estará na pasta SDFix com o nome Report.txt
   

Reinicie o PC normalmente.

 

• Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.
  
• Dê um duplo-clique no combofix.exe, marque 1 e dê o enter para prosseguir o Fix. Aguarde pois é um pouco demorado.
  
• O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.
  
• Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.
  
• IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".
  
• Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta, juntamente com o Report.txt do SDFix.
   
  OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)
  

O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

[DoutorBanner 0]

Sam Spade, muito obrigado pelo passo-a-passo e mil desculpas pela demora em postar aqui os logs, mas o computador infectado não fica na minha casa e enfrentei problemas pessoais que me atrasaram muito a volta ao forum.

 

Segui todos os seus passos e aviso que a máquina está com uma performance muito melhor do que antes dos procedimentos. Aqui vão os logs solicitados: primeiro o do ComboFix, depois o dos SDFix.

 

Grande abraço e muito obrigado!

 

LOG DO COMBOFIX

 

ComboFix 09-02-06.01 - simone 02/06/2009 16:59:05.1 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.247.156 [GMT -2:00]

Running from: c:\documents and settings\simone.SIMONE\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\simone.SIMONE\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll

c:\documents and settings\simone.SIMONE\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\desktop.ini

c:\documents and settings\simone.SIMONE\Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll', PChar('Abn.gpc, Cef.gpc, gbieh.gmd, gbiehuni.dll , GBIEHCEF.DLL , gbiehabn.dll, gbpdist.dll\wuweb.inf

c:\program files\Messenger\msgmr.dll

c:\winnt\AppPatch\AcXtrnel.sdb

c:\winnt\Downloaded Program Files\ThunderAdvise.dll

c:\winnt\Fonts\Framdee.ttf

c:\winnt\IE4 Error Log.txt

c:\winnt\MKMKrnl.dll

c:\winnt\system32\_000329_.tmp.dll

c:\winnt\system32\_000330_.tmp.dll

c:\winnt\system32\_000332_.tmp.dll

c:\winnt\system32\_000333_.tmp.dll

c:\winnt\system32\_000334_.tmp.dll

c:\winnt\system32\_000335_.tmp.dll

c:\winnt\system32\_000338_.tmp.dll

c:\winnt\system32\_000341_.tmp.dll

c:\winnt\system32\_000342_.tmp.dll

c:\winnt\system32\_000343_.tmp.dll

c:\winnt\system32\_000344_.tmp.dll

c:\winnt\system32\_000345_.tmp.dll

c:\winnt\system32\_000347_.tmp.dll

c:\winnt\system32\_000349_.tmp.dll

c:\winnt\system32\_000350_.tmp.dll

c:\winnt\system32\_000351_.tmp.dll

c:\winnt\system32\_000352_.tmp.dll

c:\winnt\system32\_000353_.tmp.dll

c:\winnt\system32\_000354_.tmp.dll

c:\winnt\system32\_000355_.tmp.dll

c:\winnt\system32\_000356_.tmp.dll

c:\winnt\system32\_000357_.tmp.dll

c:\winnt\system32\_000358_.tmp.dll

c:\winnt\system32\_000360_.tmp.dll

c:\winnt\system32\HBCHIBI.dll

c:\winnt\system32\HBSHQ.dll

c:\winnt\system32\HBWULIN2.dll

c:\winnt\Update.dll

c:\winnt\Web\default.htt

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_LDRSVC

-------\Legacy_NVMINI

-------\Service_IsDrv118

 

 

((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))

.

 

2009-02-06 17:19 . 09-02-06 17:19 8,192 --a------ c:\winnt\REGLOCS.OLD

2009-02-06 16:52 . 09-02-06 16:53 <DIR> d-------- C:\32788R22FWJFW

2009-02-06 14:56 . 09-02-06 14:56 <DIR> d-------- c:\winnt\ERUNT

2009-02-05 21:33 . 09-02-06 15:53 <DIR> d-------- C:\SDFix

2009-01-29 05:59 . 09-02-06 16:06 376,396 ---h----- c:\winnt\ShellIconCache

2009-01-21 02:30 . 09-01-21 02:30 17,152 --a------ c:\winnt\system32\drivers\IsDrv118.sys

2009-01-20 06:55 . 09-01-20 06:55 20,336 --ahs---- C:\asdfjlasdjf.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 19:27 17,459 ----a-w c:\winnt\system32\sysdll.bin

2007-04-27 22:33 271 ---h--w c:\program files\desktop.ini

2007-04-27 22:33 21,952 -c-h--w c:\program files\folder.htt

1999-12-06 21:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"System DLL Resources"="c:\winnt\system32\sysdll.exe" [08-09-18 18:08 102400]

"GlobalFlagimglog2"="c:\winnt\system32\svchhost.exe" [08-10-03 19:15 513024]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [08-07-19 11:38 78008]

"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 111376 c:\winnt\system32\mobsync.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= mmdrv.dll

 

R3 NtApm;NT Apm/Legacy Interface Driver;c:\winnt\system32\DRIVERS\NtApm.sys [99-09-25 08:36 9104]

S1 aswSP;avast! Self Protection; [x]

S2 aswMon;avast! Standard Shield Support; [x]

S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\DRIVERS\openhci.sys [03-06-19 13:05 24784]

S3 SiSV6306;SiSV6306;c:\winnt\system32\DRIVERS\SiS6306p.sys [99-09-27 18:02 71280]

 

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - IPNAT

*NewlyCreated* - NVMINI

*NewlyCreated* - RASAUTO

*NewlyCreated* - SHAREDACCESS

*Deregistered* - aswUpdSv

*Deregistered* - Browser

*Deregistered* - Dhcp

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - EventSystem

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - Messenger

*Deregistered* - Netman

*Deregistered* - NtmsSvc

*Deregistered* - Null

*Deregistered* - nvmini

*Deregistered* - Parallel

*Deregistered* - Parport

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PolicyAgent

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - RasAcd

*Deregistered* - RasAuto

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - serenum

*Deregistered* - SharedAccess

*Deregistered* - Spooler

*Deregistered* - Srv

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - Wanarp

*Deregistered* - WinMgmt

*Deregistered* - Wmi

*Deregistered* - wuauserv

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{97421D0D-E07F-40DF-8F07-99597B9585AD} - c:\winnt\Downloaded Program Files\ThunderAdvise.dll

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

LSP: %SystemRoot%\system32\msafd.dll

TCP: {47A70847-A477-4924-AD71-06CD5B94140C} = 200.204.0.10,200.204.0.138

TCP: {B00E5750-61CC-488C-9DB6-EDDE80415F50} = 200.204.0.10,200.204.0.138

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 17:27:03

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\winnt\system32\drivers\nvmini.sys 17152 bytes executable

c:\winnt\system32\linkinfo.dll 17680 bytes executable

 

scan completed successfully

hidden files: 2

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]

"ImagePath"="system32\DRIVERS\nvmini.sys"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(184)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

 

- - - - - - - > 'explorer.exe'(1108)

c:\winnt\AppPatch\AcLayers.DLL

c:\winnt\System32\browseui.dll

.

Completion time: 2009-02-06 17:42:10 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-06 19:41:37

 

Pre-Run: 7,415,382,016 bytes free

Post-Run: 7,481,692,160 bytes free

 

180

 

 

 

E aqui vai o LOG DOS SDFIX:

 

 

SDFix: Version 1.240

Run by simone on Fri 02/06/2009 at 3:06p

 

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\DOCUME~1\SIMONE~1.SIM\LOCALS~1\Temp\01.exe - Deleted

C:\WINNT\linkinfo.dll - Deleted

C:\WINNT\ponto.DLL - Deleted

C:\WINNT\system32\MEGATRON.ini - Deleted

C:\WINNT\system32\system.exe - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 15:31:48

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvmini]

"Type"=dword:00000001

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"system32\DRIVERS\nvmini.sys"

"DisplayName"="NVIDIA Compatible Windows Miniport Driver"

"Tag"=dword:00000007

"Group"="Pointer Port"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFlt]

"Type"=dword:00000001

"Start"=dword:00000003

"ErrorControl"=dword:00000001

"ImagePath"=str(2):"System32\DRIVERS\nwlnkflt.sys"

"DisplayName"="IPX Traffic Filter Driver"

"DependOnService"=str(7):"NwlnkFwd\0"

"DependOnGroup"=str(7):""

"Description"="IPX Traffic Filter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nvmini]

"Type"=dword:00000001

"Start"=dword:00000002

"ErrorControl"=dword:00000000

"ImagePath"=str(2):"system32\DRIVERS\nvmini.sys"

"DisplayName"="NVIDIA Compatible Windows Miniport Driver"

"Tag"=dword:00000007

"Group"="Pointer Port"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

C:\WINNT\system32\dllcache\linkinfo.dll 17680 bytes executable

C:\WINNT\system32\drivers\nvmini.sys 17152 bytes executable

C:\WINNT\system32\linkinfo.dll 17680 bytes executable

C:\WINNT\$NtUninstallKB900725$\linkinfo.dll 17168 bytes executable

C:\WINNT\$NtUpdateRollupPackUninstall$\linkinfo.dll 16144 bytes executable

 

scan completed successfully

hidden processes: 0

hidden services: 2

hidden files: 5

 

 

Remaining Services :

 

 

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Tue 20 Jan 2009 20,336 A.SH. --- "C:\asdfjlasdjf.dll"

Thu 25 Aug 2005 19,968 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\~WRL0001.tmp"

Wed 20 Dec 2006 19,968 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\~WRL0005.tmp"

Mon 11 Sep 2006 63,488 ...H. --- "C:\Documents and Settings\simone\Application Data\Microsoft\Word\~WRL0345.tmp"

Mon 11 Sep 2006 64,512 ...H. --- "C:\Documents and Settings\simone\Application Data\Microsoft\Word\~WRL1018.tmp"

Wed 13 Sep 2006 23,040 ...H. --- "C:\Documents and Settings\simone\Application Data\Microsoft\Word\~WRL1381.tmp"

Mon 11 Sep 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Application Data\Microsoft\Word\~WRL1610.tmp"

Mon 11 Sep 2006 67,072 ...H. --- "C:\Documents and Settings\simone\Application Data\Microsoft\Word\~WRL3685.tmp"

Mon 11 Sep 2006 72,704 ...H. --- "C:\Documents and Settings\simone\Application Data\Microsoft\Word\~WRL3884.tmp"

Mon 3 Jul 2006 49,664 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0001.tmp"

Thu 6 Jul 2006 61,440 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0002.tmp"

Thu 6 Jul 2006 48,640 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0003.tmp"

Thu 6 Jul 2006 62,464 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0004.tmp"

Mon 10 Jul 2006 76,800 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0005.tmp"

Mon 10 Jul 2006 79,360 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0006.tmp"

Mon 10 Jul 2006 48,640 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0007.tmp"

Mon 11 Sep 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0008.tmp"

Thu 28 Sep 2006 67,072 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0009.tmp"

Thu 5 Oct 2006 35,328 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0010.tmp"

Mon 23 Oct 2006 67,072 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0011.tmp"

Mon 30 Oct 2006 58,368 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0012.tmp"

Fri 3 Nov 2006 53,248 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0013.tmp"

Mon 6 Nov 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0014.tmp"

Mon 6 Nov 2006 63,488 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0015.tmp"

Wed 28 Feb 2007 38,912 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0016.tmp"

Wed 11 Apr 2007 35,840 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0017.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0073.tmp"

Mon 10 Jul 2006 77,824 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0093.tmp"

Tue 14 Nov 2006 54,272 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0150.tmp"

Fri 3 Nov 2006 70,656 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0176.tmp"

Mon 23 Oct 2006 67,072 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0203.tmp"

Wed 4 Oct 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0332.tmp"

Mon 11 Sep 2006 61,440 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0489.tmp"

Mon 23 Oct 2006 70,144 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0538.tmp"

Wed 8 Nov 2006 74,752 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0548.tmp"

Mon 23 Oct 2006 70,144 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0613.tmp"

Mon 10 Jul 2006 77,824 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0681.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0776.tmp"

Mon 11 Sep 2006 66,048 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0867.tmp"

Wed 4 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL0986.tmp"

Wed 4 Oct 2006 63,488 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1025.tmp"

Fri 3 Nov 2006 70,144 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1078.tmp"

Wed 4 Oct 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1088.tmp"

Tue 17 Oct 2006 22,528 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1222.tmp"

Wed 4 Oct 2006 65,536 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1311.tmp"

Mon 6 Nov 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1398.tmp"

Mon 11 Sep 2006 73,728 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1467.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1480.tmp"

Mon 23 Oct 2006 66,048 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1517.tmp"

Wed 4 Oct 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1558.tmp"

Mon 11 Sep 2006 65,536 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1575.tmp"

Wed 4 Oct 2006 65,024 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1618.tmp"

Wed 4 Oct 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1662.tmp"

Mon 6 Nov 2006 62,464 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1663.tmp"

Tue 8 Aug 2006 76,288 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1765.tmp"

Thu 6 Jul 2006 49,152 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1964.tmp"

Fri 6 Oct 2006 31,744 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL1970.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2231.tmp"

Mon 23 Oct 2006 71,168 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2232.tmp"

Mon 30 Oct 2006 22,016 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2321.tmp"

Wed 4 Oct 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2354.tmp"

Mon 11 Sep 2006 66,048 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2368.tmp"

Fri 3 Nov 2006 72,704 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2428.tmp"

Mon 10 Jul 2006 77,824 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2460.tmp"

Mon 11 Sep 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2505.tmp"

Mon 23 Oct 2006 71,168 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2542.tmp"

Mon 11 Sep 2006 72,704 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2593.tmp"

Mon 11 Sep 2006 78,336 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2601.tmp"

Mon 11 Sep 2006 62,464 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2632.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2635.tmp"

Mon 11 Sep 2006 66,048 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2698.tmp"

Mon 11 Sep 2006 70,656 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2786.tmp"

Fri 6 Oct 2006 68,608 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2885.tmp"

Mon 23 Oct 2006 70,144 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2900.tmp"

Wed 1 Nov 2006 70,656 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL2975.tmp"

Mon 11 Sep 2006 74,752 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3024.tmp"

Fri 3 Nov 2006 70,144 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3060.tmp"

Mon 11 Sep 2006 62,464 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3064.tmp"

Mon 6 Nov 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3240.tmp"

Mon 11 Sep 2006 64,512 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3258.tmp"

Mon 11 Sep 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3281.tmp"

Thu 6 Jul 2006 49,152 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3372.tmp"

Tue 7 Nov 2006 74,240 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3385.tmp"

Mon 11 Sep 2006 62,464 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3494.tmp"

Wed 4 Oct 2006 64,512 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3574.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3593.tmp"

Mon 11 Sep 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3608.tmp"

Mon 11 Sep 2006 63,488 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3616.tmp"

Wed 11 Apr 2007 35,840 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3693.tmp"

Mon 10 Jul 2006 48,640 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3720.tmp"

Wed 4 Oct 2006 62,976 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3742.tmp"

Fri 3 Nov 2006 71,680 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3781.tmp"

Mon 11 Sep 2006 66,048 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3795.tmp"

Tue 8 Aug 2006 78,336 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3829.tmp"

Mon 23 Oct 2006 70,656 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3879.tmp"

Mon 23 Oct 2006 70,144 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL3920.tmp"

Mon 11 Sep 2006 64,000 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL4066.tmp"

Thu 6 Jul 2006 49,152 ...H. --- "C:\Documents and Settings\simone\Desktop\Alpha Magazine\Etiquetas\~WRL4083.tmp"

Thu 20 Sep 2007 36,352 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\~WRL0003.tmp"

Fri 21 Sep 2007 36,352 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\~WRL0211.tmp"

Fri 21 Sep 2007 36,352 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\~WRL1873.tmp"

Fri 21 Sep 2007 36,352 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\~WRL2337.tmp"

Fri 21 Sep 2007 36,352 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\~WRL2958.tmp"

Fri 21 Sep 2007 35,840 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\~WRL3063.tmp"

Mon 24 Nov 2008 42,496 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0001.tmp"

Fri 30 Jan 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0002.tmp"

Tue 25 Nov 2008 42,496 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0003.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0004.tmp"

Tue 25 Nov 2008 43,008 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0237.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0285.tmp"

Wed 26 Nov 2008 42,496 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL0833.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL1049.tmp"

Tue 25 Nov 2008 43,008 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL1629.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL2135.tmp"

Wed 26 Nov 2008 43,008 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL2641.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL2977.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL3403.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL3555.tmp"

Tue 3 Feb 2009 41,472 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL3796.tmp"

Tue 25 Nov 2008 43,520 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Anuncios para Priscila\~WRL3957.tmp"

Mon 3 Jul 2006 49,664 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0001.tmp"

Thu 6 Jul 2006 61,440 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0002.tmp"

Thu 6 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0003.tmp"

Thu 6 Jul 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0004.tmp"

Mon 10 Jul 2006 76,800 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0005.tmp"

Mon 10 Jul 2006 79,360 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0006.tmp"

Mon 10 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0007.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0008.tmp"

Thu 28 Sep 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0009.tmp"

Thu 5 Oct 2006 35,328 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0010.tmp"

Mon 23 Oct 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0011.tmp"

Mon 30 Oct 2006 58,368 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0012.tmp"

Fri 3 Nov 2006 53,248 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0013.tmp"

Mon 6 Nov 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0014.tmp"

Mon 6 Nov 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0015.tmp"

Wed 28 Feb 2007 38,912 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0016.tmp"

Wed 11 Apr 2007 35,840 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0017.tmp"

Thu 26 Apr 2007 75,264 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0018.tmp"

Wed 5 Dec 2007 46,592 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0019.tmp"

Sat 30 Sep 2000 58,368 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0020.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0073.tmp"

Mon 10 Jul 2006 77,824 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0093.tmp"

Tue 14 Nov 2006 54,272 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0150.tmp"

Fri 3 Nov 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0176.tmp"

Mon 23 Oct 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0203.tmp"

Sat 30 Sep 2000 44,544 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0267.tmp"

Wed 4 Oct 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0332.tmp"

Thu 6 Dec 2007 58,368 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0377.tmp"

Thu 26 Apr 2007 34,816 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0485.tmp"

Mon 11 Sep 2006 61,440 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0489.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0538.tmp"

Wed 8 Nov 2006 74,752 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0548.tmp"

Thu 6 Dec 2007 57,344 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0593.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0613.tmp"

Mon 4 Aug 2008 57,344 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0641.tmp"

Mon 10 Jul 2006 77,824 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0681.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0776.tmp"

Thu 6 Dec 2007 56,320 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0797.tmp"

Mon 4 Aug 2008 58,880 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0822.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0867.tmp"

Wed 4 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL0986.tmp"

Wed 4 Oct 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1025.tmp"

Fri 3 Nov 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1078.tmp"

Wed 4 Oct 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1088.tmp"

Tue 17 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1222.tmp"

Wed 4 Oct 2006 65,536 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1311.tmp"

Mon 6 Nov 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1398.tmp"

Mon 11 Sep 2006 73,728 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1467.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1480.tmp"

Fri 27 Apr 2007 34,816 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1489.tmp"

Mon 23 Oct 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1517.tmp"

Thu 6 Dec 2007 57,856 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1534.tmp"

Wed 4 Oct 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1558.tmp"

Mon 11 Sep 2006 65,536 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1575.tmp"

Wed 4 Oct 2006 65,024 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1618.tmp"

Thu 6 Dec 2007 56,832 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1625.tmp"

Wed 4 Oct 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1662.tmp"

Mon 6 Nov 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1663.tmp"

Tue 8 Aug 2006 76,288 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1765.tmp"

Thu 6 Dec 2007 55,808 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1862.tmp"

Thu 6 Jul 2006 49,152 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1964.tmp"

Fri 6 Oct 2006 31,744 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL1970.tmp"

Mon 4 Aug 2008 58,880 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2040.tmp"

Mon 4 Aug 2008 53,760 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2103.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2231.tmp"

Mon 23 Oct 2006 71,168 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2232.tmp"

Sat 30 Sep 2000 56,832 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2254.tmp"

Mon 30 Oct 2006 22,016 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2321.tmp"

Wed 4 Oct 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2354.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2368.tmp"

Mon 4 Aug 2008 58,368 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2408.tmp"

Fri 3 Nov 2006 72,704 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2428.tmp"

Thu 6 Dec 2007 52,736 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2450.tmp"

Mon 10 Jul 2006 77,824 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2460.tmp"

Thu 6 Dec 2007 55,808 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2480.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2505.tmp"

Mon 23 Oct 2006 71,168 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2542.tmp"

Mon 11 Sep 2006 72,704 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2593.tmp"

Mon 11 Sep 2006 78,336 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2601.tmp"

Thu 6 Dec 2007 51,200 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2631.tmp"

Mon 11 Sep 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2632.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2635.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2698.tmp"

Mon 11 Sep 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2786.tmp"

Thu 6 Dec 2007 56,320 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2825.tmp"

Fri 6 Oct 2006 68,608 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2885.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2900.tmp"

Wed 1 Nov 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL2975.tmp"

Mon 11 Sep 2006 74,752 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3024.tmp"

Fri 3 Nov 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3060.tmp"

Mon 11 Sep 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3064.tmp"

Sun 3 Aug 2008 49,152 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3096.tmp"

Thu 6 Dec 2007 56,320 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3121.tmp"

Thu 6 Dec 2007 52,224 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3237.tmp"

Mon 6 Nov 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3240.tmp"

Mon 11 Sep 2006 64,512 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3258.tmp"

Mon 4 Aug 2008 49,664 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3273.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3281.tmp"

Thu 6 Jul 2006 49,152 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3372.tmp"

Tue 7 Nov 2006 74,240 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3385.tmp"

Thu 6 Dec 2007 47,616 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3458.tmp"

Mon 11 Sep 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3494.tmp"

Mon 4 Aug 2008 58,368 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3504.tmp"

Wed 4 Oct 2006 64,512 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3574.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3593.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3608.tmp"

Mon 11 Sep 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3616.tmp"

Mon 4 Aug 2008 57,856 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3631.tmp"

Wed 11 Apr 2007 35,840 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3693.tmp"

Mon 10 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3720.tmp"

Wed 4 Oct 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3742.tmp"

Fri 3 Nov 2006 71,680 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3781.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3795.tmp"

Thu 6 Dec 2007 58,368 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3805.tmp"

Tue 8 Aug 2006 78,336 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3829.tmp"

Thu 6 Dec 2007 49,664 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3849.tmp"

Mon 23 Oct 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3879.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3920.tmp"

Mon 4 Aug 2008 58,368 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL3933.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL4066.tmp"

Thu 6 Jul 2006 49,152 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\~WRL4083.tmp"

Mon 30 Jun 2008 72,704 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0001.tmp"

Thu 6 Nov 2008 125,440 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0002.tmp"

Wed 23 Apr 2008 149,504 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0004.tmp"

Tue 1 Jul 2008 72,704 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0005.tmp"

Tue 1 Jul 2008 79,360 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0064.tmp"

Wed 23 Apr 2008 145,408 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0121.tmp"

Tue 1 Jul 2008 79,360 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0213.tmp"

Tue 1 Jul 2008 77,824 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0229.tmp"

Tue 1 Jul 2008 73,728 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0241.tmp"

Tue 1 Jul 2008 75,776 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0267.tmp"

Tue 1 Jul 2008 74,752 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0651.tmp"

Tue 1 Jul 2008 77,824 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL0993.tmp"

Tue 1 Jul 2008 72,704 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1090.tmp"

Tue 1 Jul 2008 77,824 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1119.tmp"

Tue 1 Jul 2008 79,872 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1332.tmp"

Tue 1 Jul 2008 77,824 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1532.tmp"

Tue 1 Jul 2008 76,800 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1562.tmp"

Tue 1 Jul 2008 78,336 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1686.tmp"

Thu 6 Nov 2008 125,440 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1714.tmp"

Tue 1 Jul 2008 77,824 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1724.tmp"

Tue 1 Jul 2008 74,752 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1803.tmp"

Tue 1 Jul 2008 76,800 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL1854.tmp"

Tue 1 Jul 2008 73,728 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2006.tmp"

Wed 23 Apr 2008 149,504 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2088.tmp"

Tue 1 Jul 2008 75,264 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2223.tmp"

Tue 1 Jul 2008 79,360 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2402.tmp"

Tue 1 Jul 2008 80,384 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2651.tmp"

Wed 23 Apr 2008 144,384 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2691.tmp"

Tue 1 Jul 2008 76,800 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL2910.tmp"

Wed 23 Apr 2008 145,920 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3013.tmp"

Tue 1 Jul 2008 78,848 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3160.tmp"

Tue 1 Jul 2008 79,872 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3210.tmp"

Wed 23 Apr 2008 145,408 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3381.tmp"

Tue 1 Jul 2008 77,824 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3392.tmp"

Tue 1 Jul 2008 75,264 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3496.tmp"

Wed 23 Apr 2008 144,384 ...H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Daiane\Alpha Magazine\Etiquetas\f Etiquetas 2008\~WRL3749.tmp"

Thu 25 Aug 2005 19,968 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Meus documentos\~WRL0001.tmp"

Wed 20 Dec 2006 19,968 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Meus documentos\~WRL0005.tmp"

Mon 11 Sep 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Application Data\Microsoft\Word\~WRL0345.tmp"

Mon 11 Sep 2006 64,512 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Application Data\Microsoft\Word\~WRL1018.tmp"

Wed 13 Sep 2006 23,040 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Application Data\Microsoft\Word\~WRL1381.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Application Data\Microsoft\Word\~WRL1610.tmp"

Mon 11 Sep 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Application Data\Microsoft\Word\~WRL3685.tmp"

Mon 11 Sep 2006 72,704 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Application Data\Microsoft\Word\~WRL3884.tmp"

Mon 3 Jul 2006 49,664 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0001.tmp"

Thu 6 Jul 2006 61,440 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0002.tmp"

Thu 6 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0003.tmp"

Thu 6 Jul 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0004.tmp"

Mon 10 Jul 2006 76,800 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0005.tmp"

Mon 10 Jul 2006 79,360 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0006.tmp"

Mon 10 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0007.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0008.tmp"

Thu 28 Sep 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0009.tmp"

Thu 5 Oct 2006 35,328 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0010.tmp"

Mon 23 Oct 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0011.tmp"

Mon 30 Oct 2006 58,368 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0012.tmp"

Fri 3 Nov 2006 53,248 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0013.tmp"

Mon 6 Nov 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0014.tmp"

Mon 6 Nov 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0015.tmp"

Wed 28 Feb 2007 38,912 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0016.tmp"

Wed 11 Apr 2007 35,840 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0017.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0073.tmp"

Mon 10 Jul 2006 77,824 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0093.tmp"

Tue 14 Nov 2006 54,272 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0150.tmp"

Fri 3 Nov 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0176.tmp"

Mon 23 Oct 2006 67,072 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0203.tmp"

Wed 4 Oct 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0332.tmp"

Mon 11 Sep 2006 61,440 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0489.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0538.tmp"

Wed 8 Nov 2006 74,752 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0548.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0613.tmp"

Mon 10 Jul 2006 77,824 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0681.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0776.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0867.tmp"

Wed 4 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL0986.tmp"

Wed 4 Oct 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1025.tmp"

Fri 3 Nov 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1078.tmp"

Wed 4 Oct 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1088.tmp"

Tue 17 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1222.tmp"

Wed 4 Oct 2006 65,536 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1311.tmp"

Mon 6 Nov 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1398.tmp"

Mon 11 Sep 2006 73,728 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1467.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1480.tmp"

Mon 23 Oct 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1517.tmp"

Wed 4 Oct 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1558.tmp"

Mon 11 Sep 2006 65,536 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1575.tmp"

Wed 4 Oct 2006 65,024 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1618.tmp"

Wed 4 Oct 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1662.tmp"

Mon 6 Nov 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1663.tmp"

Tue 8 Aug 2006 76,288 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1765.tmp"

Thu 6 Jul 2006 49,152 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1964.tmp"

Fri 6 Oct 2006 31,744 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL1970.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2231.tmp"

Mon 23 Oct 2006 71,168 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2232.tmp"

Mon 30 Oct 2006 22,016 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2321.tmp"

Wed 4 Oct 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2354.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2368.tmp"

Fri 3 Nov 2006 72,704 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2428.tmp"

Mon 10 Jul 2006 77,824 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2460.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2505.tmp"

Mon 23 Oct 2006 71,168 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2542.tmp"

Mon 11 Sep 2006 72,704 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2593.tmp"

Mon 11 Sep 2006 78,336 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2601.tmp"

Mon 11 Sep 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2632.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2635.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2698.tmp"

Mon 11 Sep 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2786.tmp"

Fri 6 Oct 2006 68,608 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2885.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2900.tmp"

Wed 1 Nov 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL2975.tmp"

Mon 11 Sep 2006 74,752 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3024.tmp"

Fri 3 Nov 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3060.tmp"

Mon 11 Sep 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3064.tmp"

Mon 6 Nov 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3240.tmp"

Mon 11 Sep 2006 64,512 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3258.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3281.tmp"

Thu 6 Jul 2006 49,152 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3372.tmp"

Tue 7 Nov 2006 74,240 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3385.tmp"

Mon 11 Sep 2006 62,464 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3494.tmp"

Wed 4 Oct 2006 64,512 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3574.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3593.tmp"

Mon 11 Sep 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3608.tmp"

Mon 11 Sep 2006 63,488 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3616.tmp"

Wed 11 Apr 2007 35,840 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3693.tmp"

Mon 10 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3720.tmp"

Wed 4 Oct 2006 62,976 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3742.tmp"

Fri 3 Nov 2006 71,680 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3781.tmp"

Mon 11 Sep 2006 66,048 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3795.tmp"

Tue 8 Aug 2006 78,336 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3829.tmp"

Mon 23 Oct 2006 70,656 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3879.tmp"

Mon 23 Oct 2006 70,144 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL3920.tmp"

Mon 11 Sep 2006 64,000 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL4066.tmp"

Thu 6 Jul 2006 49,152 A..H. --- "C:\Documents and Settings\simone.SIMONE\Desktop\Meus documentos\Documents and Settings\rafaela\Desktop\Alpha Magazine\Etiquetas\~WRL4083.tmp"

 

Finished!

 

 

Novamente, muito obrigado pela força! E um abração!

[Sam Spade 2]

Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

 

Selecione e copie o texto dentro do QUOTE. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

File::

C:\asdfjlasdjf.dll

c:\winnt\system32\sysdll.bin

c:\winnt\system32\sysdll.exe

c:\winnt\system32\svchhost.exe

c:\winnt\system32\linkinfo.dll

 

Rootkit::

c:\winnt\system32\drivers\IsDrv118.sys

c:\winnt\system32\drivers\nvmini.sys

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"System DLL Resources"=-

"GlobalFlagimglog2"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]

 

Driver::

nvmini

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

 

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, então reinicie manualmente.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

OBS: Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e dificultará a remoção do(s) malware(s)

 

Poste o novo log do ComboFix, juntamente com um novo log do HijackThis.

[DoutorBanner 0]

Aqui estão ambos os logs, Sam! Primeiro, o do ComboFix:

 

ComboFix 09-02-06.01 - simone 02/12/2009 8:46:18.2 - NTFSx86

Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.247.161 [GMT -3:00]

Running from: c:\documents and settings\simone.SIMONE\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\simone.SIMONE\Desktop\CFScript.txt

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE ::

C:\asdfjlasdjf.dll

c:\winnt\system32\linkinfo.dll

c:\winnt\system32\svchhost.exe

c:\winnt\system32\sysdll.bin

c:\winnt\system32\sysdll.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\asdfjlasdjf.dll

c:\winnt\system32\drivers\IsDrv118.sys

c:\winnt\system32\drivers\nvmini.sys

c:\winnt\system32\svchhost.exe

c:\winnt\system32\sysdll.bin

c:\winnt\system32\sysdll.exe

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NVMINI

-------\Service_IsDrv118

 

 

((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))

.

 

2009-02-12 08:39 . 09-02-12 08:41 <DIR> d-------- C:\32788R22FWJFW

2009-02-06 16:19 . 09-02-06 16:19 8,192 --a------ c:\winnt\REGLOCS.OLD

2009-02-06 15:52 . 09-02-06 15:53 <DIR> d-------- C:\32788R22FWJFW.0.tmp

2009-02-06 13:56 . 09-02-06 13:56 <DIR> d-------- c:\winnt\ERUNT

2009-02-05 20:33 . 09-02-06 14:53 <DIR> d-------- C:\SDFix

2009-01-29 04:59 . 09-02-10 15:14 463,610 ---h----- c:\winnt\ShellIconCache

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-04-27 22:33 271 ---h--w c:\program files\desktop.ini

2007-04-27 22:33 21,952 -c-h--w c:\program files\folder.htt

1999-12-06 21:00 32,528 -c--a-w c:\winnt\inf\wbfirdma.sys

.

 

((((((((((((((((((((((((((((( SnapShot@Fri 2009-02-06_17.30.41.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-04-08 06:54:32 17,168 -c----w c:\winnt\$NtUninstallKB900725$\linkinfo.dll

+ 1999-12-06 21:00:00 16,144 -c----w c:\winnt\$NtUpdateRollupPackUninstall$\linkinfo.dll

- 2005-10-20 22:02:28 163,328 ----a-w c:\winnt\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 23:02:28 163,328 ----a-w c:\winnt\ERDNT\Hiv-backup\ERDNT.EXE

- 2005-10-20 22:02:28 163,328 ----a-w c:\winnt\ERDNT\subs\ERDNT.EXE

+ 2005-10-20 23:02:28 163,328 ----a-w c:\winnt\ERDNT\subs\ERDNT.EXE

- 2000-08-31 10:00:00 29,696 ----a-w c:\winnt\NIRCMD.exe

+ 2000-08-31 11:00:00 29,696 ----a-w c:\winnt\NIRCMD.exe

- 2000-08-31 10:00:00 161,792 ----a-w c:\winnt\SWREG.exe

+ 2000-08-31 11:00:00 161,792 ----a-w c:\winnt\SWREG.exe

+ 2005-09-23 11:03:25 17,680 -c--a-w c:\winnt\system32\dllcache\linkinfo.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [08-07-19 10:38 78008]

"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 c:\winnt\system32\mobsync.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"= mmdrv.dll

 

R3 NtApm;NT Apm/Legacy Interface Driver;c:\winnt\system32\DRIVERS\NtApm.sys [99-09-25 07:36 9104]

S1 aswSP;avast! Self Protection; [x]

S2 aswMon;avast! Standard Shield Support; [x]

 

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - aswUpdSv

*Deregistered* - Browser

*Deregistered* - Dhcp

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - EventSystem

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LmHosts

*Deregistered* - Messenger

*Deregistered* - Netman

*Deregistered* - NtmsSvc

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasAuto

*Deregistered* - RasMan

*Deregistered* - Rdbss

*Deregistered* - RemoteRegistry

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - serenum

*Deregistered* - SharedAccess

*Deregistered* - Spooler

*Deregistered* - Srv

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - Wanarp

*Deregistered* - WinMgmt

*Deregistered* - Wmi

*Deregistered* - wuauserv

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

LSP: %SystemRoot%\system32\msafd.dll

TCP: {47A70847-A477-4924-AD71-06CD5B94140C} = 200.204.0.10,200.204.0.138

TCP: {B00E5750-61CC-488C-9DB6-EDDE80415F50} = 200.204.0.10,200.204.0.138

DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-12 09:14:37

Windows 5.0.2195 Service Pack 4 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(180)

c:\winnt\system32\wzcdlg.dll

c:\winnt\system32\WZCSAPI.DLL

 

- - - - - - - > 'explorer.exe'(976)

c:\winnt\AppPatch\AcLayers.DLL

c:\winnt\System32\browseui.dll

.

Completion time: 2009-02-12 9:25:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-02-12 12:24:55

ComboFix2.txt 2009-02-06 19:42:23

 

Pre-Run: 7,467,704,320 bytes free

Post-Run: 7,464,230,912 bytes free

 

143

 

 

E aqui, o do Hijack:

 

Logfile of HijackThis v1.99.1

Scan saved at 9:33:55 AM, on 2/12/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\explorer.exe

C:\Documents and Settings\simone.SIMONE\Desktop\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{47A70847-A477-4924-AD71-06CD5B94140C}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CCS\Services\Tcpip\..\{B00E5750-61CC-488C-9DB6-EDDE80415F50}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{47A70847-A477-4924-AD71-06CD5B94140C}: NameServer = 200.204.0.10,200.204.0.138

O17 - HKLM\System\CS2\Services\Tcpip\..\{47A70847-A477-4924-AD71-06CD5B94140C}: NameServer = 200.204.0.10,200.204.0.138

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

 

Abraços e muito obrigado!

[Sam Spade 2]

Ok, os logs estão limpos. Há apenas entradas do Alexa Related, comuns em Windows que não são XP com SP2/SP3.

 

• Abra o HijackThis e clique em Do a system scan only
  Aguarde o exame acabar.
  Cada entrada tem uma caixa do lado esquerdo.
  Marque apenas as caixas das entradas abaixo:
   
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
   
  O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
   
   
  Ficará com um sinal V dentro de cada caixa.
   
  Clique então em . Dê o Ok para a pergunta e depois feche o HijackThis.
  

Para finalizar, vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /u

 

Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix, deletar os arquivos e pastas relacionados e apagará pontos da Restauração do sistema que possam estar infectados, criando um ponto limpo.

 

Leia estes artigos sobre segurança:

 

Proteja seu PC

Cuidados ao navegar na net.

 

Abraço.

[DoutorBanner 0]

Muito obrigado, Sam! Tanto pela solução, quanto pela agilidade. Grande abraço! Tópico resolvdo!

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.