[Arquivado] Log hijack this

[Manoela 0]

Oi gente,

gostaria que vocês dessem uma olhada no log do hijackthis do meu notebook. Ele está um pouco lento, demorando a abrir certos programas...

antes do log eu passei antivirus, mvregclean, desfragmentei, ccleaner, mvantispy..mas continua um pouco lento. Será que pode ser pq tem muitos programas instalados?

lá vai:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:58:37, on 4/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack this\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203

O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7025 bytes

 

 

grata,

[DigRam 144]

Boa Tarde! Manoela

 

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<!> <1> OTL.txt <--

<!> <2> Extra.txt <--

 

Abraços!

[Manoela 0]

poderia me explicar para que serve esse programa??

[DigRam 144]

poderia me explicar para que serve esse programa??

/////////\\\\\\\\

Opa! Manoela

 

<!> Executará,apenas,verificação de diagnóstico e sem implementar fixes automáticos.

 

Abraços!

[Manoela 0]

Olá DigRam!!!

Entonces aqui está os logs:

 

OTL.TXT:

OTL logfile created on: 8/6/2010 10:59:50 - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\USER\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 68,36 Gb Total Space | 5,51 Gb Free Space | 8,06% Space Free | Partition Type: NTFS

Drive D: | 80,68 Gb Total Space | 11,34 Gb Free Space | 14,06% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 11,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MOVEL

Current User Name: USER

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)

PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe ()

PRC - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\nvwimg.dll ()

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (NMIndexingService) -- File not found

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (nTuneService) -- C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)

SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (LightScribeService) -- C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (hwusbdev) -- C:\WINDOWS\system32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (winbondhidcir) -- C:\WINDOWS\system32\drivers\winbondhidcir.sys (Winbond Electronics Corporation)

DRV - (hidshim) -- C:\WINDOWS\system32\drivers\hidshim.sys (Windows ® Codename Longhorn DDK provider)

DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage

IE - HKU\S-1-5-21-682003330-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "BS.Player Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/04/07 09:30:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/07 22:07:02 | 000,000,000 | ---D | M]

 

[2008/09/07 00:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Extensions

[2010/04/12 09:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\hlw1vgmr.default\extensions

[2010/04/08 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\hlw1vgmr.default\extensions\staged-xpis

[2008/08/14 23:21:31 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\hlw1vgmr.default\searchplugins\bsplayer-search.xml

[2010/06/04 19:37:34 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/05/07 22:07:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

[2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010/03/11 13:07:44 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/03/11 13:07:44 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/03/11 13:07:44 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/03/11 13:07:44 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2009/10/27 14:17:54 | 000,347,193 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 11904 more lines...

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found

O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found.

O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-682003330-583907252-725345543-1003..\Run: [NVIDIA nTune] C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Arquivos de programas\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/11 21:32:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2007/11/08 04:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1c749756-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{2301946c-34e4-11de-bf34-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{2cd47f44-671c-11de-bf81-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{591b091f-4f8a-11de-bf63-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{5a080ea2-1298-11de-bee1-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Autoplay\command - "" = autorun.exe

O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\explore\Command - "" = autorun.exe

O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Open\Command - "" = autorun.exe

O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\AutoRun\command - "" = cfdflx.com

O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\explore\Command - "" = cfdflx.com

O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\open\Command - "" = cfdflx.com

O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\AutoRun\command - "" = diskdrive.exe

O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\open\command - "" = diskdrive.exe

O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\AutoRun\command - "" = LHcLgR.ExE

O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\oPEn\cOmmAND - "" = lhClgR.EXe

O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{eb7835a4-cdf0-11de-8019-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/11 18:19:12 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - StartUpFolder: C:^Documents and Settings^USER^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - (Sony Corporation)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)

MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07} - .NET Framework

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Atualização de Segurança para Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/06/04 20:33:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

[2010/05/27 02:43:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\USER\Recent

[2010/05/25 17:46:43 | 000,000,000 | ---D | C] -- C:\OutputFolder

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/06/08 10:53:14 | 000,001,953 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\OTL.rtf

[2010/06/04 20:34:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe

[2010/06/04 19:24:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/04 19:24:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/04 19:24:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/02 23:46:54 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT

[2010/05/27 02:43:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\CCleaner.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/08 10:53:13 | 000,001,953 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\OTL.rtf

[2010/05/22 20:36:48 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll

[2010/02/09 21:02:01 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI

[2010/02/09 13:56:53 | 000,000,209 | ---- | C] () -- C:\WINDOWS\entpack.ini

[2009/12/09 12:02:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/12/09 12:02:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/20 09:00:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI

[2009/08/15 16:40:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI

[2009/05/14 12:29:22 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2009/04/29 10:45:28 | 000,000,254 | ---- | C] () -- C:\WINDOWS\rec-net.ini

[2009/04/29 10:26:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2008/12/10 11:05:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI

[2008/08/14 22:43:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/11 10:59:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2007/07/24 22:45:02 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/07/24 22:45:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/07/24 22:44:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/07/24 22:44:44 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2007/01/03 05:40:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2004/02/26 03:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

 

========== LOP Check ==========

 

[2009/05/14 20:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ashampoo

[2008/11/03 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Farm Frenzy

[2008/06/25 16:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\iWin Games

[2009/09/05 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Jovian Archive Corp

[2008/06/26 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo

[2008/06/26 16:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\n7-89-o9-3r-4t-r9

[2010/05/27 01:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2008/11/03 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

[2010/05/17 22:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\AnvSoft

[2009/05/14 20:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Ashampoo

[2009/12/13 20:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Auslogics

[2007/01/05 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\BitTorrent

[2008/12/10 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\FileMaker

[2008/07/23 23:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\GameHouse

[2010/02/02 10:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\GARMIN

[2009/09/05 13:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Jovian Archive

[2010/02/02 08:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Leadertech

[2010/05/17 22:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\OpenCandy

[2008/08/08 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Thinstall

[2010/05/21 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Vso

[2008/11/17 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Zylom

[2009/09/05 02:51:08 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\eventlog.dll

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\system32\dllcache\eventlog.dll

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\scecli.dll

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\system32\dllcache\scecli.dll

 

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\sfcfiles.dll

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\system32\sfcfiles.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\netlogon.dll

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\system32\dllcache\netlogon.dll

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34

< End of report >

 

 

EXTRAS.TXT:

OTL Extras logfile created on: 8/6/2010 10:59:50 - Run 1

OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\USER\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 68,36 Gb Total Space | 5,51 Gb Free Space | 8,06% Space Free | Partition Type: NTFS

Drive D: | 80,68 Gb Total Space | 11,34 Gb Free Space | 14,06% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 11,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: MOVEL

Current User Name: USER

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"2561:TCP" = 2561:TCP:*:Enabled:tbomrby

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe" = C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found

"C:\Arquivos de programas\iWin Games\iWinGames.exe" = C:\Arquivos de programas\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- File not found

"C:\Arquivos de programas\iWin Games\WebUpdater.exe" = C:\Arquivos de programas\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- File not found

"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe" = C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe:*:Enabled:pyrun -- File not found

"C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe" = C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe:*:Enabled:pyrun -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

"{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5

"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20

"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}" = Assistente de Conexão do Windows Live

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5

"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload

"{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal

"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Help

"{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tour

"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare

"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth

"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AC76BA86-7AD7-1046-7B44-A81200000003}" = Adobe Reader 8.1.2 - Português

"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer

"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E443F067-3345-482C-BD7A-12675A53D292}" = Readme

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trb

"{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310

"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg

"{FC5D9F7B-3CC5-44A0-BCFC-D581113D3F3C}" = Maia Mechanics Imaging

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Any Video Converter_is1" = Any Video Converter 3.0.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitTorrent" = BitTorrent

"CCleaner" = CCleaner

"Debut" = Debut

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HijackThis" = HijackThis 2.0.2

"HP Photo & Imaging" = HP Image Zone 3.5

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune

"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

"iWinArcade" = iWin Games (remove only)

"L&H Power Translator Pro_is1" = 7.0

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MV AntiSpy 4.0_is1" = MV AntiSpy 4.0

"MV RegClean 5.9_is1" = MV RegClean 5.9

"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)

"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"RealAlt_is1" = Real Alternative 1.9.0

"Receitanet Java 2010.02a" = Receitanet Java 2010.02a

"SpywareBlaster_is1" = SpywareBlaster 4.3

"SystemRequirementsLab" = System Requirements Lab

"Ultra RM Converter_is1" = Ultra RM Converter 4.6.0509

"VIVO INTERNET" = VIVO INTERNET

"VLC media player" = VLC media player 1.0.5

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wubi" = Ubuntu

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xvid_is1" = Xvid 1.2.2 final uninstall

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst (remove only)

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23/5/2010 13:41:38 | Computer Name = MOVEL | Source = nview_info | ID = 11141121

Description =

 

Error - 23/5/2010 22:17:14 | Computer Name = MOVEL | Source = ESENT | ID = 490

Description = svchost (1164) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 25/5/2010 18:10:50 | Computer Name = MOVEL | Source = Application Error | ID = 1000

Description = Aplicativo com falha dvdimage.exe, versão 0.0.0.0, módulo com falha

dvdimage.exe, versão 0.0.0.0, endereço com falha 0x00005887.

 

Error - 25/5/2010 18:10:51 | Computer Name = MOVEL | Source = Application Error | ID = 1000

Description = Aplicativo com falha ultra rm converter.exe, versão 1.0.2.0, módulo

com falha ultra rm converter.exe, versão 1.0.2.0, endereço com falha 0x00031b3a.

 

Error - 27/5/2010 01:43:24 | Computer Name = MOVEL | Source = nview_info | ID = 11141121

Description =

 

Error - 2/6/2010 19:27:03 | Computer Name = MOVEL | Source = ESENT | ID = 490

Description = svchost (1164) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 2/6/2010 19:27:03 | Computer Name = MOVEL | Source = ESENT | ID = 485

Description = svchost (1164) Falha na tentativa de excluir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb",

com erro de sistema 5 (0x00000005): "Acesso negado. ". A operação de exclusão do

arquivo falhará com o erro -1032 (0xfffffbf8).

 

Error - 2/6/2010 19:27:06 | Computer Name = MOVEL | Source = ESENT | ID = 485

Description = svchost (1164) Falha na tentativa de excluir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb",

com erro de sistema 5 (0x00000005): "Acesso negado. ". A operação de exclusão do

arquivo falhará com o erro -1032 (0xfffffbf8).

 

Error - 2/6/2010 19:27:07 | Computer Name = MOVEL | Source = ESENT | ID = 490

Description = svchost (1164) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb"

para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo

já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará

com o erro -1032 (0xfffffbf8).

 

Error - 2/6/2010 19:27:07 | Computer Name = MOVEL | Source = ESENT | ID = 439

Description = Catalog Database (1164) Não é possível gravar um cabeçalho oculto

no arquivo C:\WINDOWS\system32\CatRoot2\tmp.edb. Erro -1032.

 

[ OSession Events ]

Error - 26/3/2010 18:32:02 | Computer Name = MOVEL | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1582

seconds with 480 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 27/5/2010 05:03:39 | Computer Name = MOVEL | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço wuauserv com

argumentos "" para iniciar o servidor: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 2/6/2010 11:00:15 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023

Description = O serviço Monitor Driver terminou com o erro: %%126

 

Error - 2/6/2010 11:03:54 | Computer Name = MOVEL | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço BITS com argumentos

"" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097}

 

Error - 2/6/2010 14:44:09 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023

Description = O serviço Monitor Driver terminou com o erro: %%126

 

Error - 2/6/2010 14:48:35 | Computer Name = MOVEL | Source = W32Time | ID = 39452689

Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível

de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma

nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host

inacessível. (0x80072751)

 

Error - 2/6/2010 14:48:35 | Computer Name = MOVEL | Source = W32Time | ID = 39452701

Description = O provedor de tempo NtpClient foi configurado para obter tempo de

uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

 

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient

não tem uma fonte de tempo preciso.

 

Error - 2/6/2010 14:49:05 | Computer Name = MOVEL | Source = W32Time | ID = 39452706

Description = O serviço de tempo detectou que a hora do sistema precisa ser alterada

em +268353 segundos. O serviço de tempo não alterará a hora do sistema em mais de

+54000 segundos. Verifique se a sua hora e fuso horário estão corretos e se a fonte

de tempo time.windows.com (ntp.m|0x1|187.90.156.124:123->207.46.197.32:123) está

funcionando corretamente.

 

Error - 2/6/2010 19:27:31 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023

Description = O serviço Monitor Driver terminou com o erro: %%126

 

Error - 4/6/2010 18:25:58 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023

Description = O serviço Monitor Driver terminou com o erro: %%126

 

Error - 4/6/2010 18:31:28 | Computer Name = MOVEL | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço BITS com argumentos

"" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097}

 

 

< End of report >

 

 

grata,

[DigRam 144]

Bom Dia! Manoela

 

<!> Ps: Siga,na ordem em que estão dispostas,estas orientações!

0000000000000000000000000

ooooooooooooooooooooooooo

<@> Baixe: < RHosts > (...by SiRi )

<@> Salve-o no desktop!

<@> Ps: Execute-o e,à seguir,clique em "Restore original Hosts".

<@> Reinicie o computador!

0000000000000000000000000

ooooooooooooooooooooooooo

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found

O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found.

O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O33 - MountPoints2\{1c749756-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{2301946c-34e4-11de-bf34-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{2cd47f44-671c-11de-bf81-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{591b091f-4f8a-11de-bf63-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{5a080ea2-1298-11de-bee1-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Autoplay\command - "" = autorun.exe

O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\explore\Command - "" = autorun.exe

O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Open\Command - "" = autorun.exe

O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\AutoRun\command - "" = cfdflx.com

O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\explore\Command - "" = cfdflx.com

O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\open\Command - "" = cfdflx.com

O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\AutoRun\command - "" = diskdrive.exe

O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\open\command - "" = diskdrive.exe

O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\AutoRun\command - "" = LHcLgR.ExE

O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\oPEn\cOmmAND - "" = lhClgR.EXe

O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{eb7835a4-cdf0-11de-8019-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found

O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell - "" = AutoRun

O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe"=-

"C:\Arquivos de programas\iWin Games\iWinGames.exe"=-

"C:\Arquivos de programas\eMule\emule.exe"=-

"C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe"=-

"C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe"=-

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[Manoela 0]

O quê que você viu de errado no pc? poderia me explicar o que foi feito e deletado e qual será a mudança no laptop??

 

Olha só, eu executei o rhosts, fui em restore só que não abriu nenhuma outra janela e nao me mostrou nada se foi feito ou não. voltou para a janela em que ele pergunta se é para restaurar. mesmo assim continuei o processo...

 

Aqui está o log do OTL:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-682003330-583907252-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C688203-7EB3-4327-9995-1CB417BA23F9}\ not found.

Registry value HKEY_USERS\S-1-5-21-682003330-583907252-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c749756-ad5b-11db-80d2-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c749756-ad5b-11db-80d2-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c749759-ad5b-11db-80d2-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c749759-ad5b-11db-80d2-001e680ee58b}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2301946c-34e4-11de-bf34-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2301946c-34e4-11de-bf34-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found.

File F:\folder.tmp\tmp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found.

File F:\folder.tmp\tmp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found.

File F:\folder.tmp\tmp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cd47f44-671c-11de-bf81-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cd47f44-671c-11de-bf81-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{591b091f-4f8a-11de-bf63-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{591b091f-4f8a-11de-bf63-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a080ea2-1298-11de-bee1-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a080ea2-1298-11de-bee1-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b831c76-4026-11df-8119-001e680ee58b}\ not found.

File autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b831c76-4026-11df-8119-001e680ee58b}\ not found.

File autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b831c76-4026-11df-8119-001e680ee58b}\ not found.

File autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found.

File cfdflx.com not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found.

File cfdflx.com not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found.

File cfdflx.com not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ not found.

File diskdrive.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ not found.

File diskdrive.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ not found.

File LHcLgR.ExE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ not found.

File lhClgR.EXe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d192cd36-2889-11df-80e7-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d192cd36-2889-11df-80e7-001e680ee58b}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb7835a4-cdf0-11de-8019-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb7835a4-cdf0-11de-8019-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found.

File F:\folder.tmp\tmp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found.

File F:\folder.tmp\tmp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found.

File F:\folder.tmp\tmp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ not found.

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34 deleted successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\iWin Games\iWinGames.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\eMule\emule.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe deleted successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: USER

->Flash cache emptied: 2267 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: USER

->Temp folder emptied: 297556 bytes

->Temporary Internet Files folder emptied: 842756 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 90440831 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 65536 bytes

RecycleBin emptied: 66003886 bytes

 

Total Files Cleaned = 150,00 mb

 

 

OTL by OldTimer - Version 3.2.5.3 log created on 06092010_151433

 

Files\Folders moved on Reboot...

File move failed. F:\AutoRun.exe scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

Hijackthis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:24:57, on 9/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack this\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203

O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 6718 bytes

 

 

grata,

[DigRam 144]

Boa Tarde! Manoela

 

O quê que você viu de errado no pc? poderia me explicar o que foi feito e deletado e qual será a mudança no laptop??

<!> Principalmente,o log mostrou infecções por vírus oriundos de unidades removíveis.

 

Olha só, eu executei o rhosts, fui em restore só que não abriu nenhuma outra janela e nao me mostrou nada se foi feito ou não. voltou para a janela em que ele pergunta se é para restaurar. mesmo assim continuei o processo...

<!> Pelo relatório do HijackThis,o processo teve êxito.

000000000000000000000

ooooooooooooooooooooo

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

[Manoela 0]

Boa Tarde DigRam,

Eu fiz o download do programa USBFix, mas o que foi feito download é completamente diferente do que você exemplificou na mensagem. Mas tudo bem, deu pra seguir as instruções.

No final, ele me pediu para mandar um arquivo (USBFIX_Upload_Me_MOVEL) zipado para o site http://chiquitine.changelog.fr/Sample/Upload.php

parece ser o site do USBFIX, mas você nao comentou nada sobre isso, entao vou esperar sua resposta pra saber se mando este arquivo ou não.

 

Relatório do USBFIX:

############################## | UsbFix 7.007 | [supressão]

 

Usuário: USER (Administrador) # MOVEL [ ]

Atualizado em 10/06/10 por El Desaparecido / C_XX

Começou em 16:23:36 | 14/06/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: AMD Turion 64 X2 Mobile Technology TL-58

CPU 2: AMD Turion 64 X2 Mobile Technology TL-58

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2

Internet Explorer 7.0.5730.13

 

Windows Firewall: Habilitado

Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | (!) Outdated]

 

RAM -> 1790 Mb

C:\ (%systemdrive%) -> Disco fixo # 68 Gb (112 Mb livre - 0%) [] # NTFS

D:\ -> Disco fixo # 81 Gb (17 Mb livre - 21%) [unidade de Disco] # NTFS

E:\ -> CD-ROM

F:\ -> CD-ROM

H:\ -> Disco removível # 962 Mb (48 Mb livre - 5%) [KINGSTON] # FAT

I:\ -> Disco removível # 2 Gb (2 Mb livre - 100%) [] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Não supprimido ! F:\Autorun.inf

Supprimido ! C:\Recycler\S-1-5-21-682003330-583907252-725345543-1003

Supprimido ! D:\Recycler\S-1-5-21-682003330-583907252-725345543-1003

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[10/06/2010 - 01:50:34 | RD ] C:\Arquivos de programas

[19/04/2010 - 07:55:19 | D ] C:\Arquivos de Programas RFB

[11/06/2008 - 21:32:24 | A | 0] C:\AUTOEXEC.BAT

[14/06/2010 - 16:21:39 | RASHD ] C:\Autorun.inf

[28/03/2010 - 23:58:20 | RASH | 211] C:\boot.ini

[19/01/1782 - 00:14:07 | RASH | 4952] C:\Bootfont.bin

[28/03/2010 - 23:58:20 | RASH | 0] C:\CONFIG.SYS

[11/06/2008 - 21:36:28 | D ] C:\Documents and Settings

[17/05/2010 - 13:51:49 | D ] C:\DOWNLOADS

[02/02/2010 - 10:21:05 | D ] C:\Garmin

[20/11/2009 - 11:35:30 | D ] C:\Hijack this

[10/12/2008 - 11:05:43 | D ] C:\HSF

[11/06/2008 - 21:32:24 | RASH | 0] C:\IO.SYS

[11/06/2008 - 21:43:58 | A | 7] C:\ISACER.id

[25/04/2010 - 19:33:20 | HD ] C:\Mmi_Email_Temp

[11/06/2008 - 21:32:24 | RASH | 0] C:\MSDOS.SYS

[11/06/2008 - 11:19:55 | RHD ] C:\MSOCache

[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM

[03/08/2004 - 22:59:34 | RASH | 251168] C:\ntldr

[25/05/2010 - 17:46:43 | D ] C:\OutputFolder

[14/06/2010 - 15:19:07 | ASH | 2145386496] C:\pagefile.sys

[03/01/2007 - 05:34:44 | D ] C:\Program Files

[14/06/2010 - 16:24:27 | SHD ] C:\RECYCLER

[09/12/2009 - 15:47:04 | AH | 232] C:\sqmdata00.sqm

[09/12/2009 - 17:12:50 | AH | 232] C:\sqmdata01.sqm

[09/12/2009 - 17:58:24 | AH | 232] C:\sqmdata02.sqm

[12/12/2009 - 20:18:50 | AH | 232] C:\sqmdata03.sqm

[12/12/2009 - 20:59:32 | AH | 232] C:\sqmdata04.sqm

[12/12/2009 - 22:48:22 | AH | 232] C:\sqmdata05.sqm

[13/12/2009 - 07:36:17 | AH | 232] C:\sqmdata06.sqm

[13/12/2009 - 11:34:57 | AH | 232] C:\sqmdata07.sqm

[13/12/2009 - 19:45:09 | AH | 232] C:\sqmdata08.sqm

[13/12/2009 - 21:24:03 | AH | 232] C:\sqmdata09.sqm

[30/12/2009 - 12:26:25 | AH | 232] C:\sqmdata10.sqm

[21/11/2009 - 00:45:04 | AH | 232] C:\sqmdata11.sqm

[05/12/2009 - 02:56:19 | AH | 232] C:\sqmdata12.sqm

[09/12/2009 - 03:16:11 | AH | 232] C:\sqmdata13.sqm

[09/12/2009 - 03:29:28 | AH | 232] C:\sqmdata14.sqm

[09/12/2009 - 04:32:11 | AH | 232] C:\sqmdata15.sqm

[09/12/2009 - 10:25:51 | AH | 232] C:\sqmdata16.sqm

[09/12/2009 - 11:46:22 | AH | 232] C:\sqmdata17.sqm

[09/12/2009 - 12:26:04 | AH | 232] C:\sqmdata18.sqm

[09/12/2009 - 14:37:43 | AH | 232] C:\sqmdata19.sqm

[09/12/2009 - 15:47:04 | AH | 244] C:\sqmnoopt00.sqm

[09/12/2009 - 17:12:50 | AH | 244] C:\sqmnoopt01.sqm

[09/12/2009 - 17:58:24 | AH | 244] C:\sqmnoopt02.sqm

[12/12/2009 - 20:18:50 | AH | 244] C:\sqmnoopt03.sqm

[12/12/2009 - 20:59:32 | AH | 244] C:\sqmnoopt04.sqm

[12/12/2009 - 22:48:22 | AH | 244] C:\sqmnoopt05.sqm

[13/12/2009 - 07:36:17 | AH | 244] C:\sqmnoopt06.sqm

[13/12/2009 - 11:34:57 | AH | 244] C:\sqmnoopt07.sqm

[13/12/2009 - 19:45:09 | AH | 244] C:\sqmnoopt08.sqm

[13/12/2009 - 21:24:03 | AH | 244] C:\sqmnoopt09.sqm

[30/12/2009 - 12:26:25 | AH | 244] C:\sqmnoopt10.sqm

[21/11/2009 - 00:45:03 | AH | 244] C:\sqmnoopt11.sqm

[05/12/2009 - 02:56:19 | AH | 244] C:\sqmnoopt12.sqm

[09/12/2009 - 03:16:11 | AH | 244] C:\sqmnoopt13.sqm

[09/12/2009 - 03:29:28 | AH | 244] C:\sqmnoopt14.sqm

[09/12/2009 - 04:32:11 | AH | 244] C:\sqmnoopt15.sqm

[09/12/2009 - 10:25:51 | AH | 244] C:\sqmnoopt16.sqm

[09/12/2009 - 11:46:22 | AH | 244] C:\sqmnoopt17.sqm

[09/12/2009 - 12:26:04 | AH | 244] C:\sqmnoopt18.sqm

[09/12/2009 - 14:37:43 | AH | 244] C:\sqmnoopt19.sqm

[19/03/2009 - 10:49:32 | SHD ] C:\System Volume Information

[24/05/2001 - 12:59:30 | A | 162304] C:\UNWISE.EXE

[14/06/2010 - 16:23:51 | D ] C:\UsbFix

[14/06/2010 - 16:24:27 | A | 1184] C:\UsbFix.txt

[14/06/2010 - 16:21:39 | A | 6010] C:\UsbFix_Upload_Me_MOVEL.zip

[02/02/2010 - 10:21:05 | D ] C:\WebUpdater

[01/01/2007 - 00:01:45 | D ] C:\WINDOWS

[09/06/2010 - 15:14:33 | D ] C:\_OTL

[14/06/2010 - 16:21:39 | RASHD ] D:\Autorun.inf

[05/09/2001 - 21:00:58 | A | 1700352] D:\gdiplus.dll

[22/03/2010 - 03:32:27 | D ] D:\human design

[01/01/2007 - 00:33:26 | D ] D:\LOST

[05/01/2007 - 03:56:04 | D ] D:\LOST_1

[04/01/2007 - 22:12:59 | D ] D:\LOST_2

[05/01/2007 - 00:00:15 | D ] D:\LOST_3

[30/04/2010 - 18:28:01 | D ] D:\MÚSICAS

[14/06/2010 - 16:24:27 | SHD ] D:\RECYCLER

[27/02/2009 - 14:12:50 | SHD ] D:\System Volume Information

[25/05/2010 - 17:55:06 | D ] D:\VÍDEOS

[02/06/2010 - 12:29:09 | D ] D:\__tempFolder__

[21/01/2009 - 06:22:18 | R | 126976] F:\AutoRun.exe

[08/11/2007 - 04:41:52 | R | 47] F:\AUTORUN.INF

[21/01/2009 - 06:22:18 | R | 126976] F:\DataCard_Setup.exe

[21/01/2009 - 06:21:34 | R | 176640] F:\DataCard_Setup64.exe

[20/02/2008 - 10:16:48 | R | 7168] F:\ResetDevice.exe

[18/05/2009 - 21:19:36 | R | 4286] F:\Startup.ico

[17/08/2009 - 10:14:04 | R | 1357] F:\SysConfig.dat

[19/08/2009 - 09:33:48 | RD ] F:\VIVO INTERNET

[23/01/2010 - 12:21:18 | D ] H:\Casa de Farinha

[22/03/2010 - 14:41:08 | D ] H:\Brasilerança

[22/03/2010 - 14:25:28 | D ] H:\Baden Powell todos

[25/01/2010 - 14:43:48 | AH | 4096] H:\._.Trashes

[25/01/2010 - 14:43:48 | HD ] H:\.Trashes

[27/01/2010 - 10:07:06 | D ] H:\Amoy Ribas

[25/01/2010 - 14:43:48 | HD ] H:\.Spotlight-V100

[27/01/2010 - 10:07:06 | D ] H:\iaiá(2004)

[23/01/2010 - 15:09:54 | D ] H:\mariana aydar

[18/02/2010 - 21:14:52 | D ] H:\Otto - Samba pra burro

[14/06/2010 - 16:21:40 | RASHD ] H:\Autorun.inf

[13/03/2010 - 13:25:18 | D ] H:\Corpo do Som

[13/03/2010 - 13:25:40 | D ] H:\Arnaldo Antunes - O Silêncio

[13/03/2010 - 13:26:16 | D ] H:\Cartola (1974)

[13/03/2010 - 13:28:04 | D ] H:\Chico cesar- Respeitem meus cabelos, brancos

[13/03/2010 - 13:28:36 | D ] H:\7 Sinais

[20/04/2010 - 16:50:12 | A | 58487] H:\Repertório Incenso de Fulô.docx

[20/03/2009 - 18:16:12 | RSHD ] H:\RECYCLER

[14/06/2010 - 16:21:40 | RASHD ] I:\Autorun.inf

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

H:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

I:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_MOVEL.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

 

 

Hijackthis atualizado:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:30:50, on 14/6/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Hijack this\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203

O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5889 bytes

 

 

grata,

[DigRam 144]

Bom Dia! Manoela

 

Eu fiz o download do programa USBFix, mas o que foi feito download é completamente diferente do que você exemplificou na mensagem. Mas tudo bem, deu pra seguir as instruções.

<!> Ps: Irei atualizar esses procedimentos,que pedem essa nova versão do UsbFix.

 

No final, ele me pediu para mandar um arquivo (USBFIX_Upload_Me_MOVEL) zipado para o site http://chiquitine.ch...mple/Upload.php

parece ser o site do USBFIX, mas você nao comentou nada sobre isso, entao vou esperar sua resposta pra saber se mando este arquivo ou não.

<!> Pode enviar! ;)

000000000000000000000000

oooooooooooooooooooooooo

<@> Baixe: < PureRa15Binary.zip > ( ...by Paul McLain & Fred de Vries )

 

<!> Link - 2 < >

 

<@> Salve-o no desktop! <-- Tire-o do zip!

<@> Execute: PureRa.exe --> Clique em Clean.

<@> Marque a opção: "Check All"

 

< >

 

<@> Clique no botão Clean Selected --> Aguarde!

<@> Terminando ( Finished ),clique em Exit.

<@> Poste o relatório: PureRa.txt <--

 

Abraços!

[Manoela 0]

Olá DigRam,

 

Relatório do pureRa:

 

RaProducts' PureRa v1.5

Log created at 22:36 on 15/06/2010 (USER)

 

C:\Config.MSI emptied.

C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted.

Recycle bin emptied.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.

C:\WINDOWS\SoftwareDistribution\Download emptied.

C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.

C:\WINDOWS\SoftwareDistribution\WuRedir emptied.

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- Successfully deleted.

C:\DOCUME~1\USER\CONFIG~1\Temp emptied.

C:\WINDOWS\TEMP emptied.

C:\WINDOWS\$MSI31Uninstall_KB893803v2$ <- Successfully deleted.

C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ <- Successfully deleted.

C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB873339$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB885835$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB885836$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB886185$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB887472$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB888111WXPSP2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB888302$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB890046$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB890859$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB891781$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB893756$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB894391$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB896358$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB896423$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB896428$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB898461$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB899587$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB899591$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB900485$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB900725$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB901017$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB901214$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB902400$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB905414$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB905749$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB908519$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB908531$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB910437$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911280$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911562$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911564$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911927$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB913580$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB914388$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB914389$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB915865$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB916595$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB918118$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB918439$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920213$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920670$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920683$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920685$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920872$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB922582$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB922819$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923191$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923414$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923980$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB924270$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB924667$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB925398_WMP64$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB925902$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB926239$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB926255$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB926436$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB927779$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB927802$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB927891$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB928255$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB928843$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB929123$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB929399$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB930178$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB930916$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB931261$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB931784$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB932168$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB932823-v3$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB933729$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB935448$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB935839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB935840$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936021$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936782_WMP11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB937894$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938828$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB939683$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941202$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941569$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941693$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB942763$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943055$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943460$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943485$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB944653$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB945553$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946026$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946648$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB948590$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950749$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950760$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950762$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950974$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951066$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951072-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951698$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951748$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952069_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952287$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952954$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB953839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954154_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954211$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954600$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955069$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956391$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956802$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956803$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956841$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957095$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957097$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958690$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB959772_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960225$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960715$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB967715$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallMSCompPackV1$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWdf01005$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWMFDist11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallwmp11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWudf01000$ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\FrameWork.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemess.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemprox.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wmiprov.log <- Successfully deleted.

C:\sqmdata00.sqm <- Successfully deleted.

C:\sqmdata01.sqm <- Successfully deleted.

C:\sqmdata02.sqm <- Successfully deleted.

C:\sqmdata03.sqm <- Successfully deleted.

C:\sqmdata04.sqm <- Successfully deleted.

C:\sqmdata05.sqm <- Successfully deleted.

C:\sqmdata06.sqm <- Successfully deleted.

C:\sqmdata07.sqm <- Successfully deleted.

C:\sqmdata08.sqm <- Successfully deleted.

C:\sqmdata09.sqm <- Successfully deleted.

C:\sqmdata10.sqm <- Successfully deleted.

C:\sqmdata11.sqm <- Successfully deleted.

C:\sqmdata12.sqm <- Successfully deleted.

C:\sqmdata13.sqm <- Successfully deleted.

C:\sqmdata14.sqm <- Successfully deleted.

C:\sqmdata15.sqm <- Successfully deleted.

C:\sqmdata16.sqm <- Successfully deleted.

C:\sqmdata17.sqm <- Successfully deleted.

C:\sqmdata18.sqm <- Successfully deleted.

C:\sqmdata19.sqm <- Successfully deleted.

C:\sqmnoopt00.sqm <- Successfully deleted.

C:\sqmnoopt01.sqm <- Successfully deleted.

C:\sqmnoopt02.sqm <- Successfully deleted.

C:\sqmnoopt03.sqm <- Successfully deleted.

C:\sqmnoopt04.sqm <- Successfully deleted.

C:\sqmnoopt05.sqm <- Successfully deleted.

C:\sqmnoopt06.sqm <- Successfully deleted.

C:\sqmnoopt07.sqm <- Successfully deleted.

C:\sqmnoopt08.sqm <- Successfully deleted.

C:\sqmnoopt09.sqm <- Successfully deleted.

C:\sqmnoopt10.sqm <- Successfully deleted.

C:\sqmnoopt11.sqm <- Successfully deleted.

C:\sqmnoopt12.sqm <- Successfully deleted.

C:\sqmnoopt13.sqm <- Successfully deleted.

C:\sqmnoopt14.sqm <- Successfully deleted.

C:\sqmnoopt15.sqm <- Successfully deleted.

C:\sqmnoopt16.sqm <- Successfully deleted.

C:\sqmnoopt17.sqm <- Successfully deleted.

C:\sqmnoopt18.sqm <- Successfully deleted.

C:\sqmnoopt19.sqm <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - Black On White\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table - Minimal\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - Black On White\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table - Minimal\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\AnvSoft\Any Video Converter\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\AnvSoft\Any Video Converter\images\avc\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\DVD Shrink\Still Images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\VIVO INTERNET\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\VIVO INTERNET\plugins\StatusBarMgrPlugin\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\VIVO INTERNET\plugins\XFramePlugin\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\VIVO INTERNET\usermanual\en-us\public_sys-resources\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\VIVO INTERNET\usermanual\pt-pt\public_sys-resources\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Festa - em Digital\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 01 - 5870\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 02 - 5873\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 03 - 5877\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 04 - 5868\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 05 - 5875\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Amostra de música\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Portable Devices\wpdlog00.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\IconCache.db <- Successfully deleted.

C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt01.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt02.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt03.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt04.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt05.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt06.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt07.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt08.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt09.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt10.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt11.sqm <- Successfully deleted.

C:\Documents and Settings\USER\Desktop\Bejeweled 2 Deluxe\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Fotos Josué\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Álbum Ateliê Naturarte\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Álbum Ateliê Naturarte\cd\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Anexos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\CD Oficina\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\CD Oficina\LOGOS\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Contratos e recibos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Documentos e Ofícios\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\09-05-2009 ENCONTRO FIANDEIRAS\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\Curso tear-2010\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\ENCONTRO\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS APRESENTAÇÃO DO PROJETO PARA FIANDEIRAS - 07.03.09\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS DAS ROCAS DE FIAR\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS E VIDEOS 21.03.09\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS E VIDEOS 21.03.09\Dona Diolina\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS FIANDEIRAS - ELIARDO\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS LANÇAMENTO PEDRO MATALO\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Modelos de documentos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Oficina PPP\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Orçamento e P.T\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Relatórios\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\tear clássico_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\tear hobby_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\tear serrano_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\catingueiro\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Debut\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Downloads\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Artigos\artigo01_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Artigos\artigo02_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Artigos\artigo03_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Buddhist Chants- Music for Contemplation and Reflection\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Cartaz Morena\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\alcauz_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\alecrim do cerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\alecrim dourado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\angelim_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\assapeixe_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\astrapeiavenuziana_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\babosa_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\baguas_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\baslico_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bgoiano_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bonina_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquet7flores_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquetdachamatrina_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquetdaexpresso_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquetintegraomasculina_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquezinhobrancodocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cactosbrancodocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cactos_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cajadodocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\calliandraflordocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\calliandraprateada_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cambarbrancoassapeixe_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\candonbbranco_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\caneladeema_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\carnedevacacatingadeporco_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\catuaba_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\chapudeduendepalipalm_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\chuvadeouro_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\chuverinho_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cipdesantaluzia_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cipdesojoo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\claridade_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\clotolrialuzdacriao_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\conexomedinicamariadorosrioquaresma_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\conflitosdeidentidadesexualeestmulosaversivos_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\conscinciaplena_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cristadocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\darafolhasantaflordesantarita_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ddivarosadocampo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\dedaleirapacari_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ervadepassarinho_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\espadadesojorgeeians_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\fernia_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\fiosdeluzflordopau_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ftimacentaurafeldaterra_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\gemaspaudocefolhagorda_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\graminea_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\incensus_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\jasmimdospoetas_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\jasmimmanga_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lantana_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\laranjinhadocerradocanelabraba_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lavanda_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\liberadormental_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lilithgabiroba_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lils_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\linfa_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lobera_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lorena_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lriodocampo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\maceladocampo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\madressilva_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\maestria_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\malaranjada_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\manifestaopicasso_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\maracujdoce_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\margaridabranca_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\margaridadocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mariajalapa_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mariamoledobrejo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mcerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\megaalgododocampo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mikael_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mimosabarneby_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mirabelis_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mirraplumadenevoa_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\myostis_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\narcila_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ndigocristal_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\nicociana_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\orqudea_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\orvalhodosol_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\palasathenas_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\palipalnestrela_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\palmeira_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\patadevaca_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\pausantorosadocampo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\pirekapimentinhaprateada_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\poalhasarojasmimdolago_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\primavera_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\quaresmeira_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\quaresminha_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\raizamasucupira_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\resgateemocional_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\rosadocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\rovenabocadesapo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\roxinha_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ruibarboroxoravenna_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sabugueiro_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\safiraestelarflordocu_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\salma_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sennasilvestre_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\serena_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sinosbrancosflordeveado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sinosdefadaslriodocampo_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sinosdocerrado_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\solarsirianadouradinha_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sumar_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\trigodafelicidade_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\unhadeboi_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\verroninea_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\violavioleta_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\vnus_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Fotos Flores\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Home\tratamento das aguas_arquivos\desktop_data\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\ambaleia_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\ariopreto_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\avdalthar_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\avdgruta_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\avdguardiao_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\guadesomiguel_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Florais\Águas\guarochosa_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\CD Encantos da Chapada\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\CD Encantos da Chapada\Fotos Músicos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\CD Encantos da Chapada\Fotos Seriema\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\13-4-2009-Show do fruto-Roots\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Circularte\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Festival Instrumental de Cavalcante - 2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Fotos Miguel\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Fruto do Cerrado\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Show na ROOTS - Sábado de Aleluia 2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\MANOELA\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Meus vídeos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\20.01.2010-Niver da Fran\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Afilhado mais que lindo\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Afilhado mais que lindo\2008- Passeio com Joao Vitor\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Afilhado mais que lindo\Batizado João Vitor\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichinhos do Cerrado\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Costela\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Godofredo\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Misha\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Tequila\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Tupan\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Zé\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\bunitezas do cerrado\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Cachoeira Celio - Catingueiro\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Carnaval no Coutinho\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Em casa\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\07-05-2009-Aniversário Paulo\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\10-5-2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\2009-02, Carnavalcante\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\2009-02-12, Apresentação Prakriti\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\22-4-2009-Aniversário Morena\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\3-8-2009 - são jorge- Encontro de Culturas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\30-10-2009 - Jeri e canoa\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\31-05-2009 - niver manu\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\6-7-2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\6-9-2009- Show Hermes tia Mari Curitiba\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Casa de Teresina\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Catingueiro\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Cayana- visita fabi\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Curitiba - out.2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Curitiba na Chapada\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Céu de teresina\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\elas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Encontro em PVH\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Festival Chillout\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Fotos Celular\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Fotos Festival Amoragaia\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Fotos Festival são jorge\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Ida ao Coitinho\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Niver Vivi-jan.2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Show Del e Morena\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Viagem Curitiba - outubro 2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Visita Ariane\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Visita de ano novo\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\visita dos amigos - barbara e familia\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Vídeos de comédia\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Fotos Chácara Manaíra - Casa\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\fotos diversas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Fotos Poço Encantado\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Horizontes\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Jan.2010- Visita lu e adriano\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\No Engenho II\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Noite cultural na Arace\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Paz&pitanga\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Tear com Laura\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Visita Leandra,Ricardo e Iuri\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\MORENA\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\MORENA\Cartaz Maíra Morena\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\My Received Files\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\My Scans\2010-03 (mar)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\My Scans\2010-05 (mai)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\USER\Meus documentos\MySpaceIM Pics\Thumbs.db <- Successfully deleted.

 

Total space cleaned: 988609249 bytes

 

-=E.O.F=-

[DigRam 144]

Boa Noite! Manoela

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

<!> Seu navegador e SO,estão desatualizados. Já foi lançado,há tempos,o SP3 e o IE8.

<!> No mais,seus logs estão limpos! ^_^

00000000000000000

ooooooooooooooooo

<@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

00000000000000000

<!> Bom trabalho!

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.