Manoela 0 Denunciar post Postado Junho 1, 2010 Oi gente, gostaria que vocês dessem uma olhada no log do hijackthis do meu notebook. Ele está um pouco lento, demorando a abrir certos programas... antes do log eu passei antivirus, mvregclean, desfragmentei, ccleaner, mvantispy..mas continua um pouco lento. Será que pode ser pq tem muitos programas instalados? lá vai: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:58:37, on 4/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack this\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203 O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7025 bytes grata, Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 4, 2010 Boa Tarde! Manoela <@> Baixe: < OTL > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Clique duplo em: < > <@> Ps: Sigamos,agora,com sua configuração! <!> 1 - Em "Saída",deixe marcado o botão "Resumida". <!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit! <!> 3 - Processos: Usar SafeList <-- Marque! <!> 4 - Módulos: Usar SafeList <-- Marque! <!> 5 - Serviços: Usar SafeList <-- Marque! <!> 6 - Drivers: Usar SafeList <-- Marque! <!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque! <!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque! <!> 9 - Verificação de Arquivos: <!> Data de Criação >> Escolha: 14 dias <!> Marque: Usar WhiteList para Nomes de Companhias <!> Marque: Ignorar Arquivos Microsoft <!> 10 - Arquivos Criados Desde: <!> Marque: Data de Criação <!> 11 - Arquivos Modificados Desde: <!> Marque: Data de Criação <!> Marque as caixas: [] Verificar Lop [] Verificar Purity <@> Ps: Sugiro que imprima estas orientações,para posterior leitura. netsvcsmsconfigactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT <@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções <@> Clique em: Verificar --> Aguarde! <@> Concluindo,poste: <!> <1> OTL.txt <-- <!> <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manoela 0 Denunciar post Postado Junho 8, 2010 poderia me explicar para que serve esse programa?? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 8, 2010 poderia me explicar para que serve esse programa?? /////////\\\\\\\\ Opa! Manoela <!> Executará,apenas,verificação de diagnóstico e sem implementar fixes automáticos. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manoela 0 Denunciar post Postado Junho 8, 2010 Olá DigRam!!! Entonces aqui está os logs: OTL.TXT: OTL logfile created on: 8/6/2010 10:59:50 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\USER\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 68,36 Gb Total Space | 5,51 Gb Free Space | 8,06% Space Free | Partition Type: NTFS Drive D: | 80,68 Gb Total Space | 11,34 Gb Free Space | 14,06% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 11,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOVEL Current User Name: USER Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe () PRC - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Arquivos de programas\Windows NT\Acessórios\wordpad.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\nvwimg.dll () MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- File not found SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (nTuneService) -- C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems) SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LightScribeService) -- C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\WINDOWS\system32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (winbondhidcir) -- C:\WINDOWS\system32\drivers\winbondhidcir.sys (Winbond Electronics Corporation) DRV - (hidshim) -- C:\WINDOWS\system32\drivers\hidshim.sys (Windows ® Codename Longhorn DDK provider) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp IE - HKU\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage IE - HKU\S-1-5-21-682003330-583907252-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "BS.Player Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com.br" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/04/07 09:30:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/07 22:07:02 | 000,000,000 | ---D | M] [2008/09/07 00:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Extensions [2010/04/12 09:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\hlw1vgmr.default\extensions [2010/04/08 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\hlw1vgmr.default\extensions\staged-xpis [2008/08/14 23:21:31 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\USER\Dados de aplicativos\Mozilla\Firefox\Profiles\hlw1vgmr.default\searchplugins\bsplayer-search.xml [2010/06/04 19:37:34 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions [2010/05/07 22:07:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll [2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010/03/11 13:07:44 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml [2010/03/11 13:07:44 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/03/11 13:07:44 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/03/11 13:07:44 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2009/10/27 14:17:54 | 000,347,193 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 11904 more lines... O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-682003330-583907252-725345543-1003..\Run: [NVIDIA nTune] C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Arquivos de programas\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/11 21:32:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007/11/08 04:41:52 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{1c749756-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2301946c-34e4-11de-bf34-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2cd47f44-671c-11de-bf81-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{591b091f-4f8a-11de-bf63-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{5a080ea2-1298-11de-bee1-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Autoplay\command - "" = autorun.exe O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\explore\Command - "" = autorun.exe O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Open\Command - "" = autorun.exe O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\AutoRun\command - "" = cfdflx.com O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\explore\Command - "" = cfdflx.com O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\open\Command - "" = cfdflx.com O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\AutoRun\command - "" = diskdrive.exe O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\open\command - "" = diskdrive.exe O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\AutoRun\command - "" = LHcLgR.ExE O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\oPEn\cOmmAND - "" = lhClgR.EXe O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{eb7835a4-cdf0-11de-8019-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/11 18:19:12 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Documents and Settings^USER^Menu Iniciar^Programas^Inicializar^Ferramenta de Verificação de Mídia do Picture Motion Browser.lnk - C:\Arquivos de programas\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - (Sony Corporation) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Arquivos de programas\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard) MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07} - .NET Framework ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Atualização de Segurança para Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - LCODCCMP.DLL File not found Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () ========== Files/Folders - Created Within 14 Days ========== [2010/06/04 20:33:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe [2010/05/27 02:43:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\USER\Recent [2010/05/25 17:46:43 | 000,000,000 | ---D | C] -- C:\OutputFolder [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/06/08 10:53:14 | 000,001,953 | ---- | M] () -- C:\Documents and Settings\USER\Meus documentos\OTL.rtf [2010/06/04 20:34:15 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USER\Desktop\OTL.exe [2010/06/04 19:24:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/06/04 19:24:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/06/04 19:24:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/06/02 23:46:54 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\USER\NTUSER.DAT [2010/05/27 02:43:01 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\CCleaner.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/08 10:53:13 | 000,001,953 | ---- | C] () -- C:\Documents and Settings\USER\Meus documentos\OTL.rtf [2010/05/22 20:36:48 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll [2010/02/09 21:02:01 | 000,000,121 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI [2010/02/09 13:56:53 | 000,000,209 | ---- | C] () -- C:\WINDOWS\entpack.ini [2009/12/09 12:02:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/12/09 12:02:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/11/20 09:00:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009/08/15 16:40:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2009/05/14 12:29:22 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2009/04/29 10:45:28 | 000,000,254 | ---- | C] () -- C:\WINDOWS\rec-net.ini [2009/04/29 10:26:43 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll [2008/12/10 11:05:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI [2008/08/14 22:43:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/06/11 10:59:25 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007/07/24 22:45:02 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/07/24 22:45:02 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/07/24 22:44:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/07/24 22:44:44 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007/01/03 05:40:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2004/02/26 03:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll ========== LOP Check ========== [2009/05/14 20:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ashampoo [2008/11/03 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Farm Frenzy [2008/06/25 16:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\iWin Games [2009/09/05 13:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Jovian Archive Corp [2008/06/26 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo [2008/06/26 16:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\n7-89-o9-3r-4t-r9 [2010/05/27 01:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2008/11/03 20:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom [2010/05/17 22:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\AnvSoft [2009/05/14 20:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Ashampoo [2009/12/13 20:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Auslogics [2007/01/05 09:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\BitTorrent [2008/12/10 10:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\FileMaker [2008/07/23 23:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\GameHouse [2010/02/02 10:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\GARMIN [2009/09/05 13:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Jovian Archive [2010/02/02 08:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Leadertech [2010/05/17 22:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\OpenCandy [2008/08/08 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Thinstall [2010/05/21 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Vso [2008/11/17 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Dados de aplicativos\Zylom [2009/09/05 02:51:08 | 000,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\eventlog.dll [2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\system32\eventlog.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\system32\dllcache\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\scecli.dll [2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\system32\scecli.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\system32\dllcache\scecli.dll < %SYSTEMDRIVE%\sfcfiles.dll /s /md5 > [2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\sfcfiles.dll [2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\system32\sfcfiles.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\netlogon.dll [2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\system32\netlogon.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\system32\dllcache\netlogon.dll < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\ab328c51d3f122e9b4346fc25ad3082e\atapi.sys [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34 < End of report > EXTRAS.TXT: OTL Extras logfile created on: 8/6/2010 10:59:50 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\USER\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 68,36 Gb Total Space | 5,51 Gb Free Space | 8,06% Space Free | Partition Type: NTFS Drive D: | 80,68 Gb Total Space | 11,34 Gb Free Space | 14,06% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 11,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MOVEL Current User Name: USER Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "2561:TCP" = 2561:TCP:*:Enabled:tbomrby ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe" = C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found "C:\Arquivos de programas\iWin Games\iWinGames.exe" = C:\Arquivos de programas\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- File not found "C:\Arquivos de programas\iWin Games\WebUpdater.exe" = C:\Arquivos de programas\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- () "C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- File not found "C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation) "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe" = C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe:*:Enabled:pyrun -- File not found "C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe" = C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe:*:Enabled:pyrun -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07}" = Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack "{18E0918E-1060-48f3-925C-56C82E88551B}" = HP PSC & OfficeJet 3.5 "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22988B2A-374A-4A7B-B795-A1AFF2046BE9}" = PhotoGallery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20 "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}" = Assistente de Conexão do Windows Live "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload "{47C25360-AEBC-4B21-B233-87CE653B3369}" = AIOMinimal "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55DCBED7-5710-4939-A928-4CBD9AB09EBB}" = 1310_Help "{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC}" = 1310Tour "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6864A62D-3EF3-415F-9922-240EED34B4C0}" = Fax "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}" = AiOSoftware "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{AC76BA86-7AD7-1046-7B44-A81200000003}" = Adobe Reader 8.1.2 - Português "{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}" = AiO_Scan "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E443F067-3345-482C-BD7A-12675A53D292}" = Readme "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0}" = 1310Trb "{F9B0968A-810E-484C-B81D-7F19DC2CBBF5}" = 1310 "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg "{FC5D9F7B-3CC5-44A0-BCFC-D581113D3F3C}" = Maia Mechanics Imaging "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Any Video Converter_is1" = Any Video Converter 3.0.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitTorrent" = BitTorrent "CCleaner" = CCleaner "Debut" = Debut "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.5.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "HijackThis" = HijackThis 2.0.2 "HP Photo & Imaging" = HP Image Zone 3.5 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio "iWinArcade" = iWin Games (remove only) "L&H Power Translator Pro_is1" = 7.0 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MV AntiSpy 4.0_is1" = MV AntiSpy 4.0 "MV RegClean 5.9_is1" = MV RegClean 5.9 "Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only) "Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only) "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "RealAlt_is1" = Real Alternative 1.9.0 "Receitanet Java 2010.02a" = Receitanet Java 2010.02a "SpywareBlaster_is1" = SpywareBlaster 4.3 "SystemRequirementsLab" = System Requirements Lab "Ultra RM Converter_is1" = Ultra RM Converter 4.6.0509 "VIVO INTERNET" = VIVO INTERNET "VLC media player" = VLC media player 1.0.5 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wubi" = Ubuntu "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-682003330-583907252-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mystery Case Files - Ravenhearst" = Mystery Case Files - Ravenhearst (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23/5/2010 13:41:38 | Computer Name = MOVEL | Source = nview_info | ID = 11141121 Description = Error - 23/5/2010 22:17:14 | Computer Name = MOVEL | Source = ESENT | ID = 490 Description = svchost (1164) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará com o erro -1032 (0xfffffbf8). Error - 25/5/2010 18:10:50 | Computer Name = MOVEL | Source = Application Error | ID = 1000 Description = Aplicativo com falha dvdimage.exe, versão 0.0.0.0, módulo com falha dvdimage.exe, versão 0.0.0.0, endereço com falha 0x00005887. Error - 25/5/2010 18:10:51 | Computer Name = MOVEL | Source = Application Error | ID = 1000 Description = Aplicativo com falha ultra rm converter.exe, versão 1.0.2.0, módulo com falha ultra rm converter.exe, versão 1.0.2.0, endereço com falha 0x00031b3a. Error - 27/5/2010 01:43:24 | Computer Name = MOVEL | Source = nview_info | ID = 11141121 Description = Error - 2/6/2010 19:27:03 | Computer Name = MOVEL | Source = ESENT | ID = 490 Description = svchost (1164) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb" para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará com o erro -1032 (0xfffffbf8). Error - 2/6/2010 19:27:03 | Computer Name = MOVEL | Source = ESENT | ID = 485 Description = svchost (1164) Falha na tentativa de excluir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb", com erro de sistema 5 (0x00000005): "Acesso negado. ". A operação de exclusão do arquivo falhará com o erro -1032 (0xfffffbf8). Error - 2/6/2010 19:27:06 | Computer Name = MOVEL | Source = ESENT | ID = 485 Description = svchost (1164) Falha na tentativa de excluir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb", com erro de sistema 5 (0x00000005): "Acesso negado. ". A operação de exclusão do arquivo falhará com o erro -1032 (0xfffffbf8). Error - 2/6/2010 19:27:07 | Computer Name = MOVEL | Source = ESENT | ID = 490 Description = svchost (1164) Falha na tentativa de abrir o arquivo "C:\WINDOWS\system32\CatRoot2\tmp.edb" para acesso de leitura/gravação, com erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura de arquivo falhará com o erro -1032 (0xfffffbf8). Error - 2/6/2010 19:27:07 | Computer Name = MOVEL | Source = ESENT | ID = 439 Description = Catalog Database (1164) Não é possível gravar um cabeçalho oculto no arquivo C:\WINDOWS\system32\CatRoot2\tmp.edb. Erro -1032. [ OSession Events ] Error - 26/3/2010 18:32:02 | Computer Name = MOVEL | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1582 seconds with 480 seconds of active time. This session ended with a crash. [ System Events ] Error - 27/5/2010 05:03:39 | Computer Name = MOVEL | Source = DCOM | ID = 10005 Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço wuauserv com argumentos "" para iniciar o servidor: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error - 2/6/2010 11:00:15 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023 Description = O serviço Monitor Driver terminou com o erro: %%126 Error - 2/6/2010 11:03:54 | Computer Name = MOVEL | Source = DCOM | ID = 10005 Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço BITS com argumentos "" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097} Error - 2/6/2010 14:44:09 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023 Description = O serviço Monitor Driver terminou com o erro: %%126 Error - 2/6/2010 14:48:35 | Computer Name = MOVEL | Source = W32Time | ID = 39452689 Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host inacessível. (0x80072751) Error - 2/6/2010 14:48:35 | Computer Name = MOVEL | Source = W32Time | ID = 39452701 Description = O provedor de tempo NtpClient foi configurado para obter tempo de uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento. Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient não tem uma fonte de tempo preciso. Error - 2/6/2010 14:49:05 | Computer Name = MOVEL | Source = W32Time | ID = 39452706 Description = O serviço de tempo detectou que a hora do sistema precisa ser alterada em +268353 segundos. O serviço de tempo não alterará a hora do sistema em mais de +54000 segundos. Verifique se a sua hora e fuso horário estão corretos e se a fonte de tempo time.windows.com (ntp.m|0x1|187.90.156.124:123->207.46.197.32:123) está funcionando corretamente. Error - 2/6/2010 19:27:31 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023 Description = O serviço Monitor Driver terminou com o erro: %%126 Error - 4/6/2010 18:25:58 | Computer Name = MOVEL | Source = Service Control Manager | ID = 7023 Description = O serviço Monitor Driver terminou com o erro: %%126 Error - 4/6/2010 18:31:28 | Computer Name = MOVEL | Source = DCOM | ID = 10005 Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço BITS com argumentos "" para iniciar o servidor: {4991D34B-80A1-4291-83B6-3328366B9097} < End of report > grata, Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 8, 2010 Bom Dia! Manoela <!> Ps: Siga,na ordem em que estão dispostas,estas orientações! 0000000000000000000000000 ooooooooooooooooooooooooo <@> Baixe: < RHosts > (...by SiRi ) <@> Salve-o no desktop! <@> Ps: Execute-o e,à seguir,clique em "Restore original Hosts". <@> Reinicie o computador! 0000000000000000000000000 ooooooooooooooooooooooooo <@> Execute o OTL.exe. <@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções :otlO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found. O3 - HKU\S-1-5-21-682003330-583907252-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - Reg Error: Value error. File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O33 - MountPoints2\{1c749756-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2301946c-34e4-11de-bf34-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{2cd47f44-671c-11de-bf81-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{591b091f-4f8a-11de-bf63-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{5a080ea2-1298-11de-bee1-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Autoplay\command - "" = autorun.exe O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\explore\Command - "" = autorun.exe O33 - MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\Shell\Open\Command - "" = autorun.exe O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\AutoRun\command - "" = cfdflx.com O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\explore\Command - "" = cfdflx.com O33 - MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\Shell\open\Command - "" = cfdflx.com O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\AutoRun\command - "" = diskdrive.exe O33 - MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\Shell\open\command - "" = diskdrive.exe O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\AutoRun\command - "" = LHcLgR.ExE O33 - MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\Shell\oPEn\cOmmAND - "" = lhClgR.EXe O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{eb7835a4-cdf0-11de-8019-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\AutoRun\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\explore\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\Shell\open\command - "" = F:\folder.tmp\tmp.exe -- File not found O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell - "" = AutoRun O33 - MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009/01/21 06:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) - File not found [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34 :reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe"=- "C:\Arquivos de programas\iWin Games\iWinGames.exe"=- "C:\Arquivos de programas\eMule\emule.exe"=- "C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe"=- "C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe"=- :commands [purity] [emptyflash] [emptytemp] [Reboot] <@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar! <@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manoela 0 Denunciar post Postado Junho 9, 2010 O quê que você viu de errado no pc? poderia me explicar o que foi feito e deletado e qual será a mudança no laptop?? Olha só, eu executei o rhosts, fui em restore só que não abriu nenhuma outra janela e nao me mostrou nada se foi feito ou não. voltou para a janela em que ele pergunta se é para restaurar. mesmo assim continuei o processo... Aqui está o log do OTL: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\S-1-5-21-682003330-583907252-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2C688203-7EB3-4327-9995-1CB417BA23F9} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C688203-7EB3-4327-9995-1CB417BA23F9}\ not found. Registry value HKEY_USERS\S-1-5-21-682003330-583907252-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c749756-ad5b-11db-80d2-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c749756-ad5b-11db-80d2-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c749759-ad5b-11db-80d2-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c749759-ad5b-11db-80d2-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c749759-ad5b-11db-80d2-001e680ee58b}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2301946c-34e4-11de-bf34-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2301946c-34e4-11de-bf34-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found. File F:\folder.tmp\tmp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found. File F:\folder.tmp\tmp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24e782ec-66a9-11df-8154-001e680ee58b}\ not found. File F:\folder.tmp\tmp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2675b4aa-ad5c-11db-80d3-001e680ee58b}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2cd47f44-671c-11de-bf81-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2cd47f44-671c-11de-bf81-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45c0b2f4-18cd-11de-bef4-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{591b091f-4f8a-11de-bf63-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{591b091f-4f8a-11de-bf63-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a080ea2-1298-11de-bee1-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a080ea2-1298-11de-bee1-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b831c76-4026-11df-8119-001e680ee58b}\ not found. File autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b831c76-4026-11df-8119-001e680ee58b}\ not found. File autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b831c76-4026-11df-8119-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b831c76-4026-11df-8119-001e680ee58b}\ not found. File autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found. File cfdflx.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found. File cfdflx.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837173c8-5f54-11dd-ab1d-001e680ee58b}\ not found. File cfdflx.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ not found. File diskdrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{991b8d69-c6c3-11dd-abc3-001e680ee58b}\ not found. File diskdrive.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ not found. File LHcLgR.ExE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c537ff3a-8806-11de-bfa0-001e680ee58b}\ not found. File lhClgR.EXe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d192cd36-2889-11df-80e7-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d192cd36-2889-11df-80e7-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d192cd36-2889-11df-80e7-001e680ee58b}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e69d3f0f-4b7a-11df-8126-001e680ee58b}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9ad53dc-e4ff-11de-805c-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb7835a4-cdf0-11de-8019-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb7835a4-cdf0-11de-8019-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found. File F:\folder.tmp\tmp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found. File F:\folder.tmp\tmp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0ea8a47-99a0-11db-8124-001e680ee58b}\ not found. File F:\folder.tmp\tmp.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9948a3a-af3e-11db-80dc-001e680ee58b}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:5C321E34 deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\MySpace\IM\MySpaceIM.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\iWin Games\iWinGames.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Arquivos de programas\eMule\emule.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\USER\Configurações locais\Temp\pyl1C.tmp\pyrun.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\USER\Configurações locais\Temp\pyl4B.tmp\pyrun.exe deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: USER ->Flash cache emptied: 2267 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: USER ->Temp folder emptied: 297556 bytes ->Temporary Internet Files folder emptied: 842756 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 90440831 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 65536 bytes RecycleBin emptied: 66003886 bytes Total Files Cleaned = 150,00 mb OTL by OldTimer - Version 3.2.5.3 log created on 06092010_151433 Files\Folders moved on Reboot... File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... Hijackthis atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:24:57, on 9/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Arquivos de programas\VIVO INTERNET\VIVO INTERNET.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack this\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bsplayer-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203 O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6718 bytes grata, Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 9, 2010 Boa Tarde! Manoela O quê que você viu de errado no pc? poderia me explicar o que foi feito e deletado e qual será a mudança no laptop?? <!> Principalmente,o log mostrou infecções por vírus oriundos de unidades removíveis. Olha só, eu executei o rhosts, fui em restore só que não abriu nenhuma outra janela e nao me mostrou nada se foi feito ou não. voltou para a janela em que ele pergunta se é para restaurar. mesmo assim continuei o processo... <!> Pelo relatório do HijackThis,o processo teve êxito. 000000000000000000000 ooooooooooooooooooooo <@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 ) <@> Salve-a em Arquivos de programas! <@> Desabilite seu antivírus! <@> Instale e execute a ferramenta,com um duplo-clique em: < > <@> Nas opções da língua,escolha "PT-BR" --> Enter. <@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter. <@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... ) <@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok. <@> O computador irá reiniciar. <-- Aguarde! <@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta. <@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante! <@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter. <@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manoela 0 Denunciar post Postado Junho 14, 2010 Boa Tarde DigRam, Eu fiz o download do programa USBFix, mas o que foi feito download é completamente diferente do que você exemplificou na mensagem. Mas tudo bem, deu pra seguir as instruções. No final, ele me pediu para mandar um arquivo (USBFIX_Upload_Me_MOVEL) zipado para o site http://chiquitine.changelog.fr/Sample/Upload.php parece ser o site do USBFIX, mas você nao comentou nada sobre isso, entao vou esperar sua resposta pra saber se mando este arquivo ou não. Relatório do USBFIX: ############################## | UsbFix 7.007 | [supressão] Usuário: USER (Administrador) # MOVEL [ ] Atualizado em 10/06/10 por El Desaparecido / C_XX Começou em 16:23:36 | 14/06/2010 Site: http://pagesperso-orange.fr/NosTools/index.html Contato: FindyKill.Contact@gmail.com CPU: AMD Turion 64 X2 Mobile Technology TL-58 CPU 2: AMD Turion 64 X2 Mobile Technology TL-58 Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2 Internet Explorer 7.0.5730.13 Windows Firewall: Habilitado Antivirus: AntiVir Desktop 9.0.1.32 [(!) Disabled | (!) Outdated] RAM -> 1790 Mb C:\ (%systemdrive%) -> Disco fixo # 68 Gb (112 Mb livre - 0%) [] # NTFS D:\ -> Disco fixo # 81 Gb (17 Mb livre - 21%) [unidade de Disco] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM H:\ -> Disco removível # 962 Mb (48 Mb livre - 5%) [KINGSTON] # FAT I:\ -> Disco removível # 2 Gb (2 Mb livre - 100%) [] # FAT32 ################## | Ficheiros # pastas infeciosos | Não supprimido ! F:\Autorun.inf Supprimido ! C:\Recycler\S-1-5-21-682003330-583907252-725345543-1003 Supprimido ! D:\Recycler\S-1-5-21-682003330-583907252-725345543-1003 ################## | Registro | ################## | Mountpoints2 | ################## | Listing | [10/06/2010 - 01:50:34 | RD ] C:\Arquivos de programas [19/04/2010 - 07:55:19 | D ] C:\Arquivos de Programas RFB [11/06/2008 - 21:32:24 | A | 0] C:\AUTOEXEC.BAT [14/06/2010 - 16:21:39 | RASHD ] C:\Autorun.inf [28/03/2010 - 23:58:20 | RASH | 211] C:\boot.ini [19/01/1782 - 00:14:07 | RASH | 4952] C:\Bootfont.bin [28/03/2010 - 23:58:20 | RASH | 0] C:\CONFIG.SYS [11/06/2008 - 21:36:28 | D ] C:\Documents and Settings [17/05/2010 - 13:51:49 | D ] C:\DOWNLOADS [02/02/2010 - 10:21:05 | D ] C:\Garmin [20/11/2009 - 11:35:30 | D ] C:\Hijack this [10/12/2008 - 11:05:43 | D ] C:\HSF [11/06/2008 - 21:32:24 | RASH | 0] C:\IO.SYS [11/06/2008 - 21:43:58 | A | 7] C:\ISACER.id [25/04/2010 - 19:33:20 | HD ] C:\Mmi_Email_Temp [11/06/2008 - 21:32:24 | RASH | 0] C:\MSDOS.SYS [11/06/2008 - 11:19:55 | RHD ] C:\MSOCache [03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM [03/08/2004 - 22:59:34 | RASH | 251168] C:\ntldr [25/05/2010 - 17:46:43 | D ] C:\OutputFolder [14/06/2010 - 15:19:07 | ASH | 2145386496] C:\pagefile.sys [03/01/2007 - 05:34:44 | D ] C:\Program Files [14/06/2010 - 16:24:27 | SHD ] C:\RECYCLER [09/12/2009 - 15:47:04 | AH | 232] C:\sqmdata00.sqm [09/12/2009 - 17:12:50 | AH | 232] C:\sqmdata01.sqm [09/12/2009 - 17:58:24 | AH | 232] C:\sqmdata02.sqm [12/12/2009 - 20:18:50 | AH | 232] C:\sqmdata03.sqm [12/12/2009 - 20:59:32 | AH | 232] C:\sqmdata04.sqm [12/12/2009 - 22:48:22 | AH | 232] C:\sqmdata05.sqm [13/12/2009 - 07:36:17 | AH | 232] C:\sqmdata06.sqm [13/12/2009 - 11:34:57 | AH | 232] C:\sqmdata07.sqm [13/12/2009 - 19:45:09 | AH | 232] C:\sqmdata08.sqm [13/12/2009 - 21:24:03 | AH | 232] C:\sqmdata09.sqm [30/12/2009 - 12:26:25 | AH | 232] C:\sqmdata10.sqm [21/11/2009 - 00:45:04 | AH | 232] C:\sqmdata11.sqm [05/12/2009 - 02:56:19 | AH | 232] C:\sqmdata12.sqm [09/12/2009 - 03:16:11 | AH | 232] C:\sqmdata13.sqm [09/12/2009 - 03:29:28 | AH | 232] C:\sqmdata14.sqm [09/12/2009 - 04:32:11 | AH | 232] C:\sqmdata15.sqm [09/12/2009 - 10:25:51 | AH | 232] C:\sqmdata16.sqm [09/12/2009 - 11:46:22 | AH | 232] C:\sqmdata17.sqm [09/12/2009 - 12:26:04 | AH | 232] C:\sqmdata18.sqm [09/12/2009 - 14:37:43 | AH | 232] C:\sqmdata19.sqm [09/12/2009 - 15:47:04 | AH | 244] C:\sqmnoopt00.sqm [09/12/2009 - 17:12:50 | AH | 244] C:\sqmnoopt01.sqm [09/12/2009 - 17:58:24 | AH | 244] C:\sqmnoopt02.sqm [12/12/2009 - 20:18:50 | AH | 244] C:\sqmnoopt03.sqm [12/12/2009 - 20:59:32 | AH | 244] C:\sqmnoopt04.sqm [12/12/2009 - 22:48:22 | AH | 244] C:\sqmnoopt05.sqm [13/12/2009 - 07:36:17 | AH | 244] C:\sqmnoopt06.sqm [13/12/2009 - 11:34:57 | AH | 244] C:\sqmnoopt07.sqm [13/12/2009 - 19:45:09 | AH | 244] C:\sqmnoopt08.sqm [13/12/2009 - 21:24:03 | AH | 244] C:\sqmnoopt09.sqm [30/12/2009 - 12:26:25 | AH | 244] C:\sqmnoopt10.sqm [21/11/2009 - 00:45:03 | AH | 244] C:\sqmnoopt11.sqm [05/12/2009 - 02:56:19 | AH | 244] C:\sqmnoopt12.sqm [09/12/2009 - 03:16:11 | AH | 244] C:\sqmnoopt13.sqm [09/12/2009 - 03:29:28 | AH | 244] C:\sqmnoopt14.sqm [09/12/2009 - 04:32:11 | AH | 244] C:\sqmnoopt15.sqm [09/12/2009 - 10:25:51 | AH | 244] C:\sqmnoopt16.sqm [09/12/2009 - 11:46:22 | AH | 244] C:\sqmnoopt17.sqm [09/12/2009 - 12:26:04 | AH | 244] C:\sqmnoopt18.sqm [09/12/2009 - 14:37:43 | AH | 244] C:\sqmnoopt19.sqm [19/03/2009 - 10:49:32 | SHD ] C:\System Volume Information [24/05/2001 - 12:59:30 | A | 162304] C:\UNWISE.EXE [14/06/2010 - 16:23:51 | D ] C:\UsbFix [14/06/2010 - 16:24:27 | A | 1184] C:\UsbFix.txt [14/06/2010 - 16:21:39 | A | 6010] C:\UsbFix_Upload_Me_MOVEL.zip [02/02/2010 - 10:21:05 | D ] C:\WebUpdater [01/01/2007 - 00:01:45 | D ] C:\WINDOWS [09/06/2010 - 15:14:33 | D ] C:\_OTL [14/06/2010 - 16:21:39 | RASHD ] D:\Autorun.inf [05/09/2001 - 21:00:58 | A | 1700352] D:\gdiplus.dll [22/03/2010 - 03:32:27 | D ] D:\human design [01/01/2007 - 00:33:26 | D ] D:\LOST [05/01/2007 - 03:56:04 | D ] D:\LOST_1 [04/01/2007 - 22:12:59 | D ] D:\LOST_2 [05/01/2007 - 00:00:15 | D ] D:\LOST_3 [30/04/2010 - 18:28:01 | D ] D:\MÚSICAS [14/06/2010 - 16:24:27 | SHD ] D:\RECYCLER [27/02/2009 - 14:12:50 | SHD ] D:\System Volume Information [25/05/2010 - 17:55:06 | D ] D:\VÍDEOS [02/06/2010 - 12:29:09 | D ] D:\__tempFolder__ [21/01/2009 - 06:22:18 | R | 126976] F:\AutoRun.exe [08/11/2007 - 04:41:52 | R | 47] F:\AUTORUN.INF [21/01/2009 - 06:22:18 | R | 126976] F:\DataCard_Setup.exe [21/01/2009 - 06:21:34 | R | 176640] F:\DataCard_Setup64.exe [20/02/2008 - 10:16:48 | R | 7168] F:\ResetDevice.exe [18/05/2009 - 21:19:36 | R | 4286] F:\Startup.ico [17/08/2009 - 10:14:04 | R | 1357] F:\SysConfig.dat [19/08/2009 - 09:33:48 | RD ] F:\VIVO INTERNET [23/01/2010 - 12:21:18 | D ] H:\Casa de Farinha [22/03/2010 - 14:41:08 | D ] H:\Brasilerança [22/03/2010 - 14:25:28 | D ] H:\Baden Powell todos [25/01/2010 - 14:43:48 | AH | 4096] H:\._.Trashes [25/01/2010 - 14:43:48 | HD ] H:\.Trashes [27/01/2010 - 10:07:06 | D ] H:\Amoy Ribas [25/01/2010 - 14:43:48 | HD ] H:\.Spotlight-V100 [27/01/2010 - 10:07:06 | D ] H:\iaiá(2004) [23/01/2010 - 15:09:54 | D ] H:\mariana aydar [18/02/2010 - 21:14:52 | D ] H:\Otto - Samba pra burro [14/06/2010 - 16:21:40 | RASHD ] H:\Autorun.inf [13/03/2010 - 13:25:18 | D ] H:\Corpo do Som [13/03/2010 - 13:25:40 | D ] H:\Arnaldo Antunes - O Silêncio [13/03/2010 - 13:26:16 | D ] H:\Cartola (1974) [13/03/2010 - 13:28:04 | D ] H:\Chico cesar- Respeitem meus cabelos, brancos [13/03/2010 - 13:28:36 | D ] H:\7 Sinais [20/04/2010 - 16:50:12 | A | 58487] H:\Repertório Incenso de Fulô.docx [20/03/2009 - 18:16:12 | RSHD ] H:\RECYCLER [14/06/2010 - 16:21:40 | RASHD ] I:\Autorun.inf ################## | Vaccin | C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) H:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) I:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) ################## | Upload | Favor enviar o arquivo: C:\UsbFix_Upload_Me_MOVEL.zip http://chiquitine.changelog.fr/Sample/Upload.php Obrigado pela sua contribuição. ################## | E.O.F | Hijackthis atualizado: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:30:50, on 14/6/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Hijack this\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203 O17 - HKLM\System\CS1\Services\Tcpip\..\{0AA6FDCA-4F13-41BE-A638-22698DD370B9}: NameServer = 200.220.227.57 200.142.130.203 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Arquivos de programas\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5889 bytes grata, Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 15, 2010 Bom Dia! Manoela Eu fiz o download do programa USBFix, mas o que foi feito download é completamente diferente do que você exemplificou na mensagem. Mas tudo bem, deu pra seguir as instruções. <!> Ps: Irei atualizar esses procedimentos,que pedem essa nova versão do UsbFix. No final, ele me pediu para mandar um arquivo (USBFIX_Upload_Me_MOVEL) zipado para o site http://chiquitine.ch...mple/Upload.php parece ser o site do USBFIX, mas você nao comentou nada sobre isso, entao vou esperar sua resposta pra saber se mando este arquivo ou não. <!> Pode enviar! ;) 000000000000000000000000 oooooooooooooooooooooooo <@> Baixe: < PureRa15Binary.zip > ( ...by Paul McLain & Fred de Vries ) <!> Link - 2 < > <@> Salve-o no desktop! <-- Tire-o do zip! <@> Execute: PureRa.exe --> Clique em Clean. <@> Marque a opção: "Check All" < > <@> Clique no botão Clean Selected --> Aguarde! <@> Terminando ( Finished ),clique em Exit. <@> Poste o relatório: PureRa.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Manoela 0 Denunciar post Postado Junho 16, 2010 Olá DigRam, Relatório do pureRa: RaProducts' PureRa v1.5 Log created at 22:36 on 15/06/2010 (USER) C:\Config.MSI emptied. C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted. Recycle bin emptied. C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied. C:\WINDOWS\SoftwareDistribution\Download emptied. C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied. C:\WINDOWS\SoftwareDistribution\WuRedir emptied. C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- Successfully deleted. C:\DOCUME~1\USER\CONFIG~1\Temp emptied. C:\WINDOWS\TEMP emptied. C:\WINDOWS\$MSI31Uninstall_KB893803v2$ <- Successfully deleted. C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ <- Successfully deleted. C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB873339$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB885835$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB885836$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB886185$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB887472$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB888111WXPSP2$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB888302$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB890046$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB890859$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB891781$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB893756$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB894391$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB896358$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB896423$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB896428$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB898461$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB899587$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB899591$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB900485$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB900725$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB901017$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB901214$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB902400$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB905414$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB905749$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB908519$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB908531$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB910437$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB911280$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB911562$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB911564$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB911927$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB913580$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB914388$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB914389$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB915865$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB916595$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB918118$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB918439$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB920213$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB920670$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB920683$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB920685$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB920872$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB922582$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB922819$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB923191$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB923414$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB923980$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB924270$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB924667$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB925398_WMP64$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB925902$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB926239$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB926255$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB926436$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB927779$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB927802$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB927891$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB928255$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB928843$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB929123$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB929399$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB930178$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB930916$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB931261$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB931784$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB932168$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB932823-v3$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB933729$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB935448$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB935839$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB935840$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB936021$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB936782_WMP11$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB937894$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB938464$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB938828$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB939683$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB941202$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB941569$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB941644$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB941693$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB942763$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB943055$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB943460$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB943485$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB944653$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB945553$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB946026$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB946648$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB948590$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB950749$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB950760$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB950762$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB950974$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB951066$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB951072-v2$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB951376$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB951376-v2$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB951698$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB951748$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB952069_WM9$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB952287$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB952954$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB953839$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB954154_WM11$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB954211$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB954600$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB955069$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB955839$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB956391$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB956802$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB956803$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB956841$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB957095$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB957097$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB958644$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB958687$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB958690$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB959772_WM11$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB960225$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB960715$ <- Successfully deleted. C:\WINDOWS\$NtUninstallKB967715$ <- Successfully deleted. C:\WINDOWS\$NtUninstallMSCompPackV1$ <- Successfully deleted. C:\WINDOWS\$NtUninstallWdf01005$ <- Successfully deleted. C:\WINDOWS\$NtUninstallWMFDist11$ <- Successfully deleted. C:\WINDOWS\$NtUninstallwmp11$ <- Successfully deleted. C:\WINDOWS\$NtUninstallWudf01000$ <- Successfully deleted. C:\WINDOWS\system32\wbem\Logs\FrameWork.log <- Successfully deleted. C:\WINDOWS\system32\wbem\Logs\wbemess.log <- Successfully deleted. C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ <- Successfully deleted. C:\WINDOWS\system32\wbem\Logs\wbemprox.log <- Successfully deleted. C:\WINDOWS\system32\wbem\Logs\wmiprov.log <- Successfully deleted. C:\sqmdata00.sqm <- Successfully deleted. C:\sqmdata01.sqm <- Successfully deleted. C:\sqmdata02.sqm <- Successfully deleted. C:\sqmdata03.sqm <- Successfully deleted. C:\sqmdata04.sqm <- Successfully deleted. C:\sqmdata05.sqm <- Successfully deleted. C:\sqmdata06.sqm <- Successfully deleted. C:\sqmdata07.sqm <- Successfully deleted. C:\sqmdata08.sqm <- Successfully deleted. C:\sqmdata09.sqm <- Successfully deleted. C:\sqmdata10.sqm <- Successfully deleted. C:\sqmdata11.sqm <- Successfully deleted. C:\sqmdata12.sqm <- Successfully deleted. C:\sqmdata13.sqm <- Successfully deleted. C:\sqmdata14.sqm <- Successfully deleted. C:\sqmdata15.sqm <- Successfully deleted. C:\sqmdata16.sqm <- Successfully deleted. C:\sqmdata17.sqm <- Successfully deleted. C:\sqmdata18.sqm <- Successfully deleted. C:\sqmdata19.sqm <- Successfully deleted. C:\sqmnoopt00.sqm <- Successfully deleted. C:\sqmnoopt01.sqm <- Successfully deleted. C:\sqmnoopt02.sqm <- Successfully deleted. C:\sqmnoopt03.sqm <- Successfully deleted. C:\sqmnoopt04.sqm <- Successfully deleted. C:\sqmnoopt05.sqm <- Successfully deleted. C:\sqmnoopt06.sqm <- Successfully deleted. C:\sqmnoopt07.sqm <- Successfully deleted. C:\sqmnoopt08.sqm <- Successfully deleted. C:\sqmnoopt09.sqm <- Successfully deleted. C:\sqmnoopt10.sqm <- Successfully deleted. C:\sqmnoopt11.sqm <- Successfully deleted. C:\sqmnoopt12.sqm <- Successfully deleted. C:\sqmnoopt13.sqm <- Successfully deleted. C:\sqmnoopt14.sqm <- Successfully deleted. C:\sqmnoopt15.sqm <- Successfully deleted. C:\sqmnoopt16.sqm <- Successfully deleted. C:\sqmnoopt17.sqm <- Successfully deleted. C:\sqmnoopt18.sqm <- Successfully deleted. C:\sqmnoopt19.sqm <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - Black On White\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Pacote\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table - Minimal\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - Black On White\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table - Minimal\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\AnvSoft\Any Video Converter\images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\AnvSoft\Any Video Converter\images\avc\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\DVD Shrink\Still Images\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\VIVO INTERNET\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\VIVO INTERNET\plugins\StatusBarMgrPlugin\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\VIVO INTERNET\plugins\XFramePlugin\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\VIVO INTERNET\usermanual\en-us\public_sys-resources\Thumbs.db <- Successfully deleted. C:\Arquivos de programas\VIVO INTERNET\usermanual\pt-pt\public_sys-resources\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Festa - em Digital\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 01 - 5870\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 02 - 5873\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 03 - 5877\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 04 - 5868\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas imagens\Casamento Alessandra e Weber - 25-10-2008\Fotos da Igreja - em Filme\Filme 05 - 5875\Thumbs.db <- Successfully deleted. C:\Documents and Settings\All Users\Documentos\Minhas músicas\Amostra de música\Thumbs.db <- Successfully deleted. C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Portable Devices\wpdlog00.sqm <- Successfully deleted. C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\IconCache.db <- Successfully deleted. C:\Documents and Settings\USER\Configurações locais\Dados de aplicativos\Microsoft\Windows Live\SqmApi\SqmData720896_00.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt00.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt01.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt02.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt03.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt04.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt05.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt06.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt07.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt08.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt09.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt10.sqm <- Successfully deleted. C:\Documents and Settings\USER\Dados de aplicativos\Microsoft\MSN Messenger\sqmnoopt11.sqm <- Successfully deleted. C:\Documents and Settings\USER\Desktop\Bejeweled 2 Deluxe\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Fotos Josué\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Álbum Ateliê Naturarte\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\NATURARTE\Álbum Ateliê Naturarte\cd\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Anexos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\CD Oficina\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\CD Oficina\LOGOS\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Contratos e recibos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Documentos e Ofícios\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\09-05-2009 ENCONTRO FIANDEIRAS\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\Curso tear-2010\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\ENCONTRO\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS APRESENTAÇÃO DO PROJETO PARA FIANDEIRAS - 07.03.09\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS DAS ROCAS DE FIAR\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS E VIDEOS 21.03.09\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS E VIDEOS 21.03.09\Dona Diolina\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS FIANDEIRAS - ELIARDO\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\FOTOS\FOTOS LANÇAMENTO PEDRO MATALO\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Imagens\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Modelos de documentos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Oficina PPP\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Orçamento e P.T\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\Relatórios\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\tear clássico_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\tear hobby_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\ACDD\PROJETO TEIA DO CERRADO\tear serrano_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\catingueiro\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Debut\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Downloads\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Artigos\artigo01_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Artigos\artigo02_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Artigos\artigo03_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Buddhist Chants- Music for Contemplation and Reflection\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Cartaz Morena\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\alcauz_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\alecrim do cerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\alecrim dourado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\angelim_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\assapeixe_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\astrapeiavenuziana_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\babosa_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\baguas_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\baslico_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bgoiano_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bonina_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquet7flores_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquetdachamatrina_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquetdaexpresso_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquetintegraomasculina_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\bouquezinhobrancodocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cactosbrancodocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cactos_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cajadodocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\calliandraflordocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\calliandraprateada_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cambarbrancoassapeixe_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\candonbbranco_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\caneladeema_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\carnedevacacatingadeporco_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\catuaba_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\chapudeduendepalipalm_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\chuvadeouro_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\chuverinho_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cipdesantaluzia_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cipdesojoo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\claridade_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\clotolrialuzdacriao_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\conexomedinicamariadorosrioquaresma_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\conflitosdeidentidadesexualeestmulosaversivos_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\conscinciaplena_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\cristadocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\darafolhasantaflordesantarita_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ddivarosadocampo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\dedaleirapacari_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ervadepassarinho_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\espadadesojorgeeians_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\fernia_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\fiosdeluzflordopau_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ftimacentaurafeldaterra_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\gemaspaudocefolhagorda_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\graminea_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\incensus_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\jasmimdospoetas_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\jasmimmanga_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lantana_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\laranjinhadocerradocanelabraba_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lavanda_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\liberadormental_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lilithgabiroba_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lils_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\linfa_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lobera_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lorena_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\lriodocampo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\maceladocampo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\madressilva_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\maestria_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\malaranjada_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\manifestaopicasso_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\maracujdoce_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\margaridabranca_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\margaridadocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mariajalapa_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mariamoledobrejo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mcerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\megaalgododocampo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mikael_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mimosabarneby_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mirabelis_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\mirraplumadenevoa_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\myostis_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\narcila_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ndigocristal_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\nicociana_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\orqudea_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\orvalhodosol_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\palasathenas_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\palipalnestrela_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\palmeira_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\patadevaca_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\pausantorosadocampo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\pirekapimentinhaprateada_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\poalhasarojasmimdolago_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\primavera_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\quaresmeira_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\quaresminha_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\raizamasucupira_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\resgateemocional_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\rosadocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\rovenabocadesapo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\roxinha_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\ruibarboroxoravenna_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sabugueiro_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\safiraestelarflordocu_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\salma_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sennasilvestre_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\serena_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sinosbrancosflordeveado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sinosdefadaslriodocampo_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sinosdocerrado_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\solarsirianadouradinha_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\sumar_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\trigodafelicidade_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\unhadeboi_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\verroninea_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\violavioleta_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Florais do cerrado\vnus_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Fotos Flores\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Home\tratamento das aguas_arquivos\desktop_data\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\ambaleia_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\ariopreto_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\avdalthar_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\avdgruta_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\avdguardiao_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\guadesomiguel_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Florais\Águas\guarochosa_arquivos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\CD Encantos da Chapada\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\CD Encantos da Chapada\Fotos Músicos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\CD Encantos da Chapada\Fotos Seriema\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\13-4-2009-Show do fruto-Roots\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Circularte\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Festival Instrumental de Cavalcante - 2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Fotos Miguel\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Fruto do Cerrado\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\FRUTO DO CERRADO\FOTOS\Show na ROOTS - Sábado de Aleluia 2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\MANOELA\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Meus vídeos\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\20.01.2010-Niver da Fran\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Afilhado mais que lindo\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Afilhado mais que lindo\2008- Passeio com Joao Vitor\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Afilhado mais que lindo\Batizado João Vitor\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichinhos do Cerrado\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Costela\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Godofredo\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Misha\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Tequila\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Tupan\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Bichos de Casa\Zé\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\bunitezas do cerrado\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Cachoeira Celio - Catingueiro\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Carnaval no Coutinho\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Em casa\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\07-05-2009-Aniversário Paulo\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\10-5-2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\2009-02, Carnavalcante\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\2009-02-12, Apresentação Prakriti\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\22-4-2009-Aniversário Morena\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\3-8-2009 - são jorge- Encontro de Culturas\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\30-10-2009 - Jeri e canoa\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\31-05-2009 - niver manu\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\6-7-2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\6-9-2009- Show Hermes tia Mari Curitiba\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Casa de Teresina\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Catingueiro\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Cayana- visita fabi\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Curitiba - out.2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Curitiba na Chapada\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Céu de teresina\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\elas\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Encontro em PVH\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Festival Chillout\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Fotos Celular\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Fotos Festival Amoragaia\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Fotos Festival são jorge\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Ida ao Coitinho\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Niver Vivi-jan.2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Show Del e Morena\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Viagem Curitiba - outubro 2009\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Visita Ariane\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Visita de ano novo\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\visita dos amigos - barbara e familia\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\FOTOS 2009\Vídeos de comédia\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Fotos Chácara Manaíra - Casa\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\fotos diversas\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Fotos Poço Encantado\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Horizontes\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Jan.2010- Visita lu e adriano\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\No Engenho II\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Noite cultural na Arace\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Paz&pitanga\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Tear com Laura\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\Minhas imagens\Visita Leandra,Ricardo e Iuri\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\MORENA\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\MORENA\Cartaz Maíra Morena\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\My Received Files\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\My Scans\2010-03 (mar)\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\My Scans\2010-05 (mai)\Thumbs.db <- Successfully deleted. C:\Documents and Settings\USER\Meus documentos\MySpaceIM Pics\Thumbs.db <- Successfully deleted. Total space cleaned: 988609249 bytes -=E.O.F=- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 16, 2010 Boa Noite! Manoela Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791) <!> Seu navegador e SO,estão desatualizados. Já foi lançado,há tempos,o SP3 e o IE8. <!> No mais,seus logs estão limpos! ^_^ 00000000000000000 ooooooooooooooooo <@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! 00000000000000000 <!> Bom trabalho! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Julho 16, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
