Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

GildazioJr

[Arquivado] Analise de Log

Recommended Posts

Aí vai o log peço-lhes ajuda por favor,

desconfiei de virus visto que no servidor encontram-se 2 arquivos 1 denominado 'Arquivos' e outro 'program' seguidos de um

'autorun' assim que acesso o servidor o avast avisa, ainda sim quando excluo eles retornam ao servidor.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:10:12, on 22/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\javatmp4237948111759349074.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 2433 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! GildazioJr

 

<!> Siga,na ordem,estas instruções!

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < marcinsig.gif >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2010-xx-xx (00-00-00).txt <--

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < otlDesktopIcon.png >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<!> <1> OTL.txt <--

<!> <2> Extras.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aí vai o log do anti-malware

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3510

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

28/06/2010 10:32:04 GildazioJr

mbam-log-2010-06-28 (10-32-04).txt

 

Tipo de Verificação: Completa (C:\|F:\|)

Objetos verificados: 243914

Tempo decorrido: 27 minute(s), 30 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Compartilhar este post


Link para o post
Compartilhar em outros sites

LOG OTL.TXT

OTL logfile created on: 28/06/2010 10:39:20 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1.015,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 23,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 298,09 Gb Total Space | 215,53 Gb Free Space | 72,30% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 141,02 Gb Total Space | 130,25 Gb Free Space | 92,36% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME

Current User Name: GildazioJr

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)

PRC - C:\Documents and Settings\Administrador\Configurações locais\temp\javatmp4237948111759349074.exe ()

PRC - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\Arquivos de programas\UltraVNC\winvnc.exe (UltraVNC)

PRC - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Administrador\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (GbpSv) -- File not found

SRV - (LMIMaint) -- C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (avast! Antivirus) -- C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (LogMeIn) -- C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (winvnc) -- C:\Arquivos de programas\UltraVNC\WinVNC.exe (UltraVNC)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (SEG02) -- C:\WINDOWS\system32\drivers\SEG02.sys ()

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (LMIInfo) -- C:\Arquivos de programas\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)

DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)

DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\atl02_xp.sys (Attansic Technology corporation.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (vnccom) -- C:\WINDOWS\system32\drivers\vnccom.SYS (RDV Soft)

DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)

DRV - (atirage3) -- C:\WINDOWS\system32\drivers\atimpae.sys (ATI Technologies Inc.)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-842925246-1580436667-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.7.10

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.10.4

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/06/24 08:18:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/06/24 08:18:44 | 000,000,000 | ---D | M]

 

[2009/08/17 10:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions

[2009/08/17 10:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2010/06/28 08:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions

[2009/12/30 08:03:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/14 10:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2009/06/01 09:23:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2009/08/17 10:27:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\on8u2f4k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/06/28 08:44:21 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/03/31 08:47:49 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/03/31 08:47:49 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/03/31 08:47:49 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/03/31 08:47:49 | 000,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/06/05 11:13:39 | 000,003,735 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 68.233.230.153 santander.com.br

O1 - Hosts: 68.233.230.153 www.santander.com.br

O1 - Hosts: 68.233.230.153 itau.com.br

O1 - Hosts: 68.233.230.153 www.itau.com.br

O1 - Hosts: 68.233.230.153 www.itau.com

O1 - Hosts: 68.233.230.153 itau.com

O1 - Hosts: 68.233.230.153 itaupersonnalite.com.br

O1 - Hosts: 68.233.230.153 www.itaupersonnalite.com.br

O1 - Hosts: 68.233.230.153 www.bradesco.com.br

O1 - Hosts: 68.233.230.153 bradesco.com.br

O1 - Hosts: 68.233.230.153 www.bradesco.com

O1 - Hosts: 68.233.230.153 bradesco.com

O1 - Hosts: 68.233.230.153 www.bradescoempresa.com.br

O1 - Hosts: 68.233.230.153 bradescoempresa.com.br

O1 - Hosts: 68.233.230.153 www.bradescoprime.com.br

O1 - Hosts: 68.233.230.153 bradescoprime.com.br

O1 - Hosts: 68.233.230.153 bradescocartoes.com.br

O1 - Hosts: 68.233.230.153 www.bradescocartoes.com.br

O1 - Hosts: 68.233.230.153 caixa.com.br

O1 - Hosts: 68.233.230.153 www.caixa.com.br

O1 - Hosts: 68.233.230.153 caixa.gov.br

O1 - Hosts: 68.233.230.153 www.caixa.gov.br

O1 - Hosts: 68.233.230.153 cef.gov.br

O1 - Hosts: 68.233.230.153 www.cef.gov.br

O1 - Hosts: 87 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-842925246-1580436667-682003330-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [avast!] C:\Arquivos de programas\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NevoDRM] C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [OpenSource] C:\Documents and Settings\Administrador\Configurações locais\temp\javatmp4237948111759349074.exe ()

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [WinVNC] C:\Arquivos de programas\UltraVNC\WinVNC.exe (UltraVNC)

O4 - HKU\S-1-5-21-842925246-1580436667-682003330-500..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-842925246-1580436667-682003330-500..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\S-1-5-21-842925246-1580436667-682003330-500..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\Gardenia\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-842925246-1580436667-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Arquivos de programas\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)

O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Arquivos de programas\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehcef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Desktop\INDOMAVEL\INDOMAVEL.BMP

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Desktop\INDOMAVEL\INDOMAVEL.BMP

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/02/23 16:08:38 | 000,000,020 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/06/22 15:02:19 | 000,000,105 | R--- | M] () - F:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{0aaef912-65b8-11df-9d81-001d6013c7af}\Shell\AutoRun\command - "" = D:\hhYobJ.eXE -- File not found

O33 - MountPoints2\{0aaef912-65b8-11df-9d81-001d6013c7af}\Shell\OpEn\cOmMaNd - "" = D:\hHYoBJ.eXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/17 13:50:48 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Pacote para navegação off-line

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ajuda do Internet Explorer

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Ferramentas da Instalação do Internet Explorer

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Recursos de navegação

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acesso ao site da MSN

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Ligação de dados de HTML dinâmico

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fontes principais do Microsoft Internet Explorer

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ajuda HTML

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/06/28 09:34:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2010/06/23 17:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Festa Sertaneja - (SomLivre - 2010)

[2010/06/22 11:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\p

[2010/06/22 11:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\sara

[2010/06/22 11:13:50 | 002,469,888 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress3.dll

[2010/06/22 11:13:50 | 002,183,168 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCompress.dll

[2010/06/22 11:13:50 | 001,810,432 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioCompress2.dll

[2010/06/22 11:13:50 | 000,987,136 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoCoreM.dll

[2010/06/22 11:13:50 | 000,348,160 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll

[2010/06/22 11:13:50 | 000,290,816 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAVIFile.dll

[2010/06/22 11:13:50 | 000,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMVFile.dll

[2010/06/22 11:13:50 | 000,139,264 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTVideoFile.dll

[2010/06/22 11:13:50 | 000,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioFormatSettings3.dll

[2010/06/22 11:13:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free WMV to AVI MPEG Converter

[2010/06/22 10:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\GOLIMA

[2010/06/21 15:14:59 | 004,452,978 | ---- | C] (www.appfree.net ) -- C:\Documents and Settings\Administrador\Desktop\wmv2avi.exe

[2010/06/21 12:30:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WMV to AVI MPEG DVD WMV Converter

[2010/06/16 10:24:24 | 000,487,479 | ---- | C] (Appspeed Inc.) -- C:\WINDOWS\System32\SkinMagic.dll

[2010/06/16 10:24:24 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll

[2010/06/16 10:24:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free AVI to 3GP Converter

[2010/06/15 10:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\BRasil

[2009/01/08 12:51:45 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

[26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/06/28 09:50:01 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/28 09:41:07 | 000,028,800 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Imaster.docx

[2010/06/28 09:34:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2010/06/25 08:47:16 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/24 17:53:06 | 001,139,878 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/24 17:53:06 | 000,517,688 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/06/24 17:53:06 | 000,476,096 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/24 17:53:06 | 000,094,522 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/06/24 17:53:06 | 000,079,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/24 17:47:45 | 002,104,034 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Sampler.zip

[2010/06/24 16:33:04 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Virtual DJ.lnk

[2010/06/24 16:23:31 | 011,534,525 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\A_V_DJ_P5.0.7_2.rar

[2010/06/23 17:17:27 | 051,288,640 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Festa Sertaneja - (SomLivre - 2010).rar

[2010/06/22 11:53:45 | 018,727,017 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\p.zip

[2010/06/22 11:37:05 | 069,349,922 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\sara.zip

[2010/06/21 15:34:12 | 004,452,978 | ---- | M] (www.appfree.net ) -- C:\Documents and Settings\Administrador\Desktop\wmv2avi.exe

[2010/06/21 12:31:01 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WMV to AVI MPEG DVD WMV Converter.lnk

[2010/06/21 12:22:46 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Administrador\default.pls

[2010/06/21 11:59:00 | 000,679,392 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\P210610_11.58[01].JPG

[2010/06/16 10:25:20 | 000,765,557 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\tiozinho vai vai vai vai na na na na na.3gp

[2010/06/16 10:24:24 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Free AVI to 3GP Converter.lnk

[26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/28 09:41:07 | 000,028,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Imaster.docx

[2010/06/24 17:43:23 | 002,104,034 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Sampler.zip

[2010/06/24 16:33:04 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Virtual DJ.lnk

[2010/06/24 16:18:28 | 011,534,525 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\A_V_DJ_P5.0.7_2.rar

[2010/06/23 17:07:36 | 051,288,640 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Festa Sertaneja - (SomLivre - 2010).rar

[2010/06/23 09:43:58 | 000,679,392 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\P210610_11.58[01].JPG

[2010/06/22 11:53:45 | 018,727,017 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\p.zip

[2010/06/22 11:36:55 | 069,349,922 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\sara.zip

[2010/06/21 12:31:01 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WMV to AVI MPEG DVD WMV Converter.lnk

[2010/06/16 10:25:15 | 000,765,557 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\tiozinho vai vai vai vai na na na na na.3gp

[2010/06/16 10:24:24 | 007,277,568 | ---- | C] () -- C:\WINDOWS\System32\3gp.dll

[2010/06/16 10:24:24 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Free AVI to 3GP Converter.lnk

[2010/06/05 11:13:47 | 000,010,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\SEG02.sys

[2010/03/02 15:55:02 | 000,000,356 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2010/03/02 15:07:49 | 000,000,712 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/02/23 16:19:06 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\iMMPres.ini

[2010/01/22 17:39:57 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\iG1Pres.ini

[2009/11/24 14:56:28 | 000,132,096 | ---- | C] () -- C:\WINDOWS\System32\ZipDLL.dll

[2009/11/24 14:56:28 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\Unzdll.dll

[2009/09/23 14:25:40 | 000,001,041 | ---- | C] () -- C:\WINDOWS\System32\iEPres.ini

[2009/07/30 06:35:42 | 000,001,041 | ---- | C] () -- C:\WINDOWS\System32\iG1res.ini

[2009/05/25 12:47:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll

[2009/01/08 12:51:45 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL

[2008/10/25 09:05:24 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/04/28 16:06:07 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008/01/18 12:38:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/01/15 15:39:46 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini

[2008/01/05 21:23:15 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008/01/05 21:01:42 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/01/05 21:01:40 | 000,009,418 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/01/05 21:01:30 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/01/05 20:49:37 | 000,000,131 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/05/21 02:32:40 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/05/21 02:32:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/05/21 02:32:38 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/05/21 02:32:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/05/21 02:32:38 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2002/06/01 18:34:50 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll

[2002/03/15 12:13:26 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\HP32V360.DLL

[2001/02/02 23:59:28 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll

 

========== LOP Check ==========

 

[2009/07/23 11:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Audacity

[2008/05/13 10:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Kazaa Lite

[2009/03/19 15:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LG Electronics

[2009/08/17 10:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

[2008/02/22 19:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\OnRez

[2010/04/28 09:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PhotoFiltre

[2008/05/09 10:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers

[2008/02/18 19:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife

[2008/05/09 10:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony

[2008/05/09 09:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony Setup

[2009/06/25 09:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SuperMP3Download

[2010/02/04 12:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Virtual City

[2008/08/13 10:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ViStart

[2010/05/14 17:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso

[2010/05/05 15:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\XnView

[2010/02/25 08:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2008/06/18 09:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn

[2008/12/09 08:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2009/07/21 11:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SuperMP3Download

[2010/04/09 08:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

[2010/01/22 17:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{E7F5BC76-4CAE-4EF1-86A1-7641ACCCBC9E}

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2007/08/26 10:35:12 | 000,649,728 | ---- | M] () -- C:\VDownloader.exe

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\dllcache\eventlog.dll

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/04/14 07:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 07:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2008/04/14 07:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\dllcache\scecli.dll

 

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

[2008/04/14 07:00:00 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll

[2008/04/14 07:00:00 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\sfcfiles.dll

[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2008/04/14 07:00:00 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\dllcache\netlogon.dll

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\drivers:IncompleteBoot.cnt

< End of report >

 

 

 

*****************************----------*****************************-------------------*************

 

LOG EXTRAS.TXT

 

OTL Extras logfile created on: 28/06/2010 10:39:20 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

1.015,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 23,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 298,09 Gb Total Space | 215,53 Gb Free Space | 72,30% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 141,02 Gb Total Space | 130,25 Gb Free Space | 92,36% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME

Current User Name: GildazioJr

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with XnView] -- "C:\Arquivos de programas\XnView\xnview.exe" "%1" File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [mega] -- "C:\Arquivos de programas\Megacubo\megacubo.exe" "%1" File not found

Directory [mega2] -- "C:\Arquivos de programas\Megacubo\megacubo.exe" "%1" --plugin File not found

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"5800:TCP" = 5800:TCP:*:Enabled:VNC

"5800:UDP" = 5800:UDP:*:Enabled:VNC

"5900:TCP" = 5900:TCP:*:Enabled:VNC

"5900:UDP" = 5900:UDP:*:Enabled:VNC

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Arquivos de programas\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Áudio AC3 (ac3) -- (Nero AG)

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)

"C:\Arquivos de programas\Valve\hl.exe" = C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistência Remota - Windows Messenger e Voz -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h

"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{65B5D840-2C46-11DA-BA0E-0003FF334455}_is1" = EasyFinance FREEWARE (GRÁTIS)

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn

"{84B2CF01-194D-2284-B313-F2E0D78D1046}" = Nero 7 Demo

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AEB909AF-6850-4838-B83E-1EB4403B11A9}" = Adobe Photoshop Lightroom 3 Beta 2

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.83

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"7 Sins" = 7 Sins

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast!" = avast! Antivirus

"DVD Audio Extractor_is1" = DVD Audio Extractor 4.5.5

"eMule" = eMule

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Filzip 3.0.6.93_is1" = Filzip 3.06

"Free AVI to 3GP Converter_is1" = Free AVI to 3GP Converter 3.0

"Free WMV to AVI MPEG Converter_is1" = Free WMV to AVI MPEG Converter v1.2

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"PowerDVD" = PowerDVD

"VeryPDF PDF2Word v3.0_is1" = VeryPDF PDF2Word v3.0

"VideoGet_is1" = Nuclear Coffee - VideoGet

"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WMV to AVI MPEG DVD WMV Converter_is1" = WMV to AVI MPEG DVD WMV Converter 4.6.0529

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-842925246-1580436667-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"PhotoFiltre" = PhotoFiltre

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 26/04/2010 19:00:10 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

\\SERVIDOR\C\ESTOQUE\INDICES\CHEQUES1.NSX failed, 00000035.

 

Error - 26/04/2010 19:00:10 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

\\SERVIDOR\C\ESTOQUE\INDICES\CHEQUES7.NSX failed, 00000035.

 

Error - 26/04/2010 19:00:10 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

\\SERVIDOR\C\ESTOQUE\INDICES\CHEQUES6.NSX failed, 00000035.

 

Error - 26/04/2010 19:00:10 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

\\SERVIDOR\C\ESTOQUE\INDICES\CHEQUES5.NSX failed, 00000035.

 

Error - 12/05/2010 17:10:17 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\ON8U2F4K.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}\DEFAULTS\PREFERENCES\PREFS-DWHELPER.JS

failed, 00000005.

 

Error - 12/05/2010 17:10:17 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\ON8U2F4K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS

failed, 00000005.

 

Error - 08/06/2010 17:52:36 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\ON8U2F4K.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}\DEFAULTS\PREFERENCES\PREFS-DWHELPER.JS

failed, 00000005.

 

Error - 08/06/2010 17:52:36 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\ON8U2F4K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS

failed, 00000005.

 

Error - 10/06/2010 16:32:57 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\ON8U2F4K.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}\DEFAULTS\PREFERENCES\PREFS-DWHELPER.JS

failed, 00000005.

 

Error - 10/06/2010 16:32:58 | Computer Name = HOME | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\DOCUMENTS AND SETTINGS\ADMINISTRADOR\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\ON8U2F4K.DEFAULT\PREFS.JS

failed, 00000005.

 

[ Application Events ]

Error - 24/04/2010 11:34:07 | Computer Name = HOME | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 06/05/2010 12:12:31 | Computer Name = HOME | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 12/05/2010 19:04:59 | Computer Name = HOME | Source = Application Hang | ID = 1002

Description = Aplicativo com falha WINWORD.EXE, versão 12.0.6504.5000, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 19/05/2010 15:46:15 | Computer Name = HOME | Source = Google Update | ID = 20

Description =

 

Error - 04/06/2010 16:35:47 | Computer Name = HOME | Source = nview_info | ID = 11141121

Description =

 

Error - 04/06/2010 16:35:47 | Computer Name = HOME | Source = nview_info | ID = 11141121

Description =

 

Error - 04/06/2010 16:35:47 | Computer Name = HOME | Source = nview_info | ID = 11141121

Description =

 

Error - 11/06/2010 16:33:50 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha waveedit.exe, versão 3.0.0.4, módulo com falha

waveedit.dll, versão 3.0.0.4, endereço com falha 0x0000c2d5.

 

Error - 11/06/2010 16:34:27 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha waveedit.exe, versão 3.0.0.4, módulo com falha

waveedit.dll, versão 3.0.0.4, endereço com falha 0x0000c2d5.

 

Error - 23/06/2010 09:45:42 | Computer Name = HOME | Source = Application Hang | ID = 1002

Description = Aplicativo com falha IEXPLORE.EXE, versão 6.0.2900.5512, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 24/06/2010 09:15:20 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Gbp Service devido ao seguinte

erro: %%2

 

Error - 24/06/2010 09:15:20 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço vnccom depende do serviço vncdrv, mas não foi possível iniciá-lo

devido ao seguinte erro: %%1058

 

Error - 25/06/2010 09:47:35 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Gbp Service devido ao seguinte

erro: %%2

 

Error - 25/06/2010 09:47:35 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço vnccom depende do serviço vncdrv, mas não foi possível iniciá-lo

devido ao seguinte erro: %%1058

 

Error - 02/06/2010 16:27:51 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Gbp Service devido ao seguinte

erro: %%2

 

Error - 02/06/2010 16:27:51 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço vnccom depende do serviço vncdrv, mas não foi possível iniciá-lo

devido ao seguinte erro: %%1058

 

Error - 13/06/2010 09:53:43 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Gbp Service devido ao seguinte

erro: %%2

 

Error - 13/06/2010 09:53:43 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço vnccom depende do serviço vncdrv, mas não foi possível iniciá-lo

devido ao seguinte erro: %%1058

 

Error - 10/06/2010 09:33:25 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Gbp Service devido ao seguinte

erro: %%2

 

Error - 10/06/2010 09:33:25 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço vnccom depende do serviço vncdrv, mas não foi possível iniciá-lo

devido ao seguinte erro: %%1058

 

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! GildazioJr

 

<@> Abra o Spybot Search & Destroy!

<@> No menu superior,vá em Modo e selecione a opção Avançado. --> Confirme!

<@> Clique no botão Ferramentas e depois em Residente.

<@> Desmarque a opção: Ativar "TeaTimer" do Residente. ( Proteção geral das configurações de sistema )

0000000000000000000000

oooooooooooooooooooooo

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

SRV - (GbpSv) -- File not found

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)

O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehcef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll File not found

O33 - MountPoints2\{0aaef912-65b8-11df-9d81-001d6013c7af}\Shell\AutoRun\command - "" = D:\hhYobJ.eXE -- File not found

O33 - MountPoints2\{0aaef912-65b8-11df-9d81-001d6013c7af}\Shell\OpEn\cOmMaNd - "" = D:\hHYoBJ.eXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[26 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:commands

[resethosts]

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log OTL.

 

All processes killed

========== OTL ==========

Error: No service named GbpSv was found to stop!

Unable to delete service\driver key GbpSv.

File File not found not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aaef912-65b8-11df-9d81-001d6013c7af}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aaef912-65b8-11df-9d81-001d6013c7af}\ not found.

File D:\hhYobJ.eXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aaef912-65b8-11df-9d81-001d6013c7af}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aaef912-65b8-11df-9d81-001d6013c7af}\ not found.

File D:\hHYoBJ.eXE not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\WINDOWS\002921_.tmp deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dara.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dchs.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dcht.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dcsy.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3ddan.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3ddeu.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dell.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3deng.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3desm.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3desn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dfin.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dfra.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dheb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dhun.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dita.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3djpn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dkor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dnld.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dnor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dplk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dptb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dptg.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3drus.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dsky.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dslv.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dsve.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dtha.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nv3dtrk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplara.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplchs.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplcht.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplcsy.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpldan.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpldeu.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplell.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpleng.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplesm.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplesn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplfin.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplfra.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplheb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplhun.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplita.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpljpn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplkor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplnld.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplnor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplplk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplptb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplptg.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplrus.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplsky.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplslv.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcplsve.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpltha.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvcpltrk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspara.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspchs.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspcht.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspcsy.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspdan.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspdeu.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspell.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspeng.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspesm.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspesn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspfin.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspfra.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspheb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdsphun.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspita.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspjpn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspkor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspnld.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspnor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspplk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspptb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspptg.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdsprus.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspsky.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspslv.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdspsve.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdsptha.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvdsptrk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobara.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobchs.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobcht.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobcsy.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobdan.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobdeu.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobell.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobeng.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobesm.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobesn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobfin.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobfra.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobheb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobhun.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobita.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobjpn.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobkor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobnld.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobnor.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobplk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobptb.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobptg.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobrus.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobsky.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobslv.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobsve.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobtha.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP\nvmobtrk.chm deleted successfully.

C:\WINDOWS\NV14561820.TMP folder deleted successfully.

C:\WINDOWS\NV25082504.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV25082504.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV25082504.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV25082504.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV25082504.TMP folder deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dara.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dchs.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dcht.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dcsy.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3ddan.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3ddeu.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dell.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3deng.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3desm.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3desn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dfin.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dfra.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dheb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dhun.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dita.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3djpn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dkor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dnld.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dnor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dplk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dptb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dptg.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3drus.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dsky.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dslv.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dsve.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dtha.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nv3dtrk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplara.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplchs.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplcht.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplcsy.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpldan.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpldeu.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplell.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpleng.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplesm.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplesn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplfin.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplfra.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplheb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplhun.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplita.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpljpn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplkor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplnld.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplnor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplplk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplptb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplptg.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplrus.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplsky.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplslv.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcplsve.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpltha.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvcpltrk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspara.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspchs.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspcht.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspcsy.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspdan.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspdeu.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspell.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspeng.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspesm.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspesn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspfin.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspfra.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspheb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdsphun.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspita.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspjpn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspkor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspnld.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspnor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspplk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspptb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspptg.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdsprus.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspsky.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspslv.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdspsve.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdsptha.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvdsptrk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobara.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobchs.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobcht.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobcsy.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobdan.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobdeu.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobell.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobeng.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobesm.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobesn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobfin.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobfra.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobheb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobhun.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobita.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobjpn.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobkor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobnld.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobnor.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobplk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobptb.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobptg.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobrus.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobsky.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobslv.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobsve.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobtha.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP\nvmobtrk.chm deleted successfully.

C:\WINDOWS\NV33923608.TMP folder deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dara.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dchs.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dcht.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dcsy.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3ddan.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3ddeu.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dell.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3deng.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3desm.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3desn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dfin.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dfra.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dheb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dhun.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dita.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3djpn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dkor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dnld.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dnor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dplk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dptb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dptg.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3drus.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dsky.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dslv.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dsve.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dtha.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nv3dtrk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplara.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplchs.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplcht.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplcsy.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpldan.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpldeu.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplell.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpleng.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplesm.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplesn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplfin.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplfra.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplheb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplhun.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplita.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpljpn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplkor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplnld.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplnor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplplk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplptb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplptg.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplrus.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplsky.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplslv.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcplsve.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpltha.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvcpltrk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspara.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspchs.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspcht.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspcsy.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspdan.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspdeu.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspell.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspeng.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspesm.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspesn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspfin.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspfra.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspheb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdsphun.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspita.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspjpn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspkor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspnld.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspnor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspplk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspptb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspptg.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdsprus.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspsky.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspslv.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdspsve.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdsptha.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvdsptrk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobara.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobchs.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobcht.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobcsy.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobdan.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobdeu.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobell.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobeng.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobesm.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobesn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobfin.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobfra.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobheb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobhun.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobita.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobjpn.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobkor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobnld.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobnor.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobplk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobptb.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobptg.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobrus.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobsky.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobslv.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobsve.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobtha.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP\nvmobtrk.chm deleted successfully.

C:\WINDOWS\NV3628520.TMP folder deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dara.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dchs.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dcht.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dcsy.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3ddan.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3ddeu.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dell.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3deng.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3desm.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3desn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dfin.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dfra.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dheb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dhun.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dita.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3djpn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dkor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dnld.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dnor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dplk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dptb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dptg.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3drus.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dsky.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dslv.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dsve.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dtha.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nv3dtrk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplara.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplchs.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplcht.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplcsy.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpldan.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpldeu.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplell.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpleng.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplesm.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplesn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplfin.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplfra.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplheb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplhun.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplita.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpljpn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplkor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplnld.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplnor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplplk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplptb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplptg.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplrus.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplsky.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplslv.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcplsve.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpltha.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvcpltrk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspara.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspchs.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspcht.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspcsy.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspdan.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspdeu.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspell.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspeng.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspesm.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspesn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspfin.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspfra.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspheb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdsphun.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspita.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspjpn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspkor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspnld.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspnor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspplk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspptb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspptg.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdsprus.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspsky.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspslv.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdspsve.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdsptha.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvdsptrk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobara.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobchs.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobcht.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobcsy.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobdan.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobdeu.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobell.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobeng.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobesm.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobesn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobfin.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobfra.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobheb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobhun.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobita.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobjpn.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobkor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobnld.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobnor.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobplk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobptb.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobptg.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobrus.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobsky.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobslv.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobsve.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobtha.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP\nvmobtrk.chm deleted successfully.

C:\WINDOWS\NV39924008.TMP folder deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dara.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dchs.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dcht.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dcsy.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3ddan.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3ddeu.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dell.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3deng.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3desm.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3desn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dfin.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dfra.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dheb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dhun.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dita.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3djpn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dkor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dnld.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dnor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dplk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dptb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dptg.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3drus.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dsky.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dslv.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dsve.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dtha.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nv3dtrk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplara.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplchs.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplcht.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplcsy.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpldan.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpldeu.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplell.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpleng.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplesm.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplesn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplfin.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplfra.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplheb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplhun.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplita.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpljpn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplkor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplnld.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplnor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplplk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplptb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplptg.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplrus.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplsky.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplslv.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcplsve.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpltha.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvcpltrk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspara.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspchs.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspcht.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspcsy.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspdan.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspdeu.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspell.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspeng.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspesm.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspesn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspfin.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspfra.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspheb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdsphun.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspita.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspjpn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspkor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspnld.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspnor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspplk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspptb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspptg.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdsprus.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspsky.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspslv.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdspsve.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdsptha.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvdsptrk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobara.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobchs.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobcht.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobcsy.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobdan.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobdeu.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobell.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobeng.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobesm.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobesn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobfin.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobfra.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobheb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobhun.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobita.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobjpn.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobkor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobnld.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobnor.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobplk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobptb.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobptg.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobrus.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobsky.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobslv.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobsve.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobtha.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP\nvmobtrk.chm deleted successfully.

C:\WINDOWS\NV5281476.TMP folder deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3d.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dara.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dchs.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dcht.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dcsy.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3ddan.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3ddeu.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dell.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3deng.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3desm.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3desn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dfin.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dfra.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dheb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dhun.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dita.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3djpn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dkor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dnld.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dnor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dplk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dptb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dptg.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3drus.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dsky.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dslv.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dsve.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dtha.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nv3dtrk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpl.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplara.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplchs.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplcht.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplcsy.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpldan.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpldeu.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplell.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpleng.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplesm.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplesn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplfin.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplfra.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplheb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplhun.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplita.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpljpn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplkor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplnld.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplnor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplplk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplptb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplptg.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplrus.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplsky.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplslv.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcplsve.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpltha.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvcpltrk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdsp.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspara.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspchs.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspcht.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspcsy.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspdan.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspdeu.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspell.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspeng.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspesm.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspesn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspfin.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspfra.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspheb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdsphun.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspita.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspjpn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspkor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspnld.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspnor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspplk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspptb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspptg.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdsprus.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspsky.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspslv.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdspsve.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdsptha.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvdsptrk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmob.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobara.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobchs.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobcht.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobcsy.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobdan.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobdeu.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobell.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobeng.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobesm.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobesn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobfin.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobfra.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobheb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobhun.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobita.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobjpn.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobkor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobnld.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobnor.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobplk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobptb.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobptg.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobrus.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobsky.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobslv.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobsve.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobtha.chm deleted successfully.

C:\WINDOWS\NV956576.TMP\nvmobtrk.chm deleted successfully.

C:\WINDOWS\NV956576.TMP folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET38.tmp deleted successfully.

C:\WINDOWS\SET39.tmp deleted successfully.

C:\WINDOWS\SET3A.tmp deleted successfully.

C:\WINDOWS\SET3B.tmp deleted successfully.

C:\WINDOWS\SET3C.tmp deleted successfully.

C:\WINDOWS\SET3D.tmp deleted successfully.

C:\WINDOWS\SET3E.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET42.tmp deleted successfully.

C:\WINDOWS\SET47.tmp deleted successfully.

C:\WINDOWS\SET48.tmp deleted successfully.

C:\WINDOWS\SET49.tmp deleted successfully.

C:\WINDOWS\SET51.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\SET9B.tmp deleted successfully.

C:\WINDOWS\SET9E.tmp deleted successfully.

C:\WINDOWS\SETAA.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\SET102.tmp deleted successfully.

C:\WINDOWS\System32\SET103.tmp deleted successfully.

C:\WINDOWS\System32\SET10A.tmp deleted successfully.

C:\WINDOWS\System32\SET12F.tmp deleted successfully.

C:\WINDOWS\System32\SET131.tmp deleted successfully.

C:\WINDOWS\System32\SET132.tmp deleted successfully.

C:\WINDOWS\System32\SET133.tmp deleted successfully.

C:\WINDOWS\System32\SET138.tmp deleted successfully.

C:\WINDOWS\System32\SET156.tmp deleted successfully.

C:\WINDOWS\System32\SETFC.tmp deleted successfully.

C:\WINDOWS\System32\SETFE.tmp deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: Administrador

->Flash cache emptied: 66050 bytes

 

User: All Users

 

User: Convidado

 

User: Default User

 

User: Gardenia

->Flash cache emptied: 3670 bytes

 

User: Giljr

 

User: LocalService

 

User: LogMeInRemoteUser

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 47350175 bytes

->Temporary Internet Files folder emptied: 658448129 bytes

->Java cache emptied: 62407951 bytes

->FireFox cache emptied: 126796751 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Gardenia

->Temp folder emptied: 16486138 bytes

->Temporary Internet Files folder emptied: 14097178 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 89680727 bytes

->Flash cache emptied: 0 bytes

 

User: Giljr

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

 

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: LogMeInRemoteUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 320538 bytes

RecycleBin emptied: 698415 bytes

 

Total Files Cleaned = 970,00 mb

 

 

OTL by OldTimer - Version 3.2.7.0 log created on 06292010_095535

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\_avast4_\unp108139653.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp112877117.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp115804189.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp143626273.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp149598869.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp163288709.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp186591821.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp215047601.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp223160441.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp234790945.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp237410473.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp258017301.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp39893969.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp48177069.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp50927629.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp52504297.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp58193065.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp62171417.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp76967141.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp86642453.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\unp90180901.tmp not found!

File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5a8.dat not found!

 

Registry entries deleted on Reboot...

 

 

***********************************************************************************************************

***********************************************************************************************************

Log HijackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:02:38, on 29/06/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

C:\WINDOWS\notepad.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\UltraVNC\WinVNC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NevoDRM] "C:\Èãðû îò NevoSoft\NevoDRM\NevoDRM.exe"

O4 - HKLM\..\Run: [OpenSource] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\javatmp4237948111759349074.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\ARQUIV~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS2\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O17 - HKLM\System\CS3\Services\Tcpip\..\{07C6FAA2-ACB6-451B-A842-7D395B23A074}: NameServer = 201.10.128.2,201.10.1.2

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\ARQUIV~1\GbPlugin\GbpSv.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Arquivos de programas\LogMeIn\x86\LogMeIn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\WinVNC.exe

 

--

End of file - 9633 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! GildazioJr

 

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Para Windows Vista,tenha atributos de administrador,ao executar a ferramenta.

<@> Instale e execute a ferramenta,com um duplo-clique em: < r2t69y.jpg >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

wrmljk.jpg

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

6f8nwo.jpg

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt <--

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < JavaRa >

<@> Tire-o do zip!

<@> Dê um duplo-clique no JavaRa.exe --> Clique em Search For Updates.

<@> Selecione a opção Update Using jucheck.exe --> Clique no botão Search.

<@> Se estiver atualizado,receberá um aviso confirmando a última versão.

<@> Caso contrário,aguarde a nova versão do Java ser baixada e instalada.

<@> Clique no botão "Remove Older Versions" --> Aguarde!

<@> Ps: Caso queira,poste seu relatório.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aí vai o log do usbfix, o javara nao gerou nenhum relatorio. abraços

 

############################## | UsbFix 7.014 | [supressão]

 

Usuário: GildazioJr (Administrador) # HOME [ ]

Atualizado em 24/06/10 por El Desaparecido / C_XX

Começou em 11:16:58 | 29/06/2010

Site: http://pagesperso-or...ools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: Genuine Intel® CPU 2140 @ 1.60GHz

CPU 2: Genuine Intel® CPU 2140 @ 1.60GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 6.0.2900.5512

 

Windows Firewall: Habilitado

Antivirus: avast! antivirus 4.8.1335 [VPS 091030-0] 4.8.1335 [(!) Disabled | (!) Outdated]

RAM -> 1015 Mb

C:\ (%systemdrive%) -> Disco fixo # 298 Gb (217 Mb livre - 73%) [] # NTFS

E:\ -> Disco removível # 2 Gb (2 Mb livre - 95%) [GILDAZIO] # FAT

H:\ -> Disco removível # 7 Gb (50 Mb livre - 1%) [GILDAZIOJR] # FAT32

 

################## | Ficheiros # pastas infeciosos |

 

Não supprimido ! C:\Arquivos de programas\GbPlugin

Supprimido ! F:\Autorun.inf

Supprimido ! F:\program.exe

 

################## | Registro |

 

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[11/08/2008 - 14:37:21 | D ] C:\!KillBox

[25/09/2009 - 11:38:59 | D ] C:\69693b8a2f88e9f89c84

[25/09/2009 - 11:39:05 | D ] C:\a0184cbf2ea8f89481

[25/09/2009 - 11:42:56 | D ] C:\abe2c9582468a14db86c4b8c

[09/03/2010 - 08:38:11 | D ] C:\Aplicativos

[22/06/2010 - 11:13:48 | RD ] C:\Arquivos de programas

[23/02/2010 - 16:08:38 | A | 20] C:\AUTOEXEC.BAT

[17/12/2009 - 13:47:21 | A | 211] C:\Boot.bak

[03/03/2010 - 14:56:03 | RASH | 281] C:\boot.ini

[14/04/2008 - 07:00:00 | RASH | 4952] C:\Bootfont.bin

[03/03/2010 - 14:56:03 | RASHD ] C:\cmdcons

[03/08/2004 - 23:00:16 | A | 261856] C:\cmldr

[03/03/2010 - 15:55:14 | A | 13925] C:\ComboFix.txt

[25/06/2010 - 08:47:15 | D ] C:\Config.Msi

[23/02/2010 - 16:08:38 | A | 106] C:\CONFIG.SYS

[23/02/2010 - 16:08:43 | A | 212] C:\CONFIMP.MEM

[23/02/2010 - 16:08:43 | A | 574] C:\CORES.MEM

[23/07/2008 - 08:33:59 | D ] C:\Data Cempro

[03/03/2009 - 21:19:25 | D ] C:\Documents and Settings

[22/12/2009 - 08:46:29 | D ] C:\e5d514c8f6bc5849e98471897c94

[19/03/2008 - 08:41:18 | A | 86] C:\gst.bat

[05/06/2010 - 11:13:37 | A | 52] C:\iniciar.log

[17/12/2009 - 14:43:37 | D ] C:\Intel

[05/01/2008 - 20:41:24 | RASH | 0] C:\IO.SYS

[06/02/2010 - 15:48:18 | D ] C:\LG3G

[22/12/2009 - 09:35:46 | D ] C:\LinhaDefensiva

[05/01/2008 - 20:41:24 | RASH | 0] C:\MSDOS.SYS

[05/01/2008 - 20:50:29 | RD ] C:\MSOCache

[13/05/2008 - 10:01:04 | D ] C:\My Shared Folder

[14/04/2008 - 07:00:00 | RASH | 47564] C:\NTDETECT.COM

[14/04/2008 - 07:00:00 | RASH | 251696] C:\ntldr

[09/04/2009 - 13:46:00 | D ] C:\NVIDIA

[03/06/2010 - 09:30:18 | A | 105186] C:\ops.jpg

[22/01/2008 - 17:55:06 | A | 524288] C:\P5GC-MX-ASUS-0504.ROM

[29/06/2010 - 09:57:56 | ASH | 1598029824] C:\pagefile.sys

[28/06/2010 - 12:16:22 | A | 13030] C:\PDOXUSRS.NET

[23/02/2010 - 16:08:43 | A | 186] C:\PORTPRIN.MEM

[29/06/2010 - 11:18:57 | SHD ] C:\RECYCLER

[11/08/2009 - 10:41:25 | D ] C:\SUED

[11/02/2010 - 15:10:27 | SHD ] C:\System Volume Information

[25/02/2010 - 11:44:14 | A | 0] C:\Tech_Vista.log

[22/02/2010 - 16:56:53 | A | 10] C:\trash.bat

[29/06/2010 - 11:18:57 | D ] C:\UsbFix

[29/06/2010 - 11:19:01 | A | 1313] C:\UsbFix.txt

[26/08/2007 - 10:35:12 | A | 649728] C:\VDownloader.exe

[29/06/2010 - 09:55:48 | D ] C:\WINDOWS

[22/02/2010 - 16:56:51 | A | 16] C:\windows.lg

[29/06/2010 - 09:55:35 | D ] C:\_OTL

[14/06/2010 - 11:19:35 | D ] F:\Vendedores

[01/01/2000 - 00:15:16 | D ] F:\cheques

[18/03/2008 - 08:36:08 | D ] F:\estoq

[14/09/2009 - 23:03:43 | D ] F:\Cópia certificado A1

[03/03/2009 - 19:19:01 | D ] F:\SCAIXA

[29/06/2010 - 10:18:14 | A | 131072] F:\program.exe

[10/03/2008 - 22:12:24 | A | 51] F:\gestor.bat

[17/03/2008 - 19:24:22 | D ] F:\novo

[29/06/2010 - 10:18:14 | R | 105] F:\AUTORUN.INF

[29/06/2010 - 10:02:31 | D ] F:\ESTOQUE

[22/06/2008 - 19:03:00 | D ] F:\MFOXPLUS

[23/01/2009 - 15:14:08 | D ] F:\tmp

[03/03/2009 - 19:13:48 | D ] F:\SEGURO

[22/06/2010 - 15:02:19 | A | 131072] F:\arquivos.exe

[28/04/2008 - 08:50:30 | D ] F:\fazenda

[18/11/2009 - 15:43:31 | A | 22016] F:\Romaneio B. acre1.xls

[01/01/2000 - 00:15:14 | D ] F:\backup

[18/06/2010 - 07:25:40 | D ] F:\BACKUP Easy Finance

[01/01/2000 - 00:15:14 | D ] F:\bradesco

[18/06/2010 - 14:26:43 | A | 26624] F:\Borderô para acerto de recebimento.xls

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_HOME.zip

http://chiquitine.ch...mple/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.