Remoção de vírus

[Mr.Wolf]

Nada errado no log Megadeeth.

Abra o gerenciador de tarefas, clique no menu Exibir > Selecionar colunas. Marque as opções: Pico do uso de memória e Objetos USER.
No gerenciador aparecerão duas novas colunas, que são estas selecionadas acima. Vá até o processo Explorer.exe e veja qual é o número que está em Objetos USER e qual é o número que está em Pico do uso de memória.

 

[Megadeeth]

Mestre em pico do uso de memoria ta 89.444 k

e em objetos user ta 210

eh soh isso ou precisa ver mais alguma coisa???

obrigadao irmao

 

[Mr.Wolf]

Valores anormais Megadeeth. Os valores estão altos demais. Há algo errado aí!
Veja se os processos svchost.exe, services.exe e winlogon.exe estão com o pico do uso de memória em valores acima de 70 K também.

- Faça o download do X-RayPC e salve no desktop.

- Extraia o arquivo do zip no desktop e dê um duplo clique em x-raypc.exe
- Quando o programa abrir, marque a opção "Expert Columns"
- Clique no botão Online Analyser e depois clique no botão Save Log.
- Salve o log em um local de sua preferência. O log terá o nome de X-RayPc.log.

Poste-o aqui Megadeeth.

 

[Megadeeth]

ta na mao Mestre

brigadao pela ajuda de sempre

os outros svchost.exe,services.exe e winlogo.exe nao tao nem perto e com mais de 70 k nao Mr.Wolf

o svchost.exe tem varios e cada um com o valor mais tdo menos de 20

o services.exe ta com 6.548 k e o winlogon.exe ta com 15.536 k

Spoiler

Logfile of X-RayPc Build 39029 (Installed 1247100862)
Scan saved at 9/7/2009 17:49:39

Registry Settings:
IE Start Page (User) : http://www.versarehoteis.com.br/
IE Start Page (Global) : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157
IE Search Page (User) : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE Search Page (Global) : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\WINDOWS\Explorer.EXE (1034234 fa61a19142ae14bec1a26de82390dd65)
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (6499987 hu9i0op56231fgt6754343489op08i9oj)
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (6499987 hu9i0op56231fgt6754343489op08i9oj)
C:\WINDOWS\system32\wscntfy.exe (13824 ede207e8ffbcb3909c078dcb60e29044)
C:\Arquivos de programas\Mozilla Firefox\firefox.exe (307704 26c3f01df1b1aa6cfec22d75f1e072f9)
C:\WINDOWS\system32\spoolsv.exe (57856 3971289fa7072812caf4d053bbc6352b)
C:\Documents and Settings\Laercio Chaves\Desktop\xraypc\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: aswUpdSv C:\ARQUIV~1\Alwil Software\Avast4\aswUpdSv.exe (1195008 8e294acae2b6fb3c75f55913829b359e)
Service: ALG C:\WINDOWS\System32\alg.exe (44544 379c7ac3ebcb636ecdb704e188a96a13)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Browser C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Eventlog C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Nla C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: PlugPlay C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 3971289fa7072812caf4d053bbc6352b)
Service: srservice C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)



O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (2374464 b4a1f482599fb41878b4ef8363282a4d)
O4 - HKLM\..\Run: [Tarifador] C:\Cosmos\Tarifador.exe (0776h99 g789534562312w346546578ui9890plm)
O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (0909887 k945gt6578uh934s323ed567yh56t7890)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8413696 c4cfe1e248d5d47dfacdd6006b696491)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8413696 c4cfe1e248d5d47dfacdd6006b696491)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (278528 646728aa017a2900ceccf19f10e663a0)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (122368 36c1a39c2be929f1dfeef7d5a1064bc6)
O4 - HKCU\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (976765 21we452scf567890oklp765fgb6b6781)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (6g7880 2sdc5456478b92b21d6hd789jkbbh9012)

O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object)- http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab - C:\WINDOWS\Downloaded Program Files\swflash.inf (247 045d9a13b4d5c07a360fd52c817f5e45)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (603648 d90a29b2063f0c8018fa39d9ffbbe7ca)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (63488 c3e7dd4f2567af7725242da284cf1d3b)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (102400 119a4a134b2e2fe608886bdcac68676c)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (21504 ffc24e14c1e335496b70cd2dee6abec6)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)

 

[Mr.Wolf]

Megadeeth, seu Explorer.exe está corrompido. Este computador estava com vírus ou você instalou/desinstalou algum transformation pack (programa que altera a aparência do Windows)?

Não sei nem como você está conseguindo utilizar o sistema corretamente. Também não sei se outros arquivos estão corrompidos. Dentre os que aparecem no log do RayPc, apenas o Explorer.exe está corrompido, os outros do log estão normais.

Recomendaria à você uma reparação no sistema Megadeeth. Ou então peça a algum amigo que faça o upload do arquivo C:\Windows\Explorer.exe para você, e então troque o seu arquivo pelo arquivo upado.

Não upo o arquivo para você pois estou no Linux.

 

[Megadeeth]

Mr.Wolf ñ sei c o pc tava com virus pq comecei a trampa aki na loja do meu tiu quinta passada e ele ñ me disse nada disso

mais tinha um programa aki q deixava o xp com cara da quele windows 7 q lançou agora sabe???? mais eu tirei pq tava deixando o pc lenticimo e demorava p começar o xp sera q foi isso????

amanha vou perguntar pro meu tiu c esse pc tava com virus e talz dai eu te falo blz???? :yes:

vou ve se alguem pode up no explorer.exe p mim dai eu troco aki e vejo no q da

mais se nao de certo como eu reparo o sistema Mestre Wolf????

mto obrigado pela ajuda nossa se vc conseguir me ajudar mais nessa eu serei eternamente grato a vc irmao

ps: mais uma curiozidade Mestre!!!!!!!!!!! como vc viu q o arquivo tava corrompido????? fikei curiozo nessa pq dai da p mim ve sempre q tive um arquivo corrompido aki neh!!!!!!!!! :yes:

obrigadao brother

um abraçao

 

[Tiagoquiroga]

aí vai o log do run scaner

Spoiler

Runscanner logfile

* = signed file
- = file not found

General info
------------
Computer name : USER-87DA080C3C
Creation time : 9/7/2009 18:23:48
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.8.1.0
User Language : Português (Brasil)
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes
-----------------
* C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
* C:\WINDOWS\system32\services.exe (Microsoft Corporation)
* C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
* C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
* C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
* C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
* C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
* C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
* C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
* C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
* C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
* C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
* c:\windows\System32\smss.exe (Microsoft Corporation)
* C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
* C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
* C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
* C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
C:\Arquivos de programas\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
* C:\Documents and Settings\User\Desktop\runscanner.exe (Runscanner.net)
* C:\WINDOWS\System32\SCardSvr.exe (Microsoft Corporation)
* C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
C:\WINDOWS\VM_STI.EXE (VM.)
C:\Arquivos de programas\Winamp\winampa.exe
* C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
* C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
* C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson Wireless Manager 5\WirelessManager.exe (Sony Ericsson United States (SEUS))

Unrated items
-------------
002 * C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\WINDOWS\VM_STI.EXE (VM.)
002 C:\Arquivos de programas\Winamp\winampa.exe
003 * C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
003 * C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
005 C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
010 * C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind AE Service)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\DRIVERS\atksgt.sys (atksgt)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 c:\windows\System32\Drivers\avgtdi.sys (AVG Network Redirector)
011 c:\windows\System32\Drivers\avgclean.sys (AVG7 Clean Driver)
011 c:\windows\System32\Drivers\avg7core.sys (AVG7 Kernel)
011 c:\windows\System32\Drivers\avg7rsxp.sys (AVG7 Resident Driver XP)
011 c:\windows\System32\Drivers\avg7rsw.sys (AVG7 Wrap Driver)
011 C:\WINDOWS\System32\Drivers\usbvm302.sys (LG webpro2 Camera)
011 * C:\WINDOWS\system32\DRIVERS\lirsgt.sys (lirsgt)
011 C:\WINDOWS\system32\DRIVERS\secdrv.sys (Secdrv)
011 * C:\WINDOWS\system32\DRIVERS\sembbus.sys (SEMC WMC Composite Device driver (WDM))
011 * C:\WINDOWS\system32\DRIVERS\sembcard.sys (Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM))
011 * C:\WINDOWS\system32\DRIVERS\sembmgmt.sys (Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM))
011 * C:\WINDOWS\system32\DRIVERS\sembwwan.sys (Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM))
011 * C:\WINDOWS\system32\DRIVERS\sembnd5.sys (Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS))
011 * C:\WINDOWS\system32\DRIVERS\sembunic.sys (Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM))
011 * C:\WINDOWS\system32\DRIVERS\sembmdm2.sys (Sony Ericsson PC300 Wireless Modem Driver)
011 * C:\WINDOWS\system32\DRIVERS\sembmdfl2.sys (Sony Ericsson PC300 Wireless Modem Filter)
011 C:\WINDOWS\system32\DRIVERS\w200bus.sys (Sony Ericsson W200 driver (WDM))
011 C:\WINDOWS\system32\DRIVERS\w200mgmt.sys (Sony Ericsson W200 USB WMC Device Management Drivers (WDM))
011 C:\WINDOWS\system32\DRIVERS\w200mdm.sys (Sony Ericsson W200 USB WMC Modem Driver)
011 C:\WINDOWS\system32\DRIVERS\w200mdfl.sys (Sony Ericsson W200 USB WMC Modem Filter)
011 C:\WINDOWS\system32\DRIVERS\w200obex.sys (Sony Ericsson W200 USB WMC OBEX Interface)
011 C:\WINDOWS\System32\Drivers\sptd.sys (sptd)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
041 C:\Arquivos de programas\Orbitdownloader\GrabPro.dll {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
045 C:\Arquivos de programas\Orbitdownloader\GrabPro.dll {C55BBCD6-41AD-48AD-9953-3609C48EACC7}
052 GUID / CLSID not found {5C255C8A-E604-49b4-9D64-90988571CECB}
052 C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited) {bf00e119-21a3-4fd1-b178-3b8537e75c92}
052 C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) {000123B4-9B42-4900-B3F7-F4B073EFC214}
061 C:\Arquivos de programas\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
061 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\Arquivos de programas\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
061 C:\Arquivos de programas\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
062 C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
069 C:\WINDOWS\system32\mdimon.dll (Microsoft Corporation)
100 Start Page HKCU : http://www.pesbrasil.org/
100 Start Page HKLM : http://www.msn.com/
102 GUID / CLSID not found {67FCEF90-073E-11DE-8C30-0800200C9A66}
104 C:\WINDOWS\Downloaded Program Files\npTVUAx.dll (TVU networks) {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
105 &Download by Orbit : res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201
105 &Grab video by Orbit : res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204
105 Do&wnload selected by Orbit : res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203
105 Down&load all by Orbit : res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202
105 E&xportar para o Microsoft Excel : res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
173 GUID / CLSID not found
173 C:\Arquivos de programas\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
173 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 C:\Arquivos de programas\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
173 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 C:\Arquivos de programas\WinAVI Video Converter\SimpleExt.dll {18360AF9-2DA7-426F-8EDC-A60A637ABB40}
221 GUID / CLSID not found
221 C:\Arquivos de programas\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
221 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 C:\Arquivos de programas\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
221 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\Arquivos de programas\WinAVI Video Converter\SimpleExt.dll {18360AF9-2DA7-426F-8EDC-A60A637ABB40}
223 * C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Arquivos de programas\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 C:\Arquivos de programas\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
225 C:\Arquivos de programas\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
225 * C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 * C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found
227 C:\Arquivos de programas\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
227 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
231 C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
251 C:\Arquivos de programas\7-Zip\7-zip.dll (Igor Pavlov) {23170F69-40C1-278A-1000-000100020000}
251 C:\Arquivos de programas\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
254 GUID / CLSID not found {3B153CB3-A551-4fe6-A68B-F5C96650FF39}

Missing files
-------------
010 C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
010 C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
010 C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\WINDOWS\system32\drivers\abp480n5.sys
011 C:\WINDOWS\system32\drivers\adpu160m.sys
011 C:\WINDOWS\system32\drivers\Aha154x.sys
011 C:\WINDOWS\system32\drivers\aic78u2.sys
011 C:\WINDOWS\system32\drivers\aic78xx.sys
011 C:\WINDOWS\system32\drivers\AliIde.sys
011 C:\WINDOWS\system32\drivers\amsint.sys
011 C:\WINDOWS\system32\drivers\asc.sys
011 C:\WINDOWS\system32\drivers\asc3350p.sys
011 C:\WINDOWS\system32\drivers\asc3550.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\ComboFix\catchme.sys
011 C:\WINDOWS\system32\drivers\cd20xrnt.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\CmdIde.sys
011 C:\WINDOWS\system32\drivers\Cpqarray.sys
011 C:\WINDOWS\system32\drivers\dac2w2k.sys
011 C:\WINDOWS\system32\drivers\dac960nt.sys
011 C:\WINDOWS\system32\drivers\dpti2o.sys
011 C:\WINDOWS\system32\drivers\EagleNT.sys
011 D:\INSTALL\GMSIPCI.SYS
011 C:\WINDOWS\system32\drivers\hpn.sys
011 C:\WINDOWS\system32\drivers\i2omgmt.sys
011 C:\WINDOWS\system32\drivers\i2omp.sys
011 C:\WINDOWS\system32\drivers\ini910u.sys
011 C:\WINDOWS\system32\drivers\IntelIde.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\system32\drivers\mraid35x.sys
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\perc2.sys
011 C:\WINDOWS\system32\drivers\perc2hib.sys
011 C:\WINDOWS\system32\drivers\ql1080.sys
011 C:\WINDOWS\system32\drivers\Ql10wnt.sys
011 C:\WINDOWS\system32\drivers\ql12160.sys
011 C:\WINDOWS\system32\drivers\ql1240.sys
011 C:\WINDOWS\system32\drivers\ql1280.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 C:\WINDOWS\system32\drivers\Sparrow.sys
011 C:\WINDOWS\system32\drivers\sym_hi.sys
011 C:\WINDOWS\system32\drivers\sym_u3.sys
011 C:\WINDOWS\system32\drivers\symc810.sys
011 C:\WINDOWS\system32\drivers\symc8xx.sys
011 C:\WINDOWS\system32\drivers\TosIde.sys
011 C:\WINDOWS\system32\drivers\ultra.sys
011 C:\WINDOWS\system32\drivers\ViaIde.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
214

 

[Vitao222]

mais tinha um programa aki q deixava o xp com cara da quele windows 7 q lançou agora sabe???? mais eu tirei pq tava deixando o pc lenticimo e demorava p começar o xp sera q foi isso????

Provavelmente foi isso Megadeeth, esses packs de transformações muitas vezes corrompe os arquivos do Windows quando desinstalado, como o Mr.Wolf citou.

Pra reparar tem várias maneiras mas eu tentaria pelo modo mais fácil: coloque o CD do XP no drive e mande um sfc /scannow no prompt de comando, dentro do própio Windows. Ele vai tentar corrigir qualquer arquivo corrompido. Lembre-se de colocar o CD certo, pois não adianta colocar o CD do XP SP3 se o XP que está aí é o SP2.
Tem outra maneira, que é dando boot pelo CD do XP. Você coloca, reinincia e vê se a BIOS está configurada pra dar boot pelo CD. Se sim, é só aguardar que na inicialização vai dar boot e você pode reparar. Lá você pode reparar, mas saiba que por esse método o XP perde algumas configurações, os arquivos ficam intactos, mas por ele trocar alguns arquivos, algumas coisas são desconfiguradas do jeito que você deixou.

Se funcionar com o sfc /scannow é melhor, se não tem que trocar o explorer.exe na unha, matando o explorer.exe, limpando o cache pelo cmd, e depois trocar. É um pouco mais complicado.

 

[smileo]

Pessoal, boa noite!
Meus caros, eu sou completamente leigo qudo o assunto é vírus. Mas graças a Deus até o momento não havia tido nenhum problema com eles.
Pois é... Até o momento... Pois um tal de OLHRWEF.EXE, que segundo uma busca breve no google, trata-se de um Malware proveniente de dispositivos móveis e talz... Enfim... A verdade é que não sei como proceder.
Constantemente meu Avast tem me alertado com algumas várias janelas com um tal de Q1ALX.EXE, um outro tal de Rookit [acho que é isso], um WI???? [??], e por aí vai...
Tentando solucionar o problema, fui aconselhado a instalar o HijackThis.exe, que me permitiu gerar o log abaixo:
[pronto! É a partir daí que tudo vira grego pra mim e parto para vossa ajuda! rs]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:55, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Extensis\Suitcase\Suitcase.exe
C:\Arquivos de programas\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Meus documentos\Leo\Setup's Mil\Antivirus\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9cff56b85d521) (gupdate1c9cff56b85d521) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10540 bytes

Obrigado pela atenção.

Leo 'Smileo' Ribeiro

 

[jvictorpaiva]

Pronto Mr.Wolf, fiz o procedimento que você falou, segue log abaixo.

Muito obrigado.

Spoiler

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows XP [versÆo 5.1.2600]


C:

C:\pagefile.sys ---------
09/07/2009 10:52 C:\Arquivos de programas --------- 0
09/07/2009 10:47 C:\boot.ini --------- 223
23/06/2009 20:07 C:\WINDOWS --------- 0
25/05/2009 19:51 C:\Config.Msi --------- 0
11/05/2009 16:07 C:\tmp.xml --------- 0
01/05/2009 10:59 C:\Downloaded Installations --------- 0
26/04/2009 16:29 C:\VICTOR PROGRAMAS --------- 0
17/04/2009 20:39 C:\Viagem a Embu das Artes --------- 0
11/04/2009 12:37 C:\_Sid.txt --------- 2366
09/04/2009 16:13 C:\Yuri no coral mar09 --------- 0
15/03/2009 00:14 C:\Documents and Settings --------- 0
15/03/2009 00:00 C:\MSOCache --------- 0
14/03/2009 16:08 C:\RECYCLER --------- 0
14/03/2009 16:03 C:\CSB.LOG --------- 86
14/03/2009 16:02 C:\RHDSetup.log --------- 347
14/03/2009 15:54 C:\System Volume Information --------- 0
14/03/2009 15:50 C:\MSDOS.SYS --------- 0
14/03/2009 15:50 C:\CONFIG.SYS --------- 0
14/03/2009 15:50 C:\AUTOEXEC.BAT --------- 0
14/03/2009 15:50 C:\IO.SYS --------- 0
13/04/2008 11:31 C:\ntldr --------- 251696
13/04/2008 09:43 C:\NTDETECT.COM --------- 47564
07/02/2008 17:10 C:\ckis --------- 0
28/10/2001 09:06 C:\Bootfont.bin --------- 4952
----------------------------------------


C:\WINDOWS

09/07/2009 21:09 C:\WINDOWS\0.log --------- 0
09/07/2009 21:09 C:\WINDOWS\WindowsUpdate.log --------- 846332
09/07/2009 21:09 C:\WINDOWS\wiaservc.log --------- 48
09/07/2009 21:08 C:\WINDOWS\wiadebug.log --------- 159
09/07/2009 21:08 C:\WINDOWS\bootstat.dat --------- 2048
09/07/2009 11:30 C:\WINDOWS\SchedLgU.Txt --------- 32508
09/07/2009 10:47 C:\WINDOWS\setupact.log --------- 180438
09/07/2009 10:47 C:\WINDOWS\setupapi.log --------- 468769
09/07/2009 10:47 C:\WINDOWS\win.ini --------- 512
09/07/2009 10:47 C:\WINDOWS\system.ini --------- 227
23/06/2009 20:08 C:\WINDOWS\ntbtlog.txt --------- 161440
21/06/2009 20:16 C:\WINDOWS\NeroDigital.ini --------- 116
15/06/2009 23:32 C:\WINDOWS\wmsetup.log --------- 40140
09/06/2009 00:20 C:\WINDOWS\IE4 Error Log.txt --------- 1561
28/05/2009 17:27 C:\WINDOWS\iis6.log --------- 335468
28/05/2009 17:27 C:\WINDOWS\ntdtcsetup.log --------- 53023
28/05/2009 17:27 C:\WINDOWS\tabletoc.log --------- 11515
28/05/2009 17:27 C:\WINDOWS\tsoc.log --------- 114598
28/05/2009 17:27 C:\WINDOWS\comsetup.log --------- 87127
28/05/2009 17:27 C:\WINDOWS\ocmsn.log --------- 14621
28/05/2009 17:27 C:\WINDOWS\imsins.log --------- 4696
28/05/2009 17:27 C:\WINDOWS\ocgen.log --------- 136986
28/05/2009 17:27 C:\WINDOWS\MedCtrOC.log --------- 17076
28/05/2009 17:27 C:\WINDOWS\msgsocm.log --------- 12155
28/05/2009 17:27 C:\WINDOWS\FaxSetup.log --------- 225275
28/05/2009 17:27 C:\WINDOWS\netfxocm.log --------- 40685
28/05/2009 17:27 C:\WINDOWS\msmqinst.log --------- 88242
26/04/2009 00:30 C:\WINDOWS\imsins.BAK --------- 1374
26/04/2009 00:30 C:\WINDOWS\Wdf01007Inst.log --------- 4613
25/04/2009 23:01 C:\WINDOWS\DPINST.LOG --------- 29248
16/04/2009 08:26 C:\WINDOWS\FontData.fdb --------- 24040
11/04/2009 12:36 C:\WINDOWS\hpoins04.dat --------- 104670
09/04/2009 12:32 C:\WINDOWS\ODBC.INI --------- 421
28/03/2009 19:23 C:\WINDOWS\Thumbs.db --------- 6144
17/03/2009 03:03 C:\WINDOWS\KB951376-v2.log --------- 18659
17/03/2009 03:03 C:\WINDOWS\KB952954.log --------- 23757
17/03/2009 03:03 C:\WINDOWS\updspapi.log --------- 8968
17/03/2009 03:03 C:\WINDOWS\KB946648.log --------- 18333
17/03/2009 03:03 C:\WINDOWS\KB956803.log --------- 19022
17/03/2009 03:02 C:\WINDOWS\KB955839.log --------- 37402
17/03/2009 03:02 C:\WINDOWS\KB958215.log --------- 19637
17/03/2009 03:02 C:\WINDOWS\KB951978.log --------- 18790
17/03/2009 03:02 C:\WINDOWS\KB950974.log --------- 21257
17/03/2009 03:02 C:\WINDOWS\KB951698.log --------- 20769
17/03/2009 03:02 C:\WINDOWS\KB960225.log --------- 20079
17/03/2009 03:02 C:\WINDOWS\KB956841.log --------- 16494
17/03/2009 03:02 C:\WINDOWS\KB960714.log --------- 15555
17/03/2009 03:01 C:\WINDOWS\KB938464-v2.log --------- 12264
17/03/2009 03:01 C:\WINDOWS\KB950762.log --------- 14866
17/03/2009 03:01 C:\WINDOWS\KB957097.log --------- 14935
17/03/2009 03:01 C:\WINDOWS\KB960715.log --------- 14331
17/03/2009 03:01 C:\WINDOWS\KB958687.log --------- 14857
17/03/2009 03:01 C:\WINDOWS\KB952287.log --------- 14566
17/03/2009 03:01 C:\WINDOWS\KB967715.log --------- 19392
17/03/2009 03:01 C:\WINDOWS\KB950760.log --------- 13908
17/03/2009 03:01 C:\WINDOWS\KB951066.log --------- 14423
17/03/2009 03:01 C:\WINDOWS\KB958690.log --------- 18174
17/03/2009 03:01 C:\WINDOWS\KB954459.log --------- 17992
17/03/2009 03:00 C:\WINDOWS\KB952069.log --------- 14998
17/03/2009 03:00 C:\WINDOWS\KB951748.log --------- 17547
17/03/2009 03:00 C:\WINDOWS\KB954600.log --------- 8585
17/03/2009 03:00 C:\WINDOWS\KB958644.log --------- 8894
17/03/2009 03:00 C:\WINDOWS\KB955069.log --------- 8378
17/03/2009 03:00 C:\WINDOWS\KB956802.log --------- 12309
16/03/2009 02:57 C:\WINDOWS\KB898461.log --------- 8870
15/03/2009 12:19 C:\WINDOWS\WMSysPr9.prx --------- 316640
15/03/2009 01:14 C:\WINDOWS\nsreg.dat --------- 0
14/03/2009 16:00 C:\WINDOWS\KB888111.log --------- 693
14/03/2009 15:55 C:\WINDOWS\OEWABLog.txt --------- 841
14/03/2009 15:55 C:\WINDOWS\setuplog.txt --------- 786062
14/03/2009 15:54 C:\WINDOWS\REGLOCS.OLD --------- 8192
14/03/2009 15:50 C:\WINDOWS\control.ini --------- 0
14/03/2009 15:50 C:\WINDOWS\ODBCINST.INI --------- 4205
14/03/2009 15:49 C:\WINDOWS\WindowsShell.Manifest --------- 749
14/03/2009 15:47 C:\WINDOWS\sessmgr.setup.log --------- 1022
14/03/2009 15:47 C:\WINDOWS\vbaddin.ini --------- 37
14/03/2009 15:47 C:\WINDOWS\vb.ini --------- 36
14/03/2009 15:46 C:\WINDOWS\DtcInstall.log --------- 130
14/03/2009 15:44 C:\WINDOWS\cmsetacl.log --------- 200
14/03/2009 12:43 C:\WINDOWS\regopt.log --------- 1830
14/03/2009 12:42 C:\WINDOWS\Sti_Trace.log --------- 0
14/03/2009 12:39 C:\WINDOWS\setuperr.log --------- 0
13/04/2008 20:30 C:\WINDOWS\SET3.tmp --------- 1233746
13/04/2008 20:20 C:\WINDOWS\SET4.tmp --------- 1088840
13/04/2008 20:20 C:\WINDOWS\SET8.tmp --------- 16825
13/04/2008 19:21 C:\WINDOWS\winhlp32.exe --------- 287744
13/04/2008 19:21 C:\WINDOWS\regedit.exe --------- 150528
13/04/2008 19:21 C:\WINDOWS\NOTEPAD.EXE --------- 70144
13/04/2008 19:21 C:\WINDOWS\hh.exe --------- 10752
13/04/2008 19:21 C:\WINDOWS\explorer.exe --------- 1035776
13/04/2008 19:20 C:\WINDOWS\twain_32.dll --------- 50688
05/02/2007 21:05 C:\WINDOWS\AviSplitter.INI --------- 38
14/08/2006 14:00 C:\WINDOWS\RTHDCPL.exe --------- 16050176
21/07/2006 16:14 C:\WINDOWS\SoundMan.exe --------- 86016
28/06/2006 14:00 C:\WINDOWS\MicCal.exe --------- 2158592
16/05/2006 18:04 C:\WINDOWS\SkyTel.exe --------- 2879488
04/05/2006 16:35 C:\WINDOWS\RTLCPL.exe --------- 9709568
04/05/2006 16:26 C:\WINDOWS\alcwzrd.exe --------- 2808832
09/03/2006 17:45 C:\WINDOWS\RtlUpd.exe --------- 364544
03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe --------- 69632
16/04/2005 22:20 C:\WINDOWS\RtlExUpd.dll --------- 487424
21/06/2004 14:40 C:\WINDOWS\hpomdl04.dat --------- 17176
28/10/2001 09:07 C:\WINDOWS\_default.pif --------- 707
28/10/2001 09:07 C:\WINDOWS\wmprfPTB.prx --------- 34666
28/10/2001 09:07 C:\WINDOWS\winhelp.exe --------- 304000
28/10/2001 09:07 C:\WINDOWS\winnt.bmp --------- 48680
28/10/2001 09:07 C:\WINDOWS\winnt256.bmp --------- 48680
28/10/2001 09:07 C:\WINDOWS\vmmreg32.dll --------- 18944
28/10/2001 09:07 C:\WINDOWS\twunk_32.exe --------- 25600
28/10/2001 09:07 C:\WINDOWS\twain.dll --------- 94832
28/10/2001 09:07 C:\WINDOWS\twunk_16.exe --------- 49680
28/10/2001 09:07 C:\WINDOWS\TASKMAN.EXE --------- 15360
28/10/2001 09:07 C:\WINDOWS\desktop.ini --------- 2
28/10/2001 09:07 C:\WINDOWS\msdfmap.ini --------- 1405
28/10/2001 09:06 C:\WINDOWS\explorer.scf --------- 80
28/10/2001 09:06 C:\WINDOWS\clock.avi --------- 82944
13/11/1998 12:18 C:\WINDOWS\IsUn0416.exe --------- 308224
29/10/1998 16:45 C:\WINDOWS\IsUninst.exe --------- 306688
----------------------------------------


C:\WINDOWS\System

13/04/2008 19:21 C:\WINDOWS\System\WINSPOOL.DRV --------- 146944
13/04/2008 18:50 C:\WINDOWS\System\MMSYSTEM.DLL --------- 70080
28/10/2001 09:07 C:\WINDOWS\System\WFWNET.DRV --------- 13600
28/10/2001 09:07 C:\WINDOWS\System\VER.DLL --------- 9072
28/10/2001 09:07 C:\WINDOWS\System\VGA.DRV --------- 2176
28/10/2001 09:07 C:\WINDOWS\System\TIMER.DRV --------- 4096
28/10/2001 09:07 C:\WINDOWS\System\TAPI.DLL --------- 19200
28/10/2001 09:07 C:\WINDOWS\System\SYSTEM.DRV --------- 3360
28/10/2001 09:07 C:\WINDOWS\System\stdole.tlb --------- 5532
28/10/2001 09:07 C:\WINDOWS\System\SOUND.DRV --------- 1744
28/10/2001 09:07 C:\WINDOWS\System\setup.inf --------- 59167
28/10/2001 09:07 C:\WINDOWS\System\SHELL.DLL --------- 5120
28/10/2001 09:07 C:\WINDOWS\System\OLESVR.DLL --------- 24064
28/10/2001 09:07 C:\WINDOWS\System\OLECLI.DLL --------- 83456
28/10/2001 09:07 C:\WINDOWS\System\MSVIDEO.DLL --------- 127120
28/10/2001 09:07 C:\WINDOWS\System\MOUSE.DRV --------- 2032
28/10/2001 09:07 C:\WINDOWS\System\MMTASK.TSK --------- 1152
28/10/2001 09:06 C:\WINDOWS\System\MCIAVI.DRV --------- 73632
28/10/2001 09:06 C:\WINDOWS\System\MCIWAVE.DRV --------- 28160
28/10/2001 09:06 C:\WINDOWS\System\MCISEQ.DRV --------- 25296
28/10/2001 09:06 C:\WINDOWS\System\LZEXPAND.DLL --------- 9936
28/10/2001 09:06 C:\WINDOWS\System\KEYBOARD.DRV --------- 2000
28/10/2001 09:06 C:\WINDOWS\System\COMMDLG.DLL --------- 33504
28/10/2001 09:06 C:\WINDOWS\System\AVICAP.DLL --------- 70144
28/10/2001 09:06 C:\WINDOWS\System\AVIFILE.DLL --------- 109536
----------------------------------------


C:\WINDOWS\System32

09/07/2009 21:09 C:\WINDOWS\system32\CatRoot2 --------- 0
09/07/2009 21:08 C:\WINDOWS\system32\nvapps.xml --------- 81191
09/07/2009 10:46 C:\WINDOWS\system32\wpa.dbl --------- 2206
09/06/2009 03:27 C:\WINDOWS\system32\dllcache --------- 0
28/05/2009 20:48 C:\WINDOWS\system32\Thumbs.db --------- 5120
28/05/2009 17:27 C:\WINDOWS\system32\perfc016.dat --------- 48846
28/05/2009 17:27 C:\WINDOWS\system32\perfh016.dat --------- 344734
28/05/2009 17:27 C:\WINDOWS\system32\perfc009.dat --------- 40128
28/05/2009 17:27 C:\WINDOWS\system32\perfh009.dat --------- 311740
28/05/2009 17:27 C:\WINDOWS\system32\PerfStringBackup.INI --------- 750646
25/05/2009 19:51 C:\WINDOWS\system32\drivers --------- 0
25/05/2009 19:51 C:\WINDOWS\system32\DRVSTORE --------- 0
22/03/2009 09:52 C:\WINDOWS\system32\Macromed --------- 0
17/03/2009 03:29 C:\WINDOWS\system32\FNTCACHE.DAT --------- 186608
17/03/2009 03:02 C:\WINDOWS\system32\TZLog.log --------- 212174
16/03/2009 02:57 C:\WINDOWS\system32\PreInstall --------- 0
15/03/2009 15:56 C:\WINDOWS\system32\SoftwareDistribution --------- 0
15/03/2009 09:45 C:\WINDOWS\system32\IOSUBSYS --------- 0
15/03/2009 01:06 C:\WINDOWS\system32\javaw.exe --------- 144792
15/03/2009 01:06 C:\WINDOWS\system32\javaws.exe --------- 148888
15/03/2009 01:06 C:\WINDOWS\system32\javacpl.cpl --------- 73728
15/03/2009 01:06 C:\WINDOWS\system32\java.exe --------- 144792
15/03/2009 01:06 C:\WINDOWS\system32\deploytk.dll --------- 410984
15/03/2009 00:36 C:\WINDOWS\system32\jupdate-1.5.0_04-b05.log --------- 3684
15/03/2009 00:25 C:\WINDOWS\system32\Adobe --------- 0
15/03/2009 00:06 C:\WINDOWS\system32\config --------- 0
14/03/2009 22:37 C:\WINDOWS\system32\LogFiles --------- 0
14/03/2009 16:04 C:\WINDOWS\system32\BuzzingBee.wav --------- 146650
14/03/2009 16:04 C:\WINDOWS\system32\LoopyMusic.wav --------- 940794
14/03/2009 16:04 C:\WINDOWS\system32\Lang --------- 0
14/03/2009 16:01 C:\WINDOWS\system32\RTCOM --------- 0
14/03/2009 16:00 C:\WINDOWS\system32\ReinstallBackups --------- 0
14/03/2009 15:54 C:\WINDOWS\system32\Restore --------- 0
14/03/2009 15:54 C:\WINDOWS\system32\Microsoft --------- 0
14/03/2009 15:53 C:\WINDOWS\system32\$winnt$.inf --------- 261
14/03/2009 15:51 C:\WINDOWS\system32\wbem --------- 0
14/03/2009 15:51 C:\WINDOWS\system32\xircom --------- 0
14/03/2009 15:50 C:\WINDOWS\system32\CONFIG.NT --------- 2969
14/03/2009 15:50 C:\WINDOWS\system32\amcompat.tlb --------- 16832
14/03/2009 15:50 C:\WINDOWS\system32\nscompat.tlb --------- 23392
14/03/2009 15:49 C:\WINDOWS\system32\logonui.exe.manifest --------- 488
14/03/2009 15:49 C:\WINDOWS\system32\WindowsLogon.manifest --------- 488
14/03/2009 15:49 C:\WINDOWS\system32\wuaucpl.cpl.manifest --------- 749
14/03/2009 15:49 C:\WINDOWS\system32\ncpa.cpl.manifest --------- 749
14/03/2009 15:49 C:\WINDOWS\system32\sapi.cpl.manifest --------- 749
14/03/2009 15:49 C:\WINDOWS\system32\nwc.cpl.manifest --------- 749
14/03/2009 15:49 C:\WINDOWS\system32\cdplayer.exe.manifest --------- 749
14/03/2009 15:49 C:\WINDOWS\system32\DirectX --------- 0
14/03/2009 15:48 C:\WINDOWS\system32\oobe --------- 0
14/03/2009 15:47 C:\WINDOWS\system32\Com --------- 0
14/03/2009 15:47 C:\WINDOWS\system32\emptyregdb.dat --------- 21844
14/03/2009 15:46 C:\WINDOWS\system32\MsDtc --------- 0
14/03/2009 15:46 C:\WINDOWS\system32\pt-BR --------- 0
14/03/2009 15:44 C:\WINDOWS\system32\spool --------- 0
14/03/2009 12:44 C:\WINDOWS\system32\h323log.txt --------- 0
14/03/2009 12:43 C:\WINDOWS\system32\pid.PNF --------- 4444
14/03/2009 12:39 C:\WINDOWS\system32\CatRoot --------- 0
14/03/2009 12:38 C:\WINDOWS\system32\Setup --------- 0
14/03/2009 12:37 C:\WINDOWS\system32\usmt --------- 0
14/03/2009 12:37 C:\WINDOWS\system32\1046 --------- 0
14/03/2009 12:37 C:\WINDOWS\system32\npp --------- 0
14/03/2009 12:35 C:\WINDOWS\system32\ras --------- 0
14/03/2009 12:35 C:\WINDOWS\system32\icsxml --------- 0
14/03/2009 12:34 C:\WINDOWS\system32\ias --------- 0
14/03/2009 12:34 C:\WINDOWS\system32\1033 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1031 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1025 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\2052 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1037 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\inetsrv --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\IME --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1041 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\3com_dmi --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1042 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1054 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\1028 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\3076 --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\ShellExt --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\mui --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\dhcp --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\export --------- 0
14/03/2009 12:33 C:\WINDOWS\system32\wins --------- 0
09/02/2009 11:06 C:\WINDOWS\system32\win32k.sys --------- 1846912
06/02/2009 18:52 C:\WINDOWS\system32\sirenacm.dll --------- 49504
05/01/2009 19:33 C:\WINDOWS\system32\GPhotos.scr --------- 3751995
05/01/2009 16:18 C:\WINDOWS\system32\QuickTime.qts --------- 57344
05/01/2009 16:18 C:\WINDOWS\system32\QuickTimeVR.qtx --------- 90112
12/12/2008 14:02 C:\WINDOWS\system32\mshtml.dll --------- 3088896
12/12/2008 11:18 C:\WINDOWS\system32\dns-sd.exe --------- 87336
12/12/2008 11:11 C:\WINDOWS\system32\dnssd.dll --------- 61440
05/12/2008 03:58 C:\WINDOWS\system32\schannel.dll --------- 144896
07/11/2008 16:45 C:\WINDOWS\system32\WMVCore.dll --------- 2174976
23/10/2008 09:37 C:\WINDOWS\system32\gdi32.dll --------- 286720
23/10/2008 07:06 C:\WINDOWS\system32\tzchange.exe --------- 62976
16/10/2008 14:13 C:\WINDOWS\system32\wuaueng.dll --------- 1809944
16/10/2008 14:13 C:\WINDOWS\system32\wuweb.dll --------- 202776
16/10/2008 14:12 C:\WINDOWS\system32\wucltui.dll --------- 323608
16/10/2008 14:12 C:\WINDOWS\system32\wuaucpl.cpl --------- 213528
16/10/2008 14:12 C:\WINDOWS\system32\wuapi.dll --------- 561688
16/10/2008 14:09 C:\WINDOWS\system32\wups2.dll --------- 43544
----------------------------------------


C:\WINDOWS\Prefetch

09/07/2009 21:13 C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 12760
09/07/2009 21:13 C:\WINDOWS\Prefetch\WINRAR.EXE-09D6614C.pf --------- 65630
09/07/2009 21:12 C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 16752
09/07/2009 21:09 C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf --------- 26264
09/07/2009 21:09 C:\WINDOWS\Prefetch\FIREFOX.EXE-1362643C.pf --------- 91824
09/07/2009 21:09 C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-39AFFB8A.pf --------- 8352
09/07/2009 21:09 C:\WINDOWS\Prefetch\AVP.EXE-00ABA569.pf --------- 80674
09/07/2009 21:09 C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 56566
09/07/2009 21:09 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 24544
09/07/2009 11:24 C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 8536
09/07/2009 10:59 C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-288D169B.pf --------- 22736
09/07/2009 10:59 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 16440
09/07/2009 10:59 C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 16506
09/07/2009 10:52 C:\WINDOWS\Prefetch\HJTINSTALL.EXE-315A0623.pf --------- 16362
09/07/2009 10:47 C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 22526
09/07/2009 10:47 C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 17586
09/07/2009 10:47 C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 17922
09/07/2009 10:47 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FF8F0DE.pf --------- 16706
09/07/2009 10:47 C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf --------- 20820
02/07/2009 17:06 C:\WINDOWS\Prefetch\IEXPLORE.EXE-2B53DE18.pf --------- 87844
23/06/2009 08:27 C:\WINDOWS\Prefetch\RUNDLL32.EXE-19D91996.pf --------- 13954
22/06/2009 13:36 C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 45830
22/06/2009 13:36 C:\WINDOWS\Prefetch\NCLINSTALLER.EXE-396843E9.pf --------- 12010
22/06/2009 13:35 C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf --------- 29952
22/06/2009 13:34 C:\WINDOWS\Prefetch\RUNDLL32.EXE-13044B30.pf --------- 14502
22/06/2009 13:34 C:\WINDOWS\Prefetch\SERVICELAYER.EXE-3B17A51B.pf --------- 13934
22/06/2009 13:34 C:\WINDOWS\Prefetch\IPODSERVICE.EXE-3ADF8F7D.pf --------- 15840
22/06/2009 13:34 C:\WINDOWS\Prefetch\HPZIPM12.EXE-145E7369.pf --------- 10832
22/06/2009 13:30 C:\WINDOWS\Prefetch\RUNDLL32.EXE-13619E8C.pf --------- 14502
22/06/2009 12:57 C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-222DEF3E.pf --------- 32010
22/06/2009 12:45 C:\WINDOWS\Prefetch\POWERPNT.EXE-0717A094.pf --------- 121302
22/06/2009 12:27 C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf --------- 19804
22/06/2009 10:45 C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 275218
22/06/2009 10:41 C:\WINDOWS\Prefetch\Layout.ini --------- 343182
22/06/2009 10:38 C:\WINDOWS\Prefetch\HPTSKMGR.EXE-195BBCEF.pf --------- 28210
22/06/2009 10:38 C:\WINDOWS\Prefetch\HPOSM.EXE-13026CE2.pf --------- 20242
22/06/2009 08:14 C:\WINDOWS\Prefetch\WLCOMM.EXE-0889FC35.pf --------- 30974
22/06/2009 08:14 C:\WINDOWS\Prefetch\MSNMSGR.EXE-304664B4.pf --------- 78784
21/06/2009 23:31 C:\WINDOWS\Prefetch\WMPLAYER.EXE-0366FBE3.pf --------- 76818
21/06/2009 23:02 C:\WINDOWS\Prefetch\CHROME.EXE-089F79EE.pf --------- 87604
21/06/2009 20:40 C:\WINDOWS\Prefetch\RUNDLL32.EXE-31610E45.pf --------- 15256
21/06/2009 20:32 C:\WINDOWS\Prefetch\PICASAPHOTOVIEWER.EXE-17C65278.pf --------- 66826
21/06/2009 20:27 C:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-19E95BBA.pf --------- 37040
21/06/2009 20:27 C:\WINDOWS\Prefetch\FNPLICENSINGSERVICE.EXE-050C641D.pf --------- 39382
21/06/2009 20:26 C:\WINDOWS\Prefetch\FIREWORKS.EXE-14481EE8.pf --------- 56110
21/06/2009 20:26 C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf --------- 13884
21/06/2009 20:17 C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-278F5F5E.pf --------- 57202
21/06/2009 19:54 C:\WINDOWS\Prefetch\BSPLAYER.EXE-16CA5C4E.pf --------- 97944
21/06/2009 19:51 C:\WINDOWS\Prefetch\PICASAUPDATER.EXE-01309C37.pf --------- 30042
21/06/2009 19:51 C:\WINDOWS\Prefetch\PICASA3.EXE-33778019.pf --------- 83818
21/06/2009 16:32 C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 19610
21/06/2009 16:32 C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-27E04EE4.pf --------- 94008
21/06/2009 15:06 C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --------- 48334
20/06/2009 10:45 C:\WINDOWS\Prefetch\JAVA.EXE-348EE6DF.pf --------- 65470
19/06/2009 20:40 C:\WINDOWS\Prefetch\WMPLAYER.EXE-0366FBE9.pf --------- 74978
19/06/2009 20:19 C:\WINDOWS\Prefetch\WINWORD.EXE-1A5B37AB.pf --------- 90950
19/06/2009 14:53 C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 62092
19/06/2009 14:53 C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 18904
19/06/2009 08:17 C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 47512
19/06/2009 08:17 C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf --------- 50910
18/06/2009 16:12 C:\WINDOWS\Prefetch\ACRORD32.EXE-34A08EDB.pf --------- 57196
18/06/2009 15:37 C:\WINDOWS\Prefetch\RUNDLL32.EXE-149FA1CE.pf --------- 26220
18/06/2009 15:24 C:\WINDOWS\Prefetch\NERO.EXE-06482A47.pf --------- 54446
18/06/2009 15:24 C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-35EC4C61.pf --------- 61538
17/06/2009 21:22 C:\WINDOWS\Prefetch\_RIVA FLV PLAYER.EXE-000DE5AB.pf --------- 46580
17/06/2009 21:22 C:\WINDOWS\Prefetch\RIVA FLV PLAYER.EXE-1702CFFF.pf --------- 40128
17/06/2009 02:42 C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf --------- 18378
16/06/2009 22:22 C:\WINDOWS\Prefetch\WMPLAYER.EXE-0366FBE6.pf --------- 59032
16/06/2009 18:51 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf --------- 17036
16/06/2009 18:51 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf --------- 26934
16/06/2009 08:06 C:\WINDOWS\Prefetch\WMPLAYER.EXE-0366FBE4.pf --------- 68388
15/06/2009 23:33 C:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf --------- 28806
15/06/2009 23:05 C:\WINDOWS\Prefetch\SETUP_WM.EXE-2685B83B.pf --------- 34758
15/06/2009 22:53 C:\WINDOWS\Prefetch\WMPLAYER.EXE-0366FBE7.pf --------- 76666
15/06/2009 18:18 C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-10B35704.pf --------- 54958
15/06/2009 18:18 C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf --------- 20874
15/06/2009 11:40 C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-29B1D69D.pf --------- 43654
14/06/2009 21:03 C:\WINDOWS\Prefetch\ADOBE_UPDATER.EXE-244C22BF.pf --------- 39240
14/06/2009 13:06 C:\WINDOWS\Prefetch\EMULE.EXE-03B5F510.pf --------- 62830
14/06/2009 13:05 C:\WINDOWS\Prefetch\DVD SHRINK 3.2.EXE-15C7A414.pf --------- 40608
13/06/2009 21:19 C:\WINDOWS\Prefetch\HELPER.EXE-3A31BCA1.pf --------- 24608
13/06/2009 21:19 C:\WINDOWS\Prefetch\UPDATER.EXE-058B0182.pf --------- 67224
13/06/2009 12:16 C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf --------- 14938
13/06/2009 00:56 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1D8D0669.pf --------- 16376
11/06/2009 15:11 C:\WINDOWS\Prefetch\CHROME_UPDATER.EXE-0164519C.pf --------- 16770
11/06/2009 15:11 C:\WINDOWS\Prefetch\SETUP.EXE-050D9890.pf --------- 57282
11/06/2009 15:11 C:\WINDOWS\Prefetch\EXPAND.EXE-2490DB85.pf --------- 12324
11/06/2009 11:15 C:\WINDOWS\Prefetch\WORDCONV.EXE-21F3A16E.pf --------- 31794
11/06/2009 05:57 C:\WINDOWS\Prefetch\HPDARC.EXE-273A136C.pf --------- 19454
09/06/2009 19:09 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4187CE78.pf --------- 16376
09/06/2009 06:48 C:\WINDOWS\Prefetch\UTORRENT.EXE-2E4F315D.pf --------- 37794
09/06/2009 03:27 C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf --------- 61064
09/06/2009 03:27 C:\WINDOWS\Prefetch\MSINFO32.EXE-12E04CEA.pf --------- 20282
09/06/2009 00:19 C:\WINDOWS\Prefetch\IEDW.EXE-1F8B34A1.pf --------- 45532
07/06/2009 19:07 C:\WINDOWS\Prefetch\RUNDLL32.EXE-37DB5E78.pf --------- 14502
07/06/2009 19:04 C:\WINDOWS\Prefetch\RUNDLL32.EXE-354CAFE9.pf --------- 55100
06/06/2009 02:35 C:\WINDOWS\Prefetch\QTTASK.EXE-2B3D6136.pf --------- 8758
05/06/2009 13:52 C:\WINDOWS\Prefetch\ITUNES.EXE-15C9F55B.pf --------- 97320
05/06/2009 13:41 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C975262.pf --------- 16376
05/06/2009 13:41 C:\WINDOWS\Prefetch\MSPVIEW.EXE-253EA186.pf --------- 56288
14/03/2009 19:28 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 465088
----------------------------------------


C:\WINDOWS\Tasks

09/07/2009 21:08 C:\WINDOWS\Tasks\SA.DAT --------- 6
22/06/2009 12:57 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-287218729-2147098553-1003.job --------- 1100
15/06/2009 18:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job --------- 300
28/10/2001 09:07 C:\WINDOWS\Tasks\desktop.ini --------- 65
----------------------------------------


C:\WINDOWS\Temp

09/07/2009 21:13 C:\WINDOWS\Temp\cch~4037c101.htp --------- 8192
09/07/2009 21:13 C:\WINDOWS\Temp\cch~4037bc55.htp --------- 8192
09/07/2009 21:11 C:\WINDOWS\Temp\cch~2fa74617.htp --------- 8192
09/07/2009 21:11 C:\WINDOWS\Temp\cch~2fa74ab2.htp --------- 8192
09/07/2009 21:10 C:\WINDOWS\Temp\cch~17733b39.htp --------- 8192
09/07/2009 21:10 C:\WINDOWS\Temp\cch~17724a0c.htp --------- 8192
23/06/2009 20:06 C:\WINDOWS\Temp\cch~10304768.htp --------- 8192
23/06/2009 20:06 C:\WINDOWS\Temp\cch~10304de4.htp --------- 8192
23/06/2009 20:05 C:\WINDOWS\Temp\Perflib_Perfdata_380.dat --------- 16384
23/06/2009 08:26 C:\WINDOWS\Temp\Perflib_Perfdata_374.dat --------- 16384
22/06/2009 13:31 C:\WINDOWS\Temp\cch~98cb2eee4c.htp --------- 8192
22/06/2009 13:31 C:\WINDOWS\Temp\cch~98cb2ef2ae.htp --------- 8192
22/06/2009 13:26 C:\WINDOWS\Temp\cch~988b2af498.htp --------- 8192
22/06/2009 13:26 C:\WINDOWS\Temp\cch~988b2af9ed.htp --------- 8192
20/06/2009 10:37 C:\WINDOWS\Temp\Perflib_Perfdata_494.dat --------- 16384
25/05/2009 19:49 C:\WINDOWS\Temp\SetupAdminD30.log --------- 85
15/05/2009 10:13 C:\WINDOWS\Temp\Perflib_Perfdata_240.dat --------- 16384
11/05/2009 11:12 C:\WINDOWS\Temp\Perflib_Perfdata_3e8.dat --------- 16384
08/05/2009 10:47 C:\WINDOWS\Temp\cch~31a86b035e.htp --------- 8192
08/05/2009 10:47 C:\WINDOWS\Temp\cch~31a86b1814.htp --------- 8192
08/05/2009 10:44 C:\WINDOWS\Temp\cch~317758a4d2.htp --------- 8192
08/05/2009 10:44 C:\WINDOWS\Temp\cch~317758a949.htp --------- 8192
08/05/2009 10:44 C:\WINDOWS\Temp\cch~31774f3919.htp --------- 8192
08/05/2009 10:44 C:\WINDOWS\Temp\cch~31774f34bc.htp --------- 8192
08/05/2009 10:43 C:\WINDOWS\Temp\cch~317529ea8a.htp --------- 8192
08/05/2009 10:43 C:\WINDOWS\Temp\cch~317529e53c.htp --------- 8192
08/05/2009 10:43 C:\WINDOWS\Temp\cch~316e12e3cd.htp --------- 8192
08/05/2009 10:43 C:\WINDOWS\Temp\cch~316e12ea09.htp --------- 8192
07/05/2009 18:15 C:\WINDOWS\Temp\Perflib_Perfdata_3dc.dat --------- 16384
07/05/2009 14:35 C:\WINDOWS\Temp\cch~81d84c04a.htp --------- 8192
07/05/2009 14:35 C:\WINDOWS\Temp\cch~81d84ae34.htp --------- 8192
07/05/2009 11:53 C:\WINDOWS\Temp\Perflib_Perfdata_3f4.dat --------- 16384
27/04/2009 11:27 C:\WINDOWS\Temp\Perflib_Perfdata_3c0.dat --------- 16384
11/04/2009 19:02 C:\WINDOWS\Temp\~hpiscn0002.tif --------- 0
11/04/2009 18:56 C:\WINDOWS\Temp\~hpiscn0001.tif --------- 0
11/04/2009 12:34 C:\WINDOWS\Temp\hpzcoi07.log --------- 678
11/04/2009 12:34 C:\WINDOWS\Temp\hpzcoi06.log --------- 744
11/04/2009 12:34 C:\WINDOWS\Temp\hpzcoi05.log --------- 596
11/04/2009 12:34 C:\WINDOWS\Temp\hpzcoi04.log --------- 596
11/04/2009 12:34 C:\WINDOWS\Temp\servic003.log --------- 204
11/04/2009 12:34 C:\WINDOWS\Temp\servic002.log --------- 204
11/04/2009 12:28 C:\WINDOWS\Temp\~hpiscn0000.tif --------- 0
11/04/2009 12:19 C:\WINDOWS\Temp\hpzcoi03.log --------- 678
11/04/2009 12:19 C:\WINDOWS\Temp\hpzcoi02.log --------- 925
11/04/2009 12:19 C:\WINDOWS\Temp\hpzcoi01.log --------- 596
11/04/2009 12:19 C:\WINDOWS\Temp\hpzcoi00.log --------- 596
11/04/2009 12:19 C:\WINDOWS\Temp\servic001.log --------- 204
11/04/2009 12:18 C:\WINDOWS\Temp\servic000.log --------- 204
11/04/2009 12:17 C:\WINDOWS\Temp\CIO_NDCS.log --------- 480
02/04/2009 16:12 C:\WINDOWS\Temp\Perflib_Perfdata_2e4.dat --------- 16384
23/03/2009 18:18 C:\WINDOWS\Temp\Hist¢rico --------- 0
23/03/2009 18:18 C:\WINDOWS\Temp\Cookies --------- 0
23/03/2009 18:18 C:\WINDOWS\Temp\Temporary Internet Files --------- 0
17/03/2009 07:55 C:\WINDOWS\Temp\cch~d4dbaeacc.htp --------- 8192
17/03/2009 07:55 C:\WINDOWS\Temp\cch~d4dbaf052.htp --------- 8192
17/03/2009 03:30 C:\WINDOWS\Temp\Perflib_Perfdata_274.dat --------- 16384
----------------------------------------


C:\DOCUME~1\Detinha\CONFIG~1\Temp

09/07/2009 21:10 C:\DOCUME~1\Detinha\CONFIG~1\Temp\etilqs_TeNyjycXX4Xsg92Xw0pG --------- 24600
02/07/2009 17:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Cookies --------- 0
02/07/2009 17:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Hist¢rico --------- 0
02/07/2009 17:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Temporary Internet Files --------- 0
22/06/2009 13:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpodvd09.log --------- 288709
22/06/2009 13:03 C:\DOCUME~1\Detinha\CONFIG~1\Temp\etilqs_x5kfE3g23LvjiKJBxbep --------- 28700
22/06/2009 12:42 C:\DOCUME~1\Detinha\CONFIG~1\Temp\MessengerCache --------- 0
21/06/2009 23:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\chrome_shutdown_ms.txt --------- 4
21/06/2009 20:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\amt.log --------- 9976
21/06/2009 20:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\alm.log --------- 4973
21/06/2009 20:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Twain001.Mtx --------- 3
21/06/2009 17:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TWAIN.LOG --------- 866
21/06/2009 16:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Twunk001.MTX --------- 156
21/06/2009 15:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Perflib_Perfdata_7f4.dat --------- 16384
20/06/2009 10:45 C:\DOCUME~1\Detinha\CONFIG~1\Temp\java_install_reg.log --------- 8919
20/06/2009 10:45 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hsperfdata_Detinha --------- 0
20/06/2009 10:41 C:\DOCUME~1\Detinha\CONFIG~1\Temp\jusched.log --------- 43008
19/06/2009 20:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\msohtmlclip1 --------- 0
18/06/2009 15:29 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR40.tmp --------- 0
18/06/2009 15:16 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR33.tmp --------- 0
18/06/2009 15:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR2D.tmp --------- 0
18/06/2009 14:45 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR27.tmp --------- 0
18/06/2009 14:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR20.tmp --------- 0
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRFA.tmp --------- 49200
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRF5.tmp --------- 19331
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRF2.tmp --------- 31536
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRED.tmp --------- 119080
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRE9.tmp --------- 35574
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRE5.tmp --------- 47701
17/06/2009 03:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRE3.tmp --------- 84343
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRDF.tmp --------- 10225
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRD0.tmp --------- 40950
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRCC.tmp --------- 37885
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRCA.tmp --------- 23262
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRC7.tmp --------- 62753
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRC5.tmp --------- 67994
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRC4.tmp --------- 67560
17/06/2009 00:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRC3.tmp --------- 46021
16/06/2009 22:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBRB8.tmp --------- 0
16/06/2009 21:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBRB1.tmp --------- 0
16/06/2009 21:43 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBRAB.tmp --------- 0
16/06/2009 21:28 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBRA5.tmp --------- 0
16/06/2009 12:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Picasa3 --------- 0
16/06/2009 02:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r51A.tmp --------- 0
16/06/2009 02:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h519.tmp --------- 1471
16/06/2009 00:20 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r515.tmp --------- 0
16/06/2009 00:20 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h514.tmp --------- 692
15/06/2009 23:05 C:\DOCUME~1\Detinha\CONFIG~1\Temp\control.xml --------- 12818
12/06/2009 05:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\3EE68A68.TMP --------- 70
11/06/2009 23:40 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hD9.tmp --------- 3956
11/06/2009 23:40 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rDA.tmp --------- 0
11/06/2009 15:11 C:\DOCUME~1\Detinha\CONFIG~1\Temp\chrome_installer.log --------- 0
11/06/2009 11:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pptB3.tmp --------- 0
11/06/2009 11:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pptB0.tmp --------- 0
11/06/2009 11:13 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rAC.tmp --------- 0
11/06/2009 11:13 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hAB.tmp --------- 5118
11/06/2009 01:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r9B.tmp --------- 3645
10/06/2009 14:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rB9.tmp --------- 0
10/06/2009 14:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hB8.tmp --------- 16418
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRB2.tmp --------- 10225
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRAE.tmp --------- 35574
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRAA.tmp --------- 119080
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRA6.tmp --------- 31536
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFRA2.tmp --------- 84343
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR9D.tmp --------- 47701
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR9A.tmp --------- 49200
10/06/2009 13:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR98.tmp --------- 19331
10/06/2009 13:38 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR94.tmp --------- 67560
10/06/2009 13:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h71.tmp --------- 2186
10/06/2009 13:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r72.tmp --------- 0
10/06/2009 13:30 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r6F.tmp --------- 0
10/06/2009 13:30 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h6E.tmp --------- 771
10/06/2009 12:41 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r6C.tmp --------- 0
10/06/2009 12:41 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h6B.tmp --------- 771
09/06/2009 15:03 C:\DOCUME~1\Detinha\CONFIG~1\Temp\plugtmp-4 --------- 0
09/06/2009 05:28 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r37.tmp --------- 0
09/06/2009 05:28 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h36.tmp --------- 1860
09/06/2009 05:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h33.tmp --------- 942
09/06/2009 05:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r34.tmp --------- 0
08/06/2009 13:11 C:\DOCUME~1\Detinha\CONFIG~1\Temp\ppt10.tmp --------- 0
05/06/2009 10:51 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h25.tmp --------- 1782
05/06/2009 10:51 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r26.tmp --------- 0
04/06/2009 05:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r25.tmp --------- 0
04/06/2009 05:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h24.tmp --------- 3190
04/06/2009 05:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r22.tmp --------- 0
04/06/2009 05:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h21.tmp --------- 2659
03/06/2009 23:01 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r15.tmp --------- 0
03/06/2009 23:01 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h14.tmp --------- 1422
03/06/2009 22:16 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h10.tmp --------- 550
03/06/2009 22:16 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r11.tmp --------- 0
03/06/2009 04:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r8F.tmp --------- 0
03/06/2009 04:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h8E.tmp --------- 1440
02/06/2009 05:53 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h4E.tmp --------- 2085
02/06/2009 05:53 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r4F.tmp --------- 0
02/06/2009 04:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h4A.tmp --------- 1572
02/06/2009 04:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r4B.tmp --------- 0
31/05/2009 18:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\MPC31.tmp --------- 9936
31/05/2009 18:09 C:\DOCUME~1\Detinha\CONFIG~1\Temp\DD13PMUG.htm --------- 108704
31/05/2009 18:09 C:\DOCUME~1\Detinha\CONFIG~1\Temp\OV8DIYUH.htm --------- 1276
31/05/2009 18:09 C:\DOCUME~1\Detinha\CONFIG~1\Temp\QHQOU1EL.htm --------- 838
30/05/2009 14:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR42.tmp --------- 0
30/05/2009 05:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Word8.0 --------- 0
30/05/2009 01:05 C:\DOCUME~1\Detinha\CONFIG~1\Temp\ppt25.tmp --------- 0
29/05/2009 13:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rB.tmp --------- 0
29/05/2009 13:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h6.tmp --------- 4238
27/05/2009 10:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r7.tmp --------- 0
27/05/2009 10:08 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h5.tmp --------- 734
26/05/2009 18:30 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rE.tmp --------- 0
26/05/2009 18:30 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hD.tmp --------- 625
26/05/2009 18:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h9.tmp --------- 1935
26/05/2009 18:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rA.tmp --------- 0
26/05/2009 00:29 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pptC0.tmp --------- 0
25/05/2009 19:49 C:\DOCUME~1\Detinha\CONFIG~1\Temp\QTInstallCode.log --------- 4569
20/05/2009 08:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\PCULog0.txt --------- 5732
20/05/2009 08:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\PCULog1.txt --------- 1160
20/05/2009 08:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\PCULog3.txt --------- 1160
20/05/2009 05:33 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h17.tmp --------- 4547
20/05/2009 05:33 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r18.tmp --------- 0
17/05/2009 17:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\webdeveloper--1242590539964.html --------- 117
17/05/2009 17:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\webdeveloper--1242590539960.html --------- 117
17/05/2009 17:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\webdeveloper-www.google.com.br-1242590539341.html --------- 33323
17/05/2009 12:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\plugtmp-3 --------- 0
16/05/2009 19:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r158.tmp --------- 0
16/05/2009 19:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h157.tmp --------- 2200
16/05/2009 13:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR11A.tmp --------- 0
13/05/2009 14:56 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r6.tmp --------- 0
13/05/2009 14:56 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h4.tmp --------- 796
13/05/2009 02:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r5.tmp --------- 0
09/05/2009 12:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h36B.tmp --------- 3858
09/05/2009 12:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r36C.tmp --------- 0
09/05/2009 12:16 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r369.tmp --------- 0
09/05/2009 12:16 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h368.tmp --------- 3439
08/05/2009 10:40 C:\DOCUME~1\Detinha\CONFIG~1\Temp\etilqs_Il0CuINrR0brdhsZc6QH --------- 12304
08/05/2009 10:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\plugtmp-2 --------- 0
07/05/2009 22:50 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~DFE5C4.tmp --------- 512
07/05/2009 14:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r12.tmp --------- 0
07/05/2009 14:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h11.tmp --------- 666
07/05/2009 14:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\etilqs_Tm8ziSiSpwFZLERVZNWr --------- 12304
05/05/2009 18:12 C:\DOCUME~1\Detinha\CONFIG~1\Temp\jza54.tmp --------- 0
05/05/2009 18:12 C:\DOCUME~1\Detinha\CONFIG~1\Temp\bea4D.tmp --------- 0
01/05/2009 21:48 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~DFA009.tmp --------- 16384
01/05/2009 19:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rF2.tmp --------- 0
01/05/2009 19:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hF1.tmp --------- 17223
01/05/2009 10:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\_PASFX691 --------- 0
01/05/2009 10:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\MPC4B.tmp --------- 9936
01/05/2009 10:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\MPC4A.tmp --------- 9936
30/04/2009 12:29 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~DF4221.tmp --------- 16384
30/04/2009 12:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~DF1fea.tmp --------- 16384
30/04/2009 12:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\17121DIR.TMP --------- 0
30/04/2009 12:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~DF8889.tmp --------- 16384
28/04/2009 06:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r14.tmp --------- 0
28/04/2009 06:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h13.tmp --------- 826
28/04/2009 00:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hC.tmp --------- 826
28/04/2009 00:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rD.tmp --------- 0
27/04/2009 12:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\plugtmp-1 --------- 0
26/04/2009 01:46 C:\DOCUME~1\Detinha\CONFIG~1\Temp\adl_flash.log --------- 16200
26/04/2009 01:40 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hash.bin --------- 79
26/04/2009 00:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NclRegPermissions(2).log --------- 1975
26/04/2009 00:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NSU_ec11c21eb94e9f12dbe0 --------- 0
25/04/2009 23:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\_is12E --------- 0
25/04/2009 23:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Nokia NSeries Update Manager --------- 0
25/04/2009 23:01 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NclRegPermissions(1).log --------- 7994
25/04/2009 22:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NEventMessages.dll --------- 1536
25/04/2009 19:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pptF9.tmp --------- 0
25/04/2009 19:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pptF5.tmp --------- 0
25/04/2009 00:01 C:\DOCUME~1\Detinha\CONFIG~1\Temp\NBR88.tmp --------- 0
24/04/2009 21:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\kro16.tmp --------- 0
24/04/2009 21:43 C:\DOCUME~1\Detinha\CONFIG~1\Temp\k4315.tmp --------- 0
24/04/2009 19:42 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r8.tmp --------- 0
24/04/2009 19:42 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h7.tmp --------- 685
24/04/2009 19:11 C:\DOCUME~1\Detinha\CONFIG~1\Temp\ppt6.tmp --------- 0
23/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\PicasaRestore.exe --------- 751096
18/04/2009 18:07 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR150.tmp --------- 62753
18/04/2009 07:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{B52D6B1D-5E33-4330-ADC4-3134E0591135} --------- 0
11/04/2009 19:01 C:\DOCUME~1\Detinha\CONFIG~1\Temp\DIO7.tmp --------- 47122
11/04/2009 19:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\DIO4.tmp --------- 47122
11/04/2009 12:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\DIO10.tmp --------- 47122
11/04/2009 12:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsl001.log --------- 3289
11/04/2009 12:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\HPZset005.log --------- 3313
11/04/2009 12:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi025.log --------- 1806
11/04/2009 12:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi024.log --------- 1821
11/04/2009 12:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi023.log --------- 1831
11/04/2009 12:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi022.log --------- 1820
11/04/2009 12:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop007.log --------- 991
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzwrp003.log --------- 1003
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\DIOB.tmp --------- 47122
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpopdi001.log --------- 585
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpopdi01.log --------- 4697
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi17.log --------- 678
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi16.log --------- 1148
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcon01.log --------- 585
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpin01.log --------- 1950
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi15.log --------- 596
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi14.log --------- 596
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi13.log --------- 596
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi12.log --------- 596
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi11.log --------- 596
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi10.log --------- 596
11/04/2009 12:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi09.log --------- 596
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsl000.log --------- 3297
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\HPZset000.log --------- 49557
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi021.log --------- 1727
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpz_MSI.psc1310_install.log --------- 170
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi020.log --------- 1742
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpz_MSI.psc1310trb_install.log --------- 170
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi019.log --------- 1752
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpz_MSI.psc1310_help_install.log --------- 170
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi018.log --------- 1741
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpz_MSI.psc1310tour_install.log --------- 170
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop006.log --------- 993
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzwrp002.log --------- 1005
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\HPZset004.log --------- 2913
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\DIOAD.tmp --------- 47122
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi017.log --------- 989
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi016.log --------- 1347
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_QFolder.log --------- 186
11/04/2009 12:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpnp003.log --------- 3477
11/04/2009 12:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzrcv001.log --------- 999
11/04/2009 12:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi015.log --------- 2473
11/04/2009 12:25 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzwrp001.log --------- 1036
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzshl002.log --------- 716
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzwis001.log --------- 662
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl006.log --------- 1882
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzarp002.log --------- 3033
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat013.log --------- 499
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzarp001.log --------- 1149
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat012.log --------- 493
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat011.log --------- 498
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat010.log --------- 496
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat009.log --------- 497
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat008.log --------- 497
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat007.log --------- 499
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat006.log --------- 492
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat005.log --------- 492
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat004.log --------- 510
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat003.log --------- 501
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat002.log --------- 489
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi014.log --------- 1340
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_WebReg.log --------- 186
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi013.log --------- 1352
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_Unload.log --------- 186
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi012.log --------- 1347
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_TrayApp.log --------- 186
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi011.log --------- 1464
11/04/2009 12:24 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_RedBox.log --------- 186
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi010.log --------- 1340
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_Readme_LOG.txt --------- 186
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi009.log --------- 1478
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_overland_LOG.txt --------- 186
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi008.log --------- 1417
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_Sherlock.log --------- 170
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi007.log --------- 1450
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_Scan_LOG.txt --------- 186
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi006.log --------- 1480
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_HPSoftwareUpdate.log --------- 170
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi005.log --------- 1319
11/04/2009 12:23 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_fax_LOG.txt --------- 186
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi004.log --------- 1354
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_Director.log --------- 186
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi003.log --------- 1382
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_Destinations.log --------- 186
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi002.log --------- 1361
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_BufferChm.log --------- 186
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi001.log --------- 1357
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_AiOSW_LOG.txt --------- 186
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzmsi000.log --------- 1344
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpoMSI_AiO_Scan_LOG.txt --------- 186
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat001.log --------- 477
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzarp000.log --------- 1266
11/04/2009 12:22 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl005.log --------- 9768
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl004.log --------- 5576
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop005.log --------- 887
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzgat000.log --------- 477
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpnp002.log --------- 3467
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzdui000.log --------- 9466
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpopdi000.log --------- 585
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpopdi00.log --------- 4740
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi08.log --------- 678
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi07.log --------- 1138
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcon00.log --------- 555
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpin00.log --------- 1779
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi06.log --------- 596
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi05.log --------- 596
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi04.log --------- 596
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi03.log --------- 596
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi02.log --------- 596
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi01.log --------- 596
11/04/2009 12:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcoi00.log --------- 596
11/04/2009 12:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpnp001.log --------- 642
11/04/2009 12:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzwrp000.log --------- 677
11/04/2009 12:16 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl003.log --------- 4316
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl002.log --------- 1439
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl001.log --------- 1175
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop004.log --------- 600
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzsui000.log --------- 768
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzrcv000.log --------- 1207
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzprl000.log --------- 1159
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\mdfix012.log --------- 17
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzshl001.log --------- 728
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc007.log --------- 853
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc006.log --------- 829
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc005.log --------- 829
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc004.log --------- 841
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc003.log --------- 835
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc002.log --------- 832
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc001.log --------- 835
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzwis000.log --------- 634
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop003.log --------- 893
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop002.log --------- 920
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzchk000.log --------- 4202
11/04/2009 12:15 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzopt000.log --------- 2060
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop001.log --------- 814
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpznop000.log --------- 600
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzcdl000.log --------- 763
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzshl000.log --------- 3439
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\HPZset002.log --------- 638
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzrei000.log --------- 538
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\HPZSet003.log --------- 647
11/04/2009 12:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpsc000.log --------- 817
11/04/2009 12:13 C:\DOCUME~1\Detinha\CONFIG~1\Temp\hpzpnp000.log --------- 642
11/04/2009 12:13 C:\DOCUME~1\Detinha\CONFIG~1\Temp\HPZset001.log --------- 638
09/04/2009 13:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\FrontPageTempDir --------- 0
09/04/2009 13:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\wecerr.txt --------- 139
09/04/2009 12:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Office XP Professional com FrontPage Setup(0001).txt --------- 3542
09/04/2009 12:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Office XP Professional com FrontPage Setup(0001)_Task(0001).txt --------- 7727558
09/04/2009 12:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\offcln10.log --------- 46475
09/04/2009 07:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\MPC6.tmp --------- 8728
08/04/2009 16:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image1895.gif --------- 886
08/04/2009 16:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h4F.tmp --------- 21994
08/04/2009 16:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r50.tmp --------- 0
08/04/2009 16:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image1729.gif --------- 886
08/04/2009 16:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r4D.tmp --------- 0
08/04/2009 16:32 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h4C.tmp --------- 21994
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image1563.gif --------- 886
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r4A.tmp --------- 0
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h49.tmp --------- 21994
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image1397.gif --------- 886
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r47.tmp --------- 0
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h46.tmp --------- 21994
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image1231.gif --------- 886
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h43.tmp --------- 21994
08/04/2009 16:31 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r44.tmp --------- 0
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image1065.gif --------- 886
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r41.tmp --------- 0
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h40.tmp --------- 22046
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image899.gif --------- 886
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r3E.tmp --------- 0
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h3D.tmp --------- 22046
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image733.gif --------- 886
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r3B.tmp --------- 0
08/04/2009 16:17 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h3A.tmp --------- 22046
08/04/2009 15:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR36.tmp --------- 10225
07/04/2009 05:53 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h20.tmp --------- 4039
07/04/2009 05:53 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r21.tmp --------- 0
04/04/2009 15:19 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR5F.tmp --------- 23262
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR59.tmp --------- 49200
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR55.tmp --------- 19331
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR52.tmp --------- 31536
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR4C.tmp --------- 119080
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR48.tmp --------- 10225
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR44.tmp --------- 47701
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR42.tmp --------- 84343
04/04/2009 15:18 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR3E.tmp --------- 40950
03/04/2009 00:05 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~DF4809.tmp --------- 512
31/03/2009 14:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\1.6.0_13-b03.xml --------- 9635
27/03/2009 05:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\plugtmp --------- 0
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image672.gif --------- 886
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image661.gif --------- 4339
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rAA.tmp --------- 0
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hA9.tmp --------- 33921
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image532.gif --------- 886
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image521.gif --------- 4339
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rA7.tmp --------- 0
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hA6.tmp --------- 33921
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image392.gif --------- 886
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image381.gif --------- 4339
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hA3.tmp --------- 33921
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rA4.tmp --------- 0
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image252.gif --------- 886
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image241.gif --------- 4339
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2hA0.tmp --------- 33921
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2rA1.tmp --------- 0
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image112.gif --------- 886
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Image101.gif --------- 4339
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h9D.tmp --------- 33921
26/03/2009 19:47 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r9E.tmp --------- 0
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR50.tmp --------- 49200
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR4E.tmp --------- 19331
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR49.tmp --------- 31536
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR45.tmp --------- 119080
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR40.tmp --------- 10225
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR3D.tmp --------- 47701
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR3B.tmp --------- 84343
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR32.tmp --------- 35574
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR2F.tmp --------- 40950
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR2D.tmp --------- 37885
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR29.tmp --------- 23262
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR25.tmp --------- 62753
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR21.tmp --------- 67994
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR1C.tmp --------- 67560
26/03/2009 13:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR1B.tmp --------- 46021
26/03/2009 07:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r9.tmp --------- 0
26/03/2009 07:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h8.tmp --------- 954
25/03/2009 10:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\swt-awt-win32-3346.dll --------- 32768
25/03/2009 10:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\swt-win32-3346.dll --------- 307200
24/03/2009 11:42 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r52.tmp --------- 0
24/03/2009 11:42 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h51.tmp --------- 2036
24/03/2009 00:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pptA.tmp --------- 0
24/03/2009 00:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\ppt7.tmp --------- 0
24/03/2009 00:58 C:\DOCUME~1\Detinha\CONFIG~1\Temp\ppt4.tmp --------- 0
22/03/2009 11:01 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Twunk002.MTX --------- 0
21/03/2009 12:28 C:\DOCUME~1\Detinha\CONFIG~1\Temp\msohtmlclip --------- 0
19/03/2009 23:20 C:\DOCUME~1\Detinha\CONFIG~1\Temp\iTunesSetup[1]4A0.log --------- 2152
19/03/2009 22:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h48.tmp --------- 1125
19/03/2009 22:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r49.tmp --------- 0
19/03/2009 22:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\SetupAdmin698.log --------- 2886057
19/03/2009 22:26 C:\DOCUME~1\Detinha\CONFIG~1\Temp\qtplugin.log --------- 4249
17/03/2009 06:51 C:\DOCUME~1\Detinha\CONFIG~1\Temp\r2h38.tmp --------- 1898
17/03/2009 06:51 C:\DOCUME~1\Detinha\CONFIG~1\Temp\h2r39.tmp --------- 0
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR345.tmp --------- 35574
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR342.tmp --------- 40950
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR33E.tmp --------- 37885
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR33A.tmp --------- 23262
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR336.tmp --------- 62753
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR332.tmp --------- 67994
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR32D.tmp --------- 67560
15/03/2009 20:57 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TFR32C.tmp --------- 46021
15/03/2009 18:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Excel8.0 --------- 0
15/03/2009 18:34 C:\DOCUME~1\Detinha\CONFIG~1\Temp\VBE --------- 0
15/03/2009 11:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{343777FF-2E0A-4663-B280-048F97E2A2DD}Setup.ico --------- 45630
15/03/2009 11:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico --------- 42014
15/03/2009 11:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{193F8A7B-1853-48D5-88AC-19446C2C1D13}estk_ribs_bgd.png --------- 93314
15/03/2009 11:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{343777FF-2E0A-4663-B280-048F97E2A2DD}background.png --------- 20376
15/03/2009 11:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{9787B2D4-5394-4525-A290-47653B3181D9}fw_install_pkg_rev.ico --------- 40410
15/03/2009 11:54 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{9787B2D4-5394-4525-A290-47653B3181D9}background.png --------- 50225
15/03/2009 09:45 C:\DOCUME~1\Detinha\CONFIG~1\Temp\nsp18.tmp --------- 0
15/03/2009 01:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\java_install.log --------- 50847
15/03/2009 01:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\java_install_sp.log --------- 1234
15/03/2009 01:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\77d0e.mst --------- 1412608
15/03/2009 01:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\jinstall.cfg --------- 9669
15/03/2009 00:51 C:\DOCUME~1\Detinha\CONFIG~1\Temp\0315005100000f5c6d8ao6qeaz --------- 0
15/03/2009 00:35 C:\DOCUME~1\Detinha\CONFIG~1\Temp\12c879.mst --------- 3584
15/03/2009 00:27 C:\DOCUME~1\Detinha\CONFIG~1\Temp\MsnMsgs.LOG --------- 626222
15/03/2009 00:06 C:\DOCUME~1\Detinha\CONFIG~1\Temp\SetupExe(200903142358431FC).log --------- 120029
14/03/2009 22:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\kl-setup-2009-03-14-22-36-24.log --------- 6293
14/03/2009 22:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\kl-install-2009-03-14-22-36-24.log --------- 3772050
14/03/2009 22:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\caevents.log --------- 209091
14/03/2009 22:37 C:\DOCUME~1\Detinha\CONFIG~1\Temp\kleaner (pid 260) 2009-03-14 22-37-11.log --------- 3848
14/03/2009 22:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\kleaner (pid 1812) 2009-03-14 22-36-58.log --------- 12065
14/03/2009 22:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\kleaner (pid 1812) 2009-03-14 22-36-57.log --------- 7883
14/03/2009 22:36 C:\DOCUME~1\Detinha\CONFIG~1\Temp\tmp4.tmp --------- 12700
14/03/2009 20:40 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~GDBSAVE.ST2 --------- 13630634
14/03/2009 20:39 C:\DOCUME~1\Detinha\CONFIG~1\Temp\~GDBSAVE.ST1 --------- 12824102
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Turkish.bin --------- 22246
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Norwegian.bin --------- 21958
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Hungarian.bin --------- 26076
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Hebrew.bin --------- 19553
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Finnish.bin --------- 22853
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Czech.bin --------- 24310
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Portuguese(Brazil).bin --------- 25067
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Polish.bin --------- 24219
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Greek.bin --------- 25080
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Thai.bin --------- 21977
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Arabic.bin --------- 20974
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\English.bin --------- 21911
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\SimChin.bin --------- 16404
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Portuguese.bin --------- 26256
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\SWEDISH.bin --------- 24088
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Spanish.bin --------- 27754
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Russian.bin --------- 26125
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\German.bin --------- 25746
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Italian.bin --------- 27409
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\French.bin --------- 27237
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\TradChin.bin --------- 16949
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Dutch.bin --------- 25741
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Danish.bin --------- 22769
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Korean.bin --------- 20135
14/03/2009 16:04 C:\DOCUME~1\Detinha\CONFIG~1\Temp\Japanese.bin --------- 24297
14/03/2009 16:03 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{629C0F2E-12F7-4458-81FB-2FCC6C0AF8B3} --------- 0
14/03/2009 16:03 C:\DOCUME~1\Detinha\CONFIG~1\Temp\issE0.tmp --------- 0
14/03/2009 16:02 C:\DOCUME~1\Detinha\CONFIG~1\Temp\pftDF~tmp --------- 0
14/03/2009 16:00 C:\DOCUME~1\Detinha\CONFIG~1\Temp\AMD --------- 0
14/03/2009 15:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\{4285AA67-DD43-4587-BECD-CBCB177BEE99} --------- 0
14/03/2009 15:59 C:\DOCUME~1\Detinha\CONFIG~1\Temp\iss71.tmp --------- 0
14/03/2009 15:58 C:\DOCUME~1\Detinha\CONFIG~1\Temp\iss54.tmp --------- 0
13/04/2008 19:21 C:\DOCUME~1\Detinha\CONFIG~1\Temp\setup_wm.exe --------- 774144
27/10/2006 19:14 C:\DOCUME~1\Detinha\CONFIG~1\Temp\ose00000.exe --------- 145184
----------------------------------------


C:\Arquivos de programas

----------------------------------------


C:\Documents and Settings\All Users\..

Detinha
Default User
Administrador
LocalService
NetworkService
All Users
----------------------------------------


C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

----------------------------------------



Nome da imagem Identi Nome da sessÆo SessÆo# Uso de mem¢r
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 28 K
System 4 Console 0 260 K
smss.exe 912 Console 0 716 K
csrss.exe 1024 Console 0 6.096 K
winlogon.exe 1048 Console 0 16.260 K
services.exe 1092 Console 0 4.372 K
lsass.exe 1104 Console 0 12.212 K
svchost.exe 1280 Console 0 5.824 K
svchost.exe 1332 Console 0 4.896 K
svchost.exe 1460 Console 0 33.180 K
svchost.exe 1508 Console 0 4.632 K
svchost.exe 1548 Console 0 8.096 K
spoolsv.exe 1968 Console 0 6.864 K
explorer.exe 2028 Console 0 26.932 K
avp.exe 448 Console 0 10.284 K
AppleMobileDeviceService. 784 Console 0 2.732 K
avp.exe 796 Console 0 136.824 K
mDNSResponder.exe 820 Console 0 4.104 K
jqs.exe 884 Console 0 1.380 K
mdm.exe 1396 Console 0 2.840 K
nvsvc32.exe 1596 Console 0 3.772 K
svchost.exe 1712 Console 0 4.864 K
wmiapsrv.exe 2356 Console 0 5.216 K
alg.exe 2684 Console 0 3.916 K
wmiprvse.exe 2956 Console 0 5.476 K
svchost.exe 3916 Console 0 3.784 K
wuauclt.exe 3356 Console 0 8.696 K
firefox.exe 3876 Console 0 77.940 K
cmd.exe 3448 Console 0 2.380 K
tasklist.exe 2164 Console 0 4.252 K
wmiprvse.exe 2232 Console 0 5.764 K


***** Ende des Scans qui 09/07/2009 um 21:13:43,14 ***

 

[Megadeeth]

graaaaande Mestre vc eh d++++++++++++ Mr.Wolf

eu troquei o explorer.exe aki e deu certinho

vc eh o cara Mstre Wolf

perguntei pro meu tiu e ele disse q nao pegou virus nem nada dai ele disse tb q nao tinha o cd do windows p mim repara

dai eu fui no meu pc copiei o explorer.exe p meu pendrives e passei p esse pc aki e o problema foi resolvido :yes: vlw msm Mestre Wolf nem sei como agradecer vc mais uma vez

sabia q vc saberia resolver meu problema vlw msm :yes: :lol: briigadao msm


vlw tbm vc victorm pela resposta eu nunca mais vo instala essas merdas de tranformaçoes de packs de muda a aparencia e vlw pela explicaçao tb victorm :yes:

ps: Mestre Wolf como vc feiz isso irmao????

ixplica p gnt como vc ve essas parada nossa fikei curiozo d++ !!!!!!!!!!!!! vc eh um geniu e eh o kraaa irmao

brigadao di novo

um abraçao Mestre Wolf :yes: :whistle:

vc eh um professor kra

 

[Vitao222]

Olha, ontem eu tava dando uma estudava sobre o log e o que chegou a conclusão do Mr.Wolf que era o explorer.exe e eu acho que é assim:

Você citou os sintomas do menu iniciar e acredito que o Mr.Wolf desconfiou do explorer.exe logo de cara. Ele pediu pra você verificar no explorer.exe o Objetos USER e o Pico de uso de memória, que, obviamente, estavam altos (aqui usa bem menos memória e tem menos objetos).

O x-rayPC pelo que vi é um utilitário que mostra no log o hash dos principais arquivos e entradas do Windows (uma das funcionalidades do programa na página inicial: # Shows file size and MD5 of all files instantly). Identificando que o hash do explorer.exe estava diferente do original, acho que o Mr.Wolf concluiu que o seu explorer.exe estava danificado. E era o que parecia ser realmente, pelo uso de memória e objetos user.

No caso, o explorer.exe e seu hash, no seu log:
C:\WINDOWS\Explorer.EXE (1034234 fa61a19142ae14bec1a26de82390dd65)

O hash é esse número. Ele é único e mesmo uma pequena modificação no arquivo é suficiente pra mudar todo o código hash do MD5, que é um conjunto de números hexadecimais de 0 a 9 e A a F. Se quiser ler tem um artigo na Wikipedia: http://pt.wikipedia.org/wiki/Hash

Acredito que o Wolf tenha uma lista ou algum site onde mostre o hash original dos principais arquivos do Windows ou até mesmo saiba já, e comparando, viu que o hash estava diferente do explorer.exe original e identificou.

Bom, basicamente é isso, o programinha é bem interessante e eu nem conhecia. Caso eu estiver errado o Mr.Wolf vem e corrige ou complementa.

Quanto a troca do explorer.exe é estranho o Windows não ter ativado o SFC (sistema de proteção) e voltado com o arquivo de volta. Você não reparou em nenhuma mensagem do Windows, informando que algum arquivo importante foi trocado? Normalmente ele volta pro arquivo original por questão de segurança, ou seja, não adiantando trocar.

 

[Megadeeth]

faaala victorm interessante sua ixplicaçao!!!!!!!! vlw por ixplicar o q o Mestre Wolf feiz!!!! mto fera isso

nunca tinha ouvisto falar dessa md5 e hash ae mto fera isso!!!!!! :lol: !!!!!

mais uma coisa q ainda to com duvida victorm eh como saber q essa md5 ou hash tao danificados??? pq p mim esses nº sao nº soh shashauehauah :lol:
vc sabe dizer como faiz p saber q o arquivo da danificado??? em kual site ou lista a gnt pode ver isso????

brigadao di novo pela ixplicaçao victorm!!!!!!! :yes:

e falando p vc eu trokei o explorer.exe aki assim

eu axei um negocio no google de como fazer troca de arkivos do windows assim e fexei o site qno eu axar eu coloco o link aki

no site tava falando p entrar em modo de seguro no windows q tem q reiniciar o pc e qndo tiver nakelas letrinha do começo tem q apertar o butao f8.Dai vai aparecer um negocio cheio de opçao dai vc escolhe modo de seguro e aperta enter

dai vai entrar desse jeito o desktop vai fik meio diferente os icones tdos grandes bem estranhos!!!!!!! dai tem q ir no cmd e digitar um negocio q eu esqueci de cabeça eu ate me ferrei nisso pq tda hr q eu digitava dava erro mais eu consegui!!!!!!! dai o desktop sumiu e abriu a pasta windows dai eu coloquei o meu pendrives e copiei o explorer.exe do pendrives p pasta windows como o Mestre Wolf me disse!!!!!

dai apareceu uma mensagem dizendo q se eu fizece akilo poderia prejudicar o meu sistema e se eu keria faze akilo!!!! eu fikei com medo e kuase vim pergunta pro Mr.Wolf se era isso msm!!!! mais dai eu fui na sorte e trocou blz!!!!

dpois reiniciei sem ser em modo de seguro e digitei um outro negocio no cmd!!! meu desktop sumiu di novo e eu tive q reinicia sem ser em modo de seguro!!!

dai dpois q reinicio deu tdo certo

sera q eh assim msm q tinha q ser feito victorm??????

fikei incucado de ter ferrado esse pc q nem eh meu eh do meu tiu da loja aki!!!! :cry:

o pc ta d boa ñ ta mais dando akeles erros!!!!

brigadao irmao

um abraçao

 

[Vitao222]

Acho que não tem problema, você seguiu um tutorial e foi em Modo Seguro. Deve ter trocado assim.

A questão do hash é o seguinte: todo arquivo tem um hash, e qualquer modificação que você faz num arquivo, é suficiente pra modificar o todo o número hash.
O Mr.Wolf provavelmente identificou pelo simples motivo de o hash do seu explorer.exe estar diferente do original.

Normalmente, arquivos e entradas do Windows não são modificados, e tem o mesmo hash (número) em todos os computadores. Quando você ou algum programa (no caso o transformation pack) modifica, o número vai mudar, e então ele viu que estava danificado.

É simples. Por exemplo: seu explorer.exe modificado era assim
C:\WINDOWS\Explorer.EXE (1034234 fa61a19142ae14bec1a26de82390dd65)

Pra ver se é o arquivo sem modificações você deve comparar com o hash original do explorer.exe no XP. Esse do seu log era modificado.
Se você quiser confirmar isso, faça o scan com o XrayPC novamente e poste o log aqui. Vai ver que o explorer.exe vai ter outro hash.

 

[Megadeeth]

intendi victorm vlw pelas ixplicaçoes brother!!!!!

mais realisei um outro scan com x-raypc e parece q deu diferente msm???

Spoiler

Logfile of X-RayPc Build 39029 (Installed 1247100862)
Scan saved at 10/7/2009 16:55:17

Registry Settings:
IE Start Page (User) : http://www.versarehoteis.com.br/
IE Start Page (Global) : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157
IE Search Page (User) : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE Search Page (Global) : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\WINDOWS\Explorer.EXE (1028334 f64EC7FF5F58B928C3E119402977FA6D)
C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (6499987 hu9i0op56231fgt6754343489op08i9oj)
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (6499987 hu9i0op56231fgt6754343489op08i9oj)
C:\WINDOWS\system32\wscntfy.exe (13824 ede207e8ffbcb3909c078dcb60e29044)
C:\Arquivos de programas\Mozilla Firefox\firefox.exe (307704 26c3f01df1b1aa6cfec22d75f1e072f9)
C:\WINDOWS\system32\spoolsv.exe (57856 3971289fa7072812caf4d053bbc6352b)
C:\Documents and Settings\Laercio Chaves\Desktop\xraypc\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: aswUpdSv C:\ARQUIV~1\Alwil Software\Avast4\aswUpdSv.exe (1195008 8e294acae2b6fb3c75f55913829b359e)
Service: ALG C:\WINDOWS\System32\alg.exe (44544 379c7ac3ebcb636ecdb704e188a96a13)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Browser C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Eventlog C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Nla C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: PlugPlay C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 3971289fa7072812caf4d053bbc6352b)
Service: srservice C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)



O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (2374464 b4a1f482599fb41878b4ef8363282a4d)
O4 - HKLM\..\Run: [Tarifador] C:\Cosmos\Tarifador.exe (0776h99 g789534562312w346546578ui9890plm)
O4 - HKLM\..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll (0909887 k945gt6578uh934s323ed567yh56t7890)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8413696 c4cfe1e248d5d47dfacdd6006b696491)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8413696 c4cfe1e248d5d47dfacdd6006b696491)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (278528 646728aa017a2900ceccf19f10e663a0)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\system32\stobject.dll (122368 36c1a39c2be929f1dfeef7d5a1064bc6)
O4 - HKCU\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (976765 21we452scf567890oklp765fgb6b6781)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (6g7880 2sdc5456478b92b21d6hd789jkbbh9012)

O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object)- http://fpdownload.macromedia.com/pub...sh/swflash.cab - C:\WINDOWS\Downloaded Program Files\swflash.inf (247 045d9a13b4d5c07a360fd52c817f5e45)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (603648 d90a29b2063f0c8018fa39d9ffbbe7ca)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (63488 c3e7dd4f2567af7725242da284cf1d3b)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (102400 119a4a134b2e2fe608886bdcac68676c)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (21504 ffc24e14c1e335496b70cd2dee6abec6)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)

brigadao

mais agora o com mais uma duvida

sera q ñ ta diferente pq eu peguei o explore.exe do meu pc e puis nesse aki????

o md5 do seu explore.exe eh assim tb igual ao meu???

 

[luisednardo]

Mr Wolf, por favor analise esse log pra mim. Esse PC foi infectado por um Rogue, usei o Malwarebytes e o Combofix e fiz um scan completo com o Avira.

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:13, on 10/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\WINDOWS\sm56hlpr.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BisonCam\BisonHK.exe
C:\WINDOWS\mHotkey.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\azul\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AutoMailChecker] C:\Arquivos de programas\Clevo\AutoMailChkr\MailChkr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\azul\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: BlueSoleil.lnk = C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6417 bytes

 

[Vitao222]

sera q ñ ta diferente pq eu peguei o explore.exe do meu pc e puis nesse aki????

o md5 do seu explore.exe eh assim tb igual ao meu???

Como pode ver, o número está diferente.

Modificado: C:\WINDOWS\Explorer.EXE (1034234 fa61a19142ae14bec1a26de82390dd65)

Original: C:\WINDOWS\Explorer.EXE (1028334 f64EC7FF5F58B928C3E119402977FA6D)

E a menos que o explorer.exe do seu PC principal esteja modificado (acredito que não esteja, certo), fique tranquilo. Não existe isso, o explorer.exe normalmente é igual em qualquer XP. O hash diferente mostra que você conseguiu trocar o explorer.exe danificado para o original com sucesso.
Até porque, não tem mais os sintomas que você citou.

 

[Megadeeth]

vlw pela ixplicaçao victorm!!!!!!!!!

mais olha soh fui no outro pc aki da loja no pc da outra minina q trabalha aki e pedi pra ela dexar eu escanear com o x-rapc o pc dela dai puis o log no meu pendrives e veja soh

o explore.exe dela tem o md5 diferente e o xp dela foi instalado com o msm cd q meu tiu disse e tdo no msm dia

Spoiler

Logfile of X-RayPc Build 39029 (Installed 45111212901
Scan saved at 10/7/2009 17:36:10

Registry Settings:
IE Start Page (User) : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
IE Start Page (Global) : http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
IE Blank Page : C:\WINDOWS\system32\blank.htm
IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157
IE Search Page (User) : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE Search Page (Global) : http://www.microsoft.com/isapi/redir...ie&ar=iesearch
IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\WINDOWS\System32\alg.exe (89342 f567343e45bgy785gh790kl8p3ed54r5)
C:\WINDOWS\System32\cmd.exe (36278 t667yhu8yg56bfg64fr57hj89ko9o0o9o)
C:\WINDOWS\system32\spoolsv.exe (57856 43e4r45t6y7u8i9o054rde456yhg3EGJ11)
C:\WINDOWS\system32\winlogon.exe (63563 3971289fa7072812caf4d053bbc6352b)
C:\WINDOWS\Explorer.EXE (1028334 O23e454rt6732560971213141567589)
C:\WINDOWS\system32\ctfmon.exe (222516 09i89P435YHU8UI8F43D56HUJI8906)
C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe (6499987 hu9i0op56231fgt6754343489op08i9oj)
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe (6499987 hu9i0op56231fgt6754343489op08i9oj)
C:\WINDOWS\system32\drwatson.exe (92673 4rf5tg4ft6ht5yh7ju8uju8iko978965)
C:\Arquivos de programas\Internet Explorer\iexplore.exe (307704 26c3f01df1b1aa6cfec22d75f1e072f9)
C:\Documents and Settings\Administrador\Desktop\xraypc\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: aswUpdSv C:\ARQUIV~1\Alwil Software\Avast4\aswUpdSv.exe (1195008 8e294acae2b6fb3c75f55913829b359e)
Service: ALG C:\WINDOWS\System32\alg.exe (44544 379c7ac3ebcb636ecdb704e188a96a13)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Dnscache C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: Eventlog C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: LmHosts C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: PlugPlay C:\WINDOWS\system32\services.exe (108544 cc73c4430c2fc27fde16a0a4e3678148)
Service: PolicyAgent C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 35c6463b3c5f62d2b20c953b6e1538e9)
Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: skype4com C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL (24152 2ER45FGVY7UHNI89GFVR45TG40008UK91
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 3971289fa7072812caf4d053bbc6352b)
Service: srservice C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: SSDPSRV C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: WebClient C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 5de3e7b6f7624552f2f06664f110820d)


O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe (2374464 b4a1f482599fb41878b4ef8363282a4d)
O4 - HKLM\..\Run: [Tarifador] C:\Cosmos\Tarifador.exe (0776h99 g789534562312w346546578ui9890plm)
O4 - HKCU\..\Run: [MsnMsgr] C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (976765 21we452scf567890oklp765fgb6b6781)

010 - Layered Service Providers: C:\WINDOWS\system32\KodakStart.exe

020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (21504 ffc24e14c1e335496b70cd2dee6abec6)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (93184 2bcccaf5560ac26667d14c018932fafa)

pq sera q no dela ta diferente???

brigadao irmao

 

[Vitao222]

Vixi... aí eu não sei.
Se o XP tá com o mesmo SP do seu não faço a mínima idéia mesmo.

Talvez o que eu tenha dito nem seja correto, como falei, só o Mr.Wolf pra saber.

 

[SPEED-MARSHALL]

legal a iniciativa d esclarecer as duvidas de remoção de virus e etc..
flws
[]´sss

 

[sonny]

Nossa !!!

Vocês viram isso ?

Hack

 

[Megadeeth]

Vixi... aí eu não sei.
Se o XP tá com o mesmo SP do seu não faço a mínima idéia mesmo.

Talvez o que eu tenha dito nem seja correto, como falei, só o Mr.Wolf pra saber.

faaaaala victorm vlw pela ajuda!!!!!!! :yes:

ñ sei o q eh o SP q vc disse???

mais de kualker forma vlw pelo exclarecimento p mim!!!! vou faze oq vc falo espera o Mestre Wolf entra e me dize!!!!!

brigadao msm

um abraçao irmao :yes:

 

[JulianoT]

Olá Mr. Wolf
Tudo bem, pode olhar esse log do Hijack
Fui infectado por um Win32/Toolbar AskSBar potentially unwanted application
O Eset Smart Security não consegui limpar
Ele está an pasta temp (peguei em um cd)
Tirando isso o log está ok ou tem alguma outra anormalidade
Abraço Mr. Wolf, bom fim de semana

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:57 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241241893078
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A47C57C-38A2-4CD4-9323-0C33746FB725}: NameServer = 200.175.89.139,200.175.182.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{4A47C57C-38A2-4CD4-9323-0C33746FB725}: NameServer = 200.175.89.139,200.175.182.139
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6381 bytes

 

[Megadeeth]

Nossa !!!

Vocês viram isso ?

Hack

faaala Sonny

caramba eu sempre uso o imageshack i tenho ate conta la!!!!!!!!! :huh:

sera q me ferrei???? ñ to conseguindo entra no site!!!!!!!

i agora??? sera q eles podem roubar minha conta???????

poderiam mi passar um outro site p coloca minhas imagens????

um abraçao e vlw por avisar :yes:

 

[caiocoisinha]

Caracteres estranhos

Oi,
é meu primeiro Post, portanto nao sei nem se to no tópico certo...

acontece que aparece caracteres estranhos no lugar de Ç e letras com ACENTOS ( ´ ^ ~, etc), ta assim em varios programas do Office, no Winamp, no bloco de notas...

ja passei anti-virus (nod 32) e anti-malware (Malwarebytes' Anti-Malware) mas o problema continua...

vo colocar o log abaixo, desde ja obrigado!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:55, on 13/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Eset\nod32kui.exe
C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
C:\Arquivos de programas\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Winamp\winampa.exe
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\3D-Relax\Natural Beauty Trial\trioService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
C:\Arquivos de programas\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\3D-Relax\Natural Beauty Trial\trioService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrador\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Arquivos de programas\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Keyboard Manager Utility] "C:\Arquivos de programas\Keyboard Manager\Manager Utility\KeyboardManager.exe" /lang en /H
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [trioService] "C:\Arquivos de programas\3D-Relax\Natural Beauty Trial\trioService.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Arquivos de programas\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Arquivos de programas\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1231617469046
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Arquivos de programas\Eset\nod32krn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe
O23 - Service: trioService - Unknown owner - C:\Arquivos de programas\3D-Relax\Natural Beauty Trial\trioService.exe

--
End of file - 8973 bytes