Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
dr.fritz

Vista, Lento

Recommended Posts

Ola. Tenho um pc com uma configuração bem boa. Mas ele anda travando e bem lento. Ja passei o anti-virus mas o pc nao roda nada!!! Demora demais em todas as funcoes. Gostaria da ajuda de vocês!

Vou postar aqui meu Log conforme orientado.

Desde ja agradeco.

Vou postar em partes.

Editado por dr.fritz

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-18 14:15:03

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.14 ----

SSDT 87293C68 ZwAlertResumeThread

SSDT 87293D48 ZwAlertThread

SSDT 8730DFC0 ZwAllocateVirtualMemory

SSDT 8721B428 ZwAlpcConnectPort

SSDT 8730C188 ZwCreateMutant

SSDT 8730A470 ZwCreateThread

SSDT 8733FDB0 ZwDebugActiveProcess

SSDT 8730DE20 ZwFreeVirtualMemory

SSDT 8730C278 ZwImpersonateAnonymousToken

SSDT 87293B88 ZwImpersonateThread

SSDT 87303688 ZwMapViewOfSection

SSDT 8730C0A8 ZwOpenEvent

SSDT 8730A3B0 ZwOpenProcessToken

SSDT 8733FE90 ZwOpenSection

SSDT 873091E8 ZwOpenThreadToken

SSDT 87313158 ZwResumeThread

SSDT 873034C0 ZwSetContextThread

SSDT 873034F8 ZwSetInformationProcess

SSDT 87309090 ZwSetInformationThread

SSDT 8733FF70 ZwSuspendProcess

SSDT 87305178 ZwSuspendThread

SSDT 8730A550 ZwTerminateProcess

SSDT 87305238 ZwTerminateThread

SSDT 873035C8 ZwUnmapViewOfSection

SSDT 8730DEF0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81CBA914 8 Bytes [ 68, 3C, 29, 87, 48, 3D, 29, ... ]

.text ntkrnlpa.exe!KeSetTimerEx + 364 81CBA928 4 Bytes [ C0, DF, 30, 87 ]

.text ntkrnlpa.exe!KeSetTimerEx + 370 81CBA934 4 Bytes [ 28, B4, 21, 87 ]

.text ntkrnlpa.exe!KeSetTimerEx + 428 81CBA9EC 4 Bytes [ 88, C1, 30, 87 ]

.text ntkrnlpa.exe!KeSetTimerEx + 454 81CBAA18 4 Bytes [ 70, A4, 30, 87 ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!DialogBoxIndirectParamW 76E8BD25 5 Bytes JMP 6F155BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!DialogBoxParamW 76EA1FD5 5 Bytes JMP 6F155B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!DialogBoxParamA 76EC80B2 5 Bytes JMP 6F155BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!DialogBoxIndirectParamA 76EC83DD 5 Bytes JMP 6F155C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!MessageBoxIndirectA 76EDD471 5 Bytes JMP 6F155B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!MessageBoxIndirectW 76EDD56B 5 Bytes JMP 6F155AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!MessageBoxExA 76EDD5D1 5 Bytes JMP 6F155ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] USER32.dll!MessageBoxExW 76EDD5F5 5 Bytes JMP 6F155A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] SHELL32.dll!SHRestricted + DFD 75FE8390 4 Bytes [ 99, 0B, CE, 73 ]

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] SHELL32.dll!SHRestricted + E05 75FE8398 8 Bytes [ A7, 0A, CE, 73, A4, 32, CD, ... ]

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] SHELL32.dll!SHRestricted + FB1 75FE8544 4 Bytes [ 99, 0B, CE, 73 ]

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] SHELL32.dll!SHRestricted + FB9 75FE854C 4 Bytes [ A7, 0A, CE, 73 ]

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] SHELL32.dll!ILFree + 5F3 75FE9AFC 4 Bytes [ 99, 0B, CE, 73 ]

.text C:\Program Files\Internet Explorer\iexplore.exe[4504] SHELL32.dll!ILFree + 5FB 75FE9B04 4 Bytes [ A7, 0A, CE, 73 ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [73CCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [73CCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [73CCB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [73CCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [73CCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [73CCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [73CCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [73CCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73CCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [73CCB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [73CCDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [73CCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [73CCF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [73CD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [73CCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [73CD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [73CCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [73CCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [73CCB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [73CCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [73CCA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [73CDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [73CDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [73CDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [73CDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [73CDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [73CDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [73CDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [73CCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [73CCE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [73CCB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [73CCA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [73CCA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [73CCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [73CCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [73CC8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [73CCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [73CD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [73CCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [73CCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [73CC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [73CC8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [73CCBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [73CCFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [73CCFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [73CD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [73CCEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [73CC89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [73CCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!WinHelpW] [73CCCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!WinHelpA] [73CCCE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [73CDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [73CDC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [73CDCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [73CDD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [73CDCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [73CDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [73CDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [73CDE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [73CDD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [73CDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [73CDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [73CDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [73CDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [73CDDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [73CDDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [73CDE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [73CDDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [73CDD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [73CCA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [73CCFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [73CCE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [73CCA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [73CCAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [73CCB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [73CCC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [73CCB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [73CC9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [73CCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [73CCDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [73CD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [73CD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [73CC9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [73CC89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [73CCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [73CCA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [73CCA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [73CCEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [73CCE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [73CCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [73CC8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [73CC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [73CCDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [73CC94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [73CCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [73CCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [73CC8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [73CCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [73CC9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [73CCF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!LoadImageW] [73CCC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!WinHelpW] [73CCCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!PrivateExtractIconsW] [73CCCA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [73CDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [73CDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [73CDDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [73CDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [73CDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [73CDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [73CDD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [73CDE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [73CDD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [73CDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [73CDD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [73CDC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [73CDC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [73CDD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [73CDCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [73CDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [73CD91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [73CD0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [73CD02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [73CCD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [73CCF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [73CCC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [73CC94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [73CC8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [73CCBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [73CCD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [73CC8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [73CCD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [73CDD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6E7D7C75] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [73CDE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [73CDE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [73CDDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [73CDCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [73CDDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [73CDD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [73CDD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [73CDDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [73CDCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [73CDD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [73CDCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [73CDCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [73CDC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [73CDD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [73CDCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHRegGetValueW] [73CD5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHRegGetValueA] [73CD5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathUnExpandEnvStringsA] [73CD4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHDeleteKeyA] [73CD50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHDeleteValueW] [73CD519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathCreateFromUrlW] [73CD40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHGetValueA] [73CD5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHSetValueA] [73CD619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHGetValueW] [73CD53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHSetValueW] [73CD61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[4504] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathCombineW] [73CD3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

Compartilhar este post


Link para o post
Compartilhar em outros sites

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Services - GMER 1.0.14 ----

Service C:\PROGRA~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\PROGRA~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x88 ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\PROGRA~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x88 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of random's system information tool 1.04 (written by random/random)

Run by arthuro at 2008-11-18 14:15:41

Microsoft® Windows Vista™ Home Premium Service Pack 1

System drive C: has 80 GB (57%) free of 141 GB

Total RAM: 3006 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:16:01 PM, on 11/18/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Windows\system32\taskeng.exe

C:\Users\arthuro\Desktop\gmer\gmer.exe

C:\Users\arthuro\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\arthuro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.3\gbiehabn.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{78DA0AFE-A701-484D-9EF3-7620F60FA230}: NameServer = 10.110.112.33,200.141.251.190

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

End of file - 9267 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

C:\Windows\tasks\HPCeeScheduleForarthuro.job

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - arthuro.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-10-11 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\Windows\Downloaded Program Files\CONFLICT.3\gbiehabn.dll [2008-05-16 369064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]

HP Print Clips - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31 177504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 316784]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]

"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\Windows\Downloaded Program Files\CONFLICT.3\gbiehabn.dll [2008-05-16 369064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54a190bf-9865-11dd-b2a4-002100110314}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"

.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2008-11-18 14:15:41 ----D---- C:\rsit

2008-11-18 13:42:16 ----A---- C:\Windows\gmer.ini

2008-11-18 13:42:14 ----A---- C:\Windows\gmer_uninstall.cmd

2008-11-18 13:42:14 ----A---- C:\Windows\gmer.dll

2008-11-18 13:42:13 ----A---- C:\Windows\gmer.exe

2008-11-14 17:43:49 ----HD---- C:\Windows\PIF

2008-11-14 17:05:45 ----D---- C:\Program Files\Trend Micro

2008-11-14 03:09:14 ----A---- C:\Windows\system32\msxml3.dll

2008-11-13 11:58:05 ----A---- C:\Windows\system32\msxml6.dll

2008-11-08 16:27:54 ----D---- C:\Program Files\Adobe

2008-11-08 08:18:17 ----D---- C:\Program Files\GbPlugin

2008-11-08 08:18:14 ----D---- C:\ProgramData\GbPlugin

2008-10-29 01:35:26 ----A---- C:\Windows\system32\wersvc.dll

2008-10-29 01:35:26 ----A---- C:\Windows\system32\Faultrep.dll

2008-10-29 01:34:49 ----A---- C:\Windows\system32\win32spl.dll

2008-10-27 10:05:00 ----D---- C:\Program Files\Common Files\Adobe

2008-10-24 17:23:41 ----D---- C:\Users\arthuro\AppData\Roaming\MSNInstaller

2008-10-24 00:23:15 ----A---- C:\Windows\system32\netapi32.dll

2008-10-19 18:46:36 ----D---- C:\Program Files\SopCast

2008-10-19 18:45:56 ----D---- C:\Program Files\Megacubo

======List of files/folders modified in the last 1 months======

2008-11-18 14:15:57 ----D---- C:\Windows\Prefetch

2008-11-18 14:15:48 ----D---- C:\Windows\Temp

2008-11-18 13:42:16 ----D---- C:\Windows

2008-11-18 13:42:14 ----D---- C:\Windows\system32\drivers

2008-11-18 13:24:05 ----D---- C:\ProgramData\Symantec

2008-11-18 12:05:31 ----SHD---- C:\System Volume Information

2008-11-18 11:07:47 ----D---- C:\Windows\System32

2008-11-18 11:07:47 ----D---- C:\Windows\inf

2008-11-18 11:07:47 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-16 15:22:18 ----D---- C:\Windows\tracing

2008-11-15 14:58:40 ----D---- C:\Windows\Tasks

2008-11-15 14:58:40 ----D---- C:\Windows\system32\Tasks

2008-11-15 14:34:59 ----D---- C:\Windows\rescache

2008-11-15 14:14:00 ----D---- C:\Windows\winsxs

2008-11-15 13:27:51 ----SD---- C:\Users\arthuro\AppData\Roaming\Microsoft

2008-11-15 04:55:18 ----SHD---- C:\Windows\Installer

2008-11-15 04:55:18 ----D---- C:\ProgramData\Microsoft Help

2008-11-14 17:05:45 ----D---- C:\Program Files

2008-11-13 12:06:27 ----D---- C:\Windows\system32\catroot2

2008-11-13 11:57:15 ----D---- C:\Windows\system32\catroot

2008-11-08 16:28:02 ----D---- C:\ProgramData\Adobe

2008-11-08 08:18:14 ----HD---- C:\ProgramData

2008-11-08 08:18:13 ----SD---- C:\Windows\Downloaded Program Files

2008-11-06 07:17:28 ----D---- C:\Windows\system32\WDI

2008-11-03 16:10:25 ----A---- C:\Windows\system32\mrt.exe

2008-10-28 05:05:52 ----D---- C:\Program Files\Common Files\Symantec Shared

2008-10-27 10:05:00 ----D---- C:\Program Files\Common Files

2008-10-23 21:29:11 ----D---- C:\Program Files\Sling Media

2008-10-23 21:28:46 ----HD---- C:\Program Files\InstallShield Installation Information

2008-10-23 14:23:41 ----D---- C:\ProgramData\WildTangent

2008-10-21 07:53:24 ----D---- C:\Users\arthuro\AppData\Roaming\CyberLink

2008-10-19 18:46:51 ----D---- C:\Users\arthuro\AppData\Roaming\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2097-12-31 371248]

R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081117.001\IDSvix86.sys [2008-10-03 270384]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]

R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]

R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]

R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-09 8704]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-07-06 155136]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2097-12-31 99376]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-01 183352]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]

R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-19 984064]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-19 208896]

R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081117.048\NAVENG.SYS [2008-11-11 89104]

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081117.048\NAVEX15.SYS [2008-11-11 876112]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-08 7626304]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]

R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]

R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-10-11 123952]

R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]

R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]

R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-19 660480]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]

S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 Cpqdfw;Compaq Dfw; C:\Windows\system32\drivers\Cpqdfw.sys []

S3 cq_mem;Compaq Memory Diagnostics; C:\Windows\system32\drivers\cq_mem.sys []

S3 cqcpu;Compaq Cpu Diagnostics; C:\Windows\system32\drivers\cqcpu.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-18 85969]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 rlnDebug;COMPAQ ILO; \??\C:\Windows\system32\drivers\CpqILO.sys []

S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]

S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]

R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]

R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]

R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-09 386560]

R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-10-11 1251720]

S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]

S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poderia postar um log atualizado das ferramentas por gentileza?

Compartilhar este post


Link para o post
Compartilhar em outros sites

AI VAI:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-22 15:25:03

Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.14 ----

SSDT 87255F48 ZwAlertResumeThread

SSDT 8713D038 ZwAlertThread

SSDT 872558B8 ZwAllocateVirtualMemory

SSDT 871DE310 ZwAlpcConnectPort

SSDT 872B9A20 ZwCreateMutant

SSDT 87255A48 ZwCreateThread

SSDT 86267698 ZwDebugActiveProcess

SSDT 87255718 ZwFreeVirtualMemory

SSDT 872571F8 ZwImpersonateAnonymousToken

SSDT 8720ED38 ZwImpersonateThread

SSDT 87255618 ZwMapViewOfSection

SSDT 872B9960 ZwOpenEvent

SSDT 87255988 ZwOpenProcessToken

SSDT 86275C40 ZwOpenSection

SSDT 87255358 ZwOpenThreadToken

SSDT 8740A1B8 ZwResumeThread

SSDT 87255278 ZwSetContextThread

SSDT 87255448 ZwSetInformationProcess

SSDT 87255188 ZwSetInformationThread

SSDT 86275D00 ZwSuspendProcess

SSDT 87257550 ZwSuspendThread

SSDT 87255B28 ZwTerminateProcess

SSDT 87255068 ZwTerminateThread

SSDT 87255538 ZwUnmapViewOfSection

SSDT 872557E8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 81CCF914 8 Bytes [ 48, 5F, 25, 87, 38, D0, 13, ... ]

.text ntkrnlpa.exe!KeSetTimerEx + 365 81CCF929 3 Bytes [ 58, 25, 87 ]

.text ntkrnlpa.exe!KeSetTimerEx + 370 81CCF934 4 Bytes [ 10, E3, 1D, 87 ]

.text ntkrnlpa.exe!KeSetTimerEx + 428 81CCF9EC 4 Bytes [ 20, 9A, 2B, 87 ]

.text ntkrnlpa.exe!KeSetTimerEx + 454 81CCFA18 4 Bytes [ 48, 5A, 25, 87 ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!DialogBoxIndirectParamW 76C5BD25 5 Bytes JMP 6DB95BF3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!DialogBoxParamW 76C71FD5 5 Bytes JMP 6DB95B7D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!DialogBoxParamA 76C980B2 5 Bytes JMP 6DB95BB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!DialogBoxIndirectParamA 76C983DD 5 Bytes JMP 6DB95C2E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!MessageBoxIndirectA 76CAD471 5 Bytes JMP 6DB95B39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!MessageBoxIndirectW 76CAD56B 5 Bytes JMP 6DB95AF5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!MessageBoxExA 76CAD5D1 5 Bytes JMP 6DB95ABB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] USER32.dll!MessageBoxExW 76CAD5F5 5 Bytes JMP 6DB95A81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] SHELL32.dll!SHRestricted + DFD 75F08390 4 Bytes [ 99, 0B, 0E, 6C ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] SHELL32.dll!SHRestricted + E05 75F08398 8 Bytes [ A7, 0A, 0E, 6C, A4, 32, 0D, ... ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] SHELL32.dll!SHBindToObject + 693 75F0A9B8 4 Bytes [ 99, 0B, 0E, 6C ]

.text C:\Program Files\Internet Explorer\iexplore.exe[2292] SHELL32.dll!SHBindToObject + 69B 75F0A9C0 4 Bytes [ A7, 0A, 0E, 6C ]

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3612] kernel32.dll!SetUnhandledExceptionFilter 75B06E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6C0CD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6C0CD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6C0CB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6C0CD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6C0CBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6C0CF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6C0CC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6C0CF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6C0CD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6C0CB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6C0CDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6C0CC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6C0CF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6C0D0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6C0CFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6C0D02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6C0CD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6C0CBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6C0CB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6C0CD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6C0CA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C0DDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6C0DE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C0DCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6C0DD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6C0DCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C0DC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6C0DCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6C0CD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6C0CE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6C0CB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6C0CA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6C0CA819] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6C0CC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6C0CD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6C0C8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6C0CBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6C0D02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6C0CFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6C0CF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6C0C8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6C0C8C26] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6C0CBBD2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6C0CFF42] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6C0CFB96] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6C0D0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6C0CEFA8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6C0C89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6C0CD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!WinHelpW] [6C0CCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!WinHelpA] [6C0CCE2E] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6C0DCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6C0DC49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6C0DCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6C0DD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6C0DCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6C0DC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6C0DCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6C0DE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6C0DD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6C0DCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C0DDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6C0DD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6C0DE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6C0DDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6C0DDFE1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6C0DE2F1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6C0DDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6C0DD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6C0CA460] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6C0CFC09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6C0CE151] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6C0CA6E2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6C0CAE92] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6C0CB114] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6C0CC023] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6C0CB6A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6C0C9700] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6C0CD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6C0CDE50] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6C0D02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6C0D0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6C0C9362] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6C0C89D0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6C0CF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6C0CA1D8] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6C0CA970] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6C0CEAD0] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6C0CE4F9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6C0CC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6C0C8D54] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6C0C8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6C0CDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6C0C94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6C0CD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6C0CBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6C0C8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6C0CD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6C0C9231] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6C0CF49D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!LoadImageW] [6C0CC58B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!WinHelpW] [6C0CCF65] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!PrivateExtractIconsW] [6C0CCA80] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C0DCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C0DC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [6C0DDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [6C0DE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [6C0DCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C0DDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6C0DD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [6C0DE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6C0DD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [6C0DD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [6C0DD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [6C0DC8E9] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6C0DC35D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [6C0DD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C0DCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [6C0DCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6C0D91AC] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6C0D0D4C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6C0D02A5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6C0CD537] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6C0CF233] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6C0CC301] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6C0C94A1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6C0C8FC1] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6C0CBD1B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6C0CD221] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6C0C8AFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6C0CD09C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6C0DD13F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [6A967C75] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyExW] [6C0DE169] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [6C0DE479] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [6C0DDD0B] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [6C0DCD5C] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6C0DDB0F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6C0DD913] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [6C0DD437] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [6C0DDE75] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [6C0DCD09] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [6C0DD773] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C0DCB9D] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [6C0DCEA5] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C0DC625] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [6C0DD5D3] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C0DCA25] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHRegGetValueW] [6C0D5CFD] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHRegGetValueA] [6C0D5C9F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathUnExpandEnvStringsA] [6C0D4D95] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHDeleteKeyA] [6C0D50AF] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHDeleteValueW] [6C0D519F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathCreateFromUrlW] [6C0D40A2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHGetValueA] [6C0D5357] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHSetValueA] [6C0D619F] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHGetValueW] [6C0D53B2] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHSetValueW] [6C0D61FA] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[2292] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathCombineW] [6C0D3FFB] C:\Windows\AppPatch\AcRedir.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Services - GMER 1.0.14 ----

Service C:\PROGRA~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\PROGRA~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x88 ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\PROGRA~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x88 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

continuando:

Logfile of random's system information tool 1.04 (written by random/random)

Run by arthuro at 2008-11-22 15:35:30

Microsoft® Windows Vista™ Home Premium Service Pack 1

System drive C: has 71 GB (51%) free of 141 GB

Total RAM: 3006 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:35:34 PM, on 11/22/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Users\arthuro\Desktop\Programas\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\arthuro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\CONFLICT.3\gbiehabn.dll

O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{78DA0AFE-A701-484D-9EF3-7620F60FA230}: NameServer = 10.110.112.33,200.141.251.190

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9056 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Check Updates for Windows Live Toolbar.job

C:\Windows\tasks\HPCeeScheduleForarthuro.job

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - arthuro.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24 316784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-10-11 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540007}]

GbIehObj Class - C:\Windows\Downloaded Program Files\CONFLICT.3\gbiehabn.dll [2008-05-16 369064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]

HP Print Clips - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31 177504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 316784]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]

"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]

[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399007}"=C:\Windows\Downloaded Program Files\CONFLICT.3\gbiehabn.dll [2008-05-16 369064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54a190bf-9865-11dd-b2a4-002100110314}]

shell\AutoRun\command - wscript.exe .\.vbs

shell\open\command - wscript.exe .\.vbs

======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"

.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

Compartilhar este post


Link para o post
Compartilhar em outros sites

List of files/folders created in the last 1 months======

2008-11-19 20:37:57 ----A---- C:\Windows\system32\wups2.dll

2008-11-19 20:37:57 ----A---- C:\Windows\system32\wucltux.dll

2008-11-19 20:37:57 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-19 20:37:56 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-19 20:37:36 ----A---- C:\Windows\system32\wups.dll

2008-11-19 20:37:36 ----A---- C:\Windows\system32\wudriver.dll

2008-11-19 20:37:36 ----A---- C:\Windows\system32\wuapi.dll

2008-11-19 20:37:27 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-19 20:37:27 ----A---- C:\Windows\system32\wuapp.exe

2008-11-19 13:40:39 ----D---- C:\Windows\pss

2008-11-18 14:15:41 ----D---- C:\rsit

2008-11-18 13:42:16 ----A---- C:\Windows\gmer.ini

2008-11-18 13:42:14 ----A---- C:\Windows\gmer_uninstall.cmd

2008-11-18 13:42:14 ----A---- C:\Windows\gmer.dll

2008-11-18 13:42:13 ----A---- C:\Windows\gmer.exe

2008-11-14 17:43:49 ----HD---- C:\Windows\PIF

2008-11-14 17:05:45 ----D---- C:\Program Files\Trend Micro

2008-11-14 03:09:14 ----A---- C:\Windows\system32\msxml3.dll

2008-11-13 11:58:05 ----A---- C:\Windows\system32\msxml6.dll

2008-11-08 16:27:54 ----D---- C:\Program Files\Adobe

2008-11-08 08:18:17 ----D---- C:\Program Files\GbPlugin

2008-11-08 08:18:14 ----D---- C:\ProgramData\GbPlugin

2008-10-29 01:35:26 ----A---- C:\Windows\system32\wersvc.dll

2008-10-29 01:35:26 ----A---- C:\Windows\system32\Faultrep.dll

2008-10-29 01:34:49 ----A---- C:\Windows\system32\win32spl.dll

2008-10-27 10:05:00 ----D---- C:\Program Files\Common Files\Adobe

2008-10-24 17:23:41 ----D---- C:\Users\arthuro\AppData\Roaming\MSNInstaller

2008-10-24 00:23:15 ----A---- C:\Windows\system32\netapi32.dll

======List of files/folders modified in the last 1 months======

2008-11-22 15:35:33 ----D---- C:\Windows\Temp

2008-11-22 15:33:43 ----D---- C:\Windows\Prefetch

2008-11-22 15:14:20 ----D---- C:\Windows\System32

2008-11-22 15:14:20 ----D---- C:\Windows\inf

2008-11-22 15:14:20 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-22 15:13:43 ----D---- C:\Windows\tracing

2008-11-22 15:08:32 ----D---- C:\Windows\system32\wbem

2008-11-22 15:08:32 ----D---- C:\Windows

2008-11-22 15:06:55 ----D---- C:\Program Files\Common Files\LightScribe

2008-11-22 15:06:54 ----D---- C:\Program Files\Common Files\DESIGNER

2008-11-22 15:06:54 ----D---- C:\Program Files\Ares

2008-11-22 15:06:54 ----D---- C:\Program Files\Apoint2K

2008-11-22 15:06:54 ----D---- C:\Program Files\AIM6

2008-11-22 15:06:50 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites

2008-11-22 15:06:41 ----D---- C:\Windows\winsxs

2008-11-22 15:06:41 ----D---- C:\Windows\Tasks

2008-11-22 15:06:41 ----D---- C:\Windows\tapi

2008-11-22 15:06:41 ----D---- C:\Windows\system32\win2k_xp

2008-11-22 15:06:38 ----D---- C:\Windows\system32\Tasks

2008-11-22 15:06:38 ----D---- C:\Windows\system32\sysprep

2008-11-22 15:06:38 ----D---- C:\Windows\system32\spool

2008-11-22 15:06:37 ----D---- C:\Windows\system32\restore

2008-11-22 15:06:35 ----D---- C:\Windows\system32\images

2008-11-22 15:06:35 ----D---- C:\Windows\system32\ias

2008-11-22 15:06:35 ----D---- C:\Windows\system32\en-US

2008-11-22 15:06:35 ----D---- C:\Windows\system32\drivers

2008-11-22 15:06:34 ----D---- C:\Windows\system32\CodeIntegrity

2008-11-22 15:06:33 ----D---- C:\Windows\system32\catroot2

2008-11-22 15:06:33 ----D---- C:\Windows\system32\animation

2008-11-22 15:06:33 ----D---- C:\Windows\SMINST

2008-11-22 15:06:33 ----D---- C:\Windows\ShellNew

2008-11-22 15:06:33 ----D---- C:\Windows\rescache

2008-11-22 15:06:31 ----RSD---- C:\Windows\Media

2008-11-22 15:06:30 ----SHD---- C:\Windows\Installer

2008-11-22 15:06:21 ----RSD---- C:\Windows\Fonts

2008-11-22 15:06:20 ----SD---- C:\Windows\Downloaded Program Files

2008-11-22 15:06:20 ----D---- C:\Windows\ehome

2008-11-22 15:06:20 ----D---- C:\Windows\Cursors

2008-11-22 15:06:19 ----RSD---- C:\Windows\assembly

2008-11-22 15:06:16 ----RD---- C:\Users

2008-11-22 15:06:14 ----HD---- C:\System.sav

2008-11-22 15:05:51 ----D---- C:\ProgramData\Microsoft Help

2008-11-22 15:05:51 ----D---- C:\Program Files\WinTV

2008-11-22 15:05:49 ----D---- C:\Program Files\Windows Mail

2008-11-22 15:05:48 ----D---- C:\Program Files\Windows Live Toolbar

2008-11-22 15:05:47 ----D---- C:\Program Files\Windows Live Favorites

2008-11-22 15:05:46 ----RD---- C:\Program Files\Online Services

2008-11-22 15:05:46 ----D---- C:\Program Files\SopCast

2008-11-22 15:05:46 ----D---- C:\Program Files\NetWaiting

2008-11-22 15:05:43 ----D---- C:\Program Files\Microsoft Works

2008-11-22 15:05:40 ----D---- C:\Program Files\Megacubo

2008-11-22 15:05:39 ----D---- C:\Program Files\K-Lite Codec Pack

2008-11-22 15:05:31 ----D---- C:\Program Files\hp deskjet 656c series

2008-11-22 15:05:00 ----D---- C:\Program Files\earthlink totalaccess

2008-11-22 15:05:00 ----D---- C:\Program Files

2008-11-22 15:04:47 ----D---- C:\Program Files\CyberLink

2008-11-22 15:04:46 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller

2008-11-22 15:04:44 ----D---- C:\Program Files\Common Files\Services

2008-11-22 15:04:28 ----D---- C:\Windows\registration

2008-11-22 14:41:17 ----SHD---- C:\System Volume Information

2008-11-22 13:56:55 ----D---- C:\ProgramData\Symantec

2008-11-19 20:38:13 ----D---- C:\Windows\system32\catroot

2008-11-15 13:27:51 ----SD---- C:\Users\arthuro\AppData\Roaming\Microsoft

2008-11-08 16:28:02 ----D---- C:\ProgramData\Adobe

2008-11-08 08:18:14 ----HD---- C:\ProgramData

2008-11-06 07:17:28 ----D---- C:\Windows\system32\WDI

2008-11-03 16:10:25 ----A---- C:\Windows\system32\mrt.exe

2008-10-28 05:05:52 ----D---- C:\Program Files\Common Files\Symantec Shared

2008-10-27 10:05:00 ----D---- C:\Program Files\Common Files

2008-10-23 21:29:11 ----D---- C:\Program Files\Sling Media

2008-10-23 21:28:46 ----HD---- C:\Program Files\InstallShield Installation Information

2008-10-23 14:23:41 ----D---- C:\ProgramData\WildTangent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2097-12-31 371248]

R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081120.001\IDSvix86.sys [2008-10-03 270384]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]

R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]

R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]

R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-08 36056]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-09 8704]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-07-06 155136]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2097-12-31 99376]

R3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-18 85969]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-01 183352]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]

R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-19 984064]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-19 208896]

R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081122.003\NAVENG.SYS [2008-11-11 89104]

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081122.003\NAVEX15.SYS [2008-11-11 876112]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-08 7626304]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]

R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]

R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-10-11 123952]

R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]

R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]

R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-19 660480]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]

S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 Cpqdfw;Compaq Dfw; C:\Windows\system32\drivers\Cpqdfw.sys []

S3 cq_mem;Compaq Memory Diagnostics; C:\Windows\system32\drivers\cq_mem.sys []

S3 cqcpu;Compaq Cpu Diagnostics; C:\Windows\system32\drivers\cqcpu.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 rlnDebug;COMPAQ ILO; \??\C:\Windows\system32\drivers\CpqILO.sys []

S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]

S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]

R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]

R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]

R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-09 386560]

R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-10-11 1251720]

R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]

S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]

S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-21 55640]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 LiveUpdate;LiveUpdate; c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vejo que possui o Norton Antivírus, apesar de ser um bom programa de segurança ele deixa o sistema mais lento, portanto seu problema não tem relação com malwares.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok AMIGO.OBRIGADO!

ESTAVA PENSANDO MESMO EM TROCAR PELO AVG.

VOU TROCAR E COLOCO A RESPOSTA AQUI.

DESDE JA AGRADECO.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×