Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
mutabh

Log alguém verifica

Recommended Posts

Pessoal,

Meu micro ultimamente está a todo momento mostrando uma tela de erro.

Tenho o system mechanics e toda vez que passo ele acha o seguinte malware: w32\rbot-gen. Só que ao dar reboot na máquina o mesmo volta.

Poderia me ajudar?

meu log (hijack this):

Logfile of HijackThis v1.99.1

Scan saved at 18:32:50, on 24/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\ddtabases\ddt1.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

C:\DOCUME~1\Leandro\CONFIG~1\Temp\Rar$EX00.516\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKLM\..\Run: [C:\Arquivos de programas\\ddtabases\ddt1.exe] "C:\Arquivos de programas\\ddtabases\ddt1.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego_moicano,

Obrigado pela resposta.

Desde já agradeço a sua ajuda.

Em relação ao DDS, deu erro ao executá-lo.

Abre um bloco de notas com um monte de caracteres estranhos e a seguinte mensagem no cabeçalho:

This program must be run under Win32

Quanto a GMER, aqui está o log:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-28 16:24:44

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xBA78E818]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xBA78E7D0]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xBA782A20]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA7832A8]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA78E910]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xBA78E794]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xBA7832C8]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xBA78E866]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xBA78E0B0]

SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International) ZwTerminateProcess [0xB52EAA70]

SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software International) ZwTerminateThread [0xB52E9E40]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\PavTPK.sys O sistema não pode encontrar o arquivo especificado. !

? system32\drivers\av5flt.sys O sistema não pode encontrar o arquivo especificado. !

? C:\WINDOWS\system32\PavSRK.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4F, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 70, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 52, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 73, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 55, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 58, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 5B, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5E, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 61, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 76, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 64, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 67, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 79, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7C, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 6A, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6D, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7F, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4C, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F330F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F390F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3F0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F360F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 43, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 49, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 46, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3C0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAB0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F960F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F930F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A6, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA80F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA20F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F990F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F900F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ A0, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8D0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] user32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9D, 5F ]

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F270F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F2A0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2D0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F300F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] advapi32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F8A0F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F870F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F840F5A

.text C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe[136] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F810F5A

.text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 1006B280 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!FreeLibraryAndExitThread 7C80C200 5 Bytes JMP 1006AFB0 C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F880F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F850F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA90F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A4, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA60F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 9E, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe[952] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9B, 5F ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

CONTINUA...

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA90F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A4, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA60F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 9E, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] user32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9B, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F880F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F850F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1388] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA90F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A4, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA60F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 9E, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9B, 5F ]

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F850F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\nvsvc32.exe[1496] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA90F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A4, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA60F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 9E, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9B, 5F ]

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F850F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\PnkBstrA.exe[1556] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA90F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A4, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA60F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 9E, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9B, 5F ]

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F880F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F850F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe[1960] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

Compartilhar este post


Link para o post
Compartilhar em outros sites

CONTINUA (NOVAMENTE)...

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA90F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ A4, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA60F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 9E, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] user32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 9B, 5F ]

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] advapi32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ole32.dll!CoCreateInstanceEx 774E0526 6 Bytes JMP 5F880F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ole32.dll!CoGetClassObject 774F56C5 6 Bytes JMP 5F850F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\Arquivos de programas\ddtabases\ddt1.exe[3728] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\Explorer.EXE[3920] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA30F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ 9E, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA00F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 98, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[3920] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 95, 5F ]

.text C:\WINDOWS\Explorer.EXE[3920] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\Explorer.EXE[3920] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtClose 7C90CFD0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [ 4D, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtCreateFile 7C90D090 1 Byte [ FF ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtCreateFile + 2 7C90D092 1 Byte [ 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [ 50, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDeleteFile 7C90D220 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDeleteFile + 4 7C90D224 2 Bytes [ 71, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [ 56, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDuplicateObject 7C90D280 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtDuplicateObject + 4 7C90D284 2 Bytes [ 59, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtEnumerateKey 7C90D2B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtEnumerateKey + 4 7C90D2B4 2 Bytes [ 5C, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtEnumerateValueKey 7C90D2D0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtEnumerateValueKey + 4 7C90D2D4 2 Bytes [ 5F, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [ 74, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtQueryMultipleValueKey 7C90D850 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D854 2 Bytes [ 62, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtQueryValueKey 7C90D950 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtQueryValueKey + 4 7C90D954 2 Bytes [ 65, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtReadFile 7C90D9B0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtReadFile + 4 7C90D9B4 2 Bytes [ 77, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [ 68, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtUnloadKey 7C90DEB0 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtUnloadKey + 4 7C90DEB4 2 Bytes [ 6B, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [ 7D, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!LdrLoadDll 7C9163A3 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ntdll.dll!LdrLoadDll + 4 7C9163A7 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!CreateFileMappingW 7C809420 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!MapViewOfFileEx 7C80B926 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 41, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!MoveFileWithProgressW 7C81F716 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!MoveFileWithProgressW + 4 7C81F71A 2 Bytes [ 44, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] kernel32.dll!CopyFileExW 7C827B1A 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!CloseServiceHandle 77F66CC5 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!OpenServiceW 77F66FDD 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!StartServiceA 77F6FB38 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!StartServiceW 77F73E74 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!ControlService 77F749DD 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!OpenServiceA 77F74C36 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!LsaAddAccountRights 77F9ABC9 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!LsaRemoveAccountRights 77F9AC69 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 77FB6E41 6 Bytes JMP 5F040F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 77FB6FD9 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 77FB70D9 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 77FB7161 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!CreateServiceA 77FB71E9 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!CreateServiceW 77FB7381 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ADVAPI32.dll!DeleteService 77FB7489 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FA30F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [ 9E, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FA00F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [ 98, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [ 95, 5F ]

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ole32.dll!CLSIDFromProgID 774F87F2 6 Bytes JMP 5F820F5A

.text C:\Arquivos de programas\Messenger\msmsgs.exe[3992] ole32.dll!CLSIDFromProgIDEx 7753620D 6 Bytes JMP 5F7F0F5A

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Software)

Device \FileSystem\Ntfs \Ntfs 89CB92E8

AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Software International)

AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys

AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)

AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device \Driver\Cdrom \Device\CdRom0 8991CAE0

Device \FileSystem\Rdbss \Device\FsWrap 898F5658

Device \Driver\Cdrom \Device\CdRom1 8991CAE0

Device \Driver\atapi \Device\Ide\IdePort0 89917B90

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89917B90

Device \Driver\atapi \Device\Ide\IdePort1 89917B90

Device \Driver\atapi \Device\Ide\IdePort2 89917B90

Device \Driver\atapi \Device\Ide\IdePort3 89917B90

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89917B90

Device \FileSystem\Srv \Device\LanmanServer 89198458

AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8997C648

Device \FileSystem\MRxSmb \Device\LanmanRedirector 8997C648

Device \FileSystem\Npfs \Device\NamedPipe 89983AF0

Device \FileSystem\Msfs \Device\Mailslot 898CF408

Device \Driver\d347prt \Device\Scsi\d347prt1Port5Path0Target0Lun0 89832690

Device \Driver\d347prt \Device\Scsi\d347prt1 89832690

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 898E2348

Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 898E2348

Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 898E2348

Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 898E2348

Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 898E2348

Device \FileSystem\Cdfs \Cdfs 89958478

---- Modules - GMER 1.0.14 ----

Module _________ BA6E5000-BA6FD000 (98304 bytes)

---- Services - GMER 1.0.14 ----

Service C:\Arquivos de programas\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x0D 0xF6 0xF0 0xE8 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0x83 0xF7 0xF0 0xF0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0x95 0xF7 0xF0 0x30 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\Arquivos de programas\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 0

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\Arquivos de programas\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Bem vindo à Remoção de Malware

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-la novamente.

Atente para o seguinte, por favor:

1) Estarei acompanhado os procedimentos de análise de seu log, retornarei tão logo que seja possível!;

2) Não tome nenhum procedimento até começarmos;

3) O que será passado aqui somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;

4) Caso tenha outro computador abra um novo tópico com seu respectivo log;

5) Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;

6) Sempre coloque suas respostas neste tópico... Não abra outro!

Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego_moicano,

Boa tarde.

Agradeço a atenção dispensada para com o meu caso.

Executei o ComboFix em meu computador e muito rapidamente (mais ou menos 1 minuto) ele já reiniciou o meu computador.

Não ví aquela tela do tutorial:

"Completada Etapa_xx"

O meu relatório .txt veio praticamente em branco, como segue:

ComboFix 08-12-01.01 - Leandro 2008-12-02 13:19:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1555 [GMT -2:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Leandro\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

* Criado um novo ponto de restauro

.

Se fiz algo errado favor me orientar.

Muito Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

# Etapa nº 1 #

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

# Etapa nº 2 #

Execute o ComboFix.

>>>> Agora em Modo Normal

# Etapa nº 3 #

Baixe o DDS de um destes links e execute:

http://www.techsupportforum.com/sectools/sUBs/dds

http://www.forospyware.com/sUBs/dds

Observação: Caso não dê certo com o primeiro link tente com segundo, por favor!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego_moicano

Após realização dos procedimentos solicitados, seguem os logs.

COMBOFIX (modo seguro)

ComboFix 08-12-02.02 - Leandro 2008-12-04 1:29:57.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1766 [GMT -2:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

.

COMBOFIX (modo normal)

ComboFix 08-12-02.02 - Leandro 2008-12-04 1:35:37.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1565 [GMT -2:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

DDS (fonte:

http://www.techsupportforum.com/sectools/sUBs/dds)

DDS (Version 1.0) - NTFSx86

Run by Leandro at 1:41:37.51 on 2008-12-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1587 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

svchost.exe

svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\WINDOWS\system32\PnkBstrA.exe

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Leandro\Desktop\dds techsupport.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [APVXDWIN] "c:\arquivos de programas\panda security\panda internet security 2008\APVXDWIN.EXE" /s

mRun: [sCANINICIO] "c:\arquivos de programas\panda security\panda internet security 2008\Inicio.exe"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [DAEMON Tools-1033] "c:\arquivos de programas\d-tools\daemon.exe" -lang 1033

mRun: [tppoll] c:\program files\topro\tppoll.exe

mRun: [c:\arquivos de programas\ddtabases\ddt1.exe] "c:\arquivos de programas\\ddtabases\ddt1.exe"

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

LSP: c:\arquivos de programas\panda security\panda internet security 2008\pavlsp.dll

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: avldr - avldr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehCef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\arquivos de programas\gbplugin\gbieh.dll

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\drivers\APPFLT.SYS [2007-11-22 71736]

R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\drivers\DSAFLT.SYS [2007-11-22 51256]

R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\drivers\fnetmon.SYS [2007-11-22 22072]

R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\drivers\IDSFLT.SYS [2007-11-22 191672]

R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\drivers\NETFLTDI.SYS [2007-11-22 132920]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2007-11-22 38968]

R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\drivers\SMSFLT.SYS [2007-11-22 37304]

R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\drivers\WNMFLT.SYS [2007-11-22 30648]

R2 aawservice;Lavasoft Ad-Aware Service;"c:\arquivos de programas\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]

R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2007-11-22 24760]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-1-9 596328]

R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-1-9 596328]

R2 Panda Software Controller;Panda Software Controller;"c:\arquivos de programas\panda security\panda internet security 2008\PsCtrls.exe" [2007-11-22 169264]

R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2007-11-22 83640]

R2 PAVFNSVR;Panda Function Service;"c:\arquivos de programas\panda security\panda internet security 2008\PavFnSvr.exe" [2007-11-22 173360]

R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\PavProc.sys [2007-11-22 178872]

R2 PavPrSrv;Panda Process Protection Service;"c:\arquivos de programas\arquivos comuns\panda software\pavshld\pavprsrv.exe" [2007-11-22 63024]

R2 PAVSRV;Panda anti-virus service;"c:\arquivos de programas\panda security\panda internet security 2008\pavsrv51.exe" [2007-11-22 148272]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []

R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.sys [2008-3-19 211660]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2007-11-22 142128]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-23 38656]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

regfile=NOTEPAD.EXE %1

scrfile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2008-12-04 01:34 400,896 a------- c:\windows\system32\CF17752.exe

2008-12-04 01:34 <DIR> --d----- C:\ComboFix

2008-12-04 01:29 400,896 a------- c:\windows\system32\CF16625.exe

2008-12-04 01:19 <DIR> --d-h--- c:\windows\PIF

2008-12-02 13:18 400,896 a------- c:\windows\system32\CF17372.exe

2008-12-02 13:06 400,896 a------- c:\windows\system32\CF14919.exe

2008-12-02 12:59 <DIR> a-dshr-- C:\cmdcons

2008-12-02 12:58 400,896 a------- c:\windows\system32\CF13378.exe

2008-12-02 12:46 161,792 a------- c:\windows\SWREG.exe

2008-12-02 12:46 98,816 a------- c:\windows\sed.exe

2008-12-02 12:37 400,896 a------- c:\windows\system32\CF9234.exe

2008-11-28 00:47 <DIR> --d----- c:\windows\Logs

2008-11-28 00:47 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys

2008-11-28 00:47 22,328 a------- c:\docume~1\leandro\dadosd~1\PnkBstrK.sys

2008-11-28 00:46 111,928 a------- c:\windows\system32\PnkBstrB.exe

2008-11-28 00:46 66,872 a------- c:\windows\system32\PnkBstrA.exe

2008-11-28 00:46 682,280 a------- c:\windows\system32\pbsvc.exe

2008-11-28 00:35 <DIR> --d----- c:\arquivos de programas\Activision

2008-11-27 22:21 <DIR> --d----- c:\arquivos de programas\SystemRequirementsLab

2008-11-24 19:22 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-24 19:02 250 a------- c:\windows\gmer.ini

2008-11-23 18:26 <DIR> --d----- C:\!KillBox

2008-11-23 16:49 27,136 a------- c:\windows\system32\drivers\nchssvad.sys

2008-11-23 15:45 <DIR> --d----- c:\arquivos de programas\Lavasoft

2008-11-23 15:43 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2008-11-23 14:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-23 14:37 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-22 10:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Messenger Plus!

2008-11-21 20:05 <DIR> --d----- c:\arquivos de programas\Messenger Plus! Live

2008-11-21 20:01 4,910,928 a------- C:\MsgPlusLive-479.exe

2008-11-18 00:05 <DIR> --d----- C:\ddtabases

2008-11-16 23:26 <DIR> --d----- c:\arquivos de programas\ddtabases

2008-11-14 22:01 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-14 21:56 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-02 11:26 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-12-01 21:50 <DIR> --d----- c:\docume~1\leandro\dadosd~1\ADPHONE

2008-12-01 21:49 <DIR> --d----- c:\arquivos de programas\ADPHONE3

2008-11-23 17:17 <DIR> --d----- c:\arquivos de programas\NCH Swift Sound

2008-11-23 17:05 <DIR> --d----- c:\arquivos de programas\NCH Software

2008-11-23 16:44 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Autodesk Shared

2008-11-23 16:43 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Megacubo

2008-11-08 00:01 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-10-19 19:27 <DIR> --d----- c:\docume~1\leandro\dadosd~1\LimeWire

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 01:00 517,800 a------- c:\windows\system32\perfh016.dat

2008-10-12 01:00 90,760 a------- c:\windows\system32\perfc016.dat

2008-09-21 21:18 65,024 a------- c:\windows\IFinst26.exe

2008-09-21 21:09 <DIR> --d----- c:\docume~1\leandro\dadosd~1\DataCast

2008-09-21 20:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\River Past G5

2008-09-21 15:30 <DIR> --d----- c:\docume~1\leandro\dadosd~1\River Past G5

2008-09-15 13:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-09 23:15 1,307,648 -------- c:\windows\system32\msxml6.dll

2008-07-02 21:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\iolo

2008-06-22 22:42 <DIR> --d----- c:\docume~1\leandro\dadosd~1\iolo

2008-05-27 20:41 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SimCity Societies

2008-02-15 11:40 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Autodesk

2008-02-06 01:24 <DIR> --d----- c:\docume~1\leandro\dadosd~1\NASA

2007-12-05 20:10 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Thinstall

2007-11-22 23:25 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\sentinel

2007-11-22 23:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Backup

2008-05-10 12:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008051020080511\index.dat

============= FINISH: 1:41:52.10 ===============

Fico no aguardo.

Obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Etapa nº 1 #

Faça o download do DAFT e salve no desktop:

  1. Duplo clique no icone daft.exe
  2. Clique no botão "Scan".
  3. Selecione tudo o que aparecer.
  4. Clique no botão "Fix".
  5. Depois, faça novamente um scan com o DAFT. Deverá aparecer: "All associations are OK"
  6. Feche o DAFT se essa mensagem apareça, pois isso quer dizer que a associação de arquivos foi corrigida.

Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

Etapa nº 3 #

Depois tente executar o ComboFix novamente e cole o resultado junto com o do Malwarebytes!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado diego_moicano,

Conforme solicitado seguem os procedimentos por mim adotados.

Aguardo a sua análise.

Obrigado.

LOG MALWAREBYTES

Malwarebytes' Anti-Malware 1.31

Versão do banco de dados: 1464

Windows 5.1.2600 Service Pack 3

2008-12-05 18:12:37

mbam-log-2008-12-05 (18-12-37).txt

Tipo de Verificação: Rápida

Objetos verificados: 55784

Tempo decorrido: 3 minute(s), 34 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c41a1c0e-ea6c-11d4-b1b8-444553540003} (Trojan.BHO) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Arquivos de programas\GbPlugin\gbiehCef.dll (Trojan.BHO) -> Delete on reboot.

NOVO LOG COMBOFIX

ComboFix 08-12-05.01 - Leandro 2008-12-05 18:23:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1558 [GMT -2:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Faça o download de DDS e salve no desktop.

  • Temporariamente desative os seus programas de proteção.
  • Duplo clique em dds.scr.
  • Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  • Quando terminar, o DDS.txt irá abrir.
  • Surgirá também uma nova caixa "D.D.S - Optional_Scan", clique em Não.
  • Salve os resultados e cole-os na sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sr. diego_moicano,

Segue o log DDS, conforme solicitado.

Muito obrigado mais uma vez.

DDS (Version 1.0) - NTFSx86

Run by Leandro at 11:13:42.40 on 2008-12-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1495 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\WINDOWS\system32\PnkBstrA.exe

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\ASUS\AI Suite\AiNap\AiNap.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Leandro\Desktop\dds techsupport.com

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

mRun: [APVXDWIN] "c:\arquivos de programas\panda security\panda internet security 2008\APVXDWIN.EXE" /s

mRun: [sCANINICIO] "c:\arquivos de programas\panda security\panda internet security 2008\Inicio.exe"

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [DAEMON Tools-1033] "c:\arquivos de programas\d-tools\daemon.exe" -lang 1033

mRun: [tppoll] c:\program files\topro\tppoll.exe

mRun: [c:\arquivos de programas\ddtabases\ddt1.exe] "c:\arquivos de programas\\ddtabases\ddt1.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [RemoteControl] "c:\arquivos de programas\cyberlink dvd solution\powerdvd\PDVDServ.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Ai Nap] "c:\arquivos de programas\asus\ai suite\ainap\AiNap.exe"

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\autoca~1.lnk - c:\arquivos de programas\arquivos comuns\autodesk shared\acstart16.exe

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

LSP: c:\arquivos de programas\panda security\panda internet security 2008\pavlsp.dll

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

Notify: avldr - avldr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\arquivos de programas\gbplugin\gbieh.dll

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\drivers\APPFLT.SYS [2007-11-22 71736]

R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\drivers\DSAFLT.SYS [2007-11-22 51256]

R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\drivers\fnetmon.SYS [2007-11-22 22072]

R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\drivers\IDSFLT.SYS [2007-11-22 191672]

R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\drivers\NETFLTDI.SYS [2007-11-22 132920]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2007-11-22 38968]

R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\drivers\SMSFLT.SYS [2007-11-22 37304]

R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\drivers\WNMFLT.SYS [2007-11-22 30648]

R2 aawservice;Lavasoft Ad-Aware Service;"c:\arquivos de programas\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]

R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2007-11-22 24760]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-1-9 596328]

R2 ioloSystemService;iolo System Service;c:\arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-1-9 596328]

R2 Panda Software Controller;Panda Software Controller;"c:\arquivos de programas\panda security\panda internet security 2008\PsCtrls.exe" [2007-11-22 169264]

R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2007-11-22 83640]

R2 PAVFNSVR;Panda Function Service;"c:\arquivos de programas\panda security\panda internet security 2008\PavFnSvr.exe" [2007-11-22 173360]

R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\PavProc.sys [2007-11-22 178872]

R2 PavPrSrv;Panda Process Protection Service;"c:\arquivos de programas\arquivos comuns\panda software\pavshld\pavprsrv.exe" [2007-11-22 63024]

R2 PAVSRV;Panda anti-virus service;"c:\arquivos de programas\panda security\panda internet security 2008\pavsrv51.exe" [2007-11-22 148272]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []

R3 DCamUSBIntel;USB Video Camera;c:\windows\system32\drivers\TP6800.sys [2008-3-19 211660]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [2007-11-22 142128]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2007-11-23 38656]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2008-12-05 18:22 400,896 a------- c:\windows\system32\CF5805.exe

2008-12-05 18:22 <DIR> --d----- C:\ComboFix

2008-12-05 17:57 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Malwarebytes

2008-12-05 17:57 15,504 a------- c:\windows\system32\drivers\mbam.sys

2008-12-05 17:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-05 17:57 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2008-12-05 17:57 <DIR> --d----- c:\arquivos de programas\Malwarebytes' Anti-Malware

2008-12-04 01:34 400,896 a------- c:\windows\system32\CF17752.exe

2008-12-04 01:29 400,896 a------- c:\windows\system32\CF16625.exe

2008-12-04 01:19 <DIR> --d-h--- c:\windows\PIF

2008-12-02 13:18 400,896 a------- c:\windows\system32\CF17372.exe

2008-12-02 13:06 400,896 a------- c:\windows\system32\CF14919.exe

2008-12-02 12:59 <DIR> a-dshr-- C:\cmdcons

2008-12-02 12:58 400,896 a------- c:\windows\system32\CF13378.exe

2008-12-02 12:46 161,792 a------- c:\windows\SWREG.exe

2008-12-02 12:46 98,816 a------- c:\windows\sed.exe

2008-12-02 12:37 400,896 a------- c:\windows\system32\CF9234.exe

2008-11-28 00:47 <DIR> --d----- c:\windows\Logs

2008-11-28 00:47 138,464 a------- c:\windows\system32\drivers\PnkBstrK.sys

2008-11-28 00:47 22,328 a------- c:\docume~1\leandro\dadosd~1\PnkBstrK.sys

2008-11-28 00:46 111,928 a------- c:\windows\system32\PnkBstrB.exe

2008-11-28 00:46 66,872 a------- c:\windows\system32\PnkBstrA.exe

2008-11-28 00:46 682,280 a------- c:\windows\system32\pbsvc.exe

2008-11-28 00:35 <DIR> --d----- c:\arquivos de programas\Activision

2008-11-27 22:21 <DIR> --d----- c:\arquivos de programas\SystemRequirementsLab

2008-11-24 19:22 <DIR> --d----- c:\arquivos de programas\trend micro

2008-11-24 19:02 250 a------- c:\windows\gmer.ini

2008-11-23 18:26 <DIR> --d----- C:\!KillBox

2008-11-23 16:49 27,136 a------- c:\windows\system32\drivers\nchssvad.sys

2008-11-23 15:45 <DIR> --d----- c:\arquivos de programas\Lavasoft

2008-11-23 15:43 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2008-11-23 14:37 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-11-23 14:37 <DIR> --d----- c:\arquivos de programas\Spybot - Search & Destroy

2008-11-22 10:52 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Messenger Plus!

2008-11-21 20:05 <DIR> --d----- c:\arquivos de programas\Messenger Plus! Live

2008-11-21 20:01 4,910,928 a------- C:\MsgPlusLive-479.exe

2008-11-18 00:05 <DIR> --d----- C:\ddtabases

2008-11-16 23:26 <DIR> --d----- c:\arquivos de programas\ddtabases

2008-11-14 22:01 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2008-11-14 21:56 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-06 10:56 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-12-06 10:52 <DIR> --d----- c:\arquivos de programas\GbPlugin

2008-12-01 21:50 <DIR> --d----- c:\docume~1\leandro\dadosd~1\ADPHONE

2008-12-01 21:49 <DIR> --d----- c:\arquivos de programas\ADPHONE3

2008-11-23 17:17 <DIR> --d----- c:\arquivos de programas\NCH Swift Sound

2008-11-23 17:05 <DIR> --d----- c:\arquivos de programas\NCH Software

2008-11-23 16:44 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Autodesk Shared

2008-11-23 16:43 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Megacubo

2008-10-19 19:27 <DIR> --d----- c:\docume~1\leandro\dadosd~1\LimeWire

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 01:00 517,800 a------- c:\windows\system32\perfh016.dat

2008-10-12 01:00 90,760 a------- c:\windows\system32\perfc016.dat

2008-09-21 21:18 65,024 a------- c:\windows\IFinst26.exe

2008-09-21 21:09 <DIR> --d----- c:\docume~1\leandro\dadosd~1\DataCast

2008-09-21 20:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\River Past G5

2008-09-21 15:30 <DIR> --d----- c:\docume~1\leandro\dadosd~1\River Past G5

2008-09-15 13:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-09 23:15 1,307,648 -------- c:\windows\system32\msxml6.dll

2008-07-02 21:17 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\iolo

2008-06-22 22:42 <DIR> --d----- c:\docume~1\leandro\dadosd~1\iolo

2008-05-27 20:41 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\SimCity Societies

2008-02-15 11:40 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Autodesk

2008-02-06 01:24 <DIR> --d----- c:\docume~1\leandro\dadosd~1\NASA

2007-12-05 20:10 <DIR> --d----- c:\docume~1\leandro\dadosd~1\Thinstall

2007-11-22 23:25 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\sentinel

2007-11-22 23:24 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Backup

2008-05-10 12:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008051020080511\index.dat

============= FINISH: 11:13:59.37 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Temporariamente desative o seu anti-virus!

Faça um Online Scan em kaspersky Virusscanner

  • Clique em Clipboard01-1.jpg
  • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
  • Aguarde a instalação e a atualização e depois clique em Clipboard013.jpg
  • Clique agora em Clipboard016.jpg
  • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)
  • Scan Options:

  • Scan Archives Scan Mail Bases
Clique Clipboard014.jpgClique em My Computer para que seja feito um Scan completo no seu sistema.Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.No final do Scan, clique no botão Save as TextSalve o log com os resultados e cole o conteúdo na sua próxima mensagem.Gere e cole também um novo log do HijackThis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Diego_moicano,

Segue aqui o solicitado.

Grato.

LOG KASPERSKY:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, December 8, 2008

Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, December 07, 2008 22:23:18

Records in database: 1442867

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

Scan statistics:

Files scanned: 110918

Threat name: 4

Infected objects: 10

Suspicious objects: 0

Duration of the scan: 01:04:17

File name / Threat name / Threats count

C:\Arquivos de programas\LimeWire\Arquivos Baixados\get along gang.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Documents and Settings\Leandro\Configurações locais\Temp\Av-test.txt Infected: EICAR-Test-File 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc561.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc624.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc626.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc822.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc823.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc824.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1

C:\RECYCLER\S-1-5-21-2000478354-1417001333-839522115-1004\Dc854.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\WINDOWS\system32\drivers\etc\hosts Infected: Trojan-Banker.Win32.Qhost.n 1

The selected area was scanned.

LOG HIJACK THIS:

Logfile of HijackThis v1.99.1

Scan saved at 00:47, on 08-12-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\WINDOWS\system32\PnkBstrA.exe

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Leandro\CONFIG~1\Temp\Rar$EX00.047\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: 67.228.35.148 www.bradesco.com.br

O1 - Hosts: 67.228.35.148 www.bradescocelular.com.br

O1 - Hosts: 67.228.35.148 www.bradescouniversitario.com.br

O1 - Hosts: 67.228.35.148 www.shopfacil.com.br

O1 - Hosts: 67.228.35.132 infobusca.informarketing.com

O1 - Hosts: 67.228.35.149 www.itau.com.br

O1 - Hosts: 67.228.35.149 www.itaupersonnalite.com.br

O1 - Hosts: 67.228.35.149 www.itauprivatebank.com.br

O1 - Hosts: 67.228.35.142 www.santander.com.br

O1 - Hosts: 200.201.169.111 imagem.caixa.gov.br # GbPlugin

O1 - Hosts: 200.234.220.13 www5.infoseg.gov.br

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKLM\..\Run: [C:\Arquivos de programas\ddtabases\ddt1.exe] "C:\Arquivos de programas\\ddtabases\ddt1.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Etapa nº 1 #

Faça o download do HostsXpert.zip

  • Extraia (unzip) HostsXpert.zip para uma pasta permanente do seu drive (exemplo C:\HostsXpert)
  • Duplo clique em HostsXpert.exe para executar o programa.
  • Se disponivel, clique em "Make Hosts Writable?" (estará no canto superior direito).
  • Clique em "Restore Microsoft's Hosts file" e depois clique em "OK".
  • Clique no X para sair do programa.
  • Nota: Se você está usando um arquivo Hosts personalizado, terá novamente de o personalizar.

Etapa nº 2 #
Esvazie a lixeira!
Etapa nº 3 #
Delete o arquivo:
C:\Arquivos de programas\LimeWire\Arquivos Baixados\get along gang.mp3 <- o arquivo
Etapa nº 4 #
Abra o Bloco de Notas, copie (CTRL + C) e copie (CTRL + V) o texto que abaixo está no "CODE":
@ECHO OFF

dir C:\Arquivos de programas\ddtabases >> lookdir.txt
dir C:\ddtabases >> lookdir.txt

  • Salve o arquivo como look.bat
  • Escolha salvar colocando como tipo de arquivo: todos os arquivos.
  • Ficará um ícone como este 4qhg48p.jpg
  • Duplo-clique em lookdir.bat e deixe ser executado.
  • Uma janela rapidamente aparecerá e desaparecerá, isso é normal.
  • Um novo arquivo será criado no seu desktop lookdir.txt. Copie e cole todo o conteudo desse arquivo lookdir.txt na sua proxima resposta.

Etapa nº 5 #

Faça um novo log do Hijackthis e poste aqui!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Diego_moicano

Como solicitado segue informações:

Obrigado mais uma vez.

lookdir.txt:

O volume na unidade C não tem nome.

O número de série do volume é 084E-0A8B

Pasta de C:\ddtabases

18-11-2008 00:05 <DIR> .

18-11-2008 00:05 <DIR> ..

16-11-2008 23:26 199,168 ddt1.exe

1 arquivo(s) 199,168 bytes

2 pasta(s) 128,478,973,952 bytes disponíveis

Novo log Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 21:26, on 13-12-2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\WINDOWS\system32\PnkBstrA.exe

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Leandro\CONFIG~1\Temp\Rar$EX00.219\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKLM\..\Run: [C:\Arquivos de programas\ddtabases\ddt1.exe] "C:\Arquivos de programas\\ddtabases\ddt1.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Tente agora executar o ComboFix: primeiro tente em Modo Normal, caso não dê certo tente em Modo Seguro!

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego_moicano,

Executei o Combofix pelo modo normal e pelo modo seguro:

Aguardo novas orientações.

Seguem os logs:

MODO NORMAL

ComboFix 08-12-18.03 - Leandro 2008-12-19 20:04:21.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1554 [GMT -2:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

.

MODO SEGURO

ComboFix 08-12-18.03 - Leandro 2008-12-19 20:11:28.1 - NTFSx86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.2047.1754 [GMT -2:00]

Executando de: C:\Documents and Settings\Leandro\Desktop\ComboFix.exe

.

Abração pra você.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Etapa 1º

Faça o download do DirLook de jpshortstuff de um dos seguintes links:

Link 1

Link 2

Link 3

  • Duplo clique em DirLook.exe
  • Assegure-se que Show Hidden Files/Folders e BBCode Ouput estão marcados.
  • Copie e cole o seguinte texto:

    C:\ddtabases
    c:\arquivos de programas\ddtabases

  • Clique em DirLook.
  • Quando terminar, será aberto um documento no Bloco de Notas com os resultados. Cole esse resultado na sua próxima resposta

Etapa 2º

  • Faça o download do RSIT - random's system information tool by random/random e salve no seu desktop.
  • Duplo clique em RSIT.exe para a ferramenta ser executada.
  • Na janela que abrir (disclamer), clique em Continue.
  • Quando a ferramenta terminar de rodar, abrirá um documento do Bloco de Notas contendo o resultado do scan. Por favor cole o resultado desse log (log.txt) na sua próxima resposta.
  • Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego_moicano,

Segue arquivos solicitados:

Obrigadão pelo contato.

DIRLOOK

DirLook.exe v2.0 by jpshortstuff

Log created at 14:48 on 24/12/2008

==================================

Contents of "C:\ddtabases"

---FOLDERS---

(none found)

---FILES---

(none found)

==================================

Contents of "c:\arquivos de programas\ddtabases"

---FOLDERS---

(none found)

---FILES---

(none found)

==================================

=EOF=

INFO.TXT do RSIT

info.txt logfile of random's system information tool 1.05 2008-12-24 14:53:25

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A81200000003}

ADPHONE3-->MsiExec.exe /I{DBB7664B-6BAD-43F9-95E8-3D3E4E3FE9C4}

ADPHONE3Upgrade-->MsiExec.exe /I{22B37FDE-A8DC-4F81-80F5-71809A6B9E64}

AI Suite-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9

Assistente de Conexão do Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

ASUS Probe V2.25.02-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu"

Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1

Atualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Atualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Atualização de Segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Atualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Atualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}

Call of Duty® - World at War-->C:\Arquivos de programas\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409

DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}

Double Vibration Controller 3-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{E22F239F-953C-4C6C-8CAC-2CE1C26CCB2D}\Setup.exe" -l0x9

DVD Solution-->"C:\Arquivos de programas\Uninstall_CDS.exe"

eMule Plus 1.2d-->"C:\Arquivos de programas\eMule\unins000.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

HijackThis 2.0.2-->"C:\Arquivos de programas\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix para Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

iolo technologies' System Mechanic-->"C:\Arquivos de programas\iolo\System Mechanic\unins000.exe"

IRPF2008 Windows - Declaração de Ajuste Anual-->C:\ARQUIV~1\PROGRA~1\IRPF20~1\UNWISE.EXE C:\ARQUIV~1\PROGRA~1\IRPF20~1\INSTALL.LOG

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

JMB36X Raid Configurer-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly

LimeWire 4.16.6-->"C:\Arquivos de programas\LimeWire\uninstall.exe"

LiveUpdate BVRP Software-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x816

Malwarebytes' Anti-Malware-->"C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe"

Medal of Honor Pacific Assault-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly

Messenger Plus! Live-->"C:\Arquivos de programas\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edição 2003-->MsiExec.exe /I{90110416-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

mobile PhoneTools-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x816

Mozilla Firefox (3.0.4)-->C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Need for Speed™ Most Wanted-->C:\Arquivos de programas\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe

Nero OEM-->C:\Arquivos de programas\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Panda Internet Security 2008-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{EEBA9416-3207-47E0-9022-116440599DBC}\SETUP.exe" -l0x816 -removeonly

PC Probe II-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9

PowerDVD-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

Realtek High Definition Audio Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x416 -removeonly

Samsung SCX-4200 Series-->C:\Arquivos de programas\SAMSUNG\Samsung SCX-4200 Series\Install\Setup.exe /R

Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

SimCity™ Societies-->MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}

SmarThru 4-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x416 uninstall -l0416

Spybot - Search & Destroy-->"C:\Arquivos de programas\Spybot - Search & Destroy\unins000.exe"

System Requirements Lab-->C:\Arquivos de programas\SystemRequirementsLab\Uninstall.exe

USB PC Camera Driver-->RunDll32 C:\ARQUIV~1\ARQUIV~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Arquivos de programas\InstallShield Installation Information\{6FCB49E0-C0FF-11D7-A015-00055DF4E7AC}\setup.exe" -l0x416

Windows Live installer-->MsiExec.exe /X{3A417047-2E30-4D05-8977-F706D40BFF39}

Windows Live Messenger-->MsiExec.exe /X{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}

Windows Media Format 11 runtime-->"C:\Arquivos de programas\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Arquivos de programas\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Arquivos de programas\WinRAR\uninstall.exe

XP Codec Pack-->C:\Arquivos de programas\XP Codec Pack\Uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Panda Internet Security 2008 (disabled) (outdated)

FW: Panda Internet Security 2008 (disabled)

System event log

Computer Name: CASA

Event Code: 7036

Message: O serviço IMAPI CD-Burning COM Service entrou no estado executando.

Record Number: 30993

Source Name: Service Control Manager

Time Written: 20081129104119.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 7035

Message: O serviço IMAPI CD-Burning COM Service recebeu com êxito um controle Iniciar.

Record Number: 30992

Source Name: Service Control Manager

Time Written: 20081129104119.000000-120

Event Type: Informações

User: AUTORIDADE NT\SYSTEM

Computer Name: CASA

Event Code: 7036

Message: O serviço Serviço de descoberta SSDP entrou no estado executando.

Record Number: 30991

Source Name: Service Control Manager

Time Written: 20081129104118.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 7036

Message: O serviço Gerenciador de conexão de acesso remoto entrou no estado executando.

Record Number: 30990

Source Name: Service Control Manager

Time Written: 20081129104118.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 7036

Message: O serviço Reconhecimento de local da rede (NLA) entrou no estado executando.

Record Number: 30989

Source Name: Service Control Manager

Time Written: 20081129104118.000000-120

Event Type: Informações

User:

Application event log

Computer Name: CASA

Event Code: 4000

Message: The Panda Anti-virus Service has started successfully.

Record Number: 5

Source Name: Sentinel

Time Written: 20081202130812.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

Record Number: 4

Source Name: SecurityCenter

Time Written: 20081202130811.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 1002

Message: O shell parou repentinamente e Explorer.exe foi reiniciado.

Record Number: 3

Source Name: Winlogon

Time Written: 20081202130653.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 4000

Message: The Panda Anti-virus Service has started successfully.

Record Number: 2

Source Name: Sentinel

Time Written: 20081202130346.000000-120

Event Type: Informações

User:

Computer Name: CASA

Event Code: 1800

Message: O Serviço da Central de Segurança do Windows foi iniciado.

Record Number: 1

Source Name: SecurityCenter

Time Written: 20081202130343.000000-120

Event Type: Informações

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Arquivos de programas\Panda Security\Panda Internet Security 2008;C:\Arquivos de programas\Arquivos comuns\Autodesk Shared;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

LOG do RSIT

Logfile of random's system information tool 1.05 (written by random/random)

Run by Leandro at 2008-12-24 14:53:21

Microsoft Windows XP Professional Service Pack 3

System drive C: has 123 GB (77%) free of 160 GB

Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:53, on 2008-12-24

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

C:\WINDOWS\system32\PnkBstrA.exe

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Leandro\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Leandro.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKLM\..\Run: [C:\Arquivos de programas\ddtabases\ddt1.exe] "C:\Arquivos de programas\\ddtabases\ddt1.exe"

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--

End of file - 8483 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Facilitador de Leitor de Link Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Auxiliar de Conexão do Windows Live - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540003}]

GbIehObj Class - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"APVXDWIN"=C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE [2007-07-23 406832]

"SCANINICIO"=C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe [2007-07-11 27952]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 1953792]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]

"DAEMON Tools-1033"=C:\Arquivos de programas\D-Tools\daemon.exe [2004-08-22 81920]

"tppoll"=C:\Program Files\Topro\tppoll.exe []

"C:\Arquivos de programas\ddtabases\ddt1.exe"=C:\Arquivos de programas\\ddtabases\ddt1.exe []

"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-03-03 536576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Arquivos de programas\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

AutoCAD Startup Accelerator.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginBb]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ GbPluginCef]

C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]

C:\WINDOWS\system32\avldr.dll [2007-02-15 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll [2008-09-01 374856]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"=C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll [2008-09-01 384840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Messenger\msmsgs.exe"="C:\Arquivos de programas\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Arquivos de programas\LimeWire\LimeWire.exe"="C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Arquivos de programas\Joost\xulrunner\tvprunner.exe"="C:\Arquivos de programas\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"

"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"

"C:\Arquivos de programas\River Past\Wave@MP3\WaveAtMp3.exe"="C:\Arquivos de programas\River Past\Wave@MP3\WaveAtMp3.exe:*:Enabled:River Past Wave@MP3"

"C:\Arquivos de programas\Megacubo\megacubo.exe"="C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War"

"C:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Arquivos de programas\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe"="C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c803946-9a8a-11dc-8774-0013712ea2e1}]

shell\Auto\command - MicrosoftPowerPoint.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f286ffb-af4c-11dc-87c5-0013712ea2e1}]

shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f286ffc-af4c-11dc-87c5-0013712ea2e1}]

shell\Auto\command - Ghost.pif

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37ddae2-99ac-11dc-8760-9fe45dacaf3a}]

shell\AutoRun\command - F:\LaunchU3.exe

======File associations======

.scr - open - NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2008-12-24 14:48:05 ----A---- C:\DirLook.txt

2008-12-19 20:10:48 ----D---- C:\ComboFix

2008-12-19 20:10:47 ----A---- C:\WINDOWS\system32\CF12122.exe

2008-12-19 20:03:33 ----A---- C:\WINDOWS\system32\CF10704.exe

2008-12-15 00:14:16 ----D---- C:\Arquivos de programas\Google

2008-12-14 06:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-14 06:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-14 06:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-14 06:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-13 21:13:02 ----D---- C:\HostsXpert

2008-12-08 20:28:24 ----D---- C:\WINDOWS\system32\VirtualExpander

2008-12-06 16:45:28 ----D---- C:\WINDOWS\Samsung

2008-12-06 16:44:01 ----D---- C:\Arquivos de programas\SAMSUNG

2008-12-06 16:28:58 ----D---- C:\Documents and Settings\Leandro\Dados de aplicativos\SmarThru4

2008-12-06 16:28:46 ----N---- C:\WINDOWS\system32\SecSNMP.dll

2008-12-06 16:28:29 ----A---- C:\WINDOWS\system32\LTRPR13n.DLL

2008-12-06 16:28:29 ----A---- C:\WINDOWS\system32\LTRIO13N.DLL

2008-12-06 16:28:29 ----A---- C:\WINDOWS\system32\LTR13N.DLL

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lttwn13n.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lftif13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfpsd13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\LFPNM13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\Lfpng13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfpcx13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfpcd13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfmsp13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfjbg13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\LFJ2K13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfitg13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfitg13n.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfimg13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfimg13n.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfiff13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfiff13n.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lffax13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lffax13n.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfeps13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\LFCMP13s.DLL

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfclp13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfbmp13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfavi13s.dll

2008-12-06 16:28:28 ----A---- C:\WINDOWS\system32\lfani13s.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\PCDLIB32.DLL

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\LTTLB13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\Ltpnt13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\ltpdg13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\LTOCR13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\ltefx13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\LTCLR13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\ltbar13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\Lfpng13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\lfpcx13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\lfpcd13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\LFJ2K13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\lfeps13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\lfclp13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\lfavi13n.dll

2008-12-06 16:28:27 ----A---- C:\WINDOWS\system32\lfani13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\lttmb13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\ltlst13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\ltkrn13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\ltimg13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\ltdlg13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\LTDIS13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\lftif13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\lfpsd13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\LFPNM13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\lfmsp13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\lfjbg13n.dll

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\LFCMP13n.DLL

2008-12-06 16:28:26 ----A---- C:\WINDOWS\system32\lfbmp13n.dll

2008-12-06 16:28:25 ----A---- C:\WINDOWS\system32\msxml4r.dll

2008-12-06 16:28:25 ----A---- C:\WINDOWS\system32\Mfcoleui.dll

2008-12-06 16:28:25 ----A---- C:\WINDOWS\system32\Ltwvc13n.dll

2008-12-06 16:28:25 ----A---- C:\WINDOWS\system32\ltfil13n.DLL

2008-12-06 16:28:24 ----D---- C:\Arquivos de programas\Arquivos comuns\SRC Shared

2008-12-06 16:26:51 ----D---- C:\Arquivos de programas\SmarThru 4

2008-12-06 16:26:20 ----A---- C:\WINDOWS\ssndii.exe

2008-12-06 16:24:54 ----A---- C:\WINDOWS\system32\SUGE1LMK.DLL

2008-12-06 16:24:53 ----A---- C:\WINDOWS\system32\SUGE1CI.exe

2008-12-06 16:24:53 ----A---- C:\WINDOWS\system32\SUGE1CI.dll

2008-12-06 16:23:30 ----RA---- C:\WINDOWS\WiaInst.exe

2008-12-06 16:23:29 ----RA---- C:\WINDOWS\system32\WIASTIIO.dll

2008-12-06 16:23:29 ----RA---- C:\WINDOWS\system32\WIAIPH.dll

2008-12-06 16:23:29 ----RA---- C:\WINDOWS\system32\Ssusbpn.dll

2008-12-06 16:23:29 ----RA---- C:\WINDOWS\system32\Ssuiext.dll

2008-12-06 16:23:29 ----RA---- C:\WINDOWS\system32\Ssdevm.dll

2008-12-06 16:23:28 ----RA---- C:\WINDOWS\system32\WIAEH.dll

2008-12-06 16:23:28 ----RA---- C:\WINDOWS\system32\Sswiadrv.dll

2008-12-05 18:22:34 ----A---- C:\WINDOWS\system32\CF5805.exe

2008-12-05 17:57:58 ----D---- C:\Documents and Settings\Leandro\Dados de aplicativos\Malwarebytes

2008-12-05 17:57:54 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

2008-12-05 17:57:54 ----D---- C:\Arquivos de programas\Malwarebytes' Anti-Malware

2008-12-04 01:34:58 ----A---- C:\WINDOWS\system32\CF17752.exe

2008-12-04 01:29:13 ----A---- C:\WINDOWS\system32\CF16625.exe

2008-12-04 01:23:21 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-04 01:19:14 ----HD---- C:\WINDOWS\PIF

2008-12-02 13:18:55 ----A---- C:\WINDOWS\system32\CF17372.exe

2008-12-02 13:06:24 ----A---- C:\WINDOWS\system32\CF14919.exe

2008-12-02 13:03:24 ----D---- C:\WINDOWS\Minidump

2008-12-02 12:59:25 ----A---- C:\Boot.bak

2008-12-02 12:59:18 ----RASHD---- C:\cmdcons

2008-12-02 12:58:35 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-02 12:58:31 ----A---- C:\WINDOWS\system32\CF13378.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\zip.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\VFIND.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\SWSC.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\SWREG.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\sed.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\grep.exe

2008-12-02 12:46:02 ----A---- C:\WINDOWS\fdsv.exe

2008-12-02 12:37:24 ----A---- C:\WINDOWS\system32\CF9234.exe

2008-12-02 12:31:57 ----D---- C:\WINDOWS\ERDNT

2008-12-02 12:31:57 ----D---- C:\Qoobox

2008-11-28 00:48:37 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2008-11-28 00:48:37 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2008-11-28 00:48:36 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2008-11-28 00:48:36 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2008-11-28 00:48:36 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2008-11-28 00:48:35 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2008-11-28 00:48:35 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2008-11-28 00:48:35 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2008-11-28 00:48:34 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2008-11-28 00:48:34 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2008-11-28 00:48:33 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2008-11-28 00:48:33 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2008-11-28 00:48:33 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2008-11-28 00:48:32 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2008-11-28 00:48:31 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2008-11-28 00:48:31 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2008-11-28 00:48:31 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2008-11-28 00:48:30 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2008-11-28 00:48:30 ----A---- C:\WINDOWS\system32\d3dx9_35.dll

2008-11-28 00:48:30 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2008-11-28 00:48:30 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2008-11-28 00:48:29 ----A---- C:\WINDOWS\system32\xactengine2_8.dll

2008-11-28 00:48:29 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll

2008-11-28 00:48:29 ----A---- C:\WINDOWS\system32\d3dx10_34.dll

2008-11-28 00:48:29 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll

2008-11-28 00:48:28 ----A---- C:\WINDOWS\system32\d3dx9_34.dll

2008-11-28 00:47:52 ----D---- C:\WINDOWS\Logs

2008-11-28 00:46:35 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2008-11-28 00:46:34 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2008-11-28 00:46:33 ----A---- C:\WINDOWS\system32\pbsvc.exe

2008-11-28 00:35:50 ----D---- C:\Arquivos de programas\Activision

2008-11-27 22:21:15 ----D---- C:\Arquivos de programas\SystemRequirementsLab

2008-11-24 19:22:40 ----D---- C:\rsit

2008-11-24 19:22:40 ----D---- C:\Arquivos de programas\trend micro

2008-11-24 19:02:32 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-24 19:02:32 ----A---- C:\WINDOWS\gmer.ini

2008-11-24 19:02:32 ----A---- C:\WINDOWS\gmer.exe

2008-11-24 19:02:32 ----A---- C:\WINDOWS\gmer.dll

2008-11-23 18:26:46 ----D---- C:\!KillBox

2008-11-23 16:49:47 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Software

2008-11-23 15:45:01 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Lavasoft

2008-11-23 15:45:01 ----D---- C:\Arquivos de programas\Lavasoft

2008-11-23 15:43:51 ----D---- C:\Arquivos de programas\Arquivos comuns\Wise Installation Wizard

2008-11-23 14:37:30 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

2008-11-23 14:37:30 ----D---- C:\Arquivos de programas\Spybot - Search & Destroy

2008-11-22 10:52:41 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2008-11-21 20:05:17 ----D---- C:\Arquivos de programas\Messenger Plus! Live

2008-11-21 20:01:04 ----A---- C:\MsgPlusLive-479.exe

2008-11-18 00:05:18 ----D---- C:\ddtabases

2008-11-16 23:26:21 ----D---- C:\Arquivos de programas\ddtabases

2008-11-14 22:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-14 22:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-14 22:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-10-27 13:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-18 13:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-18 13:20:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-18 13:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-18 13:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-18 13:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-24 14:50:57 ----D---- C:\WINDOWS\system32\drivers

2008-12-24 14:50:29 ----D---- C:\WINDOWS\Temp

2008-12-24 14:50:20 ----D---- C:\Arquivos de programas\Mozilla Firefox

2008-12-24 14:39:50 ----D---- C:\WINDOWS

2008-12-24 14:39:10 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-24 14:38:56 ----D---- C:\WINDOWS\system32

2008-12-24 13:59:46 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-24 11:19:03 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-12-21 23:16:40 ----SHD---- C:\WINDOWS\Installer

2008-12-21 23:16:40 ----SHD---- C:\Config.Msi

2008-12-21 17:37:54 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #2.txt

2008-12-20 16:00:40 ----D---- C:\WINDOWS\Prefetch

2008-12-20 16:00:36 ----D---- C:\WINDOWS\network diagnostic

2008-12-19 19:58:27 ----HD---- C:\WINDOWS\inf

2008-12-19 19:58:24 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-19 19:57:07 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-15 00:14:16 ----D---- C:\Arquivos de programas

2008-12-14 06:42:36 ----A---- C:\WINDOWS\imsins.BAK

2008-12-14 06:42:29 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-14 06:42:24 ----D---- C:\Arquivos de programas\Internet Explorer

2008-12-13 04:37:59 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-09 21:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-07 23:00:07 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-07 20:20:23 ----D---- C:\WINDOWS\WinSxS

2008-12-06 16:44:07 ----D---- C:\WINDOWS\twain_32

2008-12-06 16:28:24 ----D---- C:\Arquivos de programas\Arquivos comuns

2008-12-06 16:27:09 ----HD---- C:\Arquivos de programas\InstallShield Installation Information

2008-12-06 10:52:39 ----D---- C:\Arquivos de programas\GbPlugin

2008-12-05 22:42:41 ----RASH---- C:\boot.ini

2008-12-05 22:42:41 ----A---- C:\WINDOWS\win.ini

2008-12-05 22:42:41 ----A---- C:\WINDOWS\system.ini

2008-12-05 22:42:40 ----D---- C:\WINDOWS\pss

2008-12-04 20:16:26 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt

2008-12-01 21:50:13 ----D---- C:\Documents and Settings\Leandro\Dados de aplicativos\ADPHONE

2008-12-01 21:49:22 ----D---- C:\Arquivos de programas\ADPHONE3

2008-11-28 00:48:21 ----RSD---- C:\WINDOWS\assembly

2008-11-28 00:47:52 ----D---- C:\WINDOWS\system32\DirectX

2008-11-28 00:46:33 ----D---- C:\WINDOWS\system32\LogFiles

2008-11-24 23:41:24 ----D---- C:\WINDOWS\system32\config

2008-11-23 17:17:24 ----D---- C:\Arquivos de programas\NCH Swift Sound

2008-11-23 17:05:58 ----D---- C:\Arquivos de programas\NCH Software

2008-11-23 16:54:59 ----D---- C:\Documents and Settings\Leandro\Dados de aplicativos\NCH Swift Sound

2008-11-23 16:49:59 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

2008-11-23 16:44:35 ----D---- C:\Arquivos de programas\Arquivos comuns\Autodesk Shared

2008-11-23 16:43:01 ----D---- C:\Documents and Settings\Leandro\Dados de aplicativos\Megacubo

2008-11-04 17:21:29 ----D---- C:\WINDOWS\Help

2008-10-27 23:34:30 ----D---- C:\Arquivos de programas\Microsoft Silverlight

2008-10-23 10:37:45 ----A---- C:\WINDOWS\system32\gdi32.dll

2008-10-23 08:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe

2008-10-19 19:27:16 ----D---- C:\Documents and Settings\Leandro\Dados de aplicativos\LimeWire

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\wininet.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\webcheck.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\urlmon.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\url.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\pngfilt.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\occache.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\mstime.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\msrating.dll

2008-10-16 18:23:07 ----A---- C:\WINDOWS\system32\mshtmled.dll

2008-10-16 18:23:06 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2008-10-16 18:23:06 ----A---- C:\WINDOWS\system32\msfeeds.dll

2008-10-16 18:23:06 ----A---- C:\WINDOWS\system32\jsproxy.dll

2008-10-16 18:23:06 ----A---- C:\WINDOWS\system32\iertutil.dll

2008-10-16 18:23:06 ----A---- C:\WINDOWS\system32\iernonce.dll

2008-10-16 18:23:06 ----A---- C:\WINDOWS\system32\ieframe.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\iedkcs32.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\ieapfltr.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\ieaksie.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\ieakeng.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\icardie.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\extmgr.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\dxtrans.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\dxtmsft.dll

2008-10-16 18:23:05 ----A---- C:\WINDOWS\system32\advpack.dll

2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll

2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll

2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll

2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe

2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll

2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui

2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll

2008-10-16 14:08:12 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

2008-10-16 14:07:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll

2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll

2008-10-16 14:06:34 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2008-10-16 11:15:01 ----A---- C:\WINDOWS\system32\ie4uinit.exe

2008-10-16 11:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe

2008-10-15 14:36:42 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-15 05:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll

2008-10-12 01:00:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-05 23:38:48 ----A---- C:\WINDOWS\NeroDigital.ini

2008-10-03 08:04:17 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]

R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []

R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []

R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []

R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40448]

R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []

R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]

R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []

R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []

R1 WS2IFSL;Ambiente de suporte a provedores de serviços não-IFS do Windows Socket 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-28 12032]

R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 24760]

R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-06-06 83640]

R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []

R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []

R3 DCamUSBIntel;USB Video Camera; C:\WINDOWS\System32\Drivers\TP6800.sys [2007-08-30 211660]

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-05 12288]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 142128]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]

R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []

S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []

S3 Arp1394;Protocolo cliente 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-24 85969]

S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []

S3 MSTEE;Conversor em T entre locais de fluxo contínuo Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-11-23 27136]

S3 NdisIP;Conexão de TV e vídeo da Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Driver de rede 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]

R2 ioloFileInfoList;iolo FileInfoList Service; C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328]

R2 ioloSystemService;iolo System Service; C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe [2008-08-15 596328]

R2 MDM;Machine Debug Manager; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]

R2 Panda Software Controller;Panda Software Controller; C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe [2007-07-12 169264]

R2 PAVFNSVR;Panda Function Service; C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe [2007-07-12 173360]

R2 PavPrSrv;Panda Process Protection Service; C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]

R2 PAVSRV;Panda anti-virus service; C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe [2007-07-16 148272]

R2 pmshellsrv;Panda Antispam Engine; C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe [2007-01-15 67120]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-28 66872]

R2 PSHost;Panda Host Service; c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE [2007-04-04 226864]

R2 PSIMSVC;Panda IManager Service; C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe [2007-05-24 108592]

R2 TPSrv;Panda TPSrv; C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe [2007-07-02 404784]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe [2008-02-15 77944]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 IDriverT;InstallDriver Table Manager; C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2004-09-19 89136]

S3 usnjsvc;Serviço de Compartilhamento de Pastas Messenger do USN Journal Reader; C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Arquivos de programas\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe [2006-11-03 914944]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

Etapa nº 1 #

Rode o HijackThis , clique em Do a system scan only e marque as que encontrar da lista abaixo:

O4 - HKLM\..\Run: [C:\Arquivos de programas\ddtabases\ddt1.exe] "C:\Arquivos de programas\\ddtabases\ddt1.exe"

Depois de marcar estas entradas, feche todas as janelas e clique em ht-fix.png

Etapa nº 2 #

Utilizando o Windows Explorer, procure e elimine as seguintes Pastas:

Obs: Caso não encontre algum dos arquivo(s) ou pasta(s), prossiga com as restantes instruções.

C:\ ddtabases <-a PASTA

c:\arquivos de programas\ ddtabases <-a PASTA

Etapa nº 3 #

São dois arquivos:

0) Copiar (ctrl + c) e colar (ctrl + v) o conteúdo abaixo num bloco de notas... Depois ir em salvar como, em salvar como tipo escolher Todos os arquivos e salve no Desktop com o nome:

Primeiro arquivo: FixSCR.reg e reserve o arquivo.

Segundo arquivo: FixMP.reg e reserve o arquivo.

Note, seus arquivos devem apresentar este aspecto regfile.gif

ARQUIVO Nº 1

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.scr]
@="scrfile"

[HKEY_CLASSES_ROOT\.scr\OpenWithList]

[HKEY_CLASSES_ROOT\.scr\OpenWithList\devenv.exe]
@=""

[HKEY_CLASSES_ROOT\scrfile]
@="Screen Saver"

[HKEY_CLASSES_ROOT\scrfile\shell]

[HKEY_CLASSES_ROOT\scrfile\shell\config]
@="C&onfigure"

[HKEY_CLASSES_ROOT\scrfile\shell\config\command]
@="\"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\install]
@="&Install"

[HKEY_CLASSES_ROOT\scrfile\shell\install\command]
@="rundll32.exe desk.cpl,InstallScreenSaver %l"

[HKEY_CLASSES_ROOT\scrfile\shell\open]
@="T&est"

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\scrfile\shellex]

[HKEY_CLASSES_ROOT\scrfile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"

ARQUIVO Nº 2

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c803946-9a8a-11dc-8774-0013712ea2e1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f286ffb-af4c-11dc-87c5-0013712ea2e1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f286ffc-af4c-11dc-87c5-0013712ea2e1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d37ddae2-99ac-11dc-8760-9fe45dacaf3a}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C:\Arquivos de programas\ddtabases\ddt1.exe"=-

Etapa nº 4 #

Por questão de segurança sugiro que faça um backup do Registro:

iniciar > executar > digite regedit, selecionar meu computador no alto vá arquivo > exportar. Abrirá uma janela cujo título é Exportar arquivo do Registro; no fim dela verá um subtitulo Intervalo de Exportação, deixe a opção Tudo selecionada. Escolha um lugar e salve com um nome que você identifique caso precise!

>>> Reinicie em Modo de Seguro (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Etapa nº 5 #

Clique duas vezes no arquivo criado FixSCR.reg e responda sim a pergunta. Depois faça o mesmo com FixMP.reg Reinicie o computador em Modo Normal.

Etapa nº 6 #

Faça um novo log com o Hijackthis e poste aqui!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Diego_moicano,

Após realizar todos os passos solicitados aqui está o log solicitado.

Aguardo análise.

Abração e boas festas.

LOG HIJACKTHIS

Logfile of HijackThis v1.99.1

Scan saved at 20:28, on 27/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\DOCUME~1\Leandro\CONFIG~1\Temp\Rar$EX00.985\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O4 - HKLM\..\Run: [APVXDWIN] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tppoll] C:\Program Files\Topro\tppoll.exe

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\acstart16.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Arquivos de programas\iolo\common\lib\ioloServiceManager.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Arquivos de programas\Arquivos comuns\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\arquivos de programas\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Arquivos de programas\Panda Security\Panda Internet Security 2008\TPSrv.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro mutabh

O seu programa HijackThis está sendo executado a partir duma localização não recomendável e assim os backups que fizermos não estarão seguros:

  • Clique com o botão direito do mouse numa área vazia do seu desktop (área de trabalho).
  • Escolha Nova -> Pasta -> escreva HJT e dê o Enter.
  • Agora clique direito do mouse em HijackThis.exe, escolha -> recortar
  • Clique direito do mouse numa área vazia e escolha colar.
  • Agora, clique direito do mouse pasta HJT e escolha -> recortar.
  • Clique em -> Iniciar -> O Meu Computador -> clique direito do mouse em -> Disco Local (normalmente C:\) -> Explorar.
  • Clique direito do mouse numa área vazia e escolha colar.

>>>> Faça um novo log com o Hijackthis e post aqui.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×