[Resolvido] firefox não abre

Segue log para analise, mozila firefox toda vez que reinstala, o arquivo xul.dll desaparece, e o internet explorer não fecha as janelas somente com uso das teclas Ctrl+Alt+Del.


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:43:37, on 2/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:














C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe


C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe


C:\Arquivos de programas\System Control Manager\MSIService.exe


C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe


C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\\Agent\mcagent.exe

C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe


C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe



C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe


C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\Documents and Settings\Sidnei\Meus documentos\HiJackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: (no name) - {0b876028-b388-4f6d-922f-f52faec8535f} - (no file)

R3 - URLSearchHook: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Softonic_Brasil - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: Windows Media Player Sharing Plugin - {4DD86128-4660-4BBD-8C5D-FF0AE218414A} - C:\ProgramData\Windows\nporbit.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\ScriptSn.20110412073317.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: TwebstBHO Class - {F533E300-85E2-46FA-9CD9-5358BF11EE42} - C:\ProgramData\Codecentrix\Twebst\TwebstBHO.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Softonic_Brasil Toolbar - {12fc3d37-2a42-4fe3-8489-81296878cba5} - C:\Arquivos de programas\Softonic_Brasil\prxtbSof0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Arquivos de programas\\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [iPO3] "C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Internet Explorer.lnk = C:\Arquivos de programas\Internet Explorer\iexplore.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe


O15 - Trusted Zone:

O15 - Trusted Zone:

O15 - Trusted Zone:

O15 - Trusted Zone:

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Serviço Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: Micro Star SCM - Unknown owner - C:\Arquivos de programas\System Control Manager\MSIService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe



End of file - 12081 bytes

Olá Manain


*Baixe novamente o Firefox


*Instale novamente o Firefox

*Normalmente a pasta de destino é C:\Arquivos de programas\Mozilla Firefox

*Mude o destino para C:\Arquivos de programas\Firefox

Quanto ao firefox ok deu certo. Mas com relação as janelas abertas com do internet explorer ou windows explorer não fecham no X somente com a combinação das teclas Ctrl+Alt+Del.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado


Caso já tenhas o Malwarebytes instalado....


*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [x] Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Segue anexo log



Malwarebytes' Anti-Malware


Versão da Base de Dados: 6534


Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702


9/5/2011 01:27:30

mbam-log-2011-05-09 (01-27-30).txt


Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 193081

Tempo decorrido: 1 hora(s), 56 minuto(s), 40 segundo(s)


Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0


Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)


Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)


Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)


Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)


Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)


Pastas Infectadas:

(Não foram detectados ítens maliciosos)


Arquivos Infectados:

(Não foram detectados ítens maliciosos)

*Faça um scan online com o NOD32




*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log



*Baixe o DDS e salve-o no desktop

*Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt

Não Localizei o Log do Eset Online Scanner, embora foi removido 02 itens.






Segue relatorio DDS.txt


DDS (Ver_11-03-05.01) - NTFSx86

Run by Sidnei at 5:12:59,85 on qui 12/05/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1013.395 [GMT -3:00]


AV: McAfee Anti-Virus e Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: Norton AntiVirus *Enabled*

FW: McAfee Firewall *Enabled*


============== Running Processes ===============



C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService


C:\WINDOWS\system32\svchost.exe -k LocalService


C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe


C:\Arquivos de programas\System Control Manager\MSIService.exe


C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe



C:\Arquivos de programas\LG Software\IP Operator\IP Operator.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe


C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe


C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Arquivos de programas\ Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\ Firefox\plugin-container.exe

C:\Arquivos de programas\\Agent\mcagent.exe

C:\Documents and Settings\Sidnei\Meus documentos\Downloads\dds.scr



============== Pseudo HJT Report ===============


uWindow Title =

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

uURLSearchHooks: H - No File

uURLSearchHooks: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\prxtbSof0.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\prxtbSof0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: ssh2 Class: {2e3c3651-b19c-4dd9-a979-901ec3e930af} - c:\arquivos de programas\scpad\scpsssh2.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Windows Media Player Sharing Plugin: {4dd86128-4660-4bbd-8c5d-ff0ae218414a} - c:\programdata\windows\nporbit.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\arquivos de programas\arquivos comuns\mcafee\systemcore\ScriptSn.20110506010240.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - c:\arquivos de programas\gbplugin\gbieh.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\arquiv~1\freedo~1\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: TwebstBHO Class: {f533e300-85e2-46fa-9cd9-5358bf11ee42} - c:\programdata\codecentrix\twebst\TwebstBHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\arquiv~1\mcafee\sitead~1\mcieplg.dll

TB: Softonic_Brasil Toolbar: {12fc3d37-2a42-4fe3-8489-81296878cba5} - c:\arquivos de programas\softonic_brasil\prxtbSof0.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {0B876028-B388-4F6D-922F-F52FAEC8535F} - No File

uRun: [msnmsgr] "c:\arquivos de programas\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HP Software Update] c:\arquivos de programas\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [mcui_exe] "c:\arquivos de programas\\agent\mcagent.exe" /runkey

mRun: [iPO3] "c:\arquivos de programas\lg software\ip operator\IP Operator.exe" -aUtOsTaRtFrOmReG

mRun: [TkBellExe] "c:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\sidnei\menuin~1\progra~1\inicia~1\intern~1.lnk - c:\arquivos de programas\internet explorer\iexplore.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\blueto~1.lnk - c:\arquivos de programas\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\hpdigi~1.lnk - c:\arquivos de programas\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\free download manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\free download manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\free download manager\dlselected.htm

IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

Trusted Zone:\www

Trusted Zone:\www14

Trusted Zone:\www2

Trusted Zone:\www

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://


DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\arquiv~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginBb - c:\arquivos de programas\gbplugin\gbieh.dll

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehCef.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - c:\arquivos de programas\scpad\scpLIB.dll

STS: compIB Class: {a3717295-941d-416f-9384-ed1736729f1c} - c:\arquivos de programas\scpad\scpLIB.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - c:\arquivos de programas\gbplugin\gbieh.dll


================= FIREFOX ===================


FF - ProfilePath - c:\docume~1\sidnei\dadosd~1\mozilla\firefox\profiles\tl6dfs6i.default\

FF - plugin: c:\arquivos de programas\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\sidnei\configuraã§ãµes locais\dados de aplicativos\google\update\\npGoogleOneClick8.dll


============= SERVICES / DRIVERS ===============


R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-11-1 46600]

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 386840]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-18 84072]

R2 GbpSv;Gbp Service;c:\arquiv~1\gbplugin\GbpSv.exe [2010-11-1 56712]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\mcafee\siteadvisor\McSACore.exe [2010-3-16 88176]

R2 McMPFSvc;McAfee Serviço Personal Firewall;"c:\arquivos de programas\arquivos comuns\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-18 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\arquivos de programas\arquivos comuns\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-18 271480]

R2 McProxy;McAfee Proxy Service;"c:\arquivos de programas\arquivos comuns\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-11-18 271480]

R2 McShield;McShield;c:\arquivos de programas\arquivos comuns\mcafee\systemcore\mcshield.exe [2010-11-18 171168]

R2 mfefire;McAfee Firewall Core Service;c:\arquivos de programas\arquivos comuns\mcafee\systemcore\mfefire.exe [2010-11-18 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-18 141792]

R2 Micro Star SCM;Micro Star SCM;c:\arquivos de programas\system control manager\MSIService.exe [2008-9-18 159744]

R2 SRS_PostInstaller;SRS PostInstaller Service;c:\arquivos de programas\srs labs\wowhd and tsxt driver\SRS_PostInstaller.exe [2008-9-5 69632]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-18 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-16 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-16 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-18 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-18 88544]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-9-18 156160]

R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [2008-9-5 22528]

S2 gupdate;Google Update Service (gupdate);"c:\arquivos de programas\google\update\googleupdate.exe" /svc --> c:\arquivos de programas\google\update\GoogleUpdate.exe [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-18 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-18 84264]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-3-16 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-3-16 40552]

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2009-10-16 98432]


=============== Created Last 30 ================


2011-05-12 00:37:59 -------- d-----w- c:\arquivos de programas\ESET

2011-05-07 20:55:26 -------- d-----w- c:\arquivos de programas\arquivos comuns\xing shared

2011-05-07 18:15:02 -------- d-----w- c:\docume~1\sidnei\dadosd~1\Free Download Manager

2011-05-07 17:52:40 -------- d-----w- c:\docume~1\sidnei\config~1\dadosd~1\vdownloader

2011-05-06 01:24:18 -------- d-----w- c:\arquivos de programas\ Firefox

2011-04-30 17:52:45 -------- d-sha-r- C:\cmdcons

2011-04-30 17:47:07 98816 ----a-w- c:\windows\sed.exe

2011-04-30 17:47:07 89088 ----a-w- c:\windows\MBR.exe

2011-04-30 17:47:07 256512 ----a-w- c:\windows\PEV.exe

2011-04-30 17:47:07 161792 ----a-w- c:\windows\SWREG.exe

2011-04-30 17:45:21 -------- d-----w- C:\ComboFix

2011-04-22 11:13:52 -------- dc-h--w- c:\windows\ie8

2011-04-21 13:19:03 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-04-16 09:56:07 -------- d-----w- c:\docume~1\sidnei\dadosd~1\Malwarebytes

2011-04-16 09:55:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-16 09:55:33 -------- d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2011-04-16 09:55:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-16 09:55:31 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-04-12 10:33:17 24376 ----a-w- c:\arquivos de programas\mozilla firefox\components\Scriptff.dll


==================== Find3M ====================


2011-05-07 20:53:42 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36:11 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53:05 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:08:02 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:08:01 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:08:01 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43:15 385024 ------w- c:\windows\system32\html.iec

2011-02-17 12:54:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll


=================== ROOTKIT ====================


Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,

Windows 5.1.2600


CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR


Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86F4FAB8]

3 CLASSPNP[0xF7633FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F69238]

kernel: MBR read successfully

_asm { CLI ; CLD ; XOR CX, CX; MOV SS, CX; MOV SP, 0x7c00; MOV ES, CX; MOV DS, CX; MOV SI, SP; MOV DI, 0x600; MOV CH, 0x1; REP MOVSW ; STI ; JMP FAR 0x0:0x61c; }

user != kernel MBR !!!


============= FINISH: 5:23:38,50 ===============



Segue relatorio Attach.txt






DDS (Ver_11-03-05.01)


Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 14/10/2009 18:04:44

System Uptime: 11/5/2011 21:27:55 (8 hours ago)


Motherboard: LG Electronics Inc. | | X110

Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU 1 | 1600/533mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 40 GiB total, 10,263 GiB free.

D: is FIXED (NTFS) - 105 GiB total, 104,871 GiB free.


==== Disabled Device Manager Items =============


==== System Restore Points ===================


RP226: 11/2/2011 14:13:09 - Software Distribution Service 3.0

RP227: 12/2/2011 14:20:32 - Ponto de verificação do sistema

RP228: 13/2/2011 14:50:18 - Ponto de verificação do sistema

RP229: 14/2/2011 15:07:55 - Ponto de verificação do sistema

RP230: 15/2/2011 17:01:30 - Ponto de verificação do sistema

RP231: 17/2/2011 12:30:58 - Software Distribution Service 3.0

RP232: 18/2/2011 13:09:39 - Ponto de verificação do sistema

RP233: 19/2/2011 13:53:24 - Ponto de verificação do sistema

RP234: 22/2/2011 12:53:23 - Ponto de verificação do sistema

RP235: 23/2/2011 13:02:24 - Ponto de verificação do sistema

RP236: 24/2/2011 16:26:36 - Ponto de verificação do sistema

RP237: 25/2/2011 16:28:21 - Ponto de verificação do sistema

RP238: 28/2/2011 07:00:36 - Ponto de verificação do sistema

RP239: 1/3/2011 07:02:35 - Ponto de verificação do sistema

RP240: 2/3/2011 07:36:48 - Ponto de verificação do sistema

RP241: 3/3/2011 07:50:02 - Ponto de verificação do sistema

RP242: 4/3/2011 08:32:16 - Ponto de verificação do sistema

RP243: 5/3/2011 09:50:31 - Ponto de verificação do sistema

RP244: 7/3/2011 09:00:54 - Ponto de verificação do sistema

RP245: 8/3/2011 09:38:03 - Ponto de verificação do sistema

RP246: 9/3/2011 09:44:36 - Software Distribution Service 3.0

RP247: 10/3/2011 10:25:44 - Ponto de verificação do sistema

RP248: 11/3/2011 10:46:39 - Ponto de verificação do sistema

RP249: 14/3/2011 07:08:59 - Ponto de verificação do sistema

RP250: 15/3/2011 07:37:38 - Ponto de verificação do sistema

RP251: 16/3/2011 08:04:45 - Ponto de verificação do sistema

RP252: 16/3/2011 15:57:59 - Software Distribution Service 3.0

RP253: 18/3/2011 08:02:38 - Ponto de verificação do sistema

RP254: 19/3/2011 08:28:24 - Ponto de verificação do sistema

RP255: 20/3/2011 22:46:35 - Ponto de verificação do sistema

RP256: 22/3/2011 08:15:58 - Ponto de verificação do sistema

RP257: 23/3/2011 09:10:11 - Ponto de verificação do sistema

RP258: 24/3/2011 10:05:25 - Ponto de verificação do sistema

RP259: 25/3/2011 07:25:35 - Software Distribution Service 3.0

RP260: 26/3/2011 09:19:30 - Ponto de verificação do sistema

RP261: 28/3/2011 07:51:11 - Ponto de verificação do sistema

RP262: 29/3/2011 08:11:50 - Ponto de verificação do sistema

RP263: 30/3/2011 08:29:47 - Ponto de verificação do sistema

RP264: 31/3/2011 09:29:33 - Ponto de verificação do sistema

RP265: 1/4/2011 10:01:04 - Ponto de verificação do sistema

RP266: 2/4/2011 10:24:38 - Ponto de verificação do sistema

RP267: 4/4/2011 07:49:32 - Ponto de verificação do sistema

RP268: 5/4/2011 08:12:05 - Ponto de verificação do sistema

RP269: 6/4/2011 08:42:31 - Ponto de verificação do sistema

RP270: 7/4/2011 09:32:39 - Ponto de verificação do sistema

RP271: 8/4/2011 10:00:36 - Ponto de verificação do sistema

RP272: 9/4/2011 10:56:17 - Ponto de verificação do sistema

RP273: 10/4/2011 22:43:22 - Ponto de verificação do sistema

RP274: 12/4/2011 07:34:29 - Ponto de verificação do sistema

RP275: 13/4/2011 08:03:06 - Ponto de verificação do sistema

RP276: 15/4/2011 21:43:06 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

RP277: 15/4/2011 22:00:15 - Software Distribution Service 3.0

RP278: 16/4/2011 05:52:34 - Software Distribution Service 3.0

RP279: 17/4/2011 03:00:21 - Software Distribution Service 3.0

RP280: 21/4/2011 10:40:48 - Ponto de verificação do sistema

RP281: 22/4/2011 03:00:19 - Software Distribution Service 3.0

RP282: 22/4/2011 07:59:46 - Software Distribution Service 3.0

RP283: 22/4/2011 08:33:42 - Removido Nokia Internet Modem

RP284: 22/4/2011 08:37:57 - Removed Skype Toolbars

RP285: 26/4/2011 19:49:58 - Ponto de verificação do sistema

RP286: 26/4/2011 20:59:14 - Software Distribution Service 3.0

RP287: 30/4/2011 12:57:06 - Ponto de verificação do sistema

RP288: 1/5/2011 13:54:13 - Ponto de verificação do sistema

RP289: 2/5/2011 22:00:44 - Ponto de verificação do sistema

RP290: 4/5/2011 06:04:09 - Ponto de verificação do sistema

RP291: 5/5/2011 23:11:08 - Ponto de verificação do sistema

RP292: 7/5/2011 13:40:41 - Ponto de verificação do sistema

RP293: 8/5/2011 23:47:01 - Ponto de verificação do sistema

RP294: 10/5/2011 07:36:59 - Ponto de verificação do sistema

RP295: 11/5/2011 08:30:45 - Ponto de verificação do sistema

RP296: 11/5/2011 17:30:30 - Software Distribution Service 3.0


==== Installed Programs ======================


Ad-Remover par C_XX

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4 - Português

Adobe Shockwave Player 11.5

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2160329)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2296199)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2436673)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2497640)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2510581)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371-v2)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971468)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975561)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977165-v2)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978251)

Atualização de Segurança para Windows XP (KB978262)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979559)

Atualização de Segurança para Windows XP (KB979683)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980218)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização de Segurança para Windows XP (KB982802)

Atualização para Windows Internet Explorer 8 (KB2447568)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB2467659)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

Biblia Sagrada 1.0

Bluetooth Stack for Windows by Toshiba 3.0



CyberLink YouCam




EasyWorship 2009



Ferramenta de Carregamento do Windows Live

Free Download Manager 3.0

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

Hotfix para Windows XP (KB976098-v2)

Hotfix para Windows XP (KB979306)

Hotfix para Windows XP (KB981793)

HP Deskjet 3900 series

HP Imaging Device Functions 5.0

HP Software Update

HP Solution Center & Imaging Support Tools 5.0



Intel® Graphics Media Accelerator Driver

IP Operator

IRPF2008 Windows - Declaração de Ajuste Anual

Java 6 Update 17

Junk Mail filter update

K-Lite Mega Codec Pack 4.3.4

LG Intelligent Update

LG Magnifier

Malwarebytes' Anti-Malware

McAfee SecurityCenter

Messenger Plus! Live

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Mozilla Firefox 4.0.1 (x86 pt-BR)


MSXML 6.0 Parser

RealNetworks - Microsoft Visual C++ 2008 Runtime


REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Receitanet Java 2010.02

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Segoe UI

Skype™ 4.2

Softonic_Brasil Toolbar

Software Informer 1.0 BETA



Synaptics Pointing Device Driver

System Control Manager


Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

USB 2.0 Card Reader

VDownloader 1.12

WebFldrs XP


Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

WOW HD and TSXT Filter Driver

xrecode II


==== End Of File ===========================

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



*Baixe o MBR e salve-o no desktop

*Abra o bloco de notas e cole nele o código abaixo:


mbr -c 0 1 copy_mbr


*Salve-o no desktop com o nome de dump.cmd e como tipo: Todos os arquivos


*Envie o arquivo criado no desktop chamado copy_mbr para análise em

*Cole o link do resultado

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



*Baixe o MBR e salve-o no desktop

*Abra o bloco de notas e cole nele o código abaixo:


mbr -c 0 1 copy_mbr


*Salve-o no desktop com o nome de dump.cmd e como tipo: Todos os arquivos


*Envie o arquivo criado no desktop chamado copy_mbr para análise em

*Cole o link do resultado




Link do resultado da analise do copy_mbr

*Delete o MBR e o arquivo dump.cmd



*Baixe o GMER e salve-o no desktop

*Crie uma pasta chamada GMER em C:\ e extraia para lá

*Desative temporariamente o antivírus

*Feche todos os programas ativos, inclusive o seu navegador


*Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO]

Na coluna da direita, desmarque:


[] Show All

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop

*Cole o relatório

segue log




Rootkit scan 2011-05-14 23:01:55

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev.

Running: gmer.exe; Driver: C:\DOCUME~1\Sidnei\CONFIG~1\Temp\fgldapog.sys



---- System - GMER 1.0.15 ----


Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF74200E0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF74200F4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7420120]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7420176]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74200CC]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74200A4]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74200B8]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF742010A]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF742014C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7420136]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF74201A0]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF742018C]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7420160]

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject


---- Kernel code sections - GMER 1.0.15 ----


.text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP F7420164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP F742017A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP F7420190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetSecurityObject 805C062E 5 Bytes JMP F7420150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP F74200A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP F74200BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29E2 5 Bytes JMP F74201A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetValueKey 80622662 7 Bytes JMP F742013A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 80623B12 7 Bytes JMP F742010E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateKey 806240F0 5 Bytes JMP F74200E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteKey 8062458C 7 Bytes JMP F74200F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwDeleteValueKey 8062475C 7 Bytes JMP F7420124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwOpenKey 806254CE 5 Bytes JMP F74200D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)


---- User code sections - GMER 1.0.15 ----


.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FEF

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910FDE

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910014

.text C:\WINDOWS\system32\svchost.exe[136] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00950FEF

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00950F72

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00950067

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00950F8D

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00950F9E

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00950040

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00950F55

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0095009D

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00950F18

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00950F33

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009500D6

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00950FB9

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00950014

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00950082

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0095002F

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00950FDE

.text C:\WINDOWS\system32\svchost.exe[136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00950F44

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00940025

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 0094006C

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00940FD4

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00940FE5

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 0094005B

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00940000

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 00940FAF

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [9C, 88]

.text C:\WINDOWS\system32\svchost.exe[136] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00940036

.text C:\WINDOWS\system32\svchost.exe[136] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00930FA3

.text C:\WINDOWS\system32\svchost.exe[136] msvcrt.dll!system 77C093C7 5 Bytes JMP 0093002E

.text C:\WINDOWS\system32\svchost.exe[136] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 0093000C

.text C:\WINDOWS\system32\svchost.exe[136] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00930FEF

.text C:\WINDOWS\system32\svchost.exe[136] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 0093001D

.text C:\WINDOWS\system32\svchost.exe[136] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00930FD2

.text C:\WINDOWS\system32\svchost.exe[136] WS2_32.dll!socket 71A74211 5 Bytes JMP 00920FEF

.text C:\WINDOWS\system32\svchost.exe[144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C30000

.text C:\WINDOWS\system32\svchost.exe[144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C30FE5

.text C:\WINDOWS\system32\svchost.exe[144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C30011

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FE5

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F79

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F94

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60062

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60FA5

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C60036

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C60F37

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60F5E

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60F1C

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C600AB

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C600D0

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60051

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FD4

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60089

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C60025

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60014

.text C:\WINDOWS\system32\svchost.exe[144] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C6009A

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00C5002F

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00C50062

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00C50FD4

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00C50FE5

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 00C50051

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00C50000

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 00C50FB9

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [CD, 88] {INT 0x88}

.text C:\WINDOWS\system32\svchost.exe[144] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00C50040

.text C:\WINDOWS\system32\svchost.exe[144] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00C40FB2

.text C:\WINDOWS\system32\svchost.exe[144] msvcrt.dll!system 77C093C7 5 Bytes JMP 00C40FC3

.text C:\WINDOWS\system32\svchost.exe[144] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00C40029

.text C:\WINDOWS\system32\svchost.exe[144] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00C40FEF

.text C:\WINDOWS\system32\svchost.exe[144] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00C40FD4

.text C:\WINDOWS\system32\svchost.exe[144] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00C40018

.text C:\WINDOWS\system32\svchost.exe[364] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C60FEF

.text C:\WINDOWS\system32\svchost.exe[364] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C60FC3

.text C:\WINDOWS\system32\svchost.exe[364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C60FDE

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0000

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F69

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA005E

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA0043

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA0F86

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA0FA8

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA008A

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F42

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA00AF

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F16

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA0F05

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA0F97

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA0FE5

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0079

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FC3

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FD4

.text C:\WINDOWS\system32\svchost.exe[364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F31

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00C9002F

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00C9006C

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00C90FDE

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00C90FEF

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 00C9005B

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00C9000A

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 00C90FB9

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [D1, 88]

.text C:\WINDOWS\system32\svchost.exe[364] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00C90040

.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00C80F9C

.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!system 77C093C7 5 Bytes JMP 00C80FB7

.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00C8001D

.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00C80FE3

.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00C80FD2

.text C:\WINDOWS\system32\svchost.exe[364] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00C8000C

.text C:\WINDOWS\system32\svchost.exe[364] WS2_32.dll!socket 71A74211 5 Bytes JMP 00C7000A

.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BE0FE5

.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BE0FD4

.text C:\WINDOWS\system32\svchost.exe[764] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE000A

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30FEF

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30F94

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C3007F

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30FA5

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C30058

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3002C

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F55

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F66

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30F29

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C30F44

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30F18

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30047

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C3000A

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30F83

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FCA

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C3001B

.text C:\WINDOWS\system32\svchost.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C300B8

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00C20FB9

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00C20F79

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00C20FCA

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00C20FE5

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 00C20F9E

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00C20000

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyW 77F7BA55 5 Bytes JMP 00C20036

.text C:\WINDOWS\system32\svchost.exe[764] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00C20025

.text C:\WINDOWS\system32\svchost.exe[764] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00C1003A

.text C:\WINDOWS\system32\svchost.exe[764] msvcrt.dll!system 77C093C7 5 Bytes JMP 00C10029

.text C:\WINDOWS\system32\svchost.exe[764] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00C10FDE

.text C:\WINDOWS\system32\svchost.exe[764] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00C10000

.text C:\WINDOWS\system32\svchost.exe[764] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00C10FC3

.text C:\WINDOWS\system32\svchost.exe[764] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00C10FEF

.text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!InternetOpenA 3FA7D690 5 Bytes JMP 00BF0FEF

.text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!InternetOpenW 3FA7DB09 5 Bytes JMP 00BF000A

.text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!InternetOpenUrlA 3FA7F3A4 5 Bytes JMP 00BF0FD4

.text C:\WINDOWS\system32\svchost.exe[764] WININET.dll!InternetOpenUrlW 3FAC6D5F 5 Bytes JMP 00BF0FC3

.text C:\WINDOWS\system32\svchost.exe[764] WS2_32.dll!socket 71A74211 5 Bytes JMP 00C00000

.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03490FEF

.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03490025

.text C:\WINDOWS\Explorer.EXE[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03490014

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 047B0FEF

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 047B0084

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 047B0073

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 047B0FA5

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 047B0062

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 047B00C6

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 047B0F74

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 047B0117

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 047B00FC

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 047B0128

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 047B0051

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 047B0FDE

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 047B0095

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 047B002F

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 047B0014

.text C:\WINDOWS\Explorer.EXE[1004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 047B00E1

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 047A0FBC

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 047A004D

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 047A0FCD

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 047A0FDE

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 047A0F90

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 047A0FEF

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 047A0FA1

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [82, 8C]

.text C:\WINDOWS\Explorer.EXE[1004] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 047A0028

.text C:\WINDOWS\Explorer.EXE[1004] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 04790049

.text C:\WINDOWS\Explorer.EXE[1004] msvcrt.dll!system 77C093C7 5 Bytes JMP 04790FBE

.text C:\WINDOWS\Explorer.EXE[1004] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 0479001D

.text C:\WINDOWS\Explorer.EXE[1004] msvcrt.dll!_open 77C0F566 5 Bytes JMP 04790FEF

.text C:\WINDOWS\Explorer.EXE[1004] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 0479002E

.text C:\WINDOWS\Explorer.EXE[1004] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 0479000C

.text C:\WINDOWS\Explorer.EXE[1004] WININET.dll!InternetOpenA 3FA7D690 5 Bytes JMP 034A0000

.text C:\WINDOWS\Explorer.EXE[1004] WININET.dll!InternetOpenW 3FA7DB09 5 Bytes JMP 034A0FE5

.text C:\WINDOWS\Explorer.EXE[1004] WININET.dll!InternetOpenUrlA 3FA7F3A4 5 Bytes JMP 034A0FD4

.text C:\WINDOWS\Explorer.EXE[1004] WININET.dll!InternetOpenUrlW 3FAC6D5F 5 Bytes JMP 034A001B

.text C:\WINDOWS\Explorer.EXE[1004] WS2_32.dll!socket 71A74211 5 Bytes JMP 03E9000A

.text C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Arquivos de programas\Arquivos comuns\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Arquivos de programas\Arquivos comuns\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\WINDOWS\system32\winlogon.exe[1544] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 0138AE20 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[1544] kernel32.dll!FreeLibraryAndExitThread 7C80C210 5 Bytes JMP 0138ACB0 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0004000A

.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FE5

.text C:\WINDOWS\system32\services.exe[1588] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0004001B

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00970FEF

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009700AC

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00970FB7

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00970091

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00970080

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00970FD4

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00970F8B

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009700D3

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009700EE

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00970F55

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00970113

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00970065

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0097000A

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00970FA6

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00970040

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0097002F

.text C:\WINDOWS\system32\services.exe[1588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00970F70

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00070FC0

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00070F6F

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00070011

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00070FDB

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 0007002C

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00070000

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 00070F8A

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [0F, 88]

.text C:\WINDOWS\system32\services.exe[1588] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00070FA5

.text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00060044

.text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!system 77C093C7 5 Bytes JMP 00060033

.text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00060018

.text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00060FEF

.text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00060FC3

.text C:\WINDOWS\system32\services.exe[1588] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00060FDE

.text C:\WINDOWS\system32\services.exe[1588] WS2_32.dll!socket 71A74211 5 Bytes JMP 00050FEF

.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D70000

.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D70FE5

.text C:\WINDOWS\system32\lsass.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7001B

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F50000

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F83

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F50F94

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50062

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50FA5

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50047

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F50F44

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F50F55

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50F04

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F50F1F

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F500C2

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50FB6

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F50011

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F50F72

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50FDB

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F5002C

.text C:\WINDOWS\system32\lsass.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F500A7

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00DA0FD4

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00DA0073

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00DA0FE5

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00DA001B

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 00DA0062

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00DA000A

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyW 77F7BA55 5 Bytes JMP 00DA0051

.text C:\WINDOWS\system32\lsass.exe[1600] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00DA0040

.text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00D90FD4

.text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!system 77C093C7 5 Bytes JMP 00D90055

.text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00D90029

.text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00D90000

.text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00D90044

.text C:\WINDOWS\system32\lsass.exe[1600] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00D90FEF

.text C:\WINDOWS\system32\lsass.exe[1600] WS2_32.dll!socket 71A74211 5 Bytes JMP 00D80FEF

.text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F60FEF

.text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F6000A

.text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F60FCA

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0000

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA0062

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0051

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0040

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA0F83

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA001B

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA0090

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA0073

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA00C6

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0F23

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA00D7

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0F94

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0FDB

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F52

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA0FAF

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0FC0

.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA00A1

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00F90FD4

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00F90FAF

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00F9002F

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00F90FEF

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 00F9006C

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00F90000

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyW 77F7BA55 5 Bytes JMP 00F9005B

.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00F90040

.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00F80FA1

.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!system 77C093C7 5 Bytes JMP 00F8002C

.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00F8001B

.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00F80000

.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00F80FBC

.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00F80FE3

.text C:\WINDOWS\system32\svchost.exe[1808] WS2_32.dll!socket 71A74211 5 Bytes JMP 00F7000A

.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00CC0000

.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00CC0022

.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC0011

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00000

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F89

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00F9A

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D00FAB

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00FBC

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FDE

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F64

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D000AC

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D00F27

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00F38

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D000D1

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00FCD

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D0001B

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D0008F

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D00040

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FEF

.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D00F53

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 00CF002F

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 00CF0073

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 00CF0FDE

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 00CF0014

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 00CF0062

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 00CF0FEF

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyW 77F7BA55 5 Bytes JMP 00CF0051

.text C:\WINDOWS\system32\svchost.exe[1940] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 00CF0040

.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 00CE0058

.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!system 77C093C7 5 Bytes JMP 00CE003D

.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 00CE0FC3

.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_open 77C0F566 5 Bytes JMP 00CE0FEF

.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 00CE0022

.text C:\WINDOWS\system32\svchost.exe[1940] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 00CE0FDE

.text C:\WINDOWS\system32\svchost.exe[1940] WS2_32.dll!socket 71A74211 5 Bytes JMP 00CD0FEF

.text C:\WINDOWS\System32\svchost.exe[2000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02C20000

.text C:\WINDOWS\System32\svchost.exe[2000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02C2002C

.text C:\WINDOWS\System32\svchost.exe[2000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02C20011

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03D50FEF

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03D5007B

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03D5006A

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03D50059

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03D50F90

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03D50028

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03D50F29

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03D50F50

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03D50F18

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03D500B1

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03D500D6

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03D50FA1

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03D50FDE

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03D50F61

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03D50FBC

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03D50FCD

.text C:\WINDOWS\System32\svchost.exe[2000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03D5008C

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 03D40014

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 03D40F79

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 03D40FC3

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 03D40FD4

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 03D40040

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 03D40FE5

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 03D40F9E

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [DC, 8B]

.text C:\WINDOWS\System32\svchost.exe[2000] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 03D4002F

.text C:\WINDOWS\System32\svchost.exe[2000] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 03B40FB9

.text C:\WINDOWS\System32\svchost.exe[2000] msvcrt.dll!system 77C093C7 5 Bytes JMP 03B40FD4

.text C:\WINDOWS\System32\svchost.exe[2000] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 03B4003A

.text C:\WINDOWS\System32\svchost.exe[2000] msvcrt.dll!_open 77C0F566 5 Bytes JMP 03B40000

.text C:\WINDOWS\System32\svchost.exe[2000] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 03B40FE5

.text C:\WINDOWS\System32\svchost.exe[2000] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 03B4001D

.text C:\WINDOWS\System32\svchost.exe[2000] WS2_32.dll!socket 71A74211 5 Bytes JMP 02C40000

.text C:\WINDOWS\System32\svchost.exe[2000] WININET.dll!InternetOpenA 3FA7D690 5 Bytes JMP 02C30FEF

.text C:\WINDOWS\System32\svchost.exe[2000] WININET.dll!InternetOpenW 3FA7DB09 5 Bytes JMP 02C30FDE

.text C:\WINDOWS\System32\svchost.exe[2000] WININET.dll!InternetOpenUrlA 3FA7F3A4 5 Bytes JMP 02C30FCD

.text C:\WINDOWS\System32\svchost.exe[2000] WININET.dll!InternetOpenUrlW 3FAC6D5F 5 Bytes JMP 02C30FBC

.text C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe[2380] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806C8A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806C700 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806C680 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806C950 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806C780 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806C9C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806C2E0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!FindResourceExA 7C835FA8 2 Bytes JMP 2806C810 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] kernel32.dll!FindResourceExA + 3 7C835FAB 4 Bytes [83, AB, CC, CC]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] ADVAPI32.dll!CryptDeriveKey 77F69FFD 7 Bytes JMP 2806BDF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] ADVAPI32.dll!CryptDecrypt 77F6A129 7 Bytes JMP 2806BE50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28070850 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!PeekMessageW 7E36929B 2 Bytes JMP 2806E850 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!PeekMessageW + 3 7E36929E 2 Bytes [D0, A9]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes JMP 2806FDC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 2806FF10 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!LoadImageW 7E377B97 5 Bytes JMP 280705A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 2806DDE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!SetWindowRgn 7E37E528 7 Bytes JMP 2806FE60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 28070720 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28070140 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 2806EED0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 2806D550 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] ole32.dll!CoCreateInstance 774DF1AC 5 Bytes JMP 2806CFA0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] ole32.dll!CoInitializeEx 774E1473 5 Bytes JMP 2806CC20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] ole32.dll!CoRegisterClassObject 774F79C0 5 Bytes JMP 2806CD20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] WININET.dll!InternetReadFile 3FA6654B 5 Bytes JMP 280738C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] WININET.dll!InternetCloseHandle 3FA69088 5 Bytes JMP 28073A00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] WININET.dll!HttpOpenRequestA 3FA6D508 5 Bytes JMP 28073760 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[2412] WININET.dll!HttpSendRequestA 3FA7EE89 5 Bytes JMP 28073960 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)

.text C:\WINDOWS\Explorer.EXE[3240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00090000

.text C:\WINDOWS\Explorer.EXE[3240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090FDB

.text C:\WINDOWS\Explorer.EXE[3240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090011

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0000

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B009A

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0F9B

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0069

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B004E

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B002C

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B0F5E

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B0F6F

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B0F39

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B00D2

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B0F28

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B003D

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B0011

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0F80

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FC0

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B0FD1

.text C:\WINDOWS\Explorer.EXE[3240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B00C1

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegOpenKeyExW 77F56AAF 5 Bytes JMP 002A0025

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegCreateKeyExW 77F5776C 5 Bytes JMP 002A0FA1

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegOpenKeyExA 77F57852 5 Bytes JMP 002A0FD4

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegOpenKeyW 77F57946 5 Bytes JMP 002A0014

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegCreateKeyExA 77F5E9F4 5 Bytes JMP 002A005E

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegOpenKeyA 77F5EFC8 5 Bytes JMP 002A0FEF

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegCreateKeyW 77F7BA55 2 Bytes JMP 002A0FB2

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegCreateKeyW + 3 77F7BA58 2 Bytes [32, 88]

.text C:\WINDOWS\Explorer.EXE[3240] ADVAPI32.dll!RegCreateKeyA 77F7BCF3 5 Bytes JMP 002A0FC3

.text C:\WINDOWS\Explorer.EXE[3240] msvcrt.dll!_wsystem 77C0931E 5 Bytes JMP 002B0053

.text C:\WINDOWS\Explorer.EXE[3240] msvcrt.dll!system 77C093C7 5 Bytes JMP 002B0038

.text C:\WINDOWS\Explorer.EXE[3240] msvcrt.dll!_creat 77C0D40F 5 Bytes JMP 002B0FE3

.text C:\WINDOWS\Explorer.EXE[3240] msvcrt.dll!_open 77C0F566 5 Bytes JMP 002B000C

.text C:\WINDOWS\Explorer.EXE[3240] msvcrt.dll!_wcreat 77C0FC9B 5 Bytes JMP 002B0FC8

.text C:\WINDOWS\Explorer.EXE[3240] msvcrt.dll!_wopen 77C10055 5 Bytes JMP 002B001D

.text C:\WINDOWS\Explorer.EXE[3240] WININET.dll!InternetOpenA 3FA7D690 5 Bytes JMP 002D0FEF

.text C:\WINDOWS\Explorer.EXE[3240] WININET.dll!InternetOpenW 3FA7DB09 5 Bytes JMP 002D000A

.text C:\WINDOWS\Explorer.EXE[3240] WININET.dll!InternetOpenUrlA 3FA7F3A4 5 Bytes JMP 002D0025

.text C:\WINDOWS\Explorer.EXE[3240] WININET.dll!InternetOpenUrlW 3FAC6D5F 5 Bytes JMP 002D0FD4

.text C:\WINDOWS\Explorer.EXE[3240] ws2_32.dll!socket 71A74211 5 Bytes JMP 00F50000


---- User IAT/EAT - GMER 1.0.15 ----


IAT C:\WINDOWS\system32\mfevtps.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

IAT C:\WINDOWS\system32\mfevtps.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)


---- Devices - GMER 1.0.15 ----


AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)


Device \FileSystem\Fastfat \Fat A875DD20


AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)


---- Registry - GMER 1.0.15 ----


Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1


---- Disk sectors - GMER 1.0.15 ----


Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior


---- EOF - GMER 1.0.15 ----

*Desative temporariamente seu antivírus


*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop!

*Cole o relatório apresentado

Segue log do comboFix




omboFix 11-05-15.03 - Sidnei 15/05/2011 22:33:32.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.55.1046.18.1013.565 [GMT -3:00]

Executando de: c:\documents and settings\Sidnei\Desktop\ComboFix.exe

AV: McAfee Anti-Virus e Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FW: Norton AntiVirus *Enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* AV residente está ativo



ADS - drivers: deleted 254 bytes in 1 streams.


((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))



---- Execuções precedente -------






(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-16 to 2011-05-16 ))))))))))))))))))))))))))))



2011-05-16 01:19 . 2011-05-16 01:29 -------- d-----w- C:\32788R22FWJFW

2011-05-15 00:53 . 2011-05-15 00:54 -------- d-----w- C:\gmer

2011-05-07 20:55 . 2011-05-07 20:55 -------- d-----w- c:\arquivos de programas\Arquivos comuns\xing shared

2011-05-07 20:53 . 2011-05-07 20:55 -------- d-----w- c:\arquivos de programas\Real

2011-05-07 18:15 . 2011-05-09 14:50 -------- d-----w- c:\documents and settings\Sidnei\Dados de aplicativos\Free Download Manager

2011-05-07 17:52 . 2011-05-07 17:52 -------- d-----w- c:\documents and settings\Sidnei\Configurações locais\Dados de aplicativos\vdownloader

2011-05-06 01:24 . 2011-05-13 14:47 -------- d-----w- c:\arquivos de programas\ Firefox

2011-04-22 11:13 . 2011-04-22 11:15 -------- dc-h--w- c:\windows\ie8

2011-04-21 13:19 . 2011-04-21 13:20 -------- d-----w- c:\arquivos de programas\Ad-Remover

2011-04-16 11:50 . 2011-04-16 11:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-04-16 09:56 . 2011-04-16 09:56 -------- d-----w- c:\documents and settings\Sidnei\Dados de aplicativos\Malwarebytes

2011-04-16 09:55 . 2010-12-20 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-16 09:55 . 2011-04-16 09:55 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-04-16 09:55 . 2010-12-20 21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-16 09:55 . 2011-05-09 10:53 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware




((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))


2011-05-07 20:53 . 2009-11-17 19:10 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-04-20 14:14 . 2010-11-01 09:58 46600 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2011-03-07 05:33 . 2008-08-21 12:31 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2008-08-21 16:17 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53 . 2008-08-21 16:17 1858048 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:08 . 2008-08-21 16:17 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:08 . 2008-08-21 16:16 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:08 . 2008-08-21 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2008-08-21 16:16 385024 ------w- c:\windows\system32\html.iec

2011-02-17 13:18 . 2008-08-21 16:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:18 . 2008-08-21 16:17 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-17 12:54 . 2008-05-05 09:24 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56 . 2008-08-21 16:16 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-04-14 16:59 . 2011-05-01 15:04 142296 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

2010-11-12 16:17 . 2011-04-12 10:33 24376 ----a-w- c:\arquivos de programas\mozilla firefox\components\Scriptff.dll



((((((((((((((((((((((((((((( SnapShot@2011-04-30_18.09.12 )))))))))))))))))))))))))))))))))))))))))


+ 2011-05-16 00:59 . 2011-05-16 00:59 16384 c:\windows\Temp\Perflib_Perfdata_3b8.dat

- 2008-08-21 12:36 . 2011-04-30 12:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-08-21 12:36 . 2011-05-15 07:17 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-08-21 12:36 . 2011-05-15 07:17 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-21 12:36 . 2011-04-30 12:58 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat

- 2008-08-21 12:36 . 2011-04-30 12:58 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2008-08-21 12:36 . 2011-05-15 07:17 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat

+ 2011-05-07 20:55 . 2011-05-07 20:55 18944 c:\windows\Installer\6c7206.msi

+ 2011-05-07 20:53 . 2011-05-07 20:53 92672 c:\windows\Installer\6c71fb.msi

- 2010-11-30 21:18 . 1998-05-12 18:36 5632 c:\windows\system32\pndx5032.dll

+ 2010-11-30 21:18 . 2011-05-07 20:54 5632 c:\windows\system32\pndx5032.dll

+ 2010-11-30 21:18 . 2011-05-07 20:54 6656 c:\windows\system32\pndx5016.dll

- 2010-11-30 21:18 . 1998-03-26 02:57 6656 c:\windows\system32\pndx5016.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 11:05 . 2008-07-29 11:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 06:54 . 2008-07-29 06:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2010-11-30 21:18 . 2011-05-07 20:54 198848 c:\windows\system32\rmoc3260.dll

+ 2011-05-01 02:30 . 2011-05-01 02:30 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe

+ 2011-05-01 02:30 . 2011-05-01 02:30 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-10-18 16:44 . 2011-05-11 20:30 42829768 c:\windows\system32\MRT.exe


(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))



*Nota* entradas vazias e legítimas por defeito não são mostradas.



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-01-17 175912]




[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12fc3d37-2a42-4fe3-8489-81296878cba5}]

2011-01-17 14:54 175912 ----a-w- c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DD86128-4660-4BBD-8C5D-FF0AE218414A}]

2011-05-07 13:11 1480704 ----a-w- c:\programdata\Windows\nporbit.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{12fc3d37-2a42-4fe3-8489-81296878cba5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-01-17 175912]




[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{12FC3D37-2A42-4FE3-8489-81296878CBA5}"= "c:\arquivos de programas\Softonic_Brasil\prxtbSof0.dll" [2011-01-17 175912]





"msnmsgr"="c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]



"HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"mcui_exe"="c:\arquivos de programas\\Agent\mcagent.exe" [2010-11-22 1193848]

"IPO3"="c:\arquivos de programas\LG Software\IP Operator\IP Operator.exe" [2008-09-12 1056768]

"TkBellExe"="c:\arquivos de programas\Real\RealPlayer\update\realsched.exe" [2011-05-07 273544]



"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


c:\documents and settings\Sidnei\Menu Iniciar\Programas\Inicializar\

Internet Explorer.lnk - c:\arquivos de programas\Internet Explorer\iexplore.exe [2008-8-21 638816]


c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Bluetooth Manager.lnk - c:\arquivos de programas\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]



"ConsentPromptBehaviorAdmin"= 0 (0x0)



"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\arquivos de programas\GbPlugin\gbiehcef.dll" [2011-04-18 496072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-04-20 14:11 505736 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2011-04-18 18:12 496072 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll








[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 01:07 932288 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Internet Modem]

c:\arquivos de programas\Nokia\Nokia Internet Modem\WellPhone2.exe [bU]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-12-04 00:15 218408 ------w- c:\arquivos de programas\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]




"EnableFirewall"= 0 (0x0)



"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


"\\\\ACER\\NFSU (D)\\Speed.exe"=

"c:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Arquivos comuns\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=


R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [1/11/2010 06:58 46600]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [18/11/2010 05:30 84072]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [1/11/2010 06:57 56712]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\arquivos de programas\McAfee\SiteAdvisor\McSACore.exe [16/3/2010 19:03 88176]

R2 McMPFSvc;McAfee Serviço Personal Firewall;"c:\arquivos de programas\Arquivos comuns\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [18/11/2010 05:29 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\arquivos de programas\Arquivos comuns\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [18/11/2010 05:29 271480]

R2 mfefire;McAfee Firewall Core Service;c:\arquivos de programas\Arquivos comuns\McAfee\SystemCore\mfefire.exe [18/11/2010 05:30 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [18/11/2010 05:30 141792]

R2 SRS_PostInstaller;SRS PostInstaller Service;c:\arquivos de programas\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe [5/9/2008 10:03 69632]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [18/11/2010 05:30 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [18/11/2010 05:30 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [18/11/2010 05:30 88544]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [18/9/2008 11:33 156160]

R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [5/9/2008 10:08 22528]

S2 gupdate;Google Update Service (gupdate);"c:\arquivos de programas\Google\Update\GoogleUpdate.exe" /svc --> c:\arquivos de programas\Google\Update\GoogleUpdate.exe [?]

S2 Micro Star SCM;Micro Star SCM;c:\arquivos de programas\System Control Manager\MSIService.exe [18/9/2008 11:54 159744]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [18/11/2010 05:30 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [18/11/2010 05:30 84264]

S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [16/10/2009 18:03 98432]


--- =Outros Serviços/Drivers Na Memória ---


*Deregistered* - mfeavfk01


Conteúdo da pasta 'Tarefas Agendadas'


2011-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1457979059-182766495-3294363986-1005.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]


2011-05-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1457979059-182766495-3294363986-1005.job

- c:\arquivos de programas\Real\RealUpgrade\realupgrade.exe [2011-03-29 13:47]


2011-05-07 c:\windows\Tasks\WebReg Deskjet 3900 series.job

- c:\arquivos de programas\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-12 03:21]



------- Scan Suplementar -------


IE: Baixar com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dllink.htm

IE: Baixar tudo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlall.htm

IE: Baixar vídeo com o Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlfvideo.htm

IE: Download selecionado pelo Free Download Manager - file://c:\arquivos de programas\Free Download Manager\dlselected.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone:\www

Trusted Zone:\www14

Trusted Zone:\www2

Trusted Zone:\www

DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} - hxxps://

FF - ProfilePath - c:\documents and settings\Sidnei\Dados de aplicativos\Mozilla\Firefox\Profiles\tl6dfs6i.default\


- - - - ORFÃOS REMOVIDOS - - - -


URLSearchHooks-{0b876028-b388-4f6d-922f-f52faec8535f} - (no file)

WebBrowser-{0B876028-B388-4F6D-922F-F52FAEC8535F} - (no file)






catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Rootkit scan 2011-05-15 22:43

Windows 5.1.2600 Service Pack 3 NTFS


Procurando processos ocultos ...


Procurando entradas auto inicializáveis ocultas ...


Procurando ficheiros/arquivos ocultos ...


Varredura completada com sucesso

arquivos/ficheiros ocultos: 0




--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------



@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)



@Denied: (A 2) (Everyone)














@Denied: (A 2) (Everyone)










--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------


- - - - - - - > 'winlogon.exe'(1540)

c:\arquivos de programas\GbPlugin\gbieh.dll

c:\arquivos de programas\GbPlugin\gbiehcef.dll


Tempo para conclusão: 2011-05-15 22:46:53

ComboFix-quarantined-files.txt 2011-05-16 01:46


Pré-execução: 12 pasta(s) 11.285.671.936 bytes disponíveis

Pós execução: 13 pasta(s) 11.310.505.984 bytes disponíveis


- - End Of File - - 802BDE1A29DF6F7FEB7AF0AA7790EBEB

OK...log limpo.




*Renomei o Combofix para Uninstall

*Execute-o e aguarde a mensagem: "ComboFix está desinstalado" e clique [OK]



*Delete a pasta C:\GMER e o relatório do mesmo no desktop.



*Baixe o ATF Cleaner e salve-o no desktop



[X] Select All

*Clique [Empty Selected]

*Feche o ATF-Cleaner



*Baixe e instale o CCleaner

*Clique [Executar Limpeza]

*Clique [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]



Informe se resolveu.


Caso o problema persista....


*Clique em [iniciar] > [Executar] > digite: sfc /scannow




*Clique OK

*Será solicitado o cd do Windows

*Coloque-o no CD-Rom e aguarde o término....

*Retire o CD e reinicie o PC



Um abraço.

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

