Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

kindermann

[Resolvido] &nbspPC e internet lentos, antivirus não atualizando.

Recommended Posts

Meu computador está lento nos últimos dias, executando vários processos que desconheço. A internet está lenta (meu plano é de 4MB da Oi). O antivírus Kaspersky Internet Security está com os bancos de dados obsoletos e não atualiza a algum tempo.

 

Segue log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:32:22, on 14/11/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\LogWatNT.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 9184 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá kindermann

 

 

*Baixe o OTL e salve-o no desktop

 

*Execute-o e selecione as opções:

Verificar All Users

Usar WhiteList para Nomes de Companhias

Ignorar Arquivos Microsoft

Verificar LOP

Verificar Purity

*Clique [Verificar] e cole os relatório OTL.txt e Extras.txt localizados no desktop

 

Caso o relatório OTL.txt fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá wings, tenho uma dúvida. Deixo selecionada a opção Use No-Company-Name Whitelist ?

Sim

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL.txt

 

 

OTL logfile created on: 19/11/2011 00:26:42 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Cliente\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,28% Memory free

4,84 Gb Paging File | 4,20 Gb Available in Paging File | 86,90% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 465,75 Gb Total Space | 169,71 Gb Free Space | 36,44% Space Free | Partition Type: NTFS

 

Computer Name: CLIENTE-D9EFD3C | User Name: Cliente | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/11/17 23:14:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Desktop\OTL.exe

PRC - [2011/11/08 01:02:58 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

PRC - [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\GbpSv.exe

PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

PRC - [2011/04/25 00:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe

PRC - [2008/04/13 20:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe

PRC - [2006/09/28 07:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2000/06/08 14:15:24 | 000,050,176 | ---- | M] () -- C:\WINDOWS\LogWatNT.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/11/08 01:02:56 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll

MOD - [2011/11/08 01:02:55 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\pdf.dll

MOD - [2011/11/08 01:01:20 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\avutil-51.dll

MOD - [2011/11/08 01:01:19 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\avformat-53.dll

MOD - [2011/11/08 01:01:17 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\avcodec-53.dll

MOD - [2011/11/07 21:44:56 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\gcswf32.dll

MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll

MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll

MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll

MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll

MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll

MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll

MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

MOD - [2009/11/05 09:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll

MOD - [2000/06/08 14:15:24 | 000,050,176 | ---- | M] () -- C:\WINDOWS\LogWatNT.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/08/08 12:23:18 | 000,208,672 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de programas\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)

SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/12/23 18:54:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2006/10/26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/09/28 07:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2000/06/08 14:15:24 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\LogWatNT.exe -- (LogWatch)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/08/08 12:23:42 | 000,044,064 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2011/04/20 15:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2011/03/10 19:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)

DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)

DRV - [2009/11/02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2008/08/06 07:12:10 | 004,755,968 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/05/07 09:31:16 | 000,106,368 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d

FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0

FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1

FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0

FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9

FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1

FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011/10/06 19:19:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011/10/06 19:19:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011/10/06 19:19:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/10/15 14:57:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2011/06/15 23:23:01 | 000,000,000 | ---D | M]

 

[2011/04/18 22:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Extensions

[2011/04/18 22:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Extensions\celtx@celtx.com

[2011/11/07 23:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\4gpdbczo.default\extensions

[2011/11/07 23:58:23 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\4gpdbczo.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2011/10/09 23:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2011/10/09 23:57:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/09/26 18:38:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/04/28 10:41:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011/09/26 18:24:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/04/13 23:29:49 | 000,000,000 | ---D | M] (Antibanner) -- C:\Arquivos de programas\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak

[2011/04/13 23:29:47 | 000,000,000 | ---D | M] (Consultor de URLs Kaspersky) -- C:\Arquivos de programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (Blackened) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (Depth) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG

[2011/04/18 22:39:38 | 000,000,000 | ---D | M] (Minimal) -- C:\ARQUIVOS DE PROGRAMAS\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

[2011/10/15 14:57:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2011/07/19 06:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/15 14:57:09 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2011/10/15 14:57:09 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2011/10/15 14:57:09 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2011/10/15 14:57:09 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\4.0.60129.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Cliente\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Conselheiro de URLs da Kaspersky = C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\

CHR - Extension: Teclado virtual = C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\

CHR - Extension: Anti-Banner = C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

 

O1 HOSTS File: ([2011/10/10 14:37:51 | 000,001,214 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [AVP] C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Adicionar ao Antibanner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()

O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\Cliente\Dados de aplicativos\FlashGetBHO\GetUrl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\Cliente\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm ()

O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O15 - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-1801674531-1229272821-839522115-1003\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} http://www.finamevolkswagen.com.br/viewer9/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8760D2FC-BE06-4254-BCE2-C826AC2D0D39}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehCef.dll) - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/02/25 20:41:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{381d7e14-bb7f-11e0-acd7-bd9c01545120}\Shell - "" = AutoRun

O33 - MountPoints2\{381d7e14-bb7f-11e0-acd7-bd9c01545120}\Shell\AutoRun\command - "" = E:\launcher.exe

O33 - MountPoints2\{52ddf33b-fe43-11e0-adab-aff750acb03f}\Shell - "" = Autorun

O33 - MountPoints2\{52ddf33b-fe43-11e0-adab-aff750acb03f}\Shell\AutoRun\command - "" = H:\Install_Nokia_Ovi_Suite.exe

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell - "" = AutoRun

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell\install\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{f811bb89-f73c-11e0-acca-bed0b5e1615a}\Shell - "" = AutoRun

O33 - MountPoints2\{f811bb89-f73c-11e0-acca-bed0b5e1615a}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{fdfc4b3b-0fb0-11e1-9fb9-8bcc25b44e4f}\Shell - "" = AutoRun

O33 - MountPoints2\{fdfc4b3b-0fb0-11e1-9fb9-8bcc25b44e4f}\Shell\AutoRun\command - "" = J:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/17 23:15:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Desktop\OTL.exe

[2011/11/16 10:32:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Crystal Decisions

[2011/11/16 00:03:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cliente\Recent

[2011/11/14 20:29:14 | 000,000,000 | ---D | C] -- C:\HiJackThis

[2011/11/02 16:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Games for Windows - LIVE

[2011/11/02 16:38:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive

[2011/11/02 16:38:29 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Games for Windows - LIVE

[2011/11/02 16:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Eidos

[2011/11/02 16:21:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Eidos

[2011/11/02 15:38:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cliente\Dados de aplicativos\SecuROM

[2011/11/02 14:55:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2011/11/02 14:54:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Reference Assemblies

[2011/10/23 14:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\WMTools Downloaded Files

[2011/10/21 13:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cliente\.borland

[2011/10/21 12:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Borland Delphi 7

[2011/10/21 12:56:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Borland Shared

[2011/10/21 12:56:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Borland

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/19 00:15:43 | 000,272,796 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2011/11/19 00:15:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/19 00:15:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/17 23:14:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliente\Desktop\OTL.exe

[2011/11/17 22:53:23 | 000,001,176 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1229272821-839522115-1003UA.job

[2011/11/17 19:53:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-1229272821-839522115-1003Core.job

[2011/11/17 19:25:44 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\~bwcrc32.dll

[2011/11/15 15:45:43 | 000,520,020 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2011/11/15 15:45:43 | 000,484,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/15 15:45:43 | 000,091,960 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2011/11/15 15:45:43 | 000,080,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/14 17:54:51 | 000,002,390 | ---- | M] () -- C:\Documents and Settings\Cliente\Desktop\Google Chrome.lnk

[2011/11/03 12:38:14 | 003,586,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/11/02 16:34:35 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Batman Arkham Asylum.lnk

[2011/11/01 12:40:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/10/29 16:15:10 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/02 16:34:35 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Batman Arkham Asylum.lnk

[2011/11/02 14:58:17 | 000,208,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2011/10/07 00:23:24 | 000,006,962 | ---- | C] () -- C:\WINDOWS\erwin40.ini

[2011/10/06 23:08:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\Tngremov.exe

[2011/09/07 12:04:20 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\WebpageIcons.db

[2011/09/04 23:51:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011/09/04 23:50:59 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/09/04 23:50:59 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/09/04 23:50:59 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/08/24 13:15:19 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\~bwcrc32.dll

[2011/07/25 18:04:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2011/07/25 17:44:18 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\TECBAR32.DLL

[2011/05/15 17:13:34 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat

[2011/05/15 12:32:09 | 000,000,248 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat

[2011/05/15 10:54:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2011/05/14 14:05:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/04/13 10:23:26 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011/04/13 10:23:26 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2011/03/02 00:32:54 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/01 23:24:53 | 000,152,161 | ---- | C] () -- C:\WINDOWS\hpoins14.dat

[2011/03/01 23:24:53 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat

[2011/03/01 20:35:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/02/28 15:26:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/02/25 22:04:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2011/02/25 20:42:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/02/25 20:38:19 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/02/25 17:29:32 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/02/25 17:28:13 | 003,586,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/09/09 19:01:40 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/06/10 07:03:00 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2004/08/04 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 09:00:00 | 000,520,020 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat

[2004/08/04 09:00:00 | 000,484,040 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 09:00:00 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat

[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 09:00:00 | 000,091,960 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat

[2004/08/04 09:00:00 | 000,080,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 09:00:00 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat

[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 09:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2002/10/15 20:54:04 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2000/06/08 14:15:24 | 000,050,176 | ---- | C] () -- C:\WINDOWS\LogWatNT.exe

 

========== LOP Check ==========

 

[2011/02/25 22:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2011/04/27 01:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2011/10/15 14:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EA Core

[2011/10/15 14:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts

[2011/08/05 14:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas

[2011/11/17 17:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2011/04/28 00:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\JCreator

[2011/03/02 13:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2011/03/20 17:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon

[2011/06/20 22:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe

[2011/06/20 23:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems

[2011/05/14 12:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Auslogics

[2011/05/15 17:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\BITS

[2011/06/20 22:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/08/21 13:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\com.adobe.bridge.PublishPanel

[2011/11/16 00:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\DAEMON Tools Lite

[2011/08/12 13:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox

[2011/05/15 10:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\FlashGet

[2011/05/15 10:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\FlashGetBHO

[2011/04/18 22:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Greyfirst

[2011/10/07 14:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\gtk-2.0

[2011/04/28 00:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\JCreator

[2011/03/20 16:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Notepad++

[2011/03/09 09:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Opera

[2011/06/21 01:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliente\Dados de aplicativos\Ulead Systems

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 304 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:0983412A_Cef.gbp

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:0983412A_Bb.gbp

 

< End of report >

 

Extras.txt

 

 

OTL Extras logfile created on: 19/11/2011 00:26:42 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Cliente\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,28% Memory free

4,84 Gb Paging File | 4,20 Gb Available in Paging File | 86,90% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 465,75 Gb Total Space | 169,71 Gb Free Space | 36,44% Space Free | Partition Type: NTFS

 

Computer Name: CLIENTE-D9EFD3C | User Name: Cliente | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_USERS\S-1-5-21-1801674531-1229272821-839522115-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Arquivos de programas\Opera\Opera.exe" "%1"

https [open] -- "C:\Arquivos de programas\Opera\Opera.exe" "%1"

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Level Up! Games\Combat Arms\CombatArms.exe" = C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Level Up! Games\Combat Arms\Engine.exe" = C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\copia\Arquivos de programas\Mass Effect 2\Binaries\MassEffect2.exe" = C:\copia\Arquivos de programas\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)

"C:\copia\Arquivos de programas\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe" = C:\copia\Arquivos de programas\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader

"C:\Arquivos de programas\Opera\opera.exe" = C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser

"C:\Level Up! Games\Combat Arms\CombatArms.exe" = C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\Level Up! Games\Combat Arms\Engine.exe" = C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\Level Up! Games\Combat Arms\NMService.exe" = C:\Level Up! Games\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core

"C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Arquivos de programas\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Arquivos de programas\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

"C:\Arquivos de programas\LucasArts\Star Wars The Force Unleashed 2\SWTFU2.exe" = C:\Arquivos de programas\LucasArts\Star Wars The Force Unleashed 2\SWTFU2.exe:*:Enabled:Star Wars The Force Unleashed 2 -- (LucasArts)

"C:\Arquivos de programas\Steam\Steam.exe" = C:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam

"C:\Arquivos de programas\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Arquivos de programas\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java 6 Update 20

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 27

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{32A3A4F4-B792-11D6-A78A-00B0D0160250}" = Java SE Development Kit 6 Update 25

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1

"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86

"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00B4-0416-0000-0000000FF1CE}" = Microsoft Office Project MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAB93551-3FFE-42B2-8315-96252BBC1046}" = Nero 7 Essentials

"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1046-7B44-A94000000001}" = Adobe Reader 9.4.5 - Português

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd

"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{DA5873B5-6262-11D4-8ABC-00C04F5F14B8}" = AllFusion ERwin Data Modeler

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"CCleaner" = CCleaner

"Celtx (2.7)" = Celtx (2.7)

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Cobrança CAIXA" = Cobrança CAIXA

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"CutePDF Writer Installation" = CutePDF Writer 2.8

"Dead Space BR" = Dead Space Tradução BR v1.01

"Dia" = Dia (remove only)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012

"JCreator LE_is1" = JCreator LE 5.00

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versão 1.51.2.1300

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 7.0.1 (x86 pt-BR)" = Mozilla Firefox 7.0.1 (x86 pt-BR)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PRJPRO" = Microsoft Office Project Professional 2007

"Speccy" = Speccy

"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2

"VobSub" = VobSub v2.23 (Remove Only)

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1801674531-1229272821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 02/11/2011 13:18:10 | Computer Name = CLIENTE-D9EFD3C | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)

- Failed to compile: Microsoft.Build.Framework, Version=3.5.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

 

Error - 02/11/2011 13:18:13 | Computer Name = CLIENTE-D9EFD3C | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)

- Failed to compile: CustomMarshalers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

. Error code = 0x80070005

 

Error - 02/11/2011 13:19:07 | Computer Name = CLIENTE-D9EFD3C | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32)

- Failed to compile: System.Net, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

. Error code = 0x80070005

 

Error - 02/11/2011 13:48:29 | Computer Name = CLIENTE-D9EFD3C | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta operação foi retornada porque o tempo limite expirou.

 

Error - 02/11/2011 14:38:06 | Computer Name = CLIENTE-D9EFD3C | Source = MsiInstaller | ID = 1013

Description = Produto: NVIDIA PhysX -- Installation terminated

 

Error - 02/11/2011 15:15:27 | Computer Name = CLIENTE-D9EFD3C | Source = MsiInstaller | ID = 1013

Description = Produto: NVIDIA PhysX -- Installation terminated

 

Error - 03/11/2011 10:37:55 | Computer Name = CLIENTE-D9EFD3C | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

 

Error - 05/11/2011 11:41:30 | Computer Name = CLIENTE-D9EFD3C | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta operação foi retornada porque o tempo limite expirou.

 

Error - 13/11/2011 14:48:11 | Computer Name = CLIENTE-D9EFD3C | Source = Windows Live Messenger | ID = 1000

Description =

 

Error - 17/11/2011 21:06:47 | Computer Name = CLIENTE-D9EFD3C | Source = Windows Live Messenger | ID = 1000

Description =

 

[ OSession Events ]

Error - 06/10/2011 17:15:20 | Computer Name = CLIENTE-D9EFD3C | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 15/11/2011 06:48:03 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 15/11/2011 13:41:24 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 15/11/2011 19:44:39 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 16/11/2011 08:19:03 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 16/11/2011 15:12:42 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 16/11/2011 17:38:01 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 17/11/2011 10:15:41 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 17/11/2011 15:20:20 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 17/11/2011 20:14:36 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 18/11/2011 22:15:11 | Computer Name = CLIENTE-D9EFD3C | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

 

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Baixe o USBFix e salve-o no desktop

 

Obs. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar: adminexec.png

 

*Conecte o pen drive no PC, execute o USBFix e clique [Pesquisa]

*Cole o relatório apresentado

 

2.

*Instale o MalwareBytes

*Aguarde a atualização e o programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

UsbFix

 

 

############################## | UsbFix V 7.069 | [Pesquisa]

 

Usuário: Cliente (Administrador) # CLIENTE-D9EFD3C

Atualizado em 20/11/2011 por El Desaparecido

Começou em 13:05:30 | 20/11/2011

 

Site: http://eldesaparecido.com

Arquivo suspeito ? : http://eldesaparecido.com/support.php

Contato: contact@eldesaparecido.com

 

PC: Digitron (Digitron) (X86-based PC) # Desktop Computer

CPU: Processador Intel Pentium III Xeon (2666)

RAM -> [ Total : 3071 | Free : 2392 ]

BIOS: Default System BIOS

BOOT: Normal boot

 

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

WB: Windows Internet Explorer 7.0.5730.13

 

SC: Security Center Service [ Enabled ]

WU: Windows Update Service [ Enabled ]

FW: Windows FireWall Service [ Enabled ]

 

C:\ (%systemdrive%) -> Disco fixo # 466 Gb (170 Mb livre - 36%) [] # NTFS

D:\ -> CD-ROM

H:\ -> Disco removível # 2 Gb (2 Mb livre - 82%) [LEANDRO] # NTFS

 

################## | Processos Ativos |

 

C:\WINDOWS\System32\smss.exe (1032)

C:\WINDOWS\system32\csrss.exe (1092)

C:\WINDOWS\system32\winlogon.exe (1116)

C:\WINDOWS\system32\services.exe (1160)

C:\WINDOWS\system32\lsass.exe (1172)

C:\WINDOWS\system32\nvsvc32.exe (1352)

C:\ARQUIV~1\GbPlugin\GbpSv.exe (1388)

C:\WINDOWS\system32\svchost.exe (1476)

C:\WINDOWS\system32\svchost.exe (1664)

C:\WINDOWS\System32\svchost.exe (1788)

C:\WINDOWS\system32\svchost.exe (1948)

C:\WINDOWS\system32\svchost.exe (160)

C:\WINDOWS\system32\spoolsv.exe (328)

C:\WINDOWS\Explorer.EXE (812)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (1084)

C:\WINDOWS\system32\svchost.exe (1520)

C:\Arquivos de programas\Java\jre6\bin\jqs.exe (1620)

C:\WINDOWS\LogWatNT.exe (1736)

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (1776)

C:\WINDOWS\System32\svchost.exe (1912)

C:\WINDOWS\System32\svchost.exe (708)

C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe (788)

C:\WINDOWS\system32\svchost.exe (1336)

C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe (1556)

C:\WINDOWS\system32\wdfmgr.exe (1588)

C:\WINDOWS\System32\alg.exe (2396)

C:\WINDOWS\system32\wbem\wmiapsrv.exe (2516)

C:\WINDOWS\system32\wscntfy.exe (2772)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (2980)

C:\WINDOWS\system32\ctfmon.exe (3344)

C:\WINDOWS\System32\svchost.exe (2124)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3596)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3724)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3804)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3772)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (444)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3604)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (4012)

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe (3056)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (4344)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (5196)

C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (4864)

C:\UsbFix\UsbFix.exe (2336)

C:\WINDOWS\system32\wbem\wmiprvse.exe (2256)

 

################## | Processos parados |

 

Parado! C:\WINDOWS\system32\nvsvc32.exe (1352)

Parado! C:\ARQUIV~1\GbPlugin\GbpSv.exe (1388)

Parado! C:\WINDOWS\system32\spoolsv.exe (328)

Parado! C:\WINDOWS\Explorer.EXE (812)

Parado! C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (1084)

Parado! C:\Arquivos de programas\Java\jre6\bin\jqs.exe (1620)

Parado! C:\WINDOWS\LogWatNT.exe (1736)

Parado! C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe (1776)

Parado! C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe (788)

Parado! C:\Arquivos de programas\Arquivos comuns\Ulead Systems\DVD\ULCDRSvr.exe (1556)

Parado! C:\WINDOWS\system32\wdfmgr.exe (1588)

Parado! C:\WINDOWS\System32\alg.exe (2396)

Parado! C:\WINDOWS\system32\wbem\wmiapsrv.exe (2516)

Parado! C:\WINDOWS\system32\wscntfy.exe (2772)

Parado! C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (2980)

Parado! C:\WINDOWS\system32\ctfmon.exe (3344)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3596)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3724)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3804)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3772)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (444)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (3604)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (4012)

Parado! C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe (3056)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (4344)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (5196)

Parado! C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (4864)

 

################## | Ficheiros # pastas infeciosos |

 

Presente ! C:\WINDOWS\system32\secushr.dat

 

################## | Registro |

 

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{381d7e14-bb7f-11e0-acd7-bd9c01545120}

Shell\AutoRun\Command = E:\launcher.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{52ddf33b-fe43-11e0-adab-aff750acb03f}

Shell\AutoRun\Command = H:\Install_Nokia_Ovi_Suite.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}

Shell\AutoRun\Command = E:\SETUP.EXE

Shell\configure\Command = E:\SETUP.EXE

Shell\install\Command = E:\SETUP.EXE

 

HKCU\.\.\.\.\Explorer\MountPoints2\{f811bb89-f73c-11e0-acca-bed0b5e1615a}

Shell\AutoRun\Command = E:\Autorun.exe

 

HKCU\.\.\.\.\Explorer\MountPoints2\{fdfc4b3b-0fb0-11e1-9fb9-8bcc25b44e4f}

Shell\AutoRun\Command = J:\Autorun.exe

 

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

 

MalwareBytes

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Versão da Base de Dados: 8202

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

 

21/11/2011 00:19:32

mbam-log-2011-11-21 (00-19-32).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 379208

Tempo decorrido: 1 hora(s), 40 minuto(s), 14 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 4

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

c:\documents and settings\Cliente\meus documentos\Leandro\programas\faculdade\borland delphi 7 studio enterprise\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\documents and settings\Cliente\meus documentos\Leandro\programas\faculdade\borland delphi 7 studio enterprise\borland delphi studio entreprise v7.0.kg\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\documents and settings\Cliente\meus documentos\Leandro\programas\utilidades\adobe cs5\adobe cs5 activator\adobe.cs5.products.activator.fixed-mpt.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.

c:\documents and settings\Cliente\meus documentos\Leandro\programas\utilidades\adobe cs5\adobe cs5 activator\adobe_cs5_activator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Execute o UsbFix e clique [uninstall]

 

2.

*Execute o OTL

*Cole o código, em vermelho, no espaço abaixo de Exames Personalizados/Correções:

:Files

C:\WINDOWS\system32\secushr.dat

 

:OTL

O33 - MountPoints2\{381d7e14-bb7f-11e0-acd7-bd9c01545120}\Shell\AutoRun\command - "" = E:\launcher.exe

O33 - MountPoints2\{52ddf33b-fe43-11e0-adab-aff750acb03f}\Shell\AutoRun\command - "" = H:\Install_Nokia_Ovi_Suite.exe

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\Shell\install\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{f811bb89-f73c-11e0-acca-bed0b5e1615a}\Shell\AutoRun\command - "" = E:\Autorun.exe

O33 - MountPoints2\{fdfc4b3b-0fb0-11e1-9fb9-8bcc25b44e4f}\Shell\AutoRun\command - "" = J:\Autorun.exe

 

:Commands

[resethosts]

[emptytemp]

[reboot]

*Clique [Consertar] e o PC será reiniciado

*Cole o relatório apresentado

 

3.

*Baixe o GMER e salve-o no desktop

*Execute-o e aguarde o término do scan inicial. Seja paciente...

*Clique [scan] e aguarde o término...pode demorar!

*Clique [save...] e salve no desktop com o nome de gmer

*Cole o relatório salvo no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quando vou executar o UsbFix, uma janela pede se quero Executar, então o Kaspersky analiza o aplicativo e nada acontece, ele simplesmente não executa. Deixo pra lá e continuo com os outros passos?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quando vou executar o UsbFix, uma janela pede se quero Executar, então o Kaspersky analiza o aplicativo e nada acontece, ele simplesmente não executa. Deixo pra lá e continuo com os outros passos?

Sim...continue..

Compartilhar este post


Link para o post
Compartilhar em outros sites

OTL

All processes killed

========== FILES ==========

C:\WINDOWS\system32\secushr.dat moved successfully.

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{381d7e14-bb7f-11e0-acd7-bd9c01545120}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{381d7e14-bb7f-11e0-acd7-bd9c01545120}\ not found.

File E:\launcher.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52ddf33b-fe43-11e0-adab-aff750acb03f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52ddf33b-fe43-11e0-adab-aff750acb03f}\ not found.

File H:\Install_Nokia_Ovi_Suite.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e25feb34-70b9-11e0-abc0-d8475517460f}\ not found.

File E:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e25feb34-70b9-11e0-abc0-d8475517460f}\ not found.

File E:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e25feb34-70b9-11e0-abc0-d8475517460f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e25feb34-70b9-11e0-abc0-d8475517460f}\ not found.

File E:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f811bb89-f73c-11e0-acca-bed0b5e1615a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f811bb89-f73c-11e0-acca-bed0b5e1615a}\ not found.

File E:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdfc4b3b-0fb0-11e1-9fb9-8bcc25b44e4f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdfc4b3b-0fb0-11e1-9fb9-8bcc25b44e4f}\ not found.

File J:\Autorun.exe not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Cliente

->Temp folder emptied: 5419115 bytes

->Temporary Internet Files folder emptied: 2591305 bytes

->Java cache emptied: 174590 bytes

->FireFox cache emptied: 44167378 bytes

->Google Chrome cache emptied: 49580036 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 42434 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2334866 bytes

%systemroot%\System32 .tmp files removed: 5553049 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 403097 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 105,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11232011_125526

 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\kls8C31.tmp not found!

 

Registry entries deleted on Reboot...

 

GMER

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-11-24 07:02:54

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-10 SAMSUNG_HD502HI rev.1AG01118

Running: o1dgn0uk.exe; Driver: C:\DOCUME~1\Cliente\CONFIG~1\Temp\ugkdykow.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB3BFCFBA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB3BFD8B4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB3C16AEE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB3BFDE26]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB3BFDD14]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB3C16E06]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xB3BFE056]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xB3BFE21E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB3BFCD76]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB3BFDF3E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB3C18110]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB3BFD5E6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB3C16ECE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB3BFE53C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB3C11084]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB3C1288E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB3BFD8F6]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB3BFF53C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB3C12088]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB3C12A38]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB3BFE62E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB3C11BC0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB3C11E1C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB3BFEB9A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB3C1530A]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB3BFDEB8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB3BFDDA0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB3BFD1F4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB3BFE97E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB3BFDFD0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB3BFD0E8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xB3C18120]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB3C10EB8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3C12698]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xB3C15500]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB3BFEEC0]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB3C12488]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB3BFE7CE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB3C11198]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB3C1180C]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB3C17048]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB3C16F96]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB3C170B4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB3C11A14]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB3BFF3DE]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB3C1133E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xB3C114D4]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xB3C11670]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB3C16C76]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB3BFD756]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB3BFE3E8]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB3BFF010]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB3C12248]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB3BFF104]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB3BFF23E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB3BFE45E]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB3BFD392]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB3BFD2EA]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB3BFED78]

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB3BFD47C]

 

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF74 5 Bytes JMP B3BEF9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF902 5 Bytes JMP B3BEFDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504508 12 Bytes [06, 6E, C1, B3, 56, E0, BF, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 2C8C 80504518 16 Bytes [76, CD, BF, B3, 3E, DF, BF, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045D4 12 Bytes [2E, E6, BF, B3, C0, 1B, C1, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 2DB8 80504644 8 Bytes [7E, E9, BF, B3, D0, DF, BF, ...]

.text ntkrnlpa.exe!ZwCallbackReturn + 2DC4 80504650 4 Bytes CALL C1040625

.text ...

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6781380, 0x550AF5, 0xE8000020]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[492] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

? C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;

.text C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 6AC91765 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)

? C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

.text C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]

.text C:\WINDOWS\system32\winlogon.exe[1116] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0163AFA0 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[1116] kernel32.dll!FreeLibrary 7C80AC6E 5 Bytes JMP 0163AE20 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[1116] kernel32.dll!FreeLibraryAndExitThread 7C80C200 5 Bytes JMP 0163ACB0 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

? C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;

.text C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 6AC91765 C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)

? C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;

.text C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3272] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5096] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[5224] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2]

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [b790EDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [b790EDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[1088] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 7DFF058C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 7DFF05F8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 7DFF0664

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF06D0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7DFF0370

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7DFF0298

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 7DFF04B4

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7DFF0520

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7DFF0304

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7DFF0448

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7DFF0C4C

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7DFF0D90

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7DFF0CB8

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7DFF0DFC

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7DFF0D24

IAT C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7DFF0BE0

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

 

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...o PC está limpo.

 

1.

*Baixe o DelFix e salve-o no desktop

*Execute-o e clique [suppression]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

# DelFix v8.6 - Rapport créé le 24/11/2011 à 12:21:55

# Mis à jour le 13/10/11 à 18h par Xplode

# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

# Nom d'utilisateur : Cliente - CLIENTE-D9EFD3C (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Cliente\Desktop\delfix.exe

# Option [suppression]

 

 

~~~~~~ Dossiers(s) ~~~~~~

 

Supprimé : C:\_OTL

 

~~~~~~ Fichier(s) ~~~~~~

 

Supprimé : C:\Documents and Settings\Cliente\Desktop\OTL.exe

 

~~~~~~ Registre ~~~~~~

 

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools

Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis

 

~~~~~~ Autres ~~~~~~

 

-> Prefetch Vidé

 

*************************

 

DelFix[s1].txt - [682 octets] - [24/11/2011 12:21:55]

 

########## EOF - C:\DelFix[s1].txt - [805 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pelo relatório do DelFix o USBFix já havia sido desinstalado, pois não consta na relação.

 

*Execute o DelFix e clique [Désinstallation]

 

 

Informe se foi tudo resolvido.

Compartilhar este post


Link para o post
Compartilhar em outros sites

O computador continua bastante lento, o antivírus ainda não atualiza e a internet tbm está lenta (mas só neste pc... qdo conectei um notebook no switch, a internet funcionava perfeitamente nele)

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Baixe o ERUNT

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

 

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 11-11-29.04 - Cliente 29/11/2011 19:33:05.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3071.2465 [GMT -2:00]

Executando de: C:\Documents and Settings\Cliente\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

ADS - system32: deleted 4 bytes in 2 streams.

ADS - drivers: deleted 254 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\AutoRun.inf

C:\WINDOWS\system32\usmt\migwiz_a.exe

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2011-10-28 to 2011-11-29 ))))))))))))))))))))))))))))

 

 

2011-11-29 21:15:22 . 2011-11-29 21:16:12 -------- d-----w- C:\ERUNT

2011-11-27 17:48:14 . 2011-11-27 17:48:14 -------- d-----w- C:\WINDOWS\system32\RsFx

2011-11-27 17:42:52 . 2011-11-27 17:42:52 -------- d-----w- C:\Arquivos de programas\Microsoft Analysis Services

2011-11-27 17:39:05 . 2011-11-27 17:39:05 18368 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\VSA\9.0\1033\ResourceCache.dll

2011-11-27 17:39:01 . 2011-11-27 17:47:28 127456 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll

2011-11-27 17:36:03 . 2011-11-27 17:36:03 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Merge Modules

2011-11-27 17:34:36 . 2011-11-27 17:34:36 416 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2011-11-27 17:32:53 . 2011-11-27 17:32:53 -------- d-----w- C:\Arquivos de programas\Microsoft SDKs

2011-11-27 17:32:51 . 2011-11-27 17:36:29 -------- d-----w- C:\Arquivos de programas\Microsoft Visual Studio 9.0

2011-11-27 17:32:03 . 2011-11-27 17:32:03 -------- d-----w- C:\Arquivos de programas\Microsoft Synchronization Services

2011-11-27 17:31:32 . 2011-11-27 17:31:32 -------- d-----w- C:\Arquivos de programas\Microsoft Sync Framework

2011-11-27 17:30:56 . 2011-11-27 17:30:56 -------- d-----w- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2011-11-27 17:09:55 . 2011-11-27 17:09:55 -------- d-----w- C:\Arquivos de programas\Elaborate Bytes

2011-11-26 19:13:05 . 2011-11-26 19:13:09 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\BioWare

2011-11-26 16:30:05 . 2011-11-26 16:30:05 -------- d-----w- C:\kleaner.tmp

2011-11-23 19:27:34 . 2011-11-23 19:29:17 -------- d-----w- C:\Arquivos de programas\Google

2011-11-20 17:08:56 . 2011-11-20 17:08:56 -------- d-----w- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Microsoft_Corporation

2011-11-20 16:50:34 . 2011-11-27 17:50:14 -------- d-----w- C:\Arquivos de programas\Microsoft SQL Server

2011-11-16 12:32:11 . 2011-11-16 12:32:11 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Crystal Decisions

2011-11-02 18:38:29 . 2011-11-02 18:38:50 -------- d-----w- C:\Arquivos de programas\Microsoft Games for Windows - LIVE

2011-11-02 18:38:29 . 2011-11-02 18:38:29 -------- d-----w- C:\WINDOWS\system32\xlive

2011-11-02 18:21:13 . 2011-11-02 18:21:13 -------- d-----w- C:\Arquivos de programas\Eidos

2011-11-02 17:38:11 . 2011-11-02 17:38:11 -------- d--h--r- C:\Documents and Settings\Cliente\Dados de aplicativos\SecuROM

2011-11-02 16:55:23 . 2011-11-02 17:11:15 -------- d-----w- C:\WINDOWS\system32\XPSViewer

2011-11-02 16:54:25 . 2011-11-02 16:54:25 -------- d-----w- C:\Arquivos de programas\Reference Assemblies

2011-11-02 16:54:08 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2011-11-02 16:53:43 . 2006-06-29 15:07:36 14048 ------w- C:\WINDOWS\system32\spmsg2.dll

.

 

 

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2011-11-29 12:00:27 . 2011-08-24 15:15:19 34816 ----a-w- C:\WINDOWS\system32\~bwcrc32.dll

2011-09-29 00:05:08 . 2011-05-31 11:49:00 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-10-15 16:57:11 . 2011-07-05 23:09:20 134104 ----a-w- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

 

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

 

 

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ----a-w- C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ----a-w- C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ----a-w- C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ----a-w- C:\Documents and Settings\Cliente\Dados de aplicativos\Dropbox\bin\DropboxExt.14.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-01-12 01:17:44 13666408]

"AVP"="C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 02:15:02 202296]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 22:20:56 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-08-08 14:22:50 1692960 ------w- C:\Arquivos de programas\GbPlugin\gbieh.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2011-04-18 18:12:24 496072 ----a-w- C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Cliente^Menu Iniciar^Programas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]

path=C:\Documents and Settings\Cliente\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk

backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiseStubReboot]

MSIEXEC [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59:06 937920 ----a-r- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-08 04:02:26 37296 ----a-w- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2011-06-21 00:16:40 500208 ------w- C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 08:20:52 57344 ------r- C:\WINDOWS\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2006-12-23 21:05:20 143360 ----a-w- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-03-08 11:23:07 136176 ----atw- C:\Documents and Settings\Cliente\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 14:44:34 31072 ----a-w- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-12 00:34:40 49152 ----a-w- C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-12-06 01:55:32 54832 ----a-w- C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12:18 3872080 ----a-w- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40:44 155648 ----a-w- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-01-12 01:17:44 13666408 ----a-w- C:\WINDOWS\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-01-12 01:17:44 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2006-11-23 18:10:42 56928 ------w- C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-07-31 07:05:30 16806912 ------r- C:\WINDOWS\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-09-26 13:50:30 19554952 ----a-r- C:\Arquivos de programas\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 16:06:06 254696 ----a-w- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]

2006-08-09 13:27:48 36864 ------w- C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\copia\\Arquivos de programas\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

"C:\\Documents and Settings\\Cliente\\Dados de aplicativos\\Dropbox\\bin\\Dropbox.exe"=

"C:\\Arquivos de programas\\LucasArts\\Star Wars The Force Unleashed 2\\SWTFU2.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=

"C:\\Arquivos de programas\\Electronic Arts\\BioWare\\Star Wars - The Old Republic\\launcher.exe"=

 

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [22/08/2011 13:56:00 44064]

R1 kl2;kl2;C:\WINDOWS\system32\drivers\kl2.sys [04/03/2011 14:23:20 11352]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [22/08/2011 13:55:54 208672]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [10/03/2011 19:34:46 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\system32\drivers\klmouflt.sys [02/11/2009 20:27:24 19472]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16:28 130384]

S2 gupdate;Serviço do Google Update (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [23/11/2011 17:27:37 136176]

S2 LogWatch;Event Log Watch;C:\WINDOWS\LogWatNT.exe [08/06/2000 14:15:24 50176]

S3 EagleXNt;EagleXNt;\??\C:\WINDOWS\system32\drivers\EagleXNt.sys --> C:\WINDOWS\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Serviço do Google Update (gupdatem);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [23/11/2011 17:27:37 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16:28 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Arquivos de programas\Microsoft SQL Server\100\Shared\sqladhlp.exe [31/10/2009 21:11:45 44904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-11-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2011-11-23 19:27:37 . 2011-11-23 19:27:33]

 

2011-11-29 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2011-11-23 19:27:37 . 2011-11-23 19:27:33]

 

 

------- Scan Suplementar -------

 

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.codecguide.com/

IE: Adicionar ao Antibanner - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: ????3?? - C:\Documents and Settings\Cliente\Dados de aplicativos\FlashGetBHO\GetUrl.htm

IE: ????3?????? - C:\Documents and Settings\Cliente\Dados de aplicativos\FlashGetBHO\GetAllUrl.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 192.168.1.1

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - C:\Documents and Settings\Cliente\Dados de aplicativos\Mozilla\Firefox\Profiles\4gpdbczo.default\

FF - prefs.js: browser.startup.homepage - about:home

 

- - - - ORFÃOS REMOVIDOS - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-AdobeCS5ServiceManager - C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe

MSConfigStartUp-ApnUpdater - C:\Arquivos de programas\Ask.com\Updater\Updater.exe

MSConfigStartUp-DAEMON Tools Lite - C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe

MSConfigStartUp-Malwarebytes' Anti-Malware - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-SwitchBoard - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

MSConfigStartUp-VirtualCloneDrive - C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-29 19:38:35

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1801674531-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}]

@="C:\\Documents and Settings\\Cliente\\Dados de aplicativos\\FlashGetBHO\\GetUrl.htm"

"contexts"=dword:00000022

 

[HKEY_USERS\S-1-5-21-1801674531-1229272821-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3*N}hQèþ”¥c]

@="C:\\Documents and Settings\\Cliente\\Dados de aplicativos\\FlashGetBHO\\GetAllUrl.htm"

"contexts"=dword:000000f3

 

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(1116)

C:\Arquivos de programas\GbPlugin\gbieh.dll

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

 

Tempo para conclusão: 2011-11-29 19:40:20

ComboFix-quarantined-files.txt 2011-11-29 21:40:18

 

Pré-execução: 14 pasta(s) 156.805.652.480 bytes disponíveis

Pós execução: 17 pasta(s) 156.780.941.312 bytes disponíveis

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 55331334C6DD6AA6E5FC2B3AEA255905

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Clique [iniciar] > [Executar] > copie e cole:

C:\Documents and Settings\Cliente\Desktop\ComboFix.exe

 

*Aguarde a mensagem "ComboFix está desinstalado"

 

2.

*Baixe o Kaspersky Virus Removal Tool Versão 11 e salve-o no desktop

 

*Execute-o, aguarde a instalação, aceite o contrato e clique [start]

 

70441078.png

 

*Clique no botão kvrt111.png

 

*Acrescente na pesquisa Meu computador

 

91605151.png

 

*Clique Actions, selecione a opção Select action e mantenha as opções Disinfect e Delete marcadas.

 

95015302.png

 

 

 

*Clique kvrt112.png

 

*Clique [start scanning]

 

*Ao término, clique kvrt113.png

 

*Clique Detected threats > Save e salve no desktop como log.txt

 

*Cole o relatório log.txt salvo no desktop

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.