[Resolvido] &nbspDificuldade ao ligar o computador e possibilidade de

[avelarline 0]

Olá!

Há cerca de uma semana se não me engano venho enfrentando pequenas dificuldades para ligar meu computador. Meu sistema operacional é Windows XP e sempre que tento ligar o computador a tela preta que aparece no início se fixa de modo que é preciso apertar 'F1' para continuar o processo de ligar.

Aconteceu também há cerca de três dias um fato estranho, ao terminar de usar o computador cliquei em 'Desligar' e um tempo depois apareceu uma mensagem mais ou menos assim: Há outro usuário usando o computador, se você desligar ele perderá todas as configurações que não foram salvas. Não me lembro exatamente como era a mensagem, mas era parecida com isso, mencionando um outro usuário.Muito obrigada.

 

 

 

Log do HiJackThis.exe:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 07:16:56, on 21/4/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\keyhook.exe

C:\WINDOWS\htpatch.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Ask.com\Updater\Updater.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Aline\Meus documentos\Downloads\HiJackThis (1).exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14784

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AC-Pro - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Aline\Dados de aplicativos\Complitly\AutocompletePro.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: VDownloader Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [avast] "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Arquivos de programas\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - Unknown owner - C:\Arquivos de programas\AVAST Software\Avast\afwServ.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe

[wings 22]

Olá avelarline

 

 

1.

*Baixe o AdwCleaner (...de Xplode) e salve-o no desktop

 

*Execute-o.

 

 

*Clique [Delete]

 

*Cole o relatório apresentado

[avelarline 0]

Fiz o procedimento, aqui está o relatório do AdwCleaner:

 

 

# AdwCleaner v1.602 - Logfile created 04/21/2012 at 09:59:17

# Updated 19/04/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Aline - PC-592B925878F8

# Running from : C:\Documents and Settings\Aline\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\Aline\Dados de aplicativos\Complitly

Folder Deleted : C:\Documents and Settings\Aline\Dados de aplicativos\OpenCandy

Folder Deleted : C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Firefox\Profiles\axsrlxn8.default\extensions\toolbar@ask.com

Folder Deleted : C:\Arquivos de programas\Ask.com

Folder Deleted : C:\Arquivos de programas\Complitly

Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Firefox\Profiles\axsrlxn8.default\searchplugins\Askcom.xml

File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 

***** [H. Navipromo] *****

 

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AskToolbar

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\APN

Key Deleted : HKLM\SOFTWARE\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

 

***** [Registre - GUID] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://br.ask.com/?l=dis&o=14784 --> hxxp://www.google.fr

 

-\\ Mozilla Firefox v8.0.1 (pt-BR)

 

## File : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\nx4jdpeh.default\prefs.js

 

[OK] File is clean.

 

## File : C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Firefox\Profiles\axsrlxn8.default\prefs.js

 

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Arquivos de programas\\Ask.com\\");

Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");

Deleted : user_pref("extensions.asktb.apn_dbr", "ie_8.0.6001.18702");

Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);

Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);

Deleted : user_pref("extensions.asktb.cbid", "VY");

Deleted : user_pref("extensions.asktb.config-updated", true);

Deleted : user_pref("extensions.asktb.count", "1");

Deleted : user_pref("extensions.asktb.crumb", "2011.10.06+20.33.01-toolbar003mwh-BR-QmVsbyBIb3Jpem9udGUsQnJhem[...]

Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&[...]

Deleted : user_pref("extensions.asktb.displaybehavior", "1");

Deleted : user_pref("extensions.asktb.displaytext", "Ouvir%20m%FAsica");

Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYBR");

Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);

Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "BRXX0033");

Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]

Deleted : user_pref("extensions.asktb.fresh-install", false);

Deleted : user_pref("extensions.asktb.guid", "45F5C2BE-7F0C-4B9C-B5C9-04430839493A");

Deleted : user_pref("extensions.asktb.hpr", "YES");

Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

Deleted : user_pref("extensions.asktb.if", "first");

Deleted : user_pref("extensions.asktb.l", "dis");

Deleted : user_pref("extensions.asktb.last-config-req", "1322776368696");

Deleted : user_pref("extensions.asktb.locale", "pt_BR");

Deleted : user_pref("extensions.asktb.location", "Belo Horizonte,Brazil");

Deleted : user_pref("extensions.asktb.lstation", "s99403");

Deleted : user_pref("extensions.asktb.o", "14782");

Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);

Deleted : user_pref("extensions.asktb.pstate", "");

Deleted : user_pref("extensions.asktb.qsrc", "2871");

Deleted : user_pref("extensions.asktb.r", "5");

Deleted : user_pref("extensions.asktb.sa", "YES");

Deleted : user_pref("extensions.asktb.saguid", "AA61E8AC-6A87-44E9-ACAB-5B2288CCDFAC");

Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);

Deleted : user_pref("extensions.asktb.socialmini-first", true);

Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");

Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");

Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");

Deleted : user_pref("extensions.asktb.socialmini-native-on", true);

Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");

Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);

Deleted : user_pref("extensions.asktb.themeid", "");

Deleted : user_pref("extensions.asktb.timeinstalled", "7/10/2011 00:34:07");

Deleted : user_pref("extensions.asktb.to", "");

Deleted : user_pref("extensions.asktb.v", "3.13.1.100008");

Deleted : user_pref("extensions.asktb.version", "5.13.1.18107");

Deleted : user_pref("extensions.asktb.volume", "");

Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14782&locale=pt[...]

 

*************************

 

AdwCleaner[s1].txt - [9284 octets] - [21/04/2012 09:59:17]

 

########## EOF - C:\AdwCleaner[s1].txt - [9412 octets] ##########

[wings 22]

1.

*Execute o AdwCleaner e clique [uninstall]

 

2.

*Baixe o Bankerfix (...da Linha Defensiva) e salve-o no desktop (Área de Trabalho)

 

*Execute-o.

 

*Clique [OK] > [sIM] (se pedir alguma atualização) > [OK] > [ENTER]

 

 

*Ao finalizar, tecle [ENTER]

 

*Cole o relatório C:\LinhaDefensiva\relatorio.txt

 

3.

*Instale o MalwareBytes

 

*Aguarde a atualização e o programa será aberto automaticamente

 

*Selecione [Verificação completa]

 

 

*Clique [Verificar] e selecione a partição onde o Windows está instalado ( C:\ )

 

*Clique [Verificar]

 

*Ao término, clique [OK] > [Ver Resultados] > [Remover Selecionados]

 

*Cole o relatório apresentado

[avelarline 0]

Relatório Bankerfix:

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-04-21 - 10:16

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

 

 

 

----- Fim -------------------------

 

Relatório MalwareBytes:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.04.21.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Aline :: PC-592B925878F8 [administrador]

 

21/4/2012 10:24:38

mbam-log-2012-04-21 (10-24-38).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 229511

Tempo decorrido: 1 hora(s), 4 minuto(s), 33 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 1

C:\Documents and Settings\Aline\Meus documentos\Downloads\SoftonicDownloader_para_monopoly.exe (PUP.BundleOffer.Downloader.S) -> Nenhuma ação foi feita.

 

(fim)

[avelarline 0]

Relatório Bankerfix:

 

 

BankerFix 3.1 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-04-21 - 10:16

-------------------------------------------------------

Lista de Definição: 2012-03-19-1 | CORE: 2012-01-27-1

=======================================================

 

 

 

----- Fim -------------------------

 

Relatório MalwareBytes:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

 

Versão da Base de Dados: v2012.04.21.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Aline :: PC-592B925878F8 [administrador]

 

21/4/2012 10:24:38

mbam-log-2012-04-21 (10-24-38).txt

 

Tipo de Verificação: Verificação Completa

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 229511

Tempo decorrido: 1 hora(s), 4 minuto(s), 33 segundo(s)

 

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Detectadas: 1

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

 

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

 

Arquivos Detectados: 1

C:\Documents and Settings\Aline\Meus documentos\Downloads\SoftonicDownloader_para_monopoly.exe (PUP.BundleOffer.Downloader.S) -> Nenhuma ação foi feita.

 

(fim)

[wings 22]

Geralmente o problema de apertar a tecla F1 é a bateria descarregada.

 

Talvez você necessite trocá-la.

[avelarline 0]

Me desculpe ter mandado duas mensagens, é que deu problema e quando vi mandei duas. Tentei apagar mas não achei onde apaga.

 

Ah, sim.Entendi.Eu gostaria de saber se caso essa bateria não seja trocada o que ocorrerá com o computador.

 

Muito obrigada pela ajuda.

[wings 22]

Geralmente a hora estará errada (este é um achado que você poderá verificar), terá sempre que apertar a tecla F1, o MSN pode não entrar, etc..

 

Veja se a hora está errada. Caso positivo, é sinal para trocar a bateria.

 

Não é um procedimento difícil trocar, mas se você não está habituada a fazer isto, leve o PC a um técnico. Ele trocará, não sai caro e você já volta com o PC para casa.

 

A bateria é semelhante as baterias de relógio, porém com tamanho maior.

[avelarline 0]

Bom, a hora está certa. Houve um período onde a hora estava errada mas levei no técnico, eles trocaram a placa mãe e quando ele voltou a hora estava certa. Penso que eles também trocaram a bateria pois a hora voltou normal.

 

Nesse caso, ainda é possível que seja a bateria? E se não for, qual a outra possibilidade?

[wings 22]

1.

*Delete o Bankerfix e a pasta C:\LinhaDefensiva

 

2.

*Baixe o OTL (...de Old_Timer) e salve-o no desktop (Área de Trabalho)

 

*Execute-o.

 

 

*Selecione:

Verificar All Users

Ignorar Arquivos Microsoft

Usar WhiteList para Nomes de Companhias

Verificar Lop

Verificar Purity

 

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop

 

*Caso os relatórios sejam grandes, acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório OTL.txt no desktop e clique [Abrir]

 

*Clique [upload!]

 

*Cole o link gerado abaixo de Your download link is:

 

*Repita o procedimento para o relatório Extras.txt

 

3.

*Baixe o GMER (...de Przemyslaw Gmerek) e salve-o no desktop (Área de Trabalho)

 

Passo importante:

*Desative temporariamente o antivírus e feche todos os programas ativos

 

*Execute-o.

 

 

*Se receber um aviso sobre atividade de rootkit e se deseja fazer um scan clique [NO]

 

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop com o nome de gmer

*Cole o relatório

 

*Caso o relatório seja grande, acesse este link

 

*Clique [selecionar arquivo...]

 

*Localize o relatório gmer.txt no desktop e clique [Abrir]

 

*Clique [upload!]

 

*Cole o link gerado abaixo de Your download link is:

 

*Caso não consiga executar o GMER, tente em Modo de Segurança

[avelarline 0]

Não estou conseguindo acessar o DatafileHost, vou colar aqui separadamente:

 

Relatório OLX.Txt:

 

 

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,48 Mb Total Physical Memory | 372,89 Mb Available Physical Memory | 50,70% Memory free

1,76 Gb Paging File | 1,45 Gb Available in Paging File | 82,52% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,57 Gb Total Space | 53,71 Gb Free Space | 72,02% Space Free | Partition Type: NTFS

Drive G: | 74,47 Gb Total Space | 63,29 Gb Free Space | 84,98% Space Free | Partition Type: NTFS

 

Computer Name: PC-592B925878F8 | User Name: Aline | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/04/21 13:21:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aline\Desktop\OTL.exe

PRC - [2011/09/06 17:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

PRC - [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/07/20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe

PRC - [2010/10/27 06:00:02 | 001,015,808 | ---- | M] (Ares Development Group) -- C:\Arquivos de programas\Ares\Ares.exe

PRC - [2009/05/05 15:01:46 | 001,466,368 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2004/05/12 16:23:42 | 000,335,872 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe

PRC - [2004/05/12 16:22:52 | 000,249,856 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\Keyhook.exe

PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2003/03/27 13:50:54 | 000,028,672 | R--- | M] () -- C:\WINDOWS\htpatch.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/04/21 03:32:24 | 001,769,984 | ---- | M] () -- C:\Arquivos de programas\AVAST Software\Avast\defs\12042100\algo.dll

MOD - [2012/04/04 02:54:02 | 000,300,544 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

MOD - [2011/07/20 13:37:54 | 000,206,336 | ---- | M] () -- C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe

MOD - [2010/03/15 11:28:24 | 000,141,824 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2003/03/27 13:50:54 | 000,028,672 | R--- | M] () -- C:\WINDOWS\htpatch.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2011/09/06 17:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/07/20 13:37:54 | 000,206,336 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe -- (PCSUService)

SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2011/09/06 17:38:54 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2011/09/06 17:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 17:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 17:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 17:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 17:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/09/06 17:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/09/06 17:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2009/05/05 16:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2008/04/13 08:35:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2004/05/14 18:26:40 | 000,217,600 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2004/05/12 10:28:10 | 000,012,416 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (sisagp)

DRV - [2003/03/25 17:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\siside.sys -- (SiSide)

DRV - [2002/10/17 15:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)

DRV - [2002/08/20 17:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 2F 82 A5 72 57 CC 01 [binary data]

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\..\SearchScopes\{0BE8B310-6C2D-4E12-8A9D-45AC9B82ECFE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14782&src=crm&q={searchTerms}&locale=pt_BR&apn_ptnrs=VY&apn_dtid=YYYYYYYYBR&apn_uid=45F5C2BE-7F0C-4B9C-B5C9-04430839493A&apn_sauid=AA61E8AC-6A87-44E9-ACAB-5B2288CCDFAC&

IE - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://ww2.fump.ufmg.br/"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Arquivos de programas\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF [2011/09/11 18:24:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/12 17:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/12/02 18:37:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins

 

[2011/08/11 20:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Extensions

[2012/04/21 10:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Firefox\Profiles\axsrlxn8.default\extensions

[2011/12/16 16:40:54 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Firefox\Profiles\axsrlxn8.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

[2012/03/07 16:03:53 | 000,000,000 | ---D | M] (Modulo de Protecao) -- C:\Documents and Settings\Aline\Dados de aplicativos\Mozilla\Firefox\Profiles\axsrlxn8.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2011/12/02 18:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2011/12/02 18:37:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2011/12/02 18:36:59 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2011/12/02 18:36:59 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2011/12/02 18:36:59 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

[2011/12/02 18:36:59 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2011/12/02 18:36:59 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Aline\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Aline\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.162\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Aline\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.162\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Aline\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Arquivos de programas\Microsoft Silverlight\4.0.60310.0\npctrl.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Aline\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Pesquisa do Google = C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

CHR - Extension: Gmail = C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/04/21 10:18:20 | 000,000,774 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast] C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()

O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003..\Run: [ares] C:\Arquivos de programas\Ares\Ares.exe (Ares Development Group)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.150.13.246 200.150.13.244

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7022C188-F73F-4B7E-A105-D59869011153}: DhcpNameServer = 200.150.13.246 200.150.13.244

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-1614895754-1993962763-1177238915-1003 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/08/09 21:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/21 13:21:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aline\Desktop\OTL.exe

[2012/04/21 10:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aline\Dados de aplicativos\Malwarebytes

[2012/04/21 10:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

[2012/04/21 10:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2012/04/21 10:21:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/04/21 10:21:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2011/10/07 00:32:37 | 003,623,592 | ---- | C] (Ask) -- C:\Arquivos de programas\Arquivos comuns\ApnToolbarInstaller.exe

[2011/10/07 00:32:36 | 000,143,240 | ---- | C] (Ask.com) -- C:\Arquivos de programas\Arquivos comuns\ApnStub.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/21 14:01:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AF6D2779-7671-4E0D-9F23-A6266B34C819}.job

[2012/04/21 13:52:12 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1447D546-336F-4843-8168-C641D6686456}.job

[2012/04/21 13:52:00 | 000,001,200 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1993962763-1177238915-500UA.job

[2012/04/21 13:31:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/04/21 13:29:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/21 13:21:39 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aline\Desktop\OTL.exe

[2012/04/21 13:18:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1993962763-1177238915-1003UA.job

[2012/04/21 13:18:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1993962763-1177238915-1003Core.job

[2012/04/21 10:22:02 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/16 21:52:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1993962763-1177238915-500Core.job

[2012/04/13 21:44:37 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Aline\Desktop\Google Chrome.lnk

[2012/04/08 15:12:01 | 000,292,139 | ---- | M] () -- C:\Documents and Settings\Aline\Desktop\22308.pdf

[2012/04/05 08:55:58 | 000,756,342 | ---- | M] () -- C:\Documents and Settings\Aline\Desktop\imagem.bmp

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/04/02 23:15:00 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/04/21 10:22:02 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/07 17:55:40 | 000,292,139 | ---- | C] () -- C:\Documents and Settings\Aline\Desktop\22308.pdf

[2012/04/05 08:55:58 | 000,756,342 | ---- | C] () -- C:\Documents and Settings\Aline\Desktop\imagem.bmp

[2011/12/16 19:32:24 | 000,159,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2011/10/07 00:32:38 | 000,444,283 | ---- | C] () -- C:\Arquivos de programas\Arquivos comuns\WinPcapNmap.exe

[2011/08/12 17:48:36 | 000,174,263 | ---- | C] () -- C:\WINDOWS\hpoins37.dat

[2011/08/12 17:48:36 | 000,000,632 | ---- | C] () -- C:\WINDOWS\hpomdl37.dat

[2011/08/11 19:14:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/08/11 19:10:40 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/10 09:36:02 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2011/08/10 09:36:01 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2011/08/10 09:35:59 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/08/10 09:35:59 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/08/10 09:35:59 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/08/09 22:11:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/08/09 21:59:24 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2011/08/09 21:59:21 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2011/08/09 21:56:13 | 000,028,672 | R--- | C] () -- C:\WINDOWS\htpatch.exe

[2011/08/09 21:56:13 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys

[2011/08/09 21:55:44 | 000,108,021 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini

[2011/08/09 21:55:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis740.bin

[2011/08/09 21:55:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis650.bin

[2011/08/09 21:55:30 | 000,108,233 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2011/08/09 21:53:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/08/09 21:21:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/08/09 21:11:20 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/08/09 18:05:16 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/08/09 18:03:52 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

 

========== LOP Check ==========

 

[2011/08/09 21:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Windows Desktop Search

[2011/12/17 09:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aline\Dados de aplicativos\VDownloader

[2011/08/11 20:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aline\Dados de aplicativos\Windows Desktop Search

[2011/08/11 20:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aline\Dados de aplicativos\Windows Search

[2011/08/10 11:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVAST Software

[2011/09/21 20:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\gas

[2011/12/27 10:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2012/04/21 13:52:12 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1447D546-336F-4843-8168-C641D6686456}.job

[2012/04/21 14:01:00 | 000,000,470 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF6D2779-7671-4E0D-9F23-A6266B34C819}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:538DC028

 

< End of report >

 

Relatório Extras txt:

 

 

OTL Extras logfile created on: 21/4/2012 13:46:49 - Run 1

OTL by OldTimer - Version 3.2.40.0 Folder = C:\Documents and Settings\Aline\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

735,48 Mb Total Physical Memory | 372,89 Mb Available Physical Memory | 50,70% Memory free

1,76 Gb Paging File | 1,45 Gb Available in Paging File | 82,52% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,57 Gb Total Space | 53,71 Gb Free Space | 72,02% Space Free | Partition Type: NTFS

Drive G: | 74,47 Gb Total Space | 63,29 Gb Free Space | 84,98% Space Free | Partition Type: NTFS

 

Computer Name: PC-592B925878F8 | User Name: Aline | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_USERS\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe" = C:\Arquivos de programas\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Arquivos de programas\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Arquivos de programas\Google\Google Talk\googletalk.exe" = C:\Arquivos de programas\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Português

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50

"Ares" = Ares 2.1.7

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner (remove only)

"Complitly_is1" = Complitly

"ENTERPRISE" = Microsoft Office Enterprise 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.5.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.61.0.1400

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 8.0.1 (x86 pt-BR)" = Mozilla Firefox 8.0.1 (x86 pt-BR)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"PCSU-SL_is1" = Velocidade Do PC - Desinstalação completa

"SiS VGA Driver" = SiS VGA Utilities

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.1

"WinRAR3.93 Final x86 BR" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1614895754-1993962763-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"291779489.www.pcspeedup.com" = PCSpeedUp Application

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 31/12/2011 16:07:02 | Computer Name = PC-592B925878F8 | Source = Windows Search Service | ID = 3013

Description = Não é possível atualizar a entrada <C:\DOCUMENTS AND SETTINGS\ALINE\RECENT\DESKTOP.INI>

no mapa de hash. Contexto: Aplicativo , Catálogo SystemIndex Detalhes: Um dispositivo

conectado ao sistema não está funcionando. (0x8007001f)

 

Error - 1/1/2012 14:13:20 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 2/1/2012 14:31:27 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 8/1/2012 12:34:06 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 9/1/2012 12:58:08 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 9/1/2012 20:20:36 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 10/1/2012 16:46:45 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 11/1/2012 10:56:56 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 11/1/2012 17:02:55 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 12/1/2012 21:10:54 | Computer Name = PC-592B925878F8 | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

[ System Events ]

Error - 20/4/2012 08:42:49 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço avast! Firewall devido ao seguinte

erro: %%2

 

Error - 20/4/2012 08:42:56 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: aswFW

 

Error - 20/4/2012 22:07:36 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço avast! Firewall devido ao seguinte

erro: %%2

 

Error - 20/4/2012 22:07:42 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: aswFW

 

Error - 21/4/2012 04:49:23 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço avast! Firewall devido ao seguinte

erro: %%2

 

Error - 21/4/2012 04:49:26 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: aswFW

 

Error - 21/4/2012 09:03:19 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço avast! Firewall devido ao seguinte

erro: %%2

 

Error - 21/4/2012 09:03:22 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: aswFW

 

Error - 21/4/2012 12:30:35 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço avast! Firewall devido ao seguinte

erro: %%2

 

Error - 21/4/2012 12:30:45 | Computer Name = PC-592B925878F8 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: aswFW

 

 

< End of report >

[wings 22]

Falta o log do Gmer.

 

Quanto ao site DatafileHost, basta aguardar um pouco.

[avelarline 0]

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-21 15:48:38

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3160215ACE rev.3.AVA

Running: 2qj5up77.exe; Driver: C:\DOCUME~1\Aline\CONFIG~1\Temp\kxgyyfod.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF3EC7374]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF3F562B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF3EEB829]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF3EC9996]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3EC99EE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF3EC9B04]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF3EEB1DD]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3EC98EC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF3EC9A3E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF3EC9940]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF3EC9AB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF3EC7398]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF3EEBEEF]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF3EEC1A5]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF3EC9D88]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3EEBD5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3EEBBC5]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF3F56368]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF3EC7162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF3EC73BC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3EC9EFC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF3EC7E54]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF3EC99C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF3EC9A16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF3EC9B2E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF3EEB539]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF3EC9918]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3EC9BC0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF3EC9A7E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF3EC996E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF3EC9CA4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3EC9ADC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF3F56400]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF3EEBA40]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF3EC7D1A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF3EEB892]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF3F5E6E2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF3EEA850]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF3EC73E0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF3EC7404]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF3EC71BC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF3EC72F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF3EEBFF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF3EC72D4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF3EC731C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF3EC7428]

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3F6B9A6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7382900]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[208] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[208] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[208] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[208] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[208] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[208] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[208] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[268] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[268] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[268] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\System32\smss.exe[484] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000701F8

.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000703FC

.text C:\WINDOWS\system32\winlogon.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\winlogon.exe[556] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\winlogon.exe[556] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[600] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\services.exe[600] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\services.exe[600] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\services.exe[600] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\services.exe[600] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\lsass.exe[612] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\lsass.exe[612] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[768] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[768] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[768] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[920] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\Explorer.EXE[1000] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\Explorer.EXE[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1000] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\Explorer.EXE[1000] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\Explorer.EXE[1000] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\Explorer.EXE[1000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\Explorer.EXE[1000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\Explorer.EXE[1000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\Explorer.EXE[1000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\Explorer.EXE[1000] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe[1220] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe[1416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1632] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\spoolsv.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\spoolsv.exe[1632] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\spoolsv.exe[1632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\spoolsv.exe[1632] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\spoolsv.exe[1632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\spoolsv.exe[1632] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\spoolsv.exe[1632] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\svchost.exe[1696] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[1696] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1696] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[1696] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[1696] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[1696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1848] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1848] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\keyhook.exe[1960] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\keyhook.exe[1960] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\keyhook.exe[1960] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\keyhook.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003B1014

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003B0804

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003B0A08

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003B0C0C

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003B0E10

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003B01F8

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003B03FC

.text C:\WINDOWS\system32\keyhook.exe[1960] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003B0600

.text C:\WINDOWS\system32\keyhook.exe[1960] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804

.text C:\WINDOWS\system32\keyhook.exe[1960] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08

.text C:\WINDOWS\system32\keyhook.exe[1960] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600

.text C:\WINDOWS\system32\keyhook.exe[1960] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8

.text C:\WINDOWS\system32\keyhook.exe[1960] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC

.text C:\WINDOWS\system32\wscntfy.exe[1964] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\wscntfy.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[1964] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\wscntfy.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[1964] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\wscntfy.exe[1964] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\wscntfy.exe[1964] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\wscntfy.exe[1964] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\wscntfy.exe[1964] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\wscntfy.exe[1964] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000D01F8

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000D03FC

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00311014

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00310C0C

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00310E10

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003103FC

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8

.text C:\WINDOWS\system32\SearchIndexer.exe[2016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC

.text C:\WINDOWS\htpatch.exe[2076] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8

.text C:\WINDOWS\htpatch.exe[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\htpatch.exe[2076] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC

.text C:\WINDOWS\htpatch.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\htpatch.exe[2076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\htpatch.exe[2076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\htpatch.exe[2076] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\htpatch.exe[2076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\htpatch.exe[2076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\htpatch.exe[2076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\htpatch.exe[2076] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC

.text C:\WINDOWS\SOUNDMAN.EXE[2128] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[2128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\SOUNDMAN.EXE[2128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\SOUNDMAN.EXE[2128] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\SOUNDMAN.EXE[2128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\SOUNDMAN.EXE[2128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\SOUNDMAN.EXE[2128] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\SOUNDMAN.EXE[2128] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe[2160] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe[2168] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003D1014

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003D0804

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003D0A08

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003D0C0C

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003D0E10

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003D01F8

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003D03FC

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2188] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003D0600

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003A1014

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003A0C0C

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003A0E10

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe[2196] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003A0600

.text C:\WINDOWS\system32\ctfmon.exe[2232] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\ctfmon.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2232] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\ctfmon.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[2232] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\ctfmon.exe[2232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\ctfmon.exe[2232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\ctfmon.exe[2232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\ctfmon.exe[2232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\ctfmon.exe[2232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\Documents and Settings\Aline\Desktop\2qj5up77.exe[2576] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Documents and Settings\Aline\Desktop\2qj5up77.exe[2576] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2816] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2816] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2920] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\alg.exe[2920] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2920] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\alg.exe[2920] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\alg.exe[2920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\alg.exe[2920] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\Arquivos de programas\Ares\Ares.exe[3088] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\Ares\Ares.exe[3088] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Ares\Ares.exe[3088] kernel32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\Ares\Ares.exe[3088] kernel32.dll!SetProcessShutdownParameters 7C82C8FD 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\Ares\Ares.exe[3088] kernel32.dll!SetLocaleInfoW 7C8785D3 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!GetWindowLongW 7E3688A6 5 Bytes JMP 003A2238

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!GetWindowLongA 7E36945D 5 Bytes JMP 003A2034

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 003A2A48

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 003A345C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 003A3A68

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 003A3054

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!GetPropW 7E3794B3 5 Bytes JMP 003A1218

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!RemovePropW 7E37C076 5 Bytes JMP 003A1A28

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetPropW 7E37C0B9 2 Bytes JMP 003A1620

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetPropW + 3 7E37C0BC 2 Bytes [02, 82]

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 003A243C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 003A2640

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 003A1E30

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 003A1C2C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetPropA 7E380000 5 Bytes JMP 003A141C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!GetPropA 7E380042 5 Bytes JMP 003A1014

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!RemovePropA 7E380094 5 Bytes JMP 003A1824

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 003A3864

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateDialogIndirectParamA 7E389B28 5 Bytes JMP 003A2C4C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 003A3258

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 003A2844

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!CreateDialogIndirectParamW 7E38F01F 5 Bytes JMP 003A2E50

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 003A3660

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!ExitWindowsEx 7E3AA275 5 Bytes JMP 003A0C0C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] user32.dll!LockWorkStation 7E3BCD5E 5 Bytes JMP 003A0E10

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!LookupAccountNameW 77F65B59 5 Bytes JMP 003B1C2C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!ReportEventW 77F73681 5 Bytes JMP 003B1A28

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!DeregisterEventSource 77F779D3 5 Bytes JMP 003B1620

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!RegisterEventSourceA 77F77B60 5 Bytes JMP 003B1218

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!ReportEventA 77F77CB2 5 Bytes JMP 003B1824

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!RegisterEventSourceW 77F7803C 5 Bytes JMP 003B141C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!RegConnectRegistryW 77F7817A 5 Bytes JMP 003B1E30

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003B1014

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003B0804

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003B0A08

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003B0C0C

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003B0E10

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003B01F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003B03FC

.text C:\Arquivos de programas\Ares\Ares.exe[3088] advapi32.dll!DeleteService 77FB74B1 5 Bytes JMP 003B0600

.text C:\Arquivos de programas\Ares\Ares.exe[3088] Secur32.dll!LsaRegisterLogonProcess 77F24D17 5 Bytes JMP 003C01F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] WS2_32.dll!connect 71A74A07 5 Bytes JMP 003F01F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] WS2_32.dll!listen 71A78CD3 5 Bytes JMP 003F03FC

.text C:\Arquivos de programas\Ares\Ares.exe[3088] iphlpapi.dll!IcmpSendEcho 76D44B79 5 Bytes JMP 011201F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] iphlpapi.dll!IcmpSendEcho2 76D4B73C 5 Bytes JMP 011203FC

.text C:\Arquivos de programas\Ares\Ares.exe[3088] USERENV.dll!RegisterGPNotification 769A8607 5 Bytes JMP 014B01F8

.text C:\Arquivos de programas\Ares\Ares.exe[3088] USERENV.dll!UnregisterGPNotification 769B9894 5 Bytes JMP 014B03FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe[3152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\WINDOWS\system32\sistray.exe[3184] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\sistray.exe[3184] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\WINDOWS\system32\sistray.exe[3184] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\sistray.exe[3184] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003B1014

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003B0804

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003B0A08

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003B0C0C

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003B0E10

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003B01F8

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003B03FC

.text C:\WINDOWS\system32\sistray.exe[3184] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003B0600

.text C:\WINDOWS\system32\sistray.exe[3184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804

.text C:\WINDOWS\system32\sistray.exe[3184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08

.text C:\WINDOWS\system32\sistray.exe[3184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600

.text C:\WINDOWS\system32\sistray.exe[3184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8

.text C:\WINDOWS\system32\sistray.exe[3184] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003A1014

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003A0C0C

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003A0E10

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe[3380] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe[3432] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ntdll.dll!RtlDosSearchPath_U + 186 7C91616D 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ntdll.dll!LdrUnloadDll 7C916AD5 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] kernel32.dll!GetBinaryTypeW + 80 7C86936C 1 Byte [62]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003A1014

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003A0C0C

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003A0E10

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe[3468] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003A0600

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002

IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

IAT C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006C0010

IAT C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[2836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

 

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

 

---- Files - GMER 1.0.15 ----

 

File C:\## aswSnx private storage 0 bytes

File C:\## aswSnx private storage\r412 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e} 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\attrib 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data\ChatroomIPs.dat 4806 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data\DHTnodes.dat 3704 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data\FailedSNodes.dat 78 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data\ShareH.dat 8997 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data\ShareL.dat 14 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Ares\Data\SNodes.dat 21387 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Histórico 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Histórico\History.IE5 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Histórico\History.IE5\index.dat 147456 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Temporary Internet Files 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Temporary Internet Files\Content.IE5 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Configurações locais\Temporary Internet Files\Content.IE5\index.dat 966656 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Cookies 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\Documents and Settings\Aline\Cookies\index.dat 32768 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\WINDOWS 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\WINDOWS\Prefetch 0 bytes

File C:\## aswSnx private storage\r412\Ares.exe_{71ccc785-8bcf-11e1-ab87-00016c30298e}\image\WINDOWS\Prefetch\ARES.EXE-064516FE.pf 24488 bytes

File C:\## aswSnx private storage\snx_rhive 262144 bytes

File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes

 

---- EOF - GMER 1.0.15 ----

[wings 22]

1.

*Delete os arquivos C:\Arquivos de programas\Arquivos comuns\ApnToolbarInstaller.exe e C:\Arquivos de programas\Arquivos comuns\ApnStub.exe

 

2.

*Baixe o MBRCheck (...de ad13) e salve-o no desktop (Área de Trabalho)

 

*Execute-o, caso encontre algo, tecle N > [ENTER]

 

*Ao receber a mensagem Done! Press ENTER to exit..., tecle [ENTER

 

 

*Cole o relatório MBRCheck_data_hora.txt criado no desktop

[avelarline 0]

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000004d

 

Kernel Drivers (total 120):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x806F0000 \WINDOWS\system32\hal.dll

0xF7CCE000 \WINDOWS\system32\KDCOM.DLL

0xF7BDE000 \WINDOWS\system32\BOOTVID.dll

0xF777F000 ACPI.sys

0xF7CD0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF776E000 pci.sys

0xF77CE000 isapnp.sys

0xF7D96000 pciide.sys

0xF7A4E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF77DE000 MountMgr.sys

0xF774F000 ftdisk.sys

0xF7CD2000 dmload.sys

0xF7729000 dmio.sys

0xF7A56000 PartMgr.sys

0xF7D97000 siside.sys

0xF77EE000 VolSnap.sys

0xF7711000 atapi.sys

0xF77FE000 disk.sys

0xF780E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF76F1000 fltMgr.sys

0xF76DA000 KSecDD.sys

0xF764D000 Ntfs.sys

0xF7620000 NDIS.sys

0xF7BE2000 sisperf.sys

0xF781E000 sisidex.sys

0xF782E000 SISAGPX.sys

0xF7606000 Mup.sys

0xF785E000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF7585000 \SystemRoot\system32\DRIVERS\sisgrp.sys

0xF7571000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF786E000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF787E000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF788E000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF754E000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7442000 \SystemRoot\system32\DRIVERS\smserial.sys

0xF7A7E000 \SystemRoot\System32\Drivers\Modem.SYS

0xF73AE000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xF738A000 \SystemRoot\system32\drivers\portcls.sys

0xF789E000 \SystemRoot\system32\drivers\drmk.sys

0xF7328000 \SystemRoot\system32\drivers\ALCXSENS.SYS

0xF7A9E000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF7304000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7AA6000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7AAE000 \SystemRoot\system32\DRIVERS\sisnic.sys

0xF7ABE000 \SystemRoot\system32\DRIVERS\fdc.sys

0xF78AE000 \SystemRoot\system32\DRIVERS\serial.sys

0xF7C76000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF72F0000 \SystemRoot\system32\DRIVERS\parport.sys

0xF78BE000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF7ACE000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7AD6000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7E89000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF78CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7C7E000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF72D9000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF78DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF78EE000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7AF6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF72C8000 \SystemRoot\system32\DRIVERS\psched.sys

0xF78FE000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7B06000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7B16000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF7298000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF790E000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7CD8000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF719A000 \SystemRoot\system32\DRIVERS\update.sys

0xF7CA2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF791E000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF796E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7CE0000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7B36000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xF7CE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7EC5000 \SystemRoot\System32\Drivers\Null.SYS

0xF7CE8000 \SystemRoot\System32\Drivers\Beep.SYS

0xF7B56000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF7B5E000 \SystemRoot\System32\drivers\vga.sys

0xF7CEC000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7CF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7B6E000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF7B7E000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF75C6000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF4117000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF40BE000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF407E000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF797E000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF798E000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xF4056000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF7B96000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xF4034000 \SystemRoot\System32\drivers\afd.sys

0xF799E000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF7C62000 \SystemRoot\system32\DRIVERS\srvkp.sys

0xF4009000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF3F99000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF79AE000 \SystemRoot\System32\Drivers\Fips.SYS

0xF3F4C000 \SystemRoot\System32\Drivers\aswSP.SYS

0xF3EB4000 \SystemRoot\System32\Drivers\aswSnx.SYS

0xF7BC6000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xF79CE000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF3DD4000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7D08000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF75DE000 \SystemRoot\System32\drivers\Dxapi.sys

0xF7A96000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7E64000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\SiSGRV.dll

0xF3DAC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xBF12E000 \SystemRoot\System32\ATMFD.DLL

0xF3C4C000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xF3B1B000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xF385E000 \SystemRoot\system32\drivers\wdmaud.sys

0xF3C84000 \SystemRoot\system32\drivers\sysaudio.sys

0xF37E3000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7D3C000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xF375B000 \SystemRoot\system32\drivers\npf.sys

0xF35AB000 \SystemRoot\system32\DRIVERS\srv.sys

0xF310A000 \SystemRoot\System32\Drivers\HTTP.sys

0xF2B17000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

 

Processes (total 48):

0 System Idle Process

4 System

484 C:\WINDOWS\system32\smss.exe

532 csrss.exe

556 C:\WINDOWS\system32\winlogon.exe

600 C:\WINDOWS\system32\services.exe

612 C:\WINDOWS\system32\lsass.exe

768 C:\WINDOWS\system32\svchost.exe

832 svchost.exe

932 C:\WINDOWS\system32\svchost.exe

1004 svchost.exe

1112 svchost.exe

1216 C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

1628 C:\WINDOWS\system32\spoolsv.exe

176 C:\WINDOWS\explorer.exe

296 svchost.exe

1040 C:\WINDOWS\system32\svchost.exe

1052 C:\Arquivos de programas\Java\jre6\bin\jqs.exe

1684 C:\WINDOWS\system32\svchost.exe

1728 C:\Arquivos de programas\Velocidade Do PC\PCSUService.exe

2000 C:\WINDOWS\system32\Keyhook.exe

2020 C:\WINDOWS\htpatch.exe

712 C:\WINDOWS\SOUNDMAN.EXE

164 C:\WINDOWS\system32\svchost.exe

240 C:\WINDOWS\system32\svchost.exe

264 C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

272 C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

304 C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

324 C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

344 C:\WINDOWS\system32\ctfmon.exe

1876 C:\WINDOWS\system32\searchindexer.exe

2852 alg.exe

3228 C:\Arquivos de programas\Ares\Ares.exe

3324 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

3360 C:\WINDOWS\system32\sistray.exe

3648 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe

3772 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

3812 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

3888 C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

4036 C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

260 C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

1612 C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

3628 C:\WINDOWS\system32\wuauclt.exe

1440 C:\Documents and Settings\Aline\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

2932 C:\WINDOWS\system32\wuauclt.exe

3272 C:\WINDOWS\system32\searchprotocolhost.exe

4004 searchfilterhost.exe

3204 C:\Documents and Settings\Aline\Desktop\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000012`a4c00000 (NTFS)

 

PhysicalDrive0 Model Number: ST3160215ACE, Rev: 3.AVA

 

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F

 

 

Done!

[wings 22]

1.

*Delete o MBRCheck e seu relatório

 

2.

*Delete o Gmer e seu relatório

 

3.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

4.

*Faça um scan online com o NOD32

 

<- iMasters

 

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

[avelarline 0]

C:\Documents and Settings\Aline\Meus documentos\Downloads\cdbxp_setup_4.3.7.2356.exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\Aline\Meus documentos\Downloads\PenClean.zip probably a variant of Win32/Spy.Agent.LSEPXML trojan deleted - quarantined

C:\Documents and Settings\Aline\Meus documentos\Downloads\SoftonicDownloader_para_monopoly.exe Win32/SoftonicDownloader application cleaned by deleting - quarantined

C:\Documents and Settings\Aline\Meus documentos\Downloads\VDownloaderInitializer.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

C:\Documents and Settings\Aline\Meus documentos\Downloads\VDownloaderSetup (1).exe Win32/OpenCandy application deleted - quarantined

C:\Documents and Settings\Aline\Meus documentos\Downloads\VDownloaderSetup (2).exe Win32/OpenCandy application deleted - quarantined

[wings 22]

Oi avelarline

 

Seu problema não tem relação com malwares.

 

O PC está limpo.

 

*Execute o arquivo c:\Arquivos de programas\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

 

Recomendo criar um tópico na sala de Hardware-Geral

 

 

Um abraço.

[avelarline 0]

Olá Wings,

muito obrigada pela ajuda.

Fui reiniciar o computador e agora não está precisando mais do 'F1', está indo direto. (:

 

Um abraço.